Steve High (NTWRK)
02/03/2023, 6:33 PMSetup Cerbos
github action. Should I be using that? If so, how do I connect my service to it? This is probably more of a GHA question than a cerbos one 🙏Charith (Cerbos)
02/03/2023, 6:54 PMSetup Cerbos
action to install the Cerbos binary into your runner and then use cerbos run
utility to run your tests. It starts a temporary Cerbos server for the duration of a user-specified command. So you could do something like cerbos run -- go test ./...
. https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#run
2. Run Cerbos as a GHA service: https://docs.github.com/en/actions/using-containerized-services/about-service-containers. One issue that I have run into with this is that GH launches the service before the source is checked out so you can't mount your policies into that service container from your sources. You'll have to use a remote store like S3 or Git with Cerbos, which can be a bit of a pain to configure in the restricted GH environment.Steve High (NTWRK)
02/03/2023, 6:56 PMCharith (Cerbos)
02/03/2023, 7:12 PMSteve High (NTWRK)
02/03/2023, 7:12 PMSetup-Cerbos
action, I see the action defaults to look for policies in a local policies
folder. What if the policies are in another repo? I'm guessing I need to check out the policy repo as well and manually set the policy path?Charith (Cerbos)
02/03/2023, 7:15 PMCompile
action? The Setup
action just installs Cerbos binaries inside the runner.cerbos run
, yeah, you should either clone the policy repo and set the location by invoking cerbos with cerbos run --set=storage.disk.directory=/path/to/policy/repo
OR you could create a cerbos.yaml
file with a git
store that pulls from your policy repo.Steve High (NTWRK)
02/03/2023, 8:39 PM