From 88c2625dc0f9cb54267094a41bd457f5e40d740c Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Thu, 2 Jun 2022 14:09:06 +0200 Subject: [PATCH] Compile and check OPA policies in CI --- .github/workflows/check.yaml | 63 +++++++++++++++++++++++++++++++++--- crates/policy/Cargo.toml | 6 ++-- 2 files changed, 62 insertions(+), 7 deletions(-) diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml index f88efe3d..8b432ab4 100644 --- a/.github/workflows/check.yaml +++ b/.github/workflows/check.yaml @@ -61,6 +61,31 @@ jobs: command: fetch args: --locked + opa-lint: + name: Lint and test OPA policies + runs-on: ubuntu-latest + + permissions: + contents: read + + steps: + - name: Checkout the code + uses: actions/checkout@v3 + + - name: Setup OPA + uses: open-policy-agent/setup-opa@v1 + with: + version: 0.40.0 + + - name: Lint policies + run: | + cd crates/policy/policies + make lint + + - name: Run OPA tests + run: | + cd crates/policy/policies + make test rustfmt: name: Check style @@ -109,7 +134,7 @@ jobs: clippy: name: Run Clippy - needs: [fetch] + needs: [opa-lint, fetch] runs-on: ubuntu-latest permissions: @@ -129,6 +154,16 @@ jobs: profile: minimal override: true + - name: Setup OPA + uses: open-policy-agent/setup-opa@v1 + with: + version: 0.40.0 + + - name: Compile OPA policies + run: | + cd crates/policy/policies + make + - name: Setup Cargo cache uses: actions/cache@v3.0.3 with: @@ -154,7 +189,7 @@ jobs: test: name: Run test suite with Rust ${{ matrix.toolchain }} - needs: [rustfmt, clippy, fetch] + needs: [rustfmt, clippy, opa-lint, fetch] runs-on: ubuntu-latest permissions: @@ -184,6 +219,16 @@ jobs: profile: minimal override: true + - name: Setup OPA + uses: open-policy-agent/setup-opa@v1 + with: + version: 0.40.0 + + - name: Compile OPA policies + run: | + cd crates/policy/policies + make + - name: Setup Cargo cache uses: actions/cache@v3.0.3 with: @@ -209,7 +254,7 @@ jobs: coverage: name: Code coverage - needs: [rustfmt, clippy, fetch] + needs: [rustfmt, clippy, opa-lint, fetch] runs-on: ubuntu-latest permissions: @@ -228,6 +273,16 @@ jobs: override: true components: llvm-tools-preview + - name: Setup OPA + uses: open-policy-agent/setup-opa@v1 + with: + version: 0.40.0 + + - name: Compile OPA policies + run: | + cd crates/policy/policies + make + - name: Setup Cargo cache uses: actions/cache@v3.0.3 with: @@ -274,7 +329,7 @@ jobs: build-image: name: Build and push Docker image - needs: [rustfmt, clippy] + needs: [rustfmt, clippy, opa-lint] runs-on: ubuntu-latest env: IMAGE: ghcr.io/matrix-org/matrix-authentication-service diff --git a/crates/policy/Cargo.toml b/crates/policy/Cargo.toml index 968fd093..425f663c 100644 --- a/crates/policy/Cargo.toml +++ b/crates/policy/Cargo.toml @@ -6,10 +6,10 @@ edition = "2021" license = "Apache-2.0" [dependencies] -anyhow = "1.0.31" +anyhow = "1.0.57" opa-wasm = { git = "https://github.com/matrix-org/rust-opa-wasm.git" } -serde = { version = "1.0.31", features = ["derive"] } -serde_json = "1.0.31" +serde = { version = "1.0.137", features = ["derive"] } +serde_json = "1.0.81" thiserror = "1.0.31" tokio = { version = "1.18.2", features = ["io-util", "rt"] } tracing = "0.1.34"