aavarghese/task-rego.yaml

## task-rego.yaml
---
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: da-rego-analysis
spec:
  params:
    - name: repository
      description: the git repo
    - name: policy-dir
      description: the directory where the rego policy files are located
      default: policydir
    - name: schema-dir
      description: the directory where the json schema files are located
      default: schemadir
    - name: directory-name
      description: directory name where the repository is cloned
    - name: pipeline-debug
      description: toggles debug mode for the pipeline
      default: "0"

  results:
    - name: status
      description: status of deployment analyzer task, possible value are- success|failure
    - name: evidence-store
      description: filepath to store deployment analyzer task evidence
    - name: rego-check-comment
      description: md file with detailed results of compliance check

  stepTemplate:
    env:
      - name: PIPELINE_RUN_ID
        valueFrom:
          fieldRef:
            fieldPath: metadata.annotations['devops.cloud.ibm.com/tekton-pipeline']
      - name: PIPELINE_DEBUG
        value: $(params.pipeline-debug)

  steps:
    - name: rego-analysis
      image: icr.io/gitsecure/gitsecure-rego:1.1.0
      env:
        - name: REPOSITORY
          value: $(params.repository)
      imagePullPolicy: Always
      workingDir: "/artifacts"
      command: ["/bin/sh", "-c"]
      args:
        - |
          #!/bin/sh
          if [ "$PIPELINE_DEBUG" = "1" ]; then
            pwd
            ls /artifacts/
            env
            trap env EXIT
            set -x +e
          fi

          POLICY_DIR_PATH="/artifacts/$(params.directory-name)/$(params.policy-dir)"
          SCHEMA_DIR_PATH="/artifacts/$(params.directory-name)/$(params.schema-dir)"
          result="failure"

          echo "Running OPA eval with schema"
          opa eval data -d $POLICY_DIR_PATH -s $SCHEMA_DIR_PATH --format pretty > da-rego-check-comment.md

          if [ $? -eq 0 ]; then export result="success"; fi

          if [[ $PIPELINE_DEBUG == 1 ]];
            then
              echo $result
              whoami
              ls -l /artifacts/
          fi

          echo "COMMENT_FP=./da-rego-check-comment.md" >> /steps/next-step-env.properties
          echo -n $result > "$(results.status.path)"

      volumeMounts:
        - mountPath: /steps
          name: steps-volume

  workspaces:
    - name: artifacts
      mountPath: /artifacts

  volumes:
    - name: steps-volume
      emptyDir: {}
    - name: docker-socket
      emptyDir: {}
	---
	apiVersion: tekton.dev/v1beta1
	kind: Task
	metadata:
	name: da-rego-analysis
	spec:
	params:
	- name: repository
	description: the git repo
	- name: policy-dir
	description: the directory where the rego policy files are located
	default: policydir
	- name: schema-dir
	description: the directory where the json schema files are located
	default: schemadir
	- name: directory-name
	description: directory name where the repository is cloned
	- name: pipeline-debug
	description: toggles debug mode for the pipeline
	default: "0"

	results:
	- name: status
	description: status of deployment analyzer task, possible value are- success\|failure
	- name: evidence-store
	description: filepath to store deployment analyzer task evidence
	- name: rego-check-comment
	description: md file with detailed results of compliance check

	stepTemplate:
	env:
	- name: PIPELINE_RUN_ID
	valueFrom:
	fieldRef:
	fieldPath: metadata.annotations['devops.cloud.ibm.com/tekton-pipeline']
	- name: PIPELINE_DEBUG
	value: $(params.pipeline-debug)

	steps:
	- name: rego-analysis
	image: icr.io/gitsecure/gitsecure-rego:1.1.0
	env:
	- name: REPOSITORY
	value: $(params.repository)
	imagePullPolicy: Always
	workingDir: "/artifacts"
	command: ["/bin/sh", "-c"]
	args:
	- \|
	#!/bin/sh
	if [ "$PIPELINE_DEBUG" = "1" ]; then
	pwd
	ls /artifacts/
	env
	trap env EXIT
	set -x +e
	fi

	POLICY_DIR_PATH="/artifacts/$(params.directory-name)/$(params.policy-dir)"
	SCHEMA_DIR_PATH="/artifacts/$(params.directory-name)/$(params.schema-dir)"
	result="failure"

	echo "Running OPA eval with schema"
	opa eval data -d $POLICY_DIR_PATH -s $SCHEMA_DIR_PATH --format pretty > da-rego-check-comment.md

	if [ $? -eq 0 ]; then export result="success"; fi

	if [[ $PIPELINE_DEBUG == 1 ]];
	then
	echo $result
	whoami
	ls -l /artifacts/
	fi

	echo "COMMENT_FP=./da-rego-check-comment.md" >> /steps/next-step-env.properties
	echo -n $result > "$(results.status.path)"

	volumeMounts:
	- mountPath: /steps
	name: steps-volume

	workspaces:
	- name: artifacts
	mountPath: /artifacts

	volumes:
	- name: steps-volume
	emptyDir: {}
	- name: docker-socket
	emptyDir: {}