chore: pass schemas to opa test (#386)

nikpivkin · simar7 · web-flow · commit 604248510902 · 2025-05-27T02:50:03.000Z
* chore: pass schemas to opa test

Signed-off-by: Nikita Pivkin &lt;nikita.pivkin@smartforce.io&gt;

* pass schemas to 'opa check'

Signed-off-by: Nikita Pivkin &lt;nikita.pivkin@smartforce.io&gt;

---------

Signed-off-by: Nikita Pivkin &lt;nikita.pivkin@smartforce.io&gt;
Co-authored-by: simar7 &lt;1254783+simar7@users.noreply.github.com&gt;
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 bundle.tar.gz
 opa
+schemas
 
 .idea
 .vscode
diff --git a/Makefile b/Makefile
@@ -17,6 +17,15 @@ test:
 test-integration:
 	go test -v -timeout 5m -tags=integration ./integration/...
 
+.PHONY: download-schemas
+download-schemas:
+	@schemas_path=schemas ; \
+	base_url=https://raw.githubusercontent.com/aquasecurity/trivy/main/pkg/iac/rego/schemas ; \
+	mkdir -p $$schemas_path ; \
+	for file in cloud.json dockerfile.json kubernetes.json ; do \
+		wget -q -O $$schemas_path/$$file $$base_url/$$file ; \
+	done
+
 .PHONY: rego
 rego: fmt-rego check-rego lint-rego test-rego docs
 
@@ -29,8 +38,8 @@ test-rego:
 	go run ./cmd/opa test --explain=fails lib/ checks/ examples/ --ignore '*.yaml'
 
 .PHONY: check-rego
-check-rego:
-	@go run ./cmd/opa check lib checks --v0-v1 --strict
+check-rego: download-schemas
+	@go run ./cmd/opa check lib checks --v0-v1 --strict -s schemas
 
 .PHONY: lint-rego
 lint-rego: check-rego
diff --git a/examples/serverless/python2.rego b/examples/serverless/python2.rego
@@ -8,8 +8,6 @@
 #   Ensure that you use a supported runtime version, such as Python 3.x,
 #   to maintain the security and reliability of your serverless application.
 # scope: package
-# schemas:
-#   - input: schema["yaml"]
 # related_resources:
 #   - https://www.python.org/doc/sunset-python-2/
 # custom:
diff --git a/examples/terraform-plan/asg_capacity.rego b/examples/terraform-plan/asg_capacity.rego
@@ -6,8 +6,6 @@
 #
 #   Ensure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization.
 # scope: package
-# schemas:
-#   - input: schema["json"]
 # related_resources:
 #   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group
 # custom:

-Original file line number
+Diff line change
@@ @@ -1,5 +1,6 @@ @@
 bundle.tar.gz
 opa
 +schemas
 .idea
 .vscode
Original file line number	Diff line number	Diff line change
`@@ -6,8 +6,6 @@`
`6`	`6`	`#`
`7`	`7`	`# Ensure that the desired capacity for Auto Scaling Groups is set to a reasonable value, typically within limits defined by your organization.`
`8`	`8`	`# scope: package`
`9`		`-# schemas:`
`10`		`-# - input: schema["json"]`
`11`	`9`	`# related_resources:`
`12`	`10`	`# - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group`
`13`	`11`	`# custom:`