My Workflow
Policyer is an open source project (more like a vision) I created after inspired by policy engines that become very popular lately (OPA,Checkov)
Policyer going to focus on providing platform to run and create meaningful reports, data engagement and plugin system to let you provide any data, some time it can be k8s yaml and in other it can be user data.
Policyer Action
The policyer-action let you the option to run Policyer as part of your CI process, in my example I'm going to validate GitHub SDK calls.
Provider is like a plugin for policyer engine, it provide the data so the engine can run it against the checks (polciies)
Its important for me to emphasize that Policyer provide a platform, and eventually I will want to see marketplace full of custom providers.
The action can use any provider either local or published to NPM (support for private registries is on the way). In my example I created a simple provider to run GitHub SDK calls.
Example Check:
--- configuration: provider: github-provider type: rest validEvents: - pull_request - push domain: pulls action: listRequestedReviewers args: owner: context.payload.pull_request.base.user.login repo: context.payload.pull_request.base.repo.name pull_number: context.payload.pull_request.number checks: - id: validate-reviewers name: check if reviewers exists. severity: High steps: - path: data.users condition: includes value: "nirtester" utility: map utilityProps: - "login" (just a reminder this is a policy example and the Github action will evaluate it and output as a report)
Check flow:
- first of all we setup the configuration section where we can provider meta data for the check, in this example I'm asking from the provider to do an SDK call:
SDK[pulls][listRequestedReviewers]({ owner: ...pull_request.base.user.login repo: ...pull_request.base.repo.name pull_number: ...pull_request.number }) - next we going to dive in to the actual policy, in this policy we want to verify a certain user is a reviewer, so after the call im going to point to the "users" array, then use the condition includes ([...users].includes(value)), utilities function by default includes all Lodash functions, you can add custom utilities in the provider level. I'm going to use the map utility function to prepare an array of reviewers usernames.
- final step is the results:
____ _ _ | _ \ ___ | (_) ___ _ _ ___ _ __ | |_) / _ \| | |/ __| | | |/ _ \ '__| | __/ (_) | | | (__| |_| | __/ | |_| \___/|_|_|\___|\__, |\___|_| |___/ Visit us at policyer.org Event name: pull_request Valid events: pull_request,push ┌────────────────────┬──────────┬──────────────────────────────┬──────────────┬─────────────────┬───────────┬──────────┐ │ (index) │ hasError │ check │ stepsResults │ inspectedValues │ status │ severity │ ├────────────────────┼──────────┼──────────────────────────────┼──────────────┼─────────────────┼───────────┼──────────┤ │ validate-reviewers │ false │ 'check if reviewers exists.' │ [ true ] │ [ [Array] ] │ 'success' │ 'High' │ └────────────────────┴──────────┴──────────────────────────────┴──────────────┴─────────────────┴───────────┴──────────┘ Submission Category:
Wacky Wildcards
Action yaml
# Add github action file .github/workflows/policyer.yml name: Policyer on: [pull_request] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Policyer GitHub Action uses: policyerorg/policyer-action@v0.0.3-alpha with: verbose: false provider: policyer-github internal: false checks_path: ./checks Additional Resources / Info
Visit Policyer for more information this is just the beginning
Packages used
- chalk
- figlet
- jmespath
- lodash
- moment
- yaml
- yargs
- @actions/core/github
Top comments (0)