feat(output): redirect trace output to stderr #1084
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thevilledev
force-pushed
the
feat/trace-stderr
branch
from
2fdf368 to
dd9c470
Compare
|
Thanks for taking this on. I am thinking we should just use stderr for all outputters, including the standard one. I am OK with this being a (very unlikely) breaking change as nobody should rely on trace output for anything other than debugging. |
Allow trace output with any non-standard output format by writing trace to stderr while maintaining formatted output on stdout. This enables using `--trace` with table, JSON, etc. formats. Currently, when using `--trace` with any non-standard output format, no traces are shown at all. The new behavior actually adds functionality by showing traces in stderr while maintaining the formatted output in stdout. Scenarios where non-standard output is piped to another process will continue to work without breaking changes. For the default output format (stdout), traces still go to stdout for backwards compatibility. Signed-off-by: Ville Vesilehto <[email protected]>
Now all output formats write trace to stderr. Breaking change, but makes all output formats behave the same way. Signed-off-by: Ville Vesilehto <[email protected]>
thevilledev
force-pushed
the
feat/trace-stderr
branch
from
dd9c470 to
73b9020
Compare
|
Sounds good to me! Updated the PR to use stdout/stderr the same way for all output formats. |
jalseth
reviewed
Apr 26, 2025
jalseth
approved these changes
Apr 26, 2025
janmooij
added a commit
to checkout-anywhere/conftest
that referenced
this pull request
May 20, 2025
* build(deps): bump github.com/moby/buildkit from 0.18.0 to 0.18.1 (open-policy-agent#1024) * build(deps): bump golang from 1.23.3-alpine to 1.23.4-alpine (open-policy-agent#1025) * build(deps): bump alpine from 3.20.3 to 3.21.0 (open-policy-agent#1026) * build(deps): bump github.com/magiconair/properties from 1.8.7 to 1.8.9 (open-policy-agent#1027) Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.7 to 1.8.9. - [Release notes](https://github.com/magiconair/properties/releases) - [Commits](magiconair/properties@v1.8.7...v1.8.9) --- updated-dependencies: - dependency-name: github.com/magiconair/properties dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.9.1 to 0.9.2 (open-policy-agent#1028) Bumps [github.com/CycloneDX/cyclonedx-go](https://github.com/CycloneDX/cyclonedx-go) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/CycloneDX/cyclonedx-go/releases) - [Changelog](https://github.com/CycloneDX/cyclonedx-go/blob/master/.goreleaser.yml) - [Commits](CycloneDX/cyclonedx-go@v0.9.1...v0.9.2) --- updated-dependencies: - dependency-name: github.com/CycloneDX/cyclonedx-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: set jsonnet VM stack limits and add test coverage - Set MaxStack to 500 frames to prevent deep recursion - Set MaxStackTraceSize to 20 for cleaner errors - Add test for stack overflow prevention - Improve test structure with table-driven pattern Signed-off-by: Ville Vesilehto <[email protected]> * fix: improve handling for YAML version directives The YAML parser was incorrectly splitting documents with version directives (e.g. '%YAML 1.1') by treating the first '---' marker as a document separator. This caused the version directive to be separated from its document, resulting in parsing errors. Fixed document separation logic to keep version directive with its document. Added test cases for various YAML scenarios and improved test coverage. Signed-off-by: Ville Vesilehto <[email protected]> * fix: add output and tests for GitHub and Azure DevOps Added missing test cases for GitHub and AzureDevOps output formats in output_test.go. Also added OutputAzureDevOps to the list of available output formats in Outputs(). Signed-off-by: Ville Vesilehto <[email protected]> * fix: remove redundant error check in push command Remove an unnecessary error check for configDesc creation in the push command. The NewDescriptorFromBytes function does not return an error, so checking for one was redundant and could never be triggered. Signed-off-by: Ville Vesilehto <[email protected]> * build(deps): bump golang from 1.23.4-alpine to 1.23.5-alpine Bumps golang from 1.23.4-alpine to 1.23.5-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix: prevent policy file overwrite on downloads (open-policy-agent#1039) File existence check before downloading policies. Errors out and no overwrites. Maintains data integrity by preventing accidental policy overwrites. Added a test which verified the behaviour. Signed-off-by: Ville Vesilehto <[email protected]> * fix: max stack size already set by jsonnet.MakeVM() Signed-off-by: Ville Vesilehto <[email protected]> * build(deps): bump cuelang.org/go from 0.11.0 to 0.12.0 Bumps cuelang.org/go from 0.11.0 to 0.12.0. --- updated-dependencies: - dependency-name: cuelang.org/go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/moby/buildkit from 0.18.1 to 0.19.0 Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.18.1 to 0.19.0. