-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(actions): add validation and drift-detection actions
- Loading branch information
Showing
4 changed files
with
153 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| name: Check for .policy.yml drift | ||
|
|
||
| on: | ||
| pull_request: | ||
| types: | ||
| - edited | ||
| - opened | ||
| - ready_for_review | ||
| - synchronize | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| jobs: | ||
| drift: | ||
| name: Check for drift | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check repository out | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
|
|
||
| - name: Check for drift | ||
| uses: ./actions/check-for-drift | ||
| with: | ||
| input_file: .policy.yml | ||
| merge_with: policy.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| name: Check for Drift | ||
| description: Checks if the generated output is different from the input file | ||
|
|
||
| inputs: | ||
| input_file: | ||
| description: The input file to compare | ||
| required: true | ||
|
|
||
| merge_with: | ||
| description: The file to merge with the input file | ||
| required: false | ||
|
|
||
| runs: | ||
| using: composite | ||
|
|
||
| steps: | ||
| - name: Check repository out | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| env: | ||
| action_repo: ${{ github.action_repository }} | ||
| action_ref: ${{ github.action_ref }} | ||
| with: | ||
| path: ${{ github.workspace }}/action-checkout | ||
| repository: ${{ env.action_repo }} | ||
| ref: ${{ env.action_ref }} | ||
|
|
||
| - name: Set up Go | ||
| uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 | ||
| with: | ||
| go-version-file: ${{ github.workspace }}/action-checkout/go.mod | ||
|
|
||
| - name: Build the program | ||
| shell: sh | ||
| run: | | ||
| cd "${{ github.workspace }}/action-checkout" | ||
| DESTDIR="$(go env GOPATH)/bin" | ||
| mkdir -p "${DESTDIR}" | ||
| go build \ | ||
| -o "${DESTDIR}/generate-policy-bot-config" \ | ||
| github.com/grafana/generate-policy-bot-config/cmd/generate-policy-bot-config | ||
| - name: Generate new config | ||
| id: new | ||
| shell: sh | ||
| run: | | ||
| echo "config<<EOC" > "${GITHUB_OUTPUT}" | ||
| generate-policy-bot-config \ | ||
| --output - \ | ||
| --merge-with ${{ inputs.merge_with }} \ | ||
| . \ | ||
| | tee -a "${GITHUB_OUTPUT}" | ||
| echo "EOC" >> "${GITHUB_OUTPUT}" | ||
| - name: Check for drift | ||
| shell: bash | ||
| run: | | ||
| IFS='' read -r -d '' NEW_CONFIG <<'EOC' || true | ||
| ${{ steps.new.outputs.config }} | ||
| EOC | ||
| if ! diff -u ${{ inputs.input_file }} - <<< "${NEW_CONFIG}"; then | ||
| echo "Drift detected: ${{ inputs.input_file }} is out-of-date. Regenerate it and commit the result." | ||
| exit 1 | ||
| fi | ||
| echo "No drift detected: ${{ inputs.input_file }} is up-to-date." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # validate-policy-bot-config | ||
|
|
||
| Validates the `.policy.yml` configuration file for [Policy Bot][policy-bot]. See | ||
| [the documentation][policy-bot-docs] for more information on creating rules. | ||
|
|
||
| [policy-bot]: https://github.com/palantir/policy-bot | ||
| [policy-bot-docs]: https://github.com/palantir/policy-bot?tab=readme-ov-file#configuration | ||
|
|
||
| ## Inputs | ||
|
|
||
| - `policy`: The path to the `.policy.yml` file to validate. Default: `.policy.yml`. | ||
| - `validation_endpoint` (required): The endpoint to validate the configuration | ||
| against. | ||
|
|
||
| Example workflow: | ||
|
|
||
| ```yaml | ||
| name: validate-policy-bot | ||
| on: | ||
| pull_request: | ||
| paths: | ||
| - .policy.yml | ||
| push: | ||
| paths: | ||
| - .policy.yml | ||
|
|
||
| jobs: | ||
| validate-policy-bot: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Validate Policy Bot configuration | ||
| uses: grafana/generate-policy-bot-config/actions/validate@main | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| name: Validate Policy Bot Config | ||
| description: Validates the Policy Bot configuration file. | ||
|
|
||
| inputs: | ||
| policy: | ||
| description: | | ||
| Path to the Policy Bot configuration file. | ||
| default: .policy.yml | ||
|
|
||
| validation_endpoint: | ||
| description: | | ||
| Validation API endpoint. | ||
| required: true | ||
|
|
||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: Validate Policy Bot config | ||
| shell: bash | ||
| run: | | ||
| curl \ | ||
| --silent \ | ||
| --fail-with-body \ | ||
| --request PUT \ | ||
| --upload-file "${{ inputs.policy }}" \ | ||
| "${{ inputs.validation_endpoint }}" |