Conftest policy_sets "<CODE_DIRECTORY>" path clarification

[gmaghera]

I'm having a hard time deciphering this from the docs, for getting started with conftest:

policies:
  owners:
    users:
      - nishkrishnan
  policy_sets:
    - name: null_resource_warning
      path: <CODE_DIRECTORY>/policies/null_resource_warning/
      source: local

What is <CODE_DIRECTORY> here? We are deploying Atlantis as a Helm chart, and use a custom image which installs Terragrunt atop of the official image.

Would I have to bake the rego files into my Atlantis image and provide an absolute path to the directory containing them? Is there any relation to the Git repository which is integrated with Atlantis for its MR review process? (that is what code directory suggests to me)

[david-heward-unmind]

I can't answer you definitively. Though I can tell you we do exactly that. Bake the rego files (from a different repo) into the image at image build time. Then reference the absolute path in atlantis repo.yml.

[gmaghera]

Thank you @davidh-unmind, that sure helps! 🙇

[guillermotti]

Hi @davidh-unmind !

Could you add those lines to the docs? I had the same problem, there is no clarification about what <CODE_DIRECTORY> is.

Thanks in advance!

[LuigiClemente-Awin]

It would be nice to have more clarity and better documentation on this new feature, please.
Some examples are needed.
Also, please integrate this into the official documentation: https://githubmemory.com/repo/runatlantis/atlantis/issues/1576.
Not clear how you would run a test inside the workflow as well: what command would you use?

Thanks,
Luigi

[davehewy]

I've made a start on a PR (link above).

This is derived from my own learnings. Thoughts welcome.