Skip to content

Commit

Permalink
Merge branch 'open-policy-agent:main' into main-chime
Browse files Browse the repository at this point in the history
  • Loading branch information
@marshalll-obo
marshalll-obo authored May 11, 2023
2 parents 0d7627f + 3c0b10d commit 1ee3552
Show file tree
Hide file tree
Showing 5,036 changed files with 458,151 additions and 116,672 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
5 changes: 5 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
blank_issues_enabled: false
contact_links:
- name: ❓ Ask a question
url: https://github.com/open-policy-agent/feedback/discussions
about: Community Support Forum
8 changes: 4 additions & 4 deletions .github/ISSUE_TEMPLATE/feature_request.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ assignees: ''
<!-- Thanks for opening an issue to request a feature or file a bug!
If you provide some basic information, it helps us address problems faster. -->

## What part of OPA would you like to see improved?
## What is the underlying problem you're trying to solve?
<!--
Is there something challenging or frustrating about OPA that you are trying to improve?
Do you want OPA to integrate with another project or tool?
Why would this improvement make your experience with OPA better?
By making this change, what are you hoping to improve or fix?
Why would this change make the OPA experience better?
Are there any current solutions that are inefficient or frustrating?
-->

## Describe the ideal solution
Expand Down
24 changes: 24 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,27 @@ For more information on contributing to OPA see:
for high-level contributing guidelines and development setup.
-->

### Why the changes in this PR are needed?

<!--
Include a short description of WHY the changes were made.
-->

### What are the changes in this PR?

<!--
Include a short description of WHAT changes were made.
-->

### Notes to assist PR review:

<!--
Here you can add information you think will help the reviewer(s).
-->

### Further comments:

<!--
Here you can include links to additional resources related to the changes, discuss your solution, other approaches you considered etc.
-->
10 changes: 5 additions & 5 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,20 +30,20 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3

- id: go_version
name: Read go version
run: echo "::set-output name=go_version::$(cat .go-version)"
run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT

- name: Install Go (${{ steps.go_version.outputs.go_version }})
uses: actions/setup-go@v2
uses: actions/setup-go@v4
with:
go-version: ${{ steps.go_version.outputs.go_version }}

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -59,4 +59,4 @@ jobs:
make build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
136 changes: 103 additions & 33 deletions .github/workflows/nightly.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ on:
jobs:
race-detector:
name: Go Race Detector
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Test with Race Detector
run: CGO_ENABLED=1 make ci-go-race-detector
Expand All @@ -27,28 +27,22 @@ jobs:

native-fuzzer:
name: Go Fuzzer (native)
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v3

- id: go_version
name: Read go version
run: echo "::set-output name=go_version::$(cat .go-version)"
run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT

- name: Install Go (${{ steps.go_version.outputs.go_version }})
uses: actions/setup-go@v2
uses: actions/setup-go@v4
with:
go-version: ${{ steps.go_version.outputs.go_version }}

- name: Install gotip
run: |
go install golang.org/dl/gotip@latest
gotip download
gotip version
- name: gotip test -fuzz
run: gotip test ./ast -fuzz FuzzParseStatementsAndCompileModules -fuzztime 1h -v -run '^$'
- name: go test -fuzz
run: go test ./ast -fuzz FuzzParseStatementsAndCompileModules -fuzztime 1h -v -run '^$'

- name: Dump crashers
if: ${{ failure() }}
Expand All @@ -63,26 +57,18 @@ jobs:
status: ${{ job.status }}
fields: repo,workflow

fuzzer:
name: Go Fuzzer
runs-on: ubuntu-latest
go-perf:
name: Go Perf
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v2

- name: Run go-fuzz
run: make ci-go-check-fuzz
uses: actions/checkout@v3

- name: Dump crashers
if: ${{ failure() }}
run: find build/fuzzer/workdir/crashers -name '*.quoted' -print -exec cat {} \;

- name: Upload Workdir
if: ${{ failure() }}
uses: actions/upload-artifact@v2
with:
name: workdir
path: ./build/fuzzer/workdir
- name: Benchmark Test Golang
run: make ci-go-perf
timeout-minutes: 30
env:
DOCKER_RUNNING: 0

- name: Slack Notification
uses: 8398a7/action-slack@v3
Expand All @@ -95,10 +81,10 @@ jobs:

go-proxy-check:
name: Go mod check
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Vendor without proxy
run: make check-go-module
Expand All @@ -112,3 +98,87 @@ jobs:
with:
status: ${{ job.status }}
fields: repo,workflow

trivy-scan-image:
name: Trivy security scan image
runs-on: ubuntu-22.04
steps:
- name: Checkout code # needed for .trivyignore file
uses: actions/checkout@v3

- run: "docker pull openpolicyagent/opa:edge-static"

# Equivalent to:
# $ trivy image openpolicyagent/opa:edge-static
- name: Run Trivy scan on image
uses: aquasecurity/[email protected]
with:
image-ref: 'openpolicyagent/opa:edge-static'
format: table
exit-code: '1'
ignore-unfixed: true
vuln-type: os,library
severity: CRITICAL,HIGH

- name: Slack Notification
uses: 8398a7/action-slack@v3
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFICATION_WEBHOOK }}
if: ${{ failure() && env.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
fields: repo,workflow

trivy-scan-repo:
name: Trivy security scan repo
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v3

# Equivalent to:
# $ trivy fs .
- name: Run Trivy scan on repo
uses: aquasecurity/[email protected]
with:
scan-type: fs
format: table
exit-code: '1'
ignore-unfixed: true
skip-dirs: vendor/,internal/gqlparser/validator/imported/
severity: CRITICAL,HIGH

- name: Slack Notification
uses: 8398a7/action-slack@v3
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFICATION_WEBHOOK }}
if: ${{ failure() && env.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
fields: repo,workflow

govulncheck:
name: Go vulnerability check
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- id: go_version
name: Read go version
run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT

- name: Install Go (${{ steps.go_version.outputs.go_version }})
uses: actions/setup-go@v4
with:
go-version: ${{ steps.go_version.outputs.go_version }}

- run: go install golang.org/x/vuln/cmd/govulncheck@latest
- run: govulncheck ./...

- name: Slack Notification
uses: 8398a7/action-slack@v3
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFICATION_WEBHOOK }}
if: ${{ failure() && env.SLACK_WEBHOOK_URL }}
with:
status: ${{ job.status }}
fields: repo,workflow
Loading

0 comments on commit 1ee3552

Please sign in to comment.