Open Policy Agent (OPA) is an open source, general-purpose policy engine. This GitHub Action downloads and installs the OPA CLI in your GitHub Actions workflow. Subsequent steps in the same job can run the CLI in the same way it is run on the command line using the GitHub Actions run
syntax.
As part of the open source Infracost project, we're investigating cost policies. We already have a set of GitHub Actions to run Infracost, so we made this project to enable users to easily install OPA in GitHub Actions too. The main benefit of this action is that it supports SemVer ranges for the version
input (see below).
The action can be used as follows.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
Subsequent steps can run the opa command as needed.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
- name: Test Policy
run: opa test policies/*.rego -v
A specific verison of OPA can be installed.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.34.1
Or, OPA can be locked to a SemVer range.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.34.x
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: 0.34
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: <0.34
You may also use the latest
or edge
version.
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: latest
steps:
- name: Setup OPA
uses: open-policy-agent/setup-opa@v1
with:
version: edge
The action supports the following inputs:
version
: Optional, defaults tolatest
.latest
,edge
, and SemVer ranges are supported, so instead of a full version string, you can use0.35
. This enables you to automatically get the latest backward compatible changes in the v0.35 release.
This action does not set any direct outputs.