New output + usage examples

np-guard · Sep 30, 2021 · f873559 · f873559
1 parent 0467191
commit f873559
Showing 1 changed file with 51 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -19,4 +19,54 @@ A space-separated list of corporate policy files to verify (either as GitHub URL
 The name of the artifact containing verification results for all policies
 ### policy-results-file
 The name of the actual file in the artifact, which contain verification results for all policies
-## Examples usage
+### num-violated-policies
+The number of corporate policies which the cluster's connectivity graph violates
+## Usage examples
+### Run and fail if a policy is violated
+Can be used to block a pull-request from being merged.
+```yaml
+name: verify-network-policies
+on:
+  pull_request:
+
+jobs:
+  verify-netpols:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Verify policies
+        id: verify-policies
+        uses: shift-left-netconfig/netpol-verify-gh-action@master
+        with:
+          corporate-policies: >
+            https://github.com/shift-left-netconfig/baseline-rules/blob/master/examples/ciso_denied_ports.yaml
+            https://github.com/shift-left-netconfig/baseline-rules/blob/master/examples/restrict_access_to_payment.yaml
+      - run: exit ${{ steps.verify-policies.outputs.num-violated-policies }}
+```
+### Add policy verification results as a PR comment
+```yaml
+name: verify-network-policies
+on:
+  pull_request:
+
+jobs:
+  verify-netpols:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Verify policies
+        id: verify-policies
+        uses: shift-left-netconfig/netpol-verify-gh-action@master
+        with:
+          corporate-policies: >
+            https://github.com/shift-left-netconfig/baseline-rules/blob/master/examples/restrict_access_to_payment.yaml
+      - uses: actions/download-artifact@v2
+        with:
+          name: ${{ steps.verify-policies.outputs.policy-results-artifact }}
+      - name: comment PR
+        uses: machine-learning-apps/pr-comment@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          path: ${{ steps.verify-policies.outputs.policy-results-file }}
+```