.github/workflows/main.yaml

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  automated_tests:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: docker/login-action@v1
      with:
        registry: docker.io
        username: weaveworkstimberwolfci
        password: ${{ secrets.DOCKERHUB_TOKEN_WEAVEWORKSTIMBERWOLFCI }}
    - name: Go tests
      run: |
        docker run -v ${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}/policies:/policies \
               weaveworks/polctl:v0.0.2 /scripts/test_policies/test_policies --root-dir /policies
    - name: OPA tests
      run: |
        docker run -v ${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}:/workspace openpolicyagent/opa:latest test /workspace/policies /workspace/examples -v --ignore '*.yml','*.yaml','.md','.csv'
  automated_policies_doc:
    runs-on: ubuntu-latest
    needs: [automated_tests]
    steps:
    - uses: actions/checkout@v2
    - uses: docker/login-action@v1
      with:
        registry: docker.io
        username: weaveworkstimberwolfci
        password: ${{ secrets.DOCKERHUB_TOKEN_WEAVEWORKSTIMBERWOLFCI }}
    - name: Auto-generate Policies doc
      run: |
        export REPO_PATH=${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}
        git config user.name github-actions
        git config user.email github-actions@github.com
        git fetch
        git checkout ${{ github.event.pull_request.head.ref }}
        git pull

        docker run --rm -v ${REPO_PATH}/policies:/policies weaveworks/polctl:v0.0.2 \
               python3 /scripts/generate_policies_doc.py -d /policies -p /policies

        if [[ `git status --porcelain` ]]
        then
          echo "Pushing auto-generated policies doc"
          git add ${REPO_PATH}/policies/policies.md
          git commit -m "add auto-generated policies doc"
          git push origin ${{ github.event.pull_request.head.ref }}
        else
          echo "No changes in auto-generated policies doc"
        fi

  automated_datastudio_csv:
    runs-on: ubuntu-latest
    needs: [automated_policies_doc]
    steps:
    - uses: actions/checkout@v2
    - uses: docker/login-action@v1
      with:
        registry: docker.io
        username: weaveworkstimberwolfci
        password: ${{ secrets.DOCKERHUB_TOKEN_WEAVEWORKSTIMBERWOLFCI }}
    - name: Export Datastudio CSV
      run: |
        export REPO_PATH=${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}
        git config user.name github-actions
        git config user.email github-actions@github.com
        git fetch
        git checkout ${{ github.event.pull_request.head.ref }}
        git pull

        docker run --rm -v ${REPO_PATH}/policies:/policies weaveworks/polctl:v0.0.2 \
               python3 /scripts/generate_datastudio_csv.py -d /policies -p /policies

        if [[ `git status --porcelain` ]]
        then
          echo "Pushing auto-generated datastudio csv"

          git add ${REPO_PATH}/policies/datastudio.csv
          git commit -m "add auto-generated datastudio csv"
          git push origin ${{ github.event.pull_request.head.ref }}
        else
          echo "No changes in auto-generated datastudio csv"
        fi

  update_crds_with_rego_code:
    runs-on: ubuntu-latest
    needs: [automated_datastudio_csv]
    steps:
    - uses: actions/checkout@v2
    - name: Update Policies CRDs REGO code
      run: |
        # Loop on policies CRDs and update the REGO code field
        export REPO_PATH=${RUNNER_WORKSPACE}/${GITHUB_REPOSITORY#*/}
        git config user.name github-actions
        git config user.email github-actions@github.com
        git fetch
        git checkout ${{ github.event.pull_request.head.ref }}
        git pull

        for dir in ${REPO_PATH}/policies/*/; do
          export POLICY_DIR=$dir
          yq -i '.spec.code |= strload(env(POLICY_DIR)+"/policy.rego")' $POLICY_DIR/policy.yaml
        done
        for dir in ${REPO_PATH}/examples/*/; do
          export POLICY_DIR=$dir
          yq -i '.spec.code |= strload(env(POLICY_DIR)+"/policy.rego")' $POLICY_DIR/policy.yaml
        done
        if [[ `git status --porcelain` ]]
        then
          echo "Updating Policies CRDs REGO code"
          git add ${REPO_PATH}/policies
          git add ${REPO_PATH}/examples
          git commit -m "Update Policies CRDs REGO code"
          git push origin ${{ github.event.pull_request.head.ref }}
        else
          echo "No changes in policies."
        fi

