Last active
June 18, 2019 17:17
-
-
Save lucperkins/99a7c9cee45ebf447b9ba1564e0d4cdb to your computer and use it in GitHub Desktop.
Open Policy Agent CI example (GitHub Actions workflow)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| workflow "OPA evaluation" { | |
| on = "push" | |
| resolves = ["install"] | |
| } | |
| # Determines whether the policy has been violated | |
| action "evaluate" { | |
| uses = "docker://openpolicyagent/opa:0.11.0" | |
| args = [ | |
| "eval", | |
| "--fail-defined", "data.ci.violations[pkg]", | |
| "--input", "package.json", | |
| "--data", "ci.rego", | |
| "--format", "pretty" | |
| ] | |
| } | |
| # Installs the dependencies in package.json | |
| # iff the evaluate action succeeds | |
| action "install" { | |
| uses = "nuxt/actions-yarn@master" | |
| args = "install" | |
| needs = "evaluate" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment