Added go//konstraint and raw option (#25)

Author: garethahealy

.github/workflows/confbatstest.yaml

@@ -17,7 +17,22 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Conftest
+      - name: confbatstest - tests
         uses: ./confbatstest
         with:
-          tests: confbatstest/_test/conftest.sh
+          tests: confbatstest/_test/conftest.sh
+
+      - name: confbatstest - raw
+        uses: ./confbatstest
+        with:
+          raw: konstraint doc -o POLICIES.md
+
+      - name: Check POLICIES.md file exists
+        run: |
+          FILE="POLICIES.md"
+          if [ -f "$FILE" ]; then
+            echo "$FILE exists."
+          else
+            echo "$FILE does not exist."
+            exit 1
+          fi

confbatstest/Dockerfile

@@ -1,6 +1,6 @@
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.2
 
-LABEL version="1.2.1"
+LABEL version="1.3.0"
 LABEL repository="http://github.com/redhat-cop/github-actions"
 LABEL homepage="http://github.com/redhat-cop/github-actions/confbatstest"
 LABEL maintainer="Red Hat CoP"
@@ -48,6 +48,16 @@ RUN export OC_VERSION=4.4 && \
     ln -s /tmp/oc /usr/local/bin/oc && \
     oc version
 
+RUN export GO_VERSION=1.14 && \
+    wget --no-verbose https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz && \
+    tar -C /tmp -xzf go${GO_VERSION}.linux-amd64.tar.gz && \
+    ln -s /tmp/go/bin/go /usr/local/bin/go && \
+    go version
+
+RUN GO111MODULE=on go get github.com/plexsystems/konstraint && \
+    ln -s ~/go/bin/konstraint /usr/local/bin/konstraint && \
+    konstraint --help
+
 RUN pip3 install yq && \
     yq --version
 

confbatstest/README.md

@@ -10,11 +10,19 @@ It also contains several tools which are used for JSON and YAML manipulation:
 - oc
 
 ## Usage
-
+Execute a BATS file which contains conftest tests.
 ```yaml
     - name: Conftest
       uses: redhat-cop/github-actions/confbatstest@master
       with:
         tests: _test/conftest.sh
         policies: '[{"name": "redhat-cop", "url":"github.com/redhat-cop/rego-policies.git//policy"},{"name": "deprek8ion", "url":"github.com/swade1987/deprek8ion.git//policies"}]'
+```
+
+Execute a command, such as konstraint to generate rego policy documentation.
+```yaml
+    - name: Conftest
+      uses: redhat-cop/github-actions/confbatstest@master
+      with:
+        raw: konstraint doc -o POLICIES.md
 ```

confbatstest/action.yml

@@ -10,13 +10,17 @@ inputs:
     default: "_test/conftest.sh"
     required: false
   policies:
-    description: "JSON array of policies to pull via conftest pull. See: https://github.com/open-policy-agent/conftest/blob/master/docs/sharing.md"
+    description: "JSON array of policies to pull via conftest. See: https://github.com/open-policy-agent/conftest/blob/master/docs/sharing.md"
     default: '[{"name": "redhat-cop", "url":"github.com/redhat-cop/rego-policies.git//policy"},{"name": "deprek8ion", "url":"github.com/swade1987/deprek8ion.git//policies"}]'
     required: false
+  raw:
+    description: "Execute a single command, i.e.: konstraint doc -o POLICIES.md"
+    required: false
 
 runs:
   using: 'docker'
   image: 'Dockerfile'
   args:
     - ${{ inputs.tests }}
-    - ${{ inputs.policies }}
+    - ${{ inputs.policies }}
+    - ${{ inputs.raw }}

confbatstest/entrypoint.sh

@@ -31,11 +31,8 @@ exec_bats() {
 
     conftest pull "${url}" --policy "${name}"
 
-    # shellcheck disable=SC2038
-    for file in $(find "${name}"/* -name "*.rego" -type f | xargs) ; do
-      cp "${file}" "policy/${file////_}"
-    done
-
+    # Move pulled policies into main policy dir
+    mv "${name}"/* policy/
     rm -rf "${name}"
   done
 
@@ -49,4 +46,16 @@ exec_bats() {
   exec bats "${TESTS}"
 }
 
-exec_bats "${1}" "${2}"
+exec_raw() {
+  local COMMAND="${1}"
+
+  echo "Executing: ${COMMAND}"
+  
+  eval "${COMMAND}"
+}
+
+if [[ -z "${3}" ]]; then
+  exec_bats "${1}" "${2}"
+else
+  exec_raw "${3}"
+fi