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.18.1...v0.19.0) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump alpine from 3.21.0 to 3.21.2 Bumps alpine from 3.21.0 to 3.21.2. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * build(deps): bump github.com/hashicorp/go-getter from 1.7.6 to 1.7.8 Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.6 to 1.7.8. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](hashicorp/go-getter@v1.7.6...v1.7.8) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * chore: optimize yaml document separator handling Based on PR feedback: - use byte slices instead of string concat - set common byte sequences as vars Signed-off-by: Ville Vesilehto <[email protected]> * feat: enable relative jsonnet imports by setting a path-aware importer - Introduce a new `PathAwareParser` interface that extends `Parser` with `SetPath(path string)`. - Update `parseConfigurations` to detect if a parser implements `PathAwareParser`, and call `SetPath(path)`. - Implement `SetPath` in the Jsonnet parser, setting the JPath to the file’s directory. - Add tests to ensure that relative imports in Jsonnet now work as expected. Signed-off-by: Ville Vesilehto <[email protected]> * fix: correct linters-settings in .golangci.yaml to enable misspell * Fix typo in `.golangci.yaml` to enable linter settings * Fix marshal/unmarshal spelling across codebase Signed-off-by: Ville Vesilehto <[email protected]> * chore: add nilness check to govet linter * Add nilness check to govet linter configuration See open-policy-agent#1041 for an example Signed-off-by: Ville Vesilehto <[email protected]> * test(registry): add test for credentials store init failure Add a test case that verifies SetupClient returns an error when the Docker config file is not readable due to permissions. This ensures the credentials store initialization failure is properly handled. Signed-off-by: Ville Vesilehto <[email protected]> * feature: Documentation command (open-policy-agent#1009) * feat: parse the annotations Signed-off-by: Alexandre Couedelo <[email protected]> refactor: change the way we access annotations I am testing different way to generate the doc. Having the compiler object is much easier than the annotation set only Signed-off-by: Alexandre Couedelo <[email protected]> * feat: generate section that can be used to generate documentations Signed-off-by: Alexandre Couedelo <[email protected]> * feat: generate the documentation file Signed-off-by: Alexandre Couedelo <[email protected]> * feat: add the command doc to conftest Signed-off-by: Alexandre Couedelo <[email protected]> fix: make title coherent in submodules documentation Signed-off-by: Alexandre Couedelo <[email protected]> * chore: improve test case Signed-off-by: Alexandre Couedelo <[email protected]> chore: ignore golden files in git Signed-off-by: Alexandre Couedelo <[email protected]> chore: document and test the custom template feature Signed-off-by: Alexandre Couedelo <[email protected]> chore: linting Signed-off-by: Alexandre Couedelo <[email protected]> * build(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 (open-policy-agent#1010) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.68.0 to 0.69.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.68.0...v0.69.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Alexandre Couedelo <[email protected]> * chore: Fixed changes requested by @boranx build(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 (open-policy-agent#1010) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.68.0 to 0.69.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.68.0...v0.69.