-
Notifications
You must be signed in to change notification settings - Fork 37
39 lines (31 loc) · 1.12 KB
/
regal-lint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: Lint policies with Regal
on: [push, pull_request]
# Declare default permissions as read only.
permissions: read-all
jobs:
lint-policy:
runs-on: ubuntu-latest
env:
# renovate: datasource=github-releases depName=open-policy-agent/opa
OPA_VERSION: v0.70.0
# renovate: datasource=github-releases depName=StyraInc/regal
REGAL_VERSION: v0.29.2
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup OPA
uses: open-policy-agent/setup-opa@34a30e8a924d1b03ce2cf7abe97250bbb1f332b5 # v2.2.0
with:
version: ${{ env.OPA_VERSION }}
- name: Setup Regal
uses: StyraInc/setup-regal@33a142b1189004e0f14bf42b15972c67eecce776 # v1.0.0
with:
version: ${{ env.REGAL_VERSION }}
- name: Run OPA Check
run: opa check policy --strict
- name: Run Regal lint
run: regal lint --format github policy