matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Compile and check OPA policies in CI

Browse Source
This commit is contained in:
Quentin Gliech
2022-06-02 14:09:06 +02:00
parent 071055ad18
commit 88c2625dc0
2 changed files with 62 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
.github/workflows/check.yaml vendored
View File

@ -61,6 +61,31 @@ jobs:
command: fetch command: fetch
args: --locked args: --locked
opa-lint:
name: Lint and test OPA policies
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.40.0
- name: Lint policies
run: |
cd crates/policy/policies
make lint
- name: Run OPA tests
run: |
cd crates/policy/policies
make test
rustfmt: rustfmt:
name: Check style name: Check style
@ -109,7 +134,7 @@ jobs:
clippy: clippy:
name: Run Clippy name: Run Clippy
needs: [fetch] needs: [opa-lint, fetch]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@ -129,6 +154,16 @@ jobs:
profile: minimal profile: minimal
override: true override: true
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.40.0
- name: Compile OPA policies
run: |
cd crates/policy/policies
make
- name: Setup Cargo cache - name: Setup Cargo cache
uses: actions/cache@v3.0.3 uses: actions/cache@v3.0.3
with: with:
@ -154,7 +189,7 @@ jobs:
test: test:
name: Run test suite with Rust ${{ matrix.toolchain }} name: Run test suite with Rust ${{ matrix.toolchain }}
needs: [rustfmt, clippy, fetch] needs: [rustfmt, clippy, opa-lint, fetch]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@ -184,6 +219,16 @@ jobs:
profile: minimal profile: minimal
override: true override: true
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.40.0
- name: Compile OPA policies
run: |
cd crates/policy/policies
make
- name: Setup Cargo cache - name: Setup Cargo cache
uses: actions/cache@v3.0.3 uses: actions/cache@v3.0.3
with: with:
@ -209,7 +254,7 @@ jobs:
coverage: coverage:
name: Code coverage name: Code coverage
needs: [rustfmt, clippy, fetch] needs: [rustfmt, clippy, opa-lint, fetch]
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
@ -228,6 +273,16 @@ jobs:
override: true override: true
components: llvm-tools-preview components: llvm-tools-preview
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.40.0
- name: Compile OPA policies
run: |
cd crates/policy/policies
make
- name: Setup Cargo cache - name: Setup Cargo cache
uses: actions/cache@v3.0.3 uses: actions/cache@v3.0.3
with: with:
@ -274,7 +329,7 @@ jobs:
build-image: build-image:
name: Build and push Docker image name: Build and push Docker image
needs: [rustfmt, clippy] needs: [rustfmt, clippy, opa-lint]
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
IMAGE: ghcr.io/matrix-org/matrix-authentication-service IMAGE: ghcr.io/matrix-org/matrix-authentication-service

6
crates/policy/Cargo.toml
View File

@ -6,10 +6,10 @@ edition = "2021"
license = "Apache-2.0" license = "Apache-2.0"
[dependencies] [dependencies]
anyhow = "1.0.31" anyhow = "1.0.57"
opa-wasm = { git = "https://github.com/matrix-org/rust-opa-wasm.git" } opa-wasm = { git = "https://github.com/matrix-org/rust-opa-wasm.git" }
serde = { version = "1.0.31", features = ["derive"] } serde = { version = "1.0.137", features = ["derive"] }
serde_json = "1.0.31" serde_json = "1.0.81"
thiserror = "1.0.31" thiserror = "1.0.31"
tokio = { version = "1.18.2", features = ["io-util", "rt"] } tokio = { version = "1.18.2", features = ["io-util", "rt"] }
tracing = "0.1.34" tracing = "0.1.34"