Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add opa to $PATH in docker image #5003

Closed
matusf opened this issue Aug 11, 2022 · 5 comments · Fixed by #5004
Closed

Add opa to $PATH in docker image #5003

matusf opened this issue Aug 11, 2022 · 5 comments · Fixed by #5004
Labels
feature-request

Comments

@matusf
Copy link
Contributor

matusf commented Aug 11, 2022

What is the underlying problem you're trying to solve?

When running opa in the CI one needs to find out where is located. For example my current gitlab ci looks like this. I needed run the image and find that it is located at root. If it was is $PATH, one would not have to do this.

test_policies:
  image: openpolicyagent/opa:0.43.0-debug
  script:
    - /opa test .

Describe the ideal solution

Opa binary could be added to $PATH.
@matusf matusf mentioned this issue Aug 11, 2022
Merged
@philipaconrad
Copy link
Contributor

philipaconrad commented Aug 11, 2022
edited
Loading

Do you think this issue could have been solved with better documentation, instead of a Dockerfile change?

@anderseknert
Copy link
Member

This seems like a Gitlab issue if anything. The image already points out the command/entry point, so why does this need to be repeated in the script? I would expect there to be an “args” parameter to the image one where the sub command plus extra arguments were provided, but not that the location of the OPA binary 🤔

@anderseknert
Copy link
Member

That said - if that isn’t the case, and changing this helps to run OPA in that environment, I’m all in favor. I wonder though if there could be any tooling depending on the location, and changing that would break things outside of the project.

@matusf
Copy link
Contributor Author

matusf commented Aug 11, 2022

@philipaconrad, maybe it would help but I would not say it would solve the issue. When you are running the image in the CI, you expect the command that is the image about to be in the $PATH. Then it fails, and you try to seach for the solution. The docs would just make the search for the solution smaller.

@anderseknert, I don't know. Maybe, I guess it's just matter of preference. The Gitlab CI works by dropping you in a shell and you can run anything from it. The nice thing is, that it is universal. You do not need to create special structure for a command like in Github CI. Anyway, It is possible to override entrypont, but every job needs an script section.

As for the breaking change, a sym-link could be made not to break the compatibility, but I don't know if someone depends on the binary location.

@srenatus
Copy link
Contributor

As for the breaking change, a sym-link could be made not to break the compatibility, but I don't know if someone depends on the binary location.

It's possible that someone building a container image of using COPY --from ... /opa to get the binary from the image into a new one. So if a symlink works here, too, I think that would be preferable.

srenatus pushed a commit that referenced this issue Aug 23, 2022
@matusf
Dockerfile: append root "/" to $PATH (#5004)
239d35f 
We should now be able to more easily use the opa images in Gitlab CI.

Fixes #5003.

Signed-off-by: Matúš Ferech <matus.ferech@gmail.com>
This was referenced Aug 23, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Dockerfile: add opa binary to $PATH matusf/opa
4 participants
@anderseknert @srenatus @philipaconrad @matusf