ci/static-checks: install regorus

Make regorus available for static checks as prerequisite for rego checks. Signed-off-by: Paul Meyer <katexochen0@gmail.com>
2025-07-12 14:48:13 +00:00 · 2025-06-11 12:58:01 +02:00 · 2025-06-11 12:58:01 +02:00 · 107e7dfdf6
commit 107e7dfdf6
parent 71796f7b12
2 changed files with 52 additions and 0 deletions
--- a/.github/workflows/static-checks.yaml
+++ b/.github/workflows/static-checks.yaml
@ -127,6 +127,9 @@ jobs:
        run: |
          cd "${GOPATH}/src/github.com/${{ github.repository }}"
          ./tests/install_opa.sh
+      - name: Install regorus
+        run: |
+          "${GOPATH}/src/github.com/${{ github.repository }}/tests/install_regorus.sh"
      - name: Run check
        run: |
          export PATH="${PATH}:${GOPATH}/bin"
--- a/tests/install_regorus.sh
+++ b/tests/install_regorus.sh
@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) Edgeless Systems GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+[[ -n "${DEBUG}" ]] && set -o xtrace
+
+test_dir=$(realpath "$(dirname "${BASH_SOURCE[0]}")")
+source "${test_dir}/common.bash"
+
+install_regorus()
+{
+    command -v cargo &>/dev/null \
+        || die "cargo is not installed. Please install rust toolchain to install regorus."
+    command -v git &>/dev/null \
+        || die "git is not installed. Please install git."
+
+    if regorus --version 2>/dev/null | grep -q "${version}"; then
+        info "regorus version ${version} is already installed"
+        return 0
+    fi
+
+    # Get the regorus version from Cargo.toml of the agent policy crate instad of versions.yaml
+    # so we test the version we are actually using.
+    local cargo_toml="${test_dir}/../src/agent/policy/Cargo.toml"
+    [[ -f "${cargo_toml}" ]] \
+        || die "Cargo.toml not found at ${cargo_toml}"
+
+    version=$(
+        cargo tree -i regorus --edges normal --prefix none --manifest-path "${cargo_toml}" |
+            head -n1 |
+            cut -d' ' -f2 |
+            sed 's/v//'
+    ) || die "Failed to get regorus version from cargo.toml"
+
+    info "Installing regorus version ${version}"
+
+    cargo install regorus --version "${version}" --example regorus \
+        || die "Failed to cargo install regorus"
+
+    if ! echo "$PATH" | grep -q "${HOME}/.cargo/bin"; then
+        export PATH="${PATH}:${HOME}/.cargo/bin"
+    fi
+
+    info "Successfully installed regorus version ${version}"
+}
+
+install_regorus