Pre-commit git hooks for Open Policy Agent (OPA) and Rego development
Add the pre-commit-opa repo to the .pre-commit-config.yaml file in your git root directory, and add any number of the available hooks:
repos:
- repo: https://github.com/anderseknert/pre-commit-opa
rev: v1.4.1
hooks:
- id: opa-fmt
- id: opa-check
- id: opa-test
- id: conftest-test
- id: conftest-verifyOnce saved, run pre-commit install to install git pre-commit hooks.
Runs opa fmt on any rego files in the repository.
Note that any files changed by this hook will need to be re-added (git add) to be included in the commit.
Runs opa check on any rego files in the repository.
If rego files are present in commit, runs opa test in git root directory.
Since it doesn't make sense to only provide opa test with the files changed (as these might not include tests), the default is to run opa test . in the project root directory. If you keep your policies, tests and data in a specific directory, you'll likely want to change this by pointing out the location of that, like:
- id: opa-test
args: ['my/policies', 'my/other/policies/']Runs conftest fmt on any Rego files in the repository.
Note that any files changed by this hook will need to be re-added (git add) to be included in the commit.
Runs conftest test on any configuration file format supported by conftest.
Just like with opa-test you'll likely want to specify the location of your conftest policies, and possibly what type of files changed should trigger the hook:
- id: conftest-test
args: ['--policy', 'conftest/policy']
files: conftest/.*\.yaml$If rego files are present in commit, runs conftest verify in git root directory.
Just like with conftest-test you'll likely want to specify the location of your conftest policies, and possibly what type of files changed should trigger the hook:
- id: conftest-verify
args: ['--policy', 'conftest/policy']
files: conftest/.*\.yaml$