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Alexandre Couedelo <[email protected]> chore: go mod tidy * test: refactor to use Document instead of []Section Signed-off-by: Alexandre Couedelo <[email protected]> * chore: improve doc string in code Signed-off-by: Alexandre Couedelo <[email protected]> * chore: address changes requested by @ jalseth Signed-off-by: Alexandre Couedelo <[email protected]> * chore: remove error handling on file close Signed-off-by: Alexandre Couedelo <[email protected]> * fix: revert bad renaming Signed-off-by: Alexandre Couedelo <[email protected]> * fix: go mod tidy Signed-off-by: Alexandre Couedelo <[email protected]> * fix: update template in acceptance test the name of the variable has changed to be more meaningful Signed-off-by: Alexandre Couedelo <[email protected]> --------- Signed-off-by: Alexandre Couedelo <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * test(policy): improve engine test coverage (open-policy-agent#1055) * test(policy): improve engine test coverage Add TestLoadWithData and TestNamespaces to increase test coverage for the policy engine. Tests a few edge cases such as duplicate namespaces. Signed-off-by: Ville Vesilehto <[email protected]> * refactor(policy): replace memfs with testing/fstest Migrate tests to use Go's standard library fstest.MapFS instead of custom memfs implementation. - Update TestProblematicIf and TestNamespaces to use fstest.MapFS - Remove memfs import and dependency - Convert test file content handling to use MapFile structs - Maintain existing test functionality while using official FS impl Signed-off-by: Ville Vesilehto <[email protected]> * docs: explain fstest.MapFS conversion in tests The type conversion from map[string]*fstest.MapFile to fstest.MapFS triggers an 'unnecessary conversion' linter warning. Add explanatory comment to document why this conversion is required - it ensures proper fs.FS interface implementation needed by loader.WithFS. Signed-off-by: Ville Vesilehto <[email protected]> --------- Signed-off-by: Ville Vesilehto <[email protected]> * build(deps): bump github.com/open-policy-agent/opa from 0.70.0 to 1.1.0 (open-policy-agent#1050) * build(deps): bump github.com/open-policy-agent/opa from 0.70.0 to 1.1.0 Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.70.0 to 1.1.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v0.70.0...v1.1.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * ci: Disable deprecated code check for golangci-lint This is currently blocking the upgrade to the OPA v1 package, and as a general rule I don't think hard blocking updates and releases on use of deprecated but still working code is good. Signed-off-by: James Alseth <[email protected]> * document: Use V1 AST The V0 path is currently missing the BuildAnnotationSet function which breaks the build. This will be fixed, but the V0 path is an alias to the V1 path, so this is effectively the same. This does not have an impact on the required Rego for conftest users. Signed-off-by: James Alseth <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: James Alseth <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Alseth <[email protected]> * build(deps): bump golang from 1.23.5-alpine to 1.23.6-alpine (open-policy-agent#1062) Bumps golang from 1.23.5-alpine to 1.23.6-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(engine): add query metadata to evaluation results (open-policy-agent#1061) * feat(engine): add query metadata to evaluation results Add query information to result metadata to enable output formatters to utilize the originating query in their output. This helps track which policy rule triggered each result. The change: - Adds query metadata to both string and map return types - Ensures metadata map is properly initialized - Adds comprehensive tests covering single and multiple results Signed-off-by: Ville Vesilehto <[email protected]> * test: split checks in TestQueryMetadata Check msg and meta in separate blocks, with separate err Signed-off-by: Ville Vesilehto <[email protected]> --------- Signed-off-by: Ville Vesilehto <[email protected]> * engine: Refactor to allow for Rego version to be specified (open-policy-agent#1059) Signed-off-by: James Alseth <[email protected]> * feat(parser): handle UTF-8 BOM in JSON input (open-policy-agent#1065) Strip UTF-8 BOM (byte order mark) from JSON input before parsing, allowing users to directly use files containing BOM with conftest. Matches OPA's implementation. Signed-off-by: Ville Vesilehto <[email protected]> * test(plugin): add comprehensive plugin package tests (open-policy-agent#1056) * test(plugin): add comprehensive plugin package tests Add tests for Load, FindAll and plugin Exec functionality. Includes test coverage for plugin loading, discovery and command execution. Signed-off-by: Ville Vesilehto <[email protected]> * fix: proper file paths for plugin tests CacheDirectory() will resolve to current working directory if pre-defined directory structure is missing. Signed-off-by: Ville Vesilehto <[email protected]> --------- Signed-off-by: Ville Vesilehto <[email protected]> * feat: Implement SARIF output (open-policy-agent#1042) * feat: add SARIF output format support Add Static Analysis Results Interchange Format (SARIF) v2.1.0 output support to conftest. SARIF is a standard JSON format