Awesome
opa-codecov
The tool to merge and then convert the coverage file generated by opa test --coverage <path>
to a simple JSON that is supported by Codecov.
- OPA format: https://www.openpolicyagent.org/docs/latest/policy-testing/#coverage
- Codecov format: https://docs.codecov.com/v4.6/docs/codecov-custom-coverage-format
Real Example
Here is the report uploaded to codecov for the testdata/authz/authz.rego
file: https://app.codecov.io/gh/SVilgelm/opa-codecov/blob/main/testdata/authz/authz.rego
The test covers expected 50%
Usage
GitHub Action
opa-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
check-latest: true
- name: Setup OPA
uses: open-policy-agent/setup-opa@v2
with:
version: latest
- name: Run OPA Tests
run: opa test tests/*.rego -v
- name: OPA Coverage
run: |
go install github.com/sv-tools/opa-codecov@main
opa test tests/*.rego -v --coverage | opa-codecov > coverage.json
- name: Publish coverage
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: coverage.json
flags: opa
verbose: true
fail_ci_if_error: true
As script
go install github.com/sv-tools/opa-codecov@main
opa test tests/*.rego -v --coverage | opa-codecov > coverage.json
With multiple files
go install github.com/sv-tools/opa-codecov@main
for PKG in $$(find system-types -path "system-types/*/*/spec/typelib"); do \
NAME=$(echo "${PKG}"|sed "s#/#_#g"); \
opa test --coverage ${PKG} > opa-coverage-${NAME}.json; \
done
opa-codecov opa-coverage-*.json > opa-coverage.json
rm opa-coverage-*.json