Skip to content

OpsVerseIO/opa-policy-check

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Repository files navigation

Open Policy Agent (OPA) Policy Check Action

GitHub Super-Linter CI Check dist/ CodeQL Coverage

A GitHub action that validates the policy using OPA.

Usage

Example workflow

This example checks policy using Open Policy Agent (OPA).

name: Policy validation using OPA
on: [ push, pull_request ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@latest
      - name: Check policy using Open Policy Agent (OPA)
        uses: opsverse/[email protected]
        with:
          opaServerUrl: "https://opa.example.com"
          opaServerAuthToken: ${{ secrets.OPA_SERVER_AUTH_TOKEN }}
          opaServerInput: '{"input": null}'
          opaServerPackageName: "example/include" # Package name to be given using `/` as the delimiter instead of `.`. For instance package `example.include` should be given as `example/include`
          skipTlsValidation: true # Skip TLS validation. Get the data from OPA by ignoring the certificate.

NOTE: Following is a simple policy in the OPA server.

include.rego:

package example.include
    allow := false

Inputs

Input Description
opaServerUrl Open Policy Agent (OPA) Server address (with protocol)
opaServerAuthToken Open Policy Agent (OPA) Auth token
opaServerInput Open Policy Agent (OPA) input
opaServerPackageName Open Policy Agent (OPA) package name from which the server should fetch the policy
skipTlsValidation Skip TLS validation. Get the data from OPA by ignoring the certificate (default = false)

Examples

Check policy using Open Policy Agent (OPA)

You can check the policy using Open Policy Agent (OPA).

name: Policy validation using OPA
on: [ push, pull_request ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@latest
      - name: Check policy using Open Policy Agent (OPA)
        uses: opsverse/[email protected]
        with:
          opaServerUrl: "https://opa.example.com"
          opaServerAuthToken: ${{ secrets.OPA_SERVER_AUTH_TOKEN }}
          opaServerInput: '{"input": null}'
          opaServerPackageName: "example/include" # Package name to be given using `/` as the delimiter instead of `.`. For instance package `example.include` should be given as `example/include`
          skipTlsValidation: true # Skip TLS validation. Get the data from OPA by ignoring the certificate.

NOTE: Following is a simple policy in the OPA server.

include.rego:

package example.include
    allow := false

About

A GitHub action that validates the policy using OPA.

opsverse.io

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

0.3.0 Latest
Feb 15, 2024
+ 2 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages