ci: use OPA with custom built-in functions

Signed-off-by: Nikita Pivkin <[email protected]>
aquasecurity · Aug 21, 2024 · b92efd5 · b92efd5
1 parent 64cf65f
commit b92efd5
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 9 deletions.
diff --git a/.github/actions/setup-opa/action.yaml b/.github/actions/setup-opa/action.yaml
@@ -6,8 +6,5 @@ runs:
     - name: Setup OPA
       shell: bash
       run: |
-        curl --retry 3 -L -o opa_linux_amd64_static https://github.com/open-policy-agent/opa/releases/download/v0.65.0/opa_linux_amd64_static
-        curl -L -o checksum https://github.com/open-policy-agent/opa/releases/download/v0.65.0/opa_linux_amd64_static.sha256
-        sha256sum -c checksum
-        chmod 755 ./opa_linux_amd64_static
-        sudo mv ./opa_linux_amd64_static /usr/local/bin/opa
+        make build-opa
+        sudo mv ./opa /usr/local/bin/opa
diff --git a/.github/workflows/outdated-api-update.yaml b/.github/workflows/outdated-api-update.yaml
@@ -14,6 +14,11 @@ jobs:
         uses: actions/checkout@v4
         with:
           token: ${{ secrets.AUTO_COMMIT_TOKEN }}
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
       - name: Fetch outdated API data from trivy-db-data repo
         id: outdatedapi
         uses: fjogeleit/http-request-action@v1
@@ -25,8 +30,10 @@ jobs:
           OUTDATE_API_DATA: ${{ toJson(steps.outdatedapi.outputs.response) }}
         run: |
           make outdated-api-updated
+      
       - name: Setup OPA
         uses: ./.github/actions/setup-opa
+
       - name: OPA Format
         run: |
           opa fmt -w . | grep -v vendor || true

diff --git a/.github/workflows/test-rego.yaml b/.github/workflows/test-rego.yaml
@@ -11,6 +11,7 @@ on:
       - "**/*.md"
       - "LICENSE"
   merge_group:
+  workflow_dispatch:
 
 env:
   GO_VERSION: "1.22"
@@ -23,6 +24,10 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
       - name: Setup OPA
         uses: ./.github/actions/setup-opa
 
@@ -35,9 +40,5 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
       - name: Test Rego checks
         run: make test-rego
diff --git a/Makefile b/Makefile
@@ -47,3 +47,6 @@ verify-bundle:
 	cp bundle.tar.gz scripts/bundle.tar.gz
 	go run ./scripts/verify-bundle.go
 	rm scripts/bundle.tar.gz
+
+build-opa:
+	go build ./cmd/opa