Open Policy Agent (OPA) is an open source, general-purpose policy engine. This GitHub Action downloads and installs the OPA CLI in your GitHub Actions workflow. Subsequent steps in the same job can run the CLI in the same way it is run on the command line using the GitHub Actions run syntax.
As part of the open source Infracost project, we're investigating cost policies. We already have a set of GitHub Actions to run Infracost, so we made this project to enable users to easily install OPA in GitHub Actions too. The main benefit of this action is that it supports SemVer ranges for the version input (see below).
The action can be used as follows.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1Subsequent steps can run the opa command as needed.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
- name: Test Policy
run: opa test policies/*.rego -vA specific verison of OPA can be installed.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.34.1Or, OPA can be locked to a SemVer range.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.34.xsteps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.34steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: <0.34You may also use the latest or edge version.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: lateststeps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: edgeThe action supports the following inputs:
version: Optional, defaults tolatest.latest,edge, and SemVer ranges are supported, so instead of a full version string, you can use0.35. This enables you to automatically get the latest backward compatible changes in the v0.35 release.
This action does not set any direct outputs.