build(deps): bump github.com/open-policy-agent/opa from 0.69.0 to 1.0.0 #881
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request | |
on: [pull_request] | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: setup go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.23.x | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: lint go | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: v1.61 | |
args: --timeout=5m --color=always --max-same-issues=0 --max-issues-per-linter=0 | |
acceptance: | |
name: Acceptance | |
strategy: | |
matrix: | |
os: [ubuntu-latest, windows-latest, macos-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: setup go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.23.x | |
- name: checkout source | |
uses: actions/checkout@v4 | |
- name: build | |
run: make build | |
- name: upload build | |
uses: actions/upload-artifact@v4 | |
with: | |
name: konstraint-${{ matrix.os }} | |
path: build/konstraint | |
- name: unit tests | |
run: make test | |
- name: install bats ubuntu | |
run: sudo npm install -g bats | |
if: ${{ matrix.os == 'ubuntu-latest' }} | |
- name: install bats macos | |
run: sudo npm install -g bats | |
if: ${{ matrix.os == 'macos-latest' }} | |
- name: install bats windows | |
run: npm install -g bats | |
if: ${{ matrix.os == 'windows-latest' }} | |
- name: acceptance tests *nix | |
run: make acceptance | |
if: ${{ matrix.os != 'windows-latest' }} | |
- name: acceptance tests windows | |
run: | | |
$env:Path += ";C:\npm\prefix\node_modules\bats\libexec\bats-core" | |
make acceptance | |
if: ${{ matrix.os == 'windows-latest' }} | |
docker-tests: | |
name: Docker Tests | |
needs: [lint] | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: docker build | |
run: make docker-build | |
- name: test create command | |
run: docker run -v $PWD:/konstraint konstraint create /konstraint/examples | |
- name: test doc command | |
run: docker run -v $PWD:/konstraint konstraint doc /konstraint/examples | |
policy-checks: | |
name: Policy Checks | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout source | |
uses: actions/checkout@v4 | |
- name: setup opa | |
uses: open-policy-agent/setup-opa@v2 | |
with: | |
version: latest | |
- name: opa check strict | |
run: opa check --strict --ignore "*.yaml" examples | |
- name: setup regal | |
uses: styrainc/[email protected] | |
with: | |
version: 0.12.0 | |
- name: regal lint | |
run: regal lint --format github examples | |
policy-tests: | |
name: Policy Tests | |
runs-on: ubuntu-latest | |
container: openpolicyagent/conftest:latest | |
steps: | |
- name: checkout source | |
uses: actions/checkout@v4 | |
- name: verify policy formatting | |
run: conftest fmt --check examples | |
- name: verify policies | |
run: conftest verify -p examples -d examples/test-data | |
e2e-prep: | |
name: Prep for End-to-end Tests | |
runs-on: ubuntu-latest | |
needs: | |
- lint | |
- acceptance | |
steps: | |
- name: checkout source | |
uses: actions/checkout@v4 | |
- name: fetch gatekeeper versions | |
id: fetch-gk-versions | |
working-directory: .github/scripts | |
run: echo "gk-versions=$(./fetch_gk_versions.sh)" >> $GITHUB_OUTPUT | |
outputs: | |
gk-versions: ${{ steps.fetch-gk-versions.outputs.gk-versions }} | |
e2e: | |
name: End-to-end Tests | |
runs-on: ubuntu-latest | |
needs: | |
- e2e-prep | |
strategy: | |
matrix: | |
gk-version: ${{ fromJson(needs.e2e-prep.outputs.gk-versions) }} | |
steps: | |
- name: checkout source | |
uses: actions/checkout@v4 | |
- name: download build | |
uses: actions/download-artifact@v4 | |
with: | |
name: konstraint-ubuntu-latest | |
- name: generate resources | |
run: | | |
chmod +x ./konstraint | |
./konstraint create -o e2e-resources examples | |
./konstraint create -o e2e-resources test | |
- name: create kind cluster | |
run: kind create cluster | |
- name: install gatekeeper | |
env: | |
GK_VERSION: ${{ matrix.gk-version }} | |
run: | | |
helm repo add gk https://open-policy-agent.github.io/gatekeeper/charts | |
kubectl create ns gatekeeper-system | |
helm install gatekeeper gk/gatekeeper -n gatekeeper-system --set replicas=1 --version ${GK_VERSION} --set psp.enabled=false | |
- name: apply resources | |
working-directory: e2e-resources | |
run: | | |
for ct in $(ls template*); do kubectl apply -f $ct; done | |
sleep 60 # gatekeeper takes some time to create the CRDs | |
for c in $(ls constraint*); do kubectl apply -f $c; done |