Hey there. I have a service that normally runs cerbos as a sidecar (socket) in k8s. When I'm developing locally I just run cerbos on my machine and connect via the gRPC port. I need to do this in CI (github actions), but not sure how to do it. I see there is a

Setup Cerbos

github action. Should I be using that? If so, how do I connect my service to it? This is probably more of a GHA question than a cerbos one 🙏

Hey! You have two options here. 1. Use

Setup Cerbos

action to install the Cerbos binary into your runner and then use

cerbos run

utility to run your tests. It starts a temporary Cerbos server for the duration of a user-specified command. So you could do something like

cerbos run -- go test ./...

. https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#run 2. Run Cerbos as a GHA service: https://docs.github.com/en/actions/using-containerized-services/about-service-containers. One issue that I have run into with this is that GH launches the service before the source is checked out so you can't mount your policies into that service container from your sources. You'll have to use a remote store like S3 or Git with Cerbos, which can be a bit of a pain to configure in the restricted GH environment.

OK...I think i can get #1 to work. Trying now

I assume that you're trying to run integration tests. Otherwise you could also use the SDK to start a Cerbos server in your unit tests: https://pkg.go.dev/github.com/cerbos/cerbos@v0.24.0/client/testutil#example-StartCerbosServer

yep

I think you're talking about the

Compile

action? The

Setup

action just installs Cerbos binaries inside the runner.

Sweet I got it working!