-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathaction.yml
69 lines (63 loc) · 2.46 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
name: 'OpenFGA Model Testing Action'
description: 'Github Action for testing your OpenFGA Authorization Model'
branding:
icon: 'align-center'
color: 'green'
inputs:
test_path:
description: 'Path to the test file or folder'
required: false
default: '.'
test_files_pattern:
description: 'Pattern to match the test files'
required: false
default: '*.fga.yaml'
fga_server_url:
description: 'The OpenFGA server to test the Authorization Model against. If not provided, the tests will be run using the cli built-in OpenFGA instance.'
required: false
default: ''
fga_server_store_id:
description: 'The OpenFGA server store id. Must be provided if fga_server_url is configured.'
required: false
default: ''
fga_api_token:
description: 'The api token to use for testing against an OpenFGA server. Ignored if fga_server_url is not provided.'
required: false
default: ''
runs:
using: composite
steps:
- name: Install OpenFGA CLI
uses: jaxxstorm/action-install-gh-release@cd6b2b78ad38bdd294341cda064ec0692b06215b # v1.14.0
with:
repo: openfga/cli
cache: enable
- uses: chrisdickinson/setup-yq@3d931309f27270ebbafd53f2daee773a82ea1822 # v1.0.0
with:
yq-version: v4.25.3
- name: Run OpenFGA CLI
shell: bash
run: |
while IFS= read -r -d '' test_file
do
((test_files_count+=1))
if [[ -z "${{ inputs.fga_server_url }}" ]]; then
echo "Running FGA test file ${test_file}"
fga model test --tests "${test_file}"
else
echo "Running FGA test file ${test_file} against OpenFGA server ${{ inputs.fga_server_url }}"
fga_token="${{ inputs.fga_api_token }}"
test_file_without_model=mktemp
yq 'del(.model_file, .model)' ${test_file} > ${test_file_without_model}
fga model test \
${fga_server_opts} \
--api-url "${{ inputs.fga_server_url }}" \
--store-id "${{ inputs.fga_server_store_id }}" \
${fga_token:+--api-token ${fga_token}} \
--tests "${test_file_without_model}"
fi
done < <(find ${{ inputs.test_path }} -name "${{ inputs.test_files_pattern }}" -print0)
if [[ ${test_files_count} -eq 0 ]]; then
echo "No FGA test file found for path '${{ inputs.test_path }}' and pattern '${{ inputs.test_files_pattern }}'"
exit 1
fi