updated rego tests and test data #1475

Workflow file for this run

.github/workflows/policy-engine.yml at 467a122

	name: '@app/policy-engine CI'

	on:
	push:
	branches:
	- '**'
	paths:
	- packages/**
	- apps/policy-engine/**
	- .github/workflows/policy-engine.yml
	- .github/workflows/policy-engine-prod.yml
	- jest.config.ts
	- jest.preset.js
	- .eslintrc.json
	- .prettierrc
	- package.json
	- package-lock.json
	- deploy/policy-engine.dockerfile
	- deploy/charts/policy-engine/**
	tags-ignore:
	- vault-v*
	- armory-v*
	- policy-engine-v*

	jobs:
	test:
	name: Test
	runs-on: ubuntu-latest

	services:
	postgres:
	image: postgres:14
	ports:
	- '5432:5432'
	env:
	POSTGRES_USER: postgres
	POSTGRES_PASSWORD: postgres
	options: >-
	--health-cmd pg_isready
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Add .npmrc
	if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
	run: echo "${{ secrets.NPMRC }}" > .npmrc

	- name: Install node.js
	uses: actions/setup-node@v4
	with:
	node-version: '21'
	cache: 'npm'

	- name: Install dependencies
	run: \|
	make install/ci

	- name: Download and install custom OPA
	run: \|
	curl -L -o opa https://openpolicyagent.org/downloads/v0.69.0/opa_linux_amd64_static
	chmod +x opa
	sudo mv opa /usr/local/bin/opa

	- name: Code format
	shell: bash
	run: \|
	make policy-engine/format/check
	make policy-engine/lint/check

	- name: Setup database and Prisma types
	shell: bash
	run: \|
	make policy-engine/copy-default-env
	make policy-engine/test/db/setup
	make policy-engine/db/generate-types

	- name: Test types
	shell: bash
	run: \|
	make policy-engine/test/type

	- name: Test unit
	shell: bash
	run: \|
	make policy-engine/test/unit

	- name: Test integration
	shell: bash
	run: \|
	make policy-engine/test/integration

	- name: Test E2E
	shell: bash
	run: \|
	make policy-engine/test/e2e

	- name: Send Slack notification on failure
	if: failure() && github.ref == 'refs/heads/main'
	uses: 8398a7/action-slack@v3
	with:
	username: GitHub
	author_name: '@app/policy-engine CI failed'
	status: ${{ job.status }}
	fields: message,commit,author
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

	opa-rego:
	name: Open Agent Policy CI

	runs-on: ubuntu-latest

	steps:
	- name: Check out repository code
	uses: actions/checkout@v4

	- name: Setup Regal
	uses: StyraInc/setup-regal@v1.0.0

	- name: Setup OPA
	uses: open-policy-agent/setup-opa@v2
	with:
	version: latest

	- name: Format
	run: make policy-engine/rego/format/check

	- name: Syntax
	run: make policy-engine/rego/syntax/check

	- name: Lint
	run: make policy-engine/rego/lint/check REGAL_FORMAT=github

	- name: Test
	run: make policy-engine/rego/test

	release:
	name: Release
	if: github.ref == 'refs/heads/main'
	runs-on: ubuntu-latest

	# Only run if the Test jobs succeed
	needs: [test, opa-rego]

	permissions:
	id-token: write
	contents: write

	steps:
	- uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ vars.ACTIONS_ECR_ROLE_ARN }} # Organization variable
	aws-region: ${{ vars.ACTIONS_ECR_REGION }} # Organization variable

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2

	- name: Get short SHA
	id: slug
	run: echo "sha7=${GITHUB_SHA::7}" >> $GITHUB_ENV

	- name: Add private .npmrc
	run: echo "${{ secrets.NPMRC }}" > .npmrc

	- name: Build, tag, and push docker image to Amazon ECR
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./deploy/policy-engine.dockerfile
	push: true
	tags: \|
	${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:${{ env.sha7 }}
	${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:latest
	cache-from: type=gha
	cache-to: type=gha,mode=max

	- name: Create GitHub App Token
	uses: actions/create-github-app-token@v1
	id: app-token
	with:
	app-id: ${{ vars.NARVAL_HELM_APP_ID }}
	private-key: ${{ secrets.NARVAL_HELM_PRIVATE_KEY }}
	repositories: 'armory,armory-platform'

	- name: Checkout Target Repository
	uses: actions/checkout@v4
	with:
	repository: narval-xyz/armory-platform
	ref: main
	path: platform
	token: ${{ steps.app-token.outputs.token }}
	persist-credentials: false

	- name: Update Image Version in the worker HelmChart values.yaml
	uses: fjogeleit/yaml-update-action@main
	with:
	valueFile: 'apps/charts/policy-engine/values.yaml'
	# propertyPath: 'image.tag'
	# value: ${{ env.sha7 }}
	message: 'Update policy-engine Image Version to ${{ env.sha7 }}'
	repository: narval-xyz/armory-platform
	branch: main
	token: ${{ steps.app-token.outputs.token }}
	workDir: platform
	changes: \|
	{
	"apps/charts/policy-engine/values.yaml": {
	"image.tag": "${{ env.sha7 }}"
	},
	"apps/charts/policy-engine/values-node-0.yaml": {
	"image.tag": "${{ env.sha7 }}"
	},
	"apps/charts/policy-engine/values-node-1.yaml": {
	"image.tag": "${{ env.sha7 }}"
	},
	"apps/charts/policy-engine/values-node-2.yaml": {
	"image.tag": "${{ env.sha7 }}"
	}
	}

	- name: Send Slack notification on failure
	if: failure() && github.ref == 'refs/heads/main'
	uses: 8398a7/action-slack@v3
	with:
	username: GitHub
	author_name: '@app/policy-engine CI release failed'
	status: ${{ job.status }}
	fields: message,commit,author
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

updated rego tests and test data #1475

Workflow file

updated rego tests and test data #1475

Jobs

Run details

Workflow file for this run