.github/workflows/conftest.yaml

name: conftest-with-pull
on: [pull_request]
jobs:
  conftest:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: true
      matrix:
        sample:
          - whoami-simple
    steps:
      - name: checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Install Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.12.2

      - name: Install kubectl
        uses: azure/setup-kubectl@v3

      # https://github.com/marketplace/actions/setup-opa-conftest
      - name: Setup Conftest
        uses: princespaghetti/setup-conftest@v1
        with:
          version: 0.44.x

      - name: Make k8s resources from charts
        run: |
          helm template w --values ./samples/${{ matrix.sample }}.yml ./charts/universal-chart/. --output-dir ${{ matrix.sample }}
          ls ${{ matrix.sample }}
          cat ${{ matrix.sample }}/universal-chart/templates/*

      - name: Dry-run with kubectl
        run: |
          kubectl apply --dry-run=client -f whoami-simple/universal-chart/templates/   || true

      - name: Testing with conftest
        run: |
          cat whoami-simple/universal-chart/templates/* || true
          ls charts/universal-chart/tests/policy/lib || true
          cat charts/universal-chart/tests/policy/lib/* || true
          cat charts/universal-chart/tests/policy/*.rego || true

          conftest --version || true
          conftest test --combine -p ./charts/universal-chart/tests/policy/whoami-simple.rego \
            -p ./charts/universal-chart/tests/policy/lib \
            --data samples/whoami-simple.yml \
            whoami-simple/universal-chart/templates/* || true

      # https://github.com/marketplace/actions/conftest-action
      # conftest test --combine -p ./charts/universal-chart/tests/policy/whoami-simple.rego \
      #   -p ./charts/universal-chart/tests/policy/lib --data samples/whoami-simple.yml  whoami-simple/
      - name: Run conftest
        uses: YubicoLabs/action-conftest@v3
        with:
          files: whoami-simple/universal-chart/templates/
          data: samples/whoami-simple.yml
          policy: charts/universal-chart/tests/policy/whoami-simple.rego charts/universal-chart/tests/policy/lib
          gh-token: ${{ secrets.GITHUB_TOKEN }}
          gh-comment-url: ${{ github.event.pull_request.comments_url }}