From 6236e8b25c8fe69a7c792b9f99d182b758736285 Mon Sep 17 00:00:00 2001 From: yangci Date: Mon, 19 Aug 2024 14:15:16 -0400 Subject: [PATCH] feat: pin to sha + additional inputs (#3) * feat: make input cleaner using paths * feat: allow different postfix * feat: allow different postfix * feat: allow different postfix * feat: pin version to sha and allow comment type input * feat: allow opa version input --- README.md | 8 +++++--- action.yml | 13 ++++++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 75e0067..a66e81b 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ # GitHub Action for OPA Rego Policy Tests -GitHub Action to automate testing for your OPA (Open Policy Agent) Rego policies, generates a report with coverage information, and posts the test results as a comment on your pull requests. +GitHub Action to automate testing for your OPA (Open Policy Agent) Rego policies, generates a report with coverage information, and posts the test results as a comment on your pull requests, making it easy for your team to review and approve policies. -Use this to test your OPA Rego files for [Spacelift policies](https://docs.spacelift.io/concepts/policy), Kubernetes Admission Controller policies, Docker authorization policies, or any other use case that uses [Open Policy Agent's policy language Rego](https://www.openpolicyagent.org/docs/latest/). +Use this to test your OPA Rego files for [Spacelift policies](https://docs.spacelift.io/concepts/policy), Kubernetes Admission Controller policies, Docker authorization policies, or any other use case that uses [Open Policy Agent's policy language Rego](https://www.openpolicyagent.org/docs/latest/). This Action also updates PR comments with the test results in place to prevent duplication. OPA Logo @@ -23,7 +23,7 @@ See examples of the pull request comments below at the [Example Pull Request Com - [๐Ÿ’ฌ Example Pull Request Comments](#-example-pull-request-comments) ## ๐Ÿš€ Usage -It's super easy to get started and use this GitHub Action to test your OPA Rego policies. In your repository/directory with the `.rego` files and the `_test.rego` files, simply checkout the repository and add the step with `uses: masterpointio/github-action-opa-rego-test@main`. It's as simple as adding the step with no required inputs! +It's super easy to get started and use this GitHub Action to test your OPA Rego policies. In your repository/directory with the `.rego` files and the `_test.rego` files, simply checkout the repository and add the step with `uses: masterpointio/github-action-opa-rego-test@main`. It's as simple as adding the step with no required inputs! It will then generate a PR comment (that updates in place) with the test results! ```yaml - name: Run OPA Rego Tests uses: masterpointio/github-action-opa-rego-test@main @@ -77,8 +77,10 @@ In the example below, all `_test.rego` files' location are valid and will be exe | `test_file_postfix` | Postfix of the test files to run (e.g. notification.rego <> notification_test.rego) | No | `_test` | | `write_pr_comment` | Flag to write a user-friendly PR comment with test results | No | `true` | | `pr_comment_title` | Title of the PR comment for test results | No | `๐Ÿงช OPA Rego Policy Test Results` | +| `pr_comment_mode` | Mode that will be used to update comment. Options of upsert (update in place) or recreate. | No | `upsert` | | `run_coverage_report` | Flag to run OPA coverage tests and include in PR comment | No | `true` | | `report_untested_files` | Check & report Rego files without corresponding test files | No | `false` | +| `opa_version` | Version of the OPA CLI to use. | No | `0.67.1` | ## โš™๏ธ How It Works This GitHub Action automates the process of testing OPA (Open Policy Agent) Rego policies and generating coverage reports. Here's a breakdown of its operation: diff --git a/action.yml b/action.yml index 8e0df6f..f9c9ec5 100644 --- a/action.yml +++ b/action.yml @@ -25,6 +25,9 @@ inputs: description: 'Title of the PR comment of the test results.' required: false default: '๐Ÿงช OPA Rego Policy Test Results' + pr_comment_mode: + description: Mode that will be used to update comment. Options of upsert (update in place) or recreate. + default: 'upsert' run_coverage_report: description: 'Flag to run OPA coverage tests and write to the PR. The `write_pr_comment` must be enabled for the coverage report to be written. Default of true.' required: false @@ -33,6 +36,10 @@ inputs: description: 'Check & report in the PR comments of the Rego files that do not have any corresponding test files. For best conventions, append the postfix `_test` (or what you set as the `test_file_postfix` input) for your test file. E.g. `notification.rego` <> `notification_test.rego`' required: false default: false + opa_version: + description: 'Version of OPA CLI to use. Default is 0.67.1.' + required: false + default: '0.67.1' runs: using: 'composite' @@ -40,7 +47,7 @@ runs: - name: Setup OPA uses: open-policy-agent/setup-opa@v2 with: - version: 0.67.1 + version: ${{ inputs.opa_version }} - name: Run OPA Tests id: opa-test @@ -137,7 +144,7 @@ runs: # Create (or update in-place) a PR comment of the test result output - name: Comment on PR - uses: thollander/actions-comment-pull-request@v2 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 # If `write_pr_comment` enabled, regardless of if test is success or fail, write the results of the failure. # Even if input is bool, it has to be treated as string bc of GH's behavior (https://github.com/actions/runner/issues/1483) if: inputs.write_pr_comment == 'true' && (success() || failure()) @@ -145,4 +152,4 @@ runs: message: | ${{ steps.parse-results.outputs.parsed_results }} comment_tag: opa-test-results - mode: upsert + mode: ${{ inputs.pr_comment_mode }}