  # sync:
  #   if: github.event_name == 'push'
  #   needs: [update_crds_with_rego_code]
  #   runs-on: ubuntu-latest
  #   container:
  #     image: mgxinternal/mgx-circle-deployer:aws
  #     credentials:
  #       username: ${{ secrets.DOCKERHUB_USERNAME }}
  #       password: ${{ secrets.DOCKERHUB_TOKEN }}
  #     options: --name mglx-deployer --network-alias mglx-deployer
  #     ports:
  #     - 8080:8080
  #   env:
  #     AWS_ACCESS_KEY_ID_DEV: ${{ secrets.AWS_ACCESS_KEY_ID_DEV }}
  #     AWS_SECRET_ACCESS_KEY_DEV: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEV }}
  #     AWS_DEFAULT_REGION_DEV: ${{ secrets.AWS_DEFAULT_REGION_DEV }}
  #     AWS_CLUSTER_NAME_DEV: ${{ secrets.AWS_CLUSTER_NAME_DEV }}
  #     # AWS_ACCESS_KEY_ID_PROD: ${{ secrets.AWS_ACCESS_KEY_ID_PROD }}
  #     # AWS_SECRET_ACCESS_KEY_PROD: ${{ secrets.AWS_SECRET_ACCESS_KEY_PROD }}
  #     # AWS_DEFAULT_REGION_PROD: ${{ secrets.AWS_DEFAULT_REGION_PROD }}
  #     # AWS_CLUSTER_NAME_PROD: ${{ secrets.AWS_CLUSTER_NAME_PROD }}
  #   steps:
  #   - uses: actions/checkout@v2
  #   - uses: docker/login-action@v1
  #     with:
  #       username: ${{ secrets.DOCKERHUB_USERNAME }}
  #       password: ${{ secrets.DOCKERHUB_TOKEN }}
  #   - name: Auth to cluster
  #     run: |
  #       if [[ "${GITHUB_REF##*/}" == "aws-dev" ]]
  #       then
  #         export CIRCLE_BRANCH="dev"
  #       else
  #         export CIRCLE_BRANCH=${GITHUB_REF##*/}
  #       fi
  #       /bin/auth_to_cluster
  #   - name: Sync
  #     run: |
  #       apk add --no-cache python3 py3-pip
  #       pip3 install pyyaml click requests

  #       kubectl port-forward --address 0.0.0.0 -n cluster-advisor service/policies-service 8080:80 &
  #       while ! netstat -tna | grep 'LISTEN\>' | grep 8080; do sleep 3 ; done

  #       export HOST_REPO_PATH=/home/runner/work/${{ github.event.repository.name }}/${{ github.event.repository.name }}

  #       # categories
  #       docker run --rm --network host -v ${HOST_REPO_PATH}/categories:/categories weaveworks/polctl:v0.0.2 \
  #              python3 /scripts/sync/sync.py categories -d /categories --policies-service http://localhost:8080/api/v1

  #       # standards and controls
  #       docker run --rm --network host -v ${HOST_REPO_PATH}/standards:/standards weaveworks/polctl:v0.0.2 \
  #              python3 /scripts/sync/sync.py standards -d /standards --policies-service http://localhost:8080/api/v1

  #       # templates
  #       docker run --rm --network host -v ${HOST_REPO_PATH}/examples:/examples weaveworks/polctl:v0.0.2 \
  #              python3 /scripts/sync/sync.py templates -d /examples --policies-service http://localhost:8080/api/v1

  #       # policies
  #       docker run --rm --network host -v ${HOST_REPO_PATH}/policies:/policies weaveworks/polctl:v0.0.2 \
  #              python3 /scripts/sync/sync.py policies -d /policies --policies-service http://localhost:8080/api/v1