Steve High (NTWRK)02/03/2023, 6:33 PM
github action. Should I be using that? If so, how do I connect my service to it? This is probably more of a GHA question than a cerbos one 🙏
Charith (Cerbos)02/03/2023, 6:54 PM
action to install the Cerbos binary into your runner and then use
utility to run your tests. It starts a temporary Cerbos server for the duration of a user-specified command. So you could do something like
. https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#run 2. Run Cerbos as a GHA service: https://docs.github.com/en/actions/using-containerized-services/about-service-containers. One issue that I have run into with this is that GH launches the service before the source is checked out so you can't mount your policies into that service container from your sources. You'll have to use a remote store like S3 or Git with Cerbos, which can be a bit of a pain to configure in the restricted GH environment.
cerbos run -- go test ./...
Steve High (NTWRK)02/03/2023, 6:56 PM
Charith (Cerbos)02/03/2023, 7:12 PM
Steve High (NTWRK)02/03/2023, 7:12 PM
action, I see the action defaults to look for policies in a local
folder. What if the policies are in another repo? I'm guessing I need to check out the policy repo as well and manually set the policy path?
Charith (Cerbos)02/03/2023, 7:15 PM
action just installs Cerbos binaries inside the runner.
, yeah, you should either clone the policy repo and set the location by invoking cerbos with
OR you could create a
cerbos run --set=storage.disk.directory=/path/to/policy/repo
file with a
store that pulls from your policy repo.
Steve High (NTWRK)02/03/2023, 8:39 PM