how does everyone handle promoting cerbos policies to produc

Question

how does everyone handle promoting cerbos policies to production let s say we are using gitlab or github doesn t really matter 1 have a set of test suites and policies checked into your git repo together 2 triggers a cd ci pipeline job to run in git which basically runs `cerbos compile` with the ` tests` parameter 3 2 completes with exit code 0 great everything checks out 4 then what do you do next in your git actions ci do you `git clone` `git add` `git commit` `git push` to another repo folder that the production version of cerbos is watching so that it will get the set of policies from 1

Jesum Yip · Answer

so do you have ` prod policies` folder in your repo together with ` beta policies` and then you run the test suites against the ` beta policies` folder and when testing passes you copy all of them into ` prod policies`

Jesum Yip · Answer

i would imagine ` prod policies` and ` beta policies` should be a complete mirror of each other

Jesum Yip · Answer

how do you handle naming your policy versions then

Jesum Yip · Answer

policies both in `prod policies` and `beta policies` have the same policy version values

Charith (Cerbos) · Answer

The typical workflow is to develop your policies in a branch When you want to promote them create a pull request and let the CI checks run Merge to your production branch on success the branch that Cerbos is configured to watch and Cerbos should automatically pick those changes up if you have enabled polling