feat: policies#1
Conversation
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
There was a problem hiding this comment.
Pull request overview
This PR introduces a new OPA-based compliance policy (cloud_custodian_resources_detected) for use with the Cloud Custodian plugin, along with its test suite, a Makefile for local development, a .gitignore, and GitHub Actions workflows for CI testing, building bundles, and releasing to GitHub Container Registry.
Changes:
- New Rego policy and tests: detects Cloud Custodian violations based on matched resources or execution errors, with dynamic
titleanddescriptionfields. - New Makefile: provides
help,test,validate,clean, andbuildtargets for local development. - New GitHub Actions CI/CD:
push.yaml(runs tests on PRs/pushes),test.yml(reusable test workflow),release.yml(triggers build on tag push),build-and-upload.yml(builds and uploads OPA bundle to GHCR).
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
policies/cloud_custodian_resources_detected.rego |
New policy that flags violations when Cloud Custodian finds resources or encounters execution errors |
policies/cloud_custodian_resources_detected_test.rego |
Unit tests for the new policy covering all violation branches and the title/description rules |
Makefile |
Local development helpers for testing, validating, and building OPA policy bundles |
.gitignore |
Ignores IDE files, data, dist artifacts, and testdata directories |
.github/workflows/test.yml |
Reusable workflow that runs opa test and opa check |
.github/workflows/push.yaml |
Triggers test workflow on PRs and branch pushes |
.github/workflows/release.yml |
Triggers build-and-upload workflow on any tag push |
.github/workflows/build-and-upload.yml |
Builds OPA bundle and uploads to GitHub Releases and GHCR |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 8 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 8 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Gustavo Carvalho <gustavo.carvalho@container-solutions.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 8 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
No description provided.