Skip to content

Merge pull request #32 from weaveworks/bigkevmcd-patch-1 #116

Merge pull request #32 from weaveworks/bigkevmcd-patch-1

Merge pull request #32 from weaveworks/bigkevmcd-patch-1 #116

Workflow file for this run

on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
automated_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: docker/login-action@v1
with:
registry: docker.io
username: weaveworkstimberwolfci
password: ${{ secrets.DOCKERHUB_TOKEN_WEAVEWORKSTIMBERWOLFCI }}
- name: Go tests
run: |
docker run -v ${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}/policies:/policies \
weaveworks/polctl:v0.0.2 /scripts/test_policies/test_policies --root-dir /policies
- name: OPA tests
run: |
docker run -v ${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}:/workspace openpolicyagent/opa:latest test /workspace/policies /workspace/examples -v --ignore '*.yml','*.yaml','.md','.csv'
automated_policies_doc:
runs-on: ubuntu-latest
needs: [automated_tests]
steps:
- uses: actions/checkout@v2
- uses: docker/login-action@v1
with:
registry: docker.io
username: weaveworkstimberwolfci
password: ${{ secrets.DOCKERHUB_TOKEN_WEAVEWORKSTIMBERWOLFCI }}
- name: Auto-generate Policies doc
run: |
export REPO_PATH=${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}
git config user.name github-actions
git config user.email github-actions@github.com
git fetch
git checkout ${{ github.event.pull_request.head.ref }}
git pull
docker run --rm -v ${REPO_PATH}/policies:/policies weaveworks/polctl:v0.0.2 \
python3 /scripts/generate_policies_doc.py -d /policies -p /policies
if [[ `git status --porcelain` ]]
then
echo "Pushing auto-generated policies doc"
git add ${REPO_PATH}/policies/policies.md
git commit -m "add auto-generated policies doc"
git push origin ${{ github.event.pull_request.head.ref }}
else
echo "No changes in auto-generated policies doc"
fi
automated_datastudio_csv:
runs-on: ubuntu-latest
needs: [automated_policies_doc]
steps:
- uses: actions/checkout@v2
- uses: docker/login-action@v1
with:
registry: docker.io
username: weaveworkstimberwolfci
password: ${{ secrets.DOCKERHUB_TOKEN_WEAVEWORKSTIMBERWOLFCI }}
- name: Export Datastudio CSV
run: |
export REPO_PATH=${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}
git config user.name github-actions
git config user.email github-actions@github.com
git fetch
git checkout ${{ github.event.pull_request.head.ref }}
git pull
docker run --rm -v ${REPO_PATH}/policies:/policies weaveworks/polctl:v0.0.2 \
python3 /scripts/generate_datastudio_csv.py -d /policies -p /policies
if [[ `git status --porcelain` ]]
then
echo "Pushing auto-generated datastudio csv"
git add ${REPO_PATH}/policies/datastudio.csv
git commit -m "add auto-generated datastudio csv"
git push origin ${{ github.event.pull_request.head.ref }}
else
echo "No changes in auto-generated datastudio csv"
fi
update_crds_with_rego_code:
runs-on: ubuntu-latest
needs: [automated_datastudio_csv]
steps:
- uses: actions/checkout@v2
- name: Update Policies CRDs REGO code
run: |
# Loop on policies CRDs and update the REGO code field
export REPO_PATH=${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}
git config user.name github-actions
git config user.email github-actions@github.com
git fetch
git checkout ${{ github.event.pull_request.head.ref }}
git pull
for dir in ${REPO_PATH}/policies/*/; do
export POLICY_DIR=$dir
yq -i '.spec.code |= strload(env(POLICY_DIR)+"/policy.rego")' $POLICY_DIR/policy.yaml
done
for dir in ${REPO_PATH}/examples/*/; do
export POLICY_DIR=$dir
yq -i '.spec.code |= strload(env(POLICY_DIR)+"/policy.rego")' $POLICY_DIR/policy.yaml
done
if [[ `git status --porcelain` ]]
then
echo "Updating Policies CRDs REGO code"
git add ${REPO_PATH}/policies
git add ${REPO_PATH}/examples
git commit -m "Update Policies CRDs REGO code"
git push origin ${{ github.event.pull_request.head.ref }}
else
echo "No changes in policies."
fi
# sync:
# if: github.event_name == 'push'
# needs: [update_crds_with_rego_code]
# runs-on: ubuntu-latest
# container:
# image: mgxinternal/mgx-circle-deployer:aws
# credentials:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
# options: --name mglx-deployer --network-alias mglx-deployer
# ports:
# - 8080:8080
# env:
# AWS_ACCESS_KEY_ID_DEV: ${{ secrets.AWS_ACCESS_KEY_ID_DEV }}
# AWS_SECRET_ACCESS_KEY_DEV: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEV }}
# AWS_DEFAULT_REGION_DEV: ${{ secrets.AWS_DEFAULT_REGION_DEV }}
# AWS_CLUSTER_NAME_DEV: ${{ secrets.AWS_CLUSTER_NAME_DEV }}
# # AWS_ACCESS_KEY_ID_PROD: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }}
# # AWS_SECRET_ACCESS_KEY_PROD: ${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }}
# # AWS_DEFAULT_REGION_PROD: ${{ secrets.AWS_DEFAULT_REGION_PROD }}
# # AWS_CLUSTER_NAME_PROD: ${{ secrets.AWS_CLUSTER_NAME_PROD }}
# steps:
# - uses: actions/checkout@v2
# - uses: docker/login-action@v1
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
# - name: Auth to cluster
# run: |
# if [[ "${GITHUB_REF##*/}" == "aws-dev" ]]
# then
# export CIRCLE_BRANCH="dev"
# else
# export CIRCLE_BRANCH=${GITHUB_REF##*/}
# fi
# /bin/auth_to_cluster
# - name: Sync
# run: |
# apk add --no-cache python3 py3-pip
# pip3 install pyyaml click requests
# kubectl port-forward --address 0.0.0.0 -n cluster-advisor service/policies-service 8080:80 &
# while ! netstat -tna | grep 'LISTEN\>' | grep 8080; do sleep 3 ; done
# export HOST_REPO_PATH=/home/runner/work/${{ github.event.repository.name }}/${{ github.event.repository.name }}
# # categories
# docker run --rm --network host -v ${HOST_REPO_PATH}/categories:/categories weaveworks/polctl:v0.0.2 \
# python3 /scripts/sync/sync.py categories -d /categories --policies-service http://localhost:8080/api/v1
# # standards and controls
# docker run --rm --network host -v ${HOST_REPO_PATH}/standards:/standards weaveworks/polctl:v0.0.2 \
# python3 /scripts/sync/sync.py standards -d /standards --policies-service http://localhost:8080/api/v1
# # templates
# docker run --rm --network host -v ${HOST_REPO_PATH}/examples:/examples weaveworks/polctl:v0.0.2 \
# python3 /scripts/sync/sync.py templates -d /examples --policies-service http://localhost:8080/api/v1
# # policies
# docker run --rm --network host -v ${HOST_REPO_PATH}/policies:/policies weaveworks/polctl:v0.0.2 \
# python3 /scripts/sync/sync.py policies -d /policies --policies-service http://localhost:8080/api/v1