Pre-commit git hooks for Open Policy Agent (OPA) and Rego development
Add the pre-commit-opa
repo to the .pre-commit-config.yaml
file in your git root directory, and add any number of the available hooks:
repos:
- repo: https://github.com/anderseknert/pre-commit-opa
rev: v1.4.1
hooks:
- id: opa-fmt
- id: opa-check
- id: opa-test
- id: conftest-test
- id: conftest-verify
Once saved, run pre-commit install
to install git pre-commit hooks.
Runs opa fmt
on any rego files in the repository.
Note that any files changed by this hook will need to be re-added (git add
) to be included in the commit.
Runs opa check
on any rego files in the repository.
If rego files are present in commit, runs opa test
in git root directory.
Since it doesn't make sense to only provide opa test
with the files changed (as these might not include tests), the default is to run opa test .
in the project root directory. If you keep your policies, tests and data in a specific directory, you'll likely want to change this by pointing out the location of that, like:
- id: opa-test
args: ['my/policies', 'my/other/policies/']
Runs conftest fmt
on any Rego files in the repository.
Note that any files changed by this hook will need to be re-added (git add
) to be included in the commit.
Runs conftest test
on any configuration file format supported by conftest.
Just like with opa-test
you'll likely want to specify the location of your conftest policies, and possibly what type of files changed should trigger the hook:
- id: conftest-test
args: ['--policy', 'conftest/policy']
files: conftest/.*\.yaml$
If rego files are present in commit, runs conftest verify
in git root directory.
Just like with conftest-test
you'll likely want to specify the location of your conftest policies, and possibly what type of files changed should trigger the hook:
- id: conftest-verify
args: ['--policy', 'conftest/policy']
files: conftest/.*\.yaml$