feat: customizable conftest check and allow to skip (#173)

cds-snc · Mar 21, 2023 · afeda91 · afeda91
1 parent bb02b86
commit afeda91
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 19 deletions.
diff --git a/action.yaml b/action.yaml
@@ -14,35 +14,43 @@ inputs:
   comment-delete:
     description: 'Delete previous comments made by the bot on the PR'
     required: false
-    default: 'false'    
+    default: 'false'
   comment-title:
     description: 'The title to give the PR comment'
     required: false
-    default: 'Plan changes'    
+    default: 'Plan changes'
   directory:
     description: 'Directory with the *.tf files to validate'
     required: false
-    default: '.'    
+    default: '.'
   github-token:
     description: 'GitHub Token used to add comment to PR'
     required: false
     default: 'false'
   terraform-init:
     description: 'Custom Terraform init args'
     required: false
-    default: ''     
+    default: ''
   terragrunt:
     description: 'Use Terragrunt instead of Terraform'
     required: false
-    default: 'false'  
+    default: 'false'
   skip-plan:
-    description: 'Skip the planning step, used for repos that do not specifically have a remove backend'
+    description: 'Skip the planning step, used for repos that do not specifically have a remote backend'
     required: false
     default: 'false'
+  skip-conftest:
+    description: 'Skip the conftest step'
+    required: false
+    default: 'false'
+  conftest-checks:
+    description: 'Location of custom conftest check definitions, e.g. `git::https://github.com/user/repository.git`, `./conftest-checks`'
+    required: false
+    default: 'git::https://github.com/cds-snc/opa_checks.git//aws_terraform'
 runs:
   using: 'node16'
   main: 'dist/index.js'
 
 branding:
-  icon: 'layers'  
-  color: 'purple'  
+  icon: 'layers'
+  color: 'purple'
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/action.js b/src/action.js
@@ -24,12 +24,14 @@ const action = async () => {
   const isCommentDelete = core.getBooleanInput("comment-delete");
   const isTerragrunt = core.getBooleanInput("terragrunt");
   const skipPlan = core.getBooleanInput("skip-plan");
+  const skipConftest = core.getBooleanInput("skip-conftest");
 
   const binary = isTerragrunt ? "terragrunt" : "terraform";
   const summarizeBinary = "tf-summarize";
   const commentTitle = core.getInput("comment-title");
   const directory = core.getInput("directory");
   const terraformInit = core.getMultilineInput("terraform-init");
+  const conftestChecks = core.getInput("conftest-checks");
   const token = core.getInput("github-token");
   const octokit = token !== "false" ? github.getOctokit(token) : undefined;
 
@@ -75,7 +77,7 @@ const action = async () => {
     {
       key: "conftest",
       depends: "show-json-out",
-      exec: "conftest test plan.json --no-color --update git::https://github.com/cds-snc/opa_checks.git//aws_terraform",
+      exec: "conftest test plan.json --no-color --update ${conftestChecks}",
       output: true,
     },
   ];
@@ -107,6 +109,8 @@ const action = async () => {
           results[command.key] = { isSuccess: true, output: "" };
           continue;
       }
+    } else if (command.key === "conftest" && skipConftest) {
+      results[command.key] = { isSuccess: true, output: "" };
     }
 
     if (!command.depends || results[command.depends].isSuccess) {
@@ -150,7 +154,8 @@ const action = async () => {
       changes,
       planLimit,
       conftestLimit,
-      skipPlan
+      skipPlan,
+      skipConftest
     );
   }
 

diff --git a/src/github.js b/src/github.js
@@ -7,8 +7,9 @@ const commentTemplate = `## {{ title }}
 **{{ "✅" if results.fmt.isSuccess else "❌" }} &nbsp; Terraform Format:** \`{{ "success" if results.fmt.isSuccess else "failed" }}\`
 {% if not skipPlan -%}
 **{{ "✅" if results.plan.isSuccess else "❌" }} &nbsp; Terraform Plan:** \`{{ "success" if results.plan.isSuccess else "failed" }}\`
+{% if not skipConftest -%}
 **{{ "✅" if results.conftest.isSuccess else "❌" }} &nbsp; Conftest:** \`{{ "success" if results.conftest.isSuccess else "failed" }}\` 
-
+{% endif -%}
 {% endif -%}
 {% if not results.init.isSuccess -%}
 
@@ -104,7 +105,8 @@ const addComment = async (
   changes,
   planLimit,
   conftestLimit,
-  skipPlan
+  skipPlan,
+  skipConftest
 ) => {
   const format = cleanFormatOutput(results.fmt.output);
   const plan = skipPlan ? "" : removePlanRefresh(results.plan.output);
@@ -117,6 +119,7 @@ const addComment = async (
     planLimit: planLimit,
     conftestLimit: conftestLimit,
     skipPlan: skipPlan,
+    skipConftest: skipConftest,
     runLink: `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`,
   });
   await octokit.rest.issues.createComment({

diff --git a/src/policy/policy.js b/src/policy/policy.js
diff --git a/src/policy/policy.wasm b/src/policy/policy.wasm