for static analysis tools. - SARIF v2.1.0 schema compliance - Includes file locations and rule metadata - Tracks execution timing and status - Test coverage - Documentation Signed-off-by: Ville Vesilehto <[email protected]> * feat(output): implement SARIF output using go-sarif library Add Static Analysis Results Interchange Format (SARIF) v2.1.0 output support using the go-sarif library. This provides a standard JSON format for static analysis results with proper schema compliance. Key changes: - Use go-sarif/v2 library instead of custom implementation - Support all result types (failures, warnings, exceptions, successes) - Add comprehensive test coverage with JSON comparison - Document new output format in options.md The SARIF output includes: - File locations and rule metadata - Proper result levels (error/warning/note/none) - Execution status and exit codes - Rule properties from result metadata Signed-off-by: Ville Vesilehto <[email protected]> * refactor: address pr comments - refactor: remove getRuleIndex Use direct map lookups instead - refactor: succinct map lookups Map lookup with a fallback - refactor: move result type logic to addResult func Cleaner code, while not really idiomatic due to go-sarif library design. - fix: treat exceptions as success A file with only exceptions will be treated as a success. Exceptions will still be logged (with level "note") for visibility. The exit code will be 0 (success) when there are only exceptions. - refactor: simplify hasFailures and hasWarnings Risk of typo is too high - refactor: treat exceptions as successes in SARIF output Exceptions are now treated as successes in the SARIF output, removing the separate exception handling. - test: type safe test input for SARIF Probably helps writing further test cases, instead of bare JSON - refactor: use google/go-cmp for json diff Based on PR comment Signed-off-by: Ville Vesilehto <[email protected]> --------- Signed-off-by: Ville Vesilehto <[email protected]> * chore: Change empty interface{} to any throughout the codebase (open-policy-agent#1057) The any type is a clearer intent than an empty interface. Signed-off-by: James Alseth <[email protected]> * chore: Update all examples to OPA V1 syntax (open-policy-agent#1058) Signed-off-by: James Alseth <[email protected]> * refactor(output): Add CheckResults type and helpers (open-policy-agent#1063) Adding a new type for a slice of CheckResult to add helper methods for checking if there were failures, warnings, or exceptions. Signed-off-by: James Alseth <[email protected]> * feat(test): Enable inter-query cache (open-policy-agent#1073) This improves performance for some Rego policies, such as those that use the http.send builtin. This is only enabled for the "conftest test" comamnd to avoid introducing flaky unit tests with "conftest verify" due to the caching. Signed-off-by: James Alseth <[email protected]> * build(deps): bump github.com/open-policy-agent/opa from 1.1.0 to 1.2.0 (open-policy-agent#1080) * build(deps): bump github.com/open-policy-agent/opa from 1.1.0 to 1.2.0 Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.1.0...v1.2.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build: Run `go mod tidy`. Signed-off-by: James Alseth <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: James Alseth <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Alseth <[email protected]> * build(deps): bump alpine from 3.21.2 to 3.21.3 (open-policy-agent#1072) Bumps alpine from 3.21.2 to 3.21.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/moby/buildkit from 0.19.0 to 0.20.0 (open-policy-agent#1076) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.19.0 to 0.20.0. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * refactor(ci): replace Makefile-based Docker builds with GitHub Action… (open-policy-agent#1075) * refactor(ci): replace Makefile-based Docker builds with GitHub Actions for easier maintenance Signed-off-by: Jesse Amamgbu <[email protected]> * build(deps): bump golang from 1.23.6-alpine to 1.24.0-alpine (open-policy-agent#1071) * build(deps): bump golang from 1.23.6-alpine to 1.24.0-alpine Bumps golang from 1.23.6-alpine to 1.24.0-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * build: Bump Go to 1.24. Signed-off-by: James Alseth <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: James Alseth <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Alseth <[email protected]> * feat: add --absolute-paths flag to pull command (open-policy-agent#1078) Add a new flag to the pull command that allows preserving absolute paths when downloading policies. By default, absolute paths in the --policy flag are treated as relative paths