fix: base64 encode OPA policy.wasm (#24)

The GitHub Action on remote repos does not have access to the action repo's assets. This change base64 encodes the policy.wasm so that it gets compiled into the action's `dist/index.js` entrypoint.
cds-snc · Jun 29, 2021 · 2a48818 · 2a48818
1 parent fac7413
commit 2a48818
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 7 deletions.
diff --git a/action.yaml b/action.yaml
@@ -39,3 +39,7 @@ inputs:
 runs:
   using: 'node12'
   main: 'dist/index.js'
+
+branding:
+  icon: 'layers'  
+  color: 'purple'  
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/opa-policy.js b/src/opa-policy.js
diff --git a/src/opa.js b/src/opa.js
@@ -1,7 +1,7 @@
 "use strict";
 
-const fs = require("fs");
 const { loadPolicy } = require("@open-policy-agent/opa-wasm");
+const { policyWasmBase64 } = require("./opa-policy.js");
 
 /**
  * Uses ./policy/resource-changes.rego OPA policy to examine the JSON generated
@@ -10,9 +10,9 @@ const { loadPolicy } = require("@open-policy-agent/opa-wasm");
  * @returns {Object} Resource and output changes in the tfplan
  */
 const getPlanChanges = async (planJson) => {
-  const policyWasm = fs.readFileSync("./policy/policy.wasm");
-
+  const policyWasm = Buffer.from(policyWasmBase64, "base64");
   const policy = await loadPolicy(policyWasm);
+
   const results = policy.evaluate(planJson);
 
   let changes;