From 5f01375cdd4626bd076794e7152328b96d9c9a07 Mon Sep 17 00:00:00 2001
From: Dan Yishai <danyi1212@users.noreply.github.com>
Date: Mon, 22 Jul 2024 19:27:17 +0300
Subject: [PATCH] Fixed OPAL Cedar Client build CI

---
 .github/workflows/on_release.yml | 54 +++++++++++++++++++-------------
 cedar-agent                      |  2 +-
 docker/Dockerfile                |  8 ++---
 3 files changed, 38 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/on_release.yml b/.github/workflows/on_release.yml
index 736a64f0..e616e11d 100644
--- a/.github/workflows/on_release.yml
+++ b/.github/workflows/on_release.yml
@@ -109,13 +109,12 @@ jobs:
       # pushes the *same* docker images that were previously tested as part of e2e sanity test.
       # each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well.
       - name: Build & Push client
-        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
         id: build_push_client
         uses: docker/build-push-action@v4
         with:
           file: docker/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: true
+          push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
           target: client
           cache-from: type=registry,ref=permitio/opal-client:latest
           cache-to: type=inline
@@ -123,29 +122,13 @@ jobs:
             permitio/opal-client:latest
             permitio/opal-client:${{ env.opal_version_tag }}
 
-#      - name: Build & Push client cedar
-#        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
-#        id: build_push_client_cedar
-#        uses: docker/build-push-action@v4
-#        with:
-#          file: docker/Dockerfile
-#          platforms: linux/amd64,linux/arm64
-#          push: true
-#          target: client-cedar
-#          cache-from: type=registry,ref=permitio/opal-client-cedar:latest
-#          cache-to: type=inline
-#          tags: |
-#            permitio/opal-client-cedar:latest
-#            permitio/opal-client-cedar:${{ env.opal_version_tag }}
-
       - name: Build client-standalone
-        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
         id: build_push_client_standalone
         uses: docker/build-push-action@v4
         with:
           file: docker/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: true
+          push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
           target: client-standalone
           cache-from: type=registry,ref=permitio/opal-client-standalone:latest
           cache-to: type=inline
@@ -154,16 +137,45 @@ jobs:
             permitio/opal-client-standalone:${{ env.opal_version_tag }}
 
       - name: Build server
-        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
         id: build_push_server
         uses: docker/build-push-action@v4
         with:
           file: docker/Dockerfile
           platforms: linux/amd64,linux/arm64
-          push: true
+          push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
           target: server
           cache-from: type=registry,ref=permitio/opal-server:latest
           cache-to: type=inline
           tags: |
             permitio/opal-server:latest
             permitio/opal-server:${{ env.opal_version_tag }}
+
+      - name: Check if cedar-agent directory exists
+        id: check_cedar_agent
+        run: |
+          if [ -d "cedar-agent" ]; then
+            echo "exists=true" >> $GITHUB_ENV
+          else
+            echo "exists=false" >> $GITHUB_ENV
+          fi
+
+      - name: Clone cedar-agent repository
+        if: steps.check_cedar_agent.outputs.exists == 'false'
+        id: clone_cedar_agent
+        working-directory: .
+        run: |
+          git clone https://github.com/permitio/cedar-agent.git cedar-agent
+
+      - name: Build & Push client cedar
+        id: build_push_client_cedar
+        uses: docker/build-push-action@v4
+        with:
+          file: docker/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }}
+          target: client-cedar
+          cache-from: type=registry,ref=permitio/opal-client-cedar:latest
+          cache-to: type=inline
+          tags: |
+            permitio/opal-client-cedar:latest
+            permitio/opal-client-cedar:${{ env.opal_version_tag }}
diff --git a/cedar-agent b/cedar-agent
index 1838635f..687efc59 160000
--- a/cedar-agent
+++ b/cedar-agent
@@ -1 +1 @@
-Subproject commit 1838635f16ba6db60d16c2ca28cb257e970bdff0
+Subproject commit 687efc59ecc732d1b98fc7789ab803abfc45b94c
diff --git a/docker/Dockerfile b/docker/Dockerfile
index bccdf3d2..4723e37a 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -17,10 +17,10 @@ RUN pip install --no-cache-dir --upgrade pip && pip install --no-cache-dir -r ./
 # ---------------------------------------------------
 FROM rust:1.69.0 as cedar-builder
 COPY cedar-agent /tmp/cedar-agent/
-ARG cargo_flags="-r"
-RUN cd /tmp/cedar-agent && \
-	cargo build ${cargo_flags} && \
-	cp /tmp/cedar-agent/target/*/cedar-agent /
+ARG cargo_flags="--release"
+RUN cd /tmp/cedar-agent
+RUN CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse cargo build ${cargo_flags}
+RUN cp /tmp/cedar-agent/target/*/cedar-agent /
 
 # COMMON IMAGE --------------------------------------
 # ---------------------------------------------------