-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathaction.yml
More file actions
124 lines (113 loc) · 5.59 KB
/
action.yml
File metadata and controls
124 lines (113 loc) · 5.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: "OPA Rego Test and Coverage Report"
description: "Run OPA tests and generate coverage report for PRs. Test your OPA Rego policies!"
author: Masterpoint
branding:
icon: "zap"
color: "blue"
inputs:
path:
description: "Path to the directory containing OPA Rego files to test."
required: true
test_mode:
description: Whether to test the Rego by an entire directory (including entire package, e.g. `opa test ./`) or by individual files (e.g. `opa test a_test.rego a.rego`). Options of `directory` or `file`. Default is `directory`.
required: false
default: directory
test_file_postfix:
description: 'The postfix to use for test files, only applicable for testing file by file. E.g. notification.rego <> notification_test.rego. Default is "_test".'
required: false
default: "_test"
write_pr_comment:
description: "Flag to write an user friendly PR comment of the test results. Default of true."
required: false
default: "true"
pr_comment_title:
description: "Title of the PR comment of the test results."
required: false
default: "🧪 OPA Rego Policy Test Results"
pr_comment_mode:
description: Mode that will be used to update comment. Options of upsert (update in place) or recreate.
default: "upsert"
run_coverage_report:
description: "Flag to run OPA coverage tests and write to the PR. The `write_pr_comment` must be enabled for the coverage report to be written. Default of true."
required: false
default: "true"
report_untested_files:
description: "Check & report in the PR comments of the Rego files that do not have any corresponding test files. For best conventions, append the postfix `_test` (or what you set as the `test_file_postfix` input) for your test file. E.g. `notification.rego` <> `notification_test.rego`"
required: false
default: "false"
opa_version:
description: "Version of OPA CLI to use. Default is 1.4.2, latest as of 2025-05-15."
required: false
default: "1.4.2"
opa_static:
description: "Whether to use the static binary. Default is false."
required: false
default: "false"
v1_compatible_check:
description: Flag to run OPA v1 compatibility check (`opa check --v1-compatible`) on all Rego files in the path. Fails the action if any files are not Rego v1 compatible. Default of true.
required: false
default: "true"
indicate_source_message:
description: Flag to comment the origins (this repository) of the GitHub Action in the PR comment. Default of true.
required: false
default: "true"
outputs:
parsed_results:
description: The parsed results after processing the tests and/or coverage report.
value: ${{ steps.parse-results.outputs.parsed_results }}
tests_failed:
description: A `true` or `false` flag indicating if any of the tests failed or not.
value: ${{ steps.parse-results.outputs.tests_failed }}
runs:
using: "composite"
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@950f159a49aa91f9323f36f1de81c7f6b5de9576 # v2.3.0
with:
version: ${{ inputs.opa_version }}
static: ${{ inputs.opa_static }}
- name: Find Rego files without tests
if: inputs.report_untested_files == 'true'
id: find-no-test
shell: bash
run: |
main_dir="${{ inputs.path }}"
echo "Searching for untested Rego files in: $main_dir"
no_test_files=$(find "$main_dir" -type f -name "*.rego" ! -name "*${{ inputs.test_file_postfix }}.rego" | while read file; do
base_name=$(basename "$file" .rego)
# Search for a corresponding test file anywhere in the project
test_file=$(find "$main_dir" -type f -name "${base_name}${{ inputs.test_file_postfix }}.rego")
if [ -z "$test_file" ]; then
echo "$file"
fi
done)
echo "no_test_files<<EOF" >> $GITHUB_OUTPUT
echo "$no_test_files" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
echo "Search complete, found the following Rego files without tests: $no_test_files"
# Parse and format the test results which will be consumed by the following step to comment on the PR.
- name: "Execute and Parse Results from Tests"
id: parse-results
run: node ${{ github.action_path }}/dist/index.js
shell: bash
env:
test_mode: ${{ inputs.test_mode }}
report_untested_files: ${{ inputs.report_untested_files }}
no_test_files: ${{ steps.find-no-test.outputs.no_test_files }}
pr_comment_title: ${{ inputs.pr_comment_title }}
run_coverage_report: ${{ inputs.run_coverage_report }}
v1_compatible_check: ${{ inputs.v1_compatible_check }}
indicate_source_message: ${{ inputs.indicate_source_message }}
path: ${{ inputs.path }}
test_file_postfix: ${{ inputs.test_file_postfix }}
# Create (or update in-place) a PR comment of the test result output
- name: Comment on PR
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
# If `write_pr_comment` enabled, regardless of if test is success or fail, write the results of the failure.
# Even if input is bool, it has to be treated as string bc of GH's behavior (https://github.com/actions/runner/issues/1483)
if: inputs.write_pr_comment == 'true' && (success() || failure())
with:
message: |
${{ steps.parse-results.outputs.parsed_results }}
comment-tag: opa-test-results-${{ github.action }} # using the action name as the tag as it is unique, and in case multiple executions of the action are in the same PR
mode: ${{ inputs.pr_comment_mode }}