Skip to content

Bump permissionless from 0.1.44 to 0.1.49 #1546

Bump permissionless from 0.1.44 to 0.1.49

Bump permissionless from 0.1.44 to 0.1.49 #1546

Workflow file for this run

name: '@app/policy-engine CI'
on:
push:
branches:
- '**'
paths:
- packages/**
- apps/policy-engine/**
- .github/workflows/policy-engine.yml
- .github/workflows/policy-engine-prod.yml
- jest.config.ts
- jest.preset.js
- .eslintrc.json
- .prettierrc
- package.json
- package-lock.json
- deploy/policy-engine.dockerfile
- deploy/charts/policy-engine/**
tags-ignore:
- vault-v*
- armory-v*
- policy-engine-v*
jobs:
test:
name: Test
runs-on: ubuntu-latest
services:
postgres:
image: postgres:14
ports:
- '5432:5432'
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Add .npmrc
if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
run: echo "${{ secrets.NPMRC }}" > .npmrc
- name: Install node.js
uses: actions/setup-node@v4
with:
node-version: '21'
cache: 'npm'
- name: Install dependencies
run: |
make install/ci
- name: Download and install custom OPA
run: |
curl -L -o opa https://openpolicyagent.org/downloads/v0.69.0/opa_linux_amd64_static
chmod +x opa
sudo mv opa /usr/local/bin/opa
- name: Code format
shell: bash
run: |
make policy-engine/format/check
make policy-engine/lint/check
- name: Setup database and Prisma types
shell: bash
run: |
make policy-engine/copy-default-env
make policy-engine/test/db/setup
make policy-engine/db/generate-types
- name: Test types
shell: bash
run: |
make policy-engine/test/type
- name: Test unit
shell: bash
run: |
make policy-engine/test/unit
- name: Test integration
shell: bash
run: |
make policy-engine/test/integration
- name: Test E2E
shell: bash
run: |
make policy-engine/test/e2e
- name: Send Slack notification on failure
if: failure() && github.ref == 'refs/heads/main'
uses: 8398a7/action-slack@v3
with:
username: GitHub
author_name: '@app/policy-engine CI failed'
status: ${{ job.status }}
fields: message,commit,author
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
opa-rego:
name: Open Agent Policy CI
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Setup Regal
uses: StyraInc/setup-regal@v1.0.0
with:
version: '0.29.0'
- name: Setup OPA
uses: open-policy-agent/setup-opa@v2
with:
version: '0.70.0'
- name: Format
run: make policy-engine/rego/format/check
- name: Syntax
run: make policy-engine/rego/syntax/check
- name: Lint
run: make policy-engine/rego/lint/check REGAL_FORMAT=github
- name: Test
run: make policy-engine/rego/test
release:
name: Release
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
# Only run if the Test jobs succeed
needs: [test, opa-rego]
permissions:
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ vars.ACTIONS_ECR_ROLE_ARN }} # Organization variable
aws-region: ${{ vars.ACTIONS_ECR_REGION }} # Organization variable
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Get short SHA
id: slug
run: echo "sha7=${GITHUB_SHA::7}" >> $GITHUB_ENV
- name: Add private .npmrc
run: echo "${{ secrets.NPMRC }}" > .npmrc
- name: Build, tag, and push docker image to Amazon ECR
uses: docker/build-push-action@v5
with:
context: .
file: ./deploy/policy-engine.dockerfile
push: true
tags: |
${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:${{ env.sha7 }}
${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:latest
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Create GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.NARVAL_HELM_APP_ID }}
private-key: ${{ secrets.NARVAL_HELM_PRIVATE_KEY }}
repositories: 'armory-platform'
- name: Notify Platform
uses: peter-evans/repository-dispatch@v3
with:
token: ${{ steps.app-token.outputs.token }}
repository: narval-xyz/armory-platform
event-type: dev-build
client-payload: |
{
"app": "policy-engine",
"commit_sha": "${{ github.sha }}",
"commit_sha7": "${{ env.sha7 }}",
"repository": "${{ github.repository }}",
"branch": "${{ github.ref_name }}",
"built_by": "${{ github.actor }}",
"image_uri": "${{ steps.login-ecr.outputs.registry }}/armory/policy-engine:${{ env.sha7 }}",
"build_url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
- name: Send Slack notification on failure
if: failure() && github.ref == 'refs/heads/main'
uses: 8398a7/action-slack@v3
with:
username: GitHub
author_name: '@app/policy-engine CI release failed'
status: ${{ job.status }}
fields: message,commit,author
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}