https://cerbos.dev logo
#help
Title
# help
s

Steve High (NTWRK)

02/03/2023, 6:33 PM
Hey there. I have a service that normally runs cerbos as a sidecar (socket) in k8s. When I'm developing locally I just run cerbos on my machine and connect via the gRPC port. I need to do this in CI (github actions), but not sure how to do it. I see there is a
Setup Cerbos
github action. Should I be using that? If so, how do I connect my service to it? This is probably more of a GHA question than a cerbos one 🙏
c

Charith (Cerbos)

02/03/2023, 6:54 PM
Hey! You have two options here. 1. Use
Setup Cerbos
action to install the Cerbos binary into your runner and then use
cerbos run
utility to run your tests. It starts a temporary Cerbos server for the duration of a user-specified command. So you could do something like
cerbos run -- go test ./...
. https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#run 2. Run Cerbos as a GHA service: https://docs.github.com/en/actions/using-containerized-services/about-service-containers. One issue that I have run into with this is that GH launches the service before the source is checked out so you can't mount your policies into that service container from your sources. You'll have to use a remote store like S3 or Git with Cerbos, which can be a bit of a pain to configure in the restricted GH environment.
s

Steve High (NTWRK)

02/03/2023, 6:56 PM
OK...I think i can get #1 to work. Trying now
c

Charith (Cerbos)

02/03/2023, 7:12 PM
I assume that you're trying to run integration tests. Otherwise you could also use the SDK to start a Cerbos server in your unit tests: https://pkg.go.dev/github.com/cerbos/cerbos@v0.24.0/client/testutil#example-StartCerbosServer
s

Steve High (NTWRK)

02/03/2023, 7:12 PM
yep
With the
Setup-Cerbos
action, I see the action defaults to look for policies in a local
policies
folder. What if the policies are in another repo? I'm guessing I need to check out the policy repo as well and manually set the policy path?
c

Charith (Cerbos)

02/03/2023, 7:15 PM
I think you're talking about the
Compile
action? The
Setup
action just installs Cerbos binaries inside the runner.
Oh, if you're talking about
cerbos run
, yeah, you should either clone the policy repo and set the location by invoking cerbos with
cerbos run --set=storage.disk.directory=/path/to/policy/repo
OR you could create a
cerbos.yaml
file with a
git
store that pulls from your policy repo.
s

Steve High (NTWRK)

02/03/2023, 8:39 PM
Sweet I got it working!
5 Views