from the current directory. With the new --absolute-paths flag, users can specify absolute paths to download policies to. Signed-off-by: Ville Vesilehto <[email protected]> * docs: clarify --trace flag behavior with --output flag (open-policy-agent#1060) Improve documentation to make it clear that when both --trace and --output flags are specified, the output format takes priority over tracing. This helps users understand that they cannot combine tracing with custom output formats like JSON or table. Signed-off-by: Ville Vesilehto <[email protected]> * fix: Conftest can now successfully load files using a file URL (e.g., `file:///C:/path/to/data.yaml`) on windows (open-policy-agent#999) * fix: Conftest encounters errors on Windows when loading file paths that include drive letters (e.g., `C:/path/to/data.yaml`). Even when using a file URL (e.g., `file:///C:/path/to/data.yaml`), we still face issues. With these code changes, Conftest can now successfully load files using a file URL (e.g., `file:///C:/path/to/data.yaml`). We opted for file URLs instead of paths with drive letters (e.g., `C:/path/to/data.yaml`) because OPA does not support file paths with drive letters. For more details, see [this issue comment](open-policy-agent/opa#6922 (comment)). Resolves: open-policy-agent#979 Signed-off-by: Punith C K <[email protected]> * fix: Removing WithProcessAnnotation(true) which is not needed for loading data files Signed-off-by: Punith C K <[email protected]> * fix: Conftest can now successfully load files using a file URL (e.g., file:///C:/path/to/data.yaml) on windows Removing duplicate code Signed-off-by: Punith C K <[email protected]> --------- Signed-off-by: Punith C K <[email protected]> Signed-off-by: Punith C K <[email protected]> Co-authored-by: Punith C K <[email protected]> * ci: Revert "replace Makefile-based Docker builds with GitHub Action… (open-policy-agent#1075)" (open-policy-agent#1081) This reverts commit 854183b. Signed-off-by: James Alseth <[email protected]> * build(deps): bump github.com/moby/buildkit from 0.20.0 to 0.20.1 (open-policy-agent#1083) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.20.0 to 0.20.1. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.20.0...v0.20.1) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: add documentation feature to the navigation bar (open-policy-agent#1087) Signed-off-by: boranx <[email protected]> * feat: add pre-commit hook support (open-policy-agent#1077) * feat: add pre-commit hook support Add pre-commit integration to validate configurations against OPA policies: - Create .pre-commit-hooks.yaml with conftest test/verify hook configs - Add pre-commit hook tests using bats - Install pre-commit in CI workflow Signed-off-by: Ville Vesilehto <[email protected]> * chore: add teardown to pre-commit test Add teardown function so we clean up the test config. Signed-off-by: Ville Vesilehto <[email protected]> * chore: remove verbose from pre-commit test Test checks the return code only Signed-off-by: Ville Vesilehto <[email protected]> * chore: suggestions from the pr Co-authored-by: Boran Seref <[email protected]> Signed-off-by: Ville Vesilehto <[email protected]> * chore: add Makefile step for installing deps Since acceptance tests require pre-commit lets make sure it's available - if not, install with pip. This is bundled with the 'make test-acceptance' step so that local and CI environments behave the same way. Signed-off-by: Ville Vesilehto <[email protected]> * chore: use isolated temp repo for testing pre-commit - Create a temporary Git repository for each test run - Configure Git with test-specific user info and disabled signing - Use absolute paths for pre-commit hook configuration - Clean up test artifacts properly after each run - Remove dependency on main repository state Signed-off-by: Ville Vesilehto <[email protected]> --------- Signed-off-by: Ville Vesilehto <[email protected]> * build(deps): bump golang from 1.24.0-alpine to 1.24.1-alpine (open-policy-agent#1086) Bumps golang from 1.24.0-alpine to 1.24.1-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/BurntSushi/toml from 1.4.0 to 1.5.0 (open-policy-agent#1089) Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](BurntSushi/toml@v1.4.0...v1.5.0) --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: Remove PR workflow access to all permissions from GITHUB_TOKEN (open-policy-agent#1088) Signed-off-by: James Alseth <[email protected]> * build(deps): bump github.com/moby/buildkit from 0.20.1 to 0.20.2 (open-policy-agent#1091) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.20.1 to 0.20.2. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.20.1...v0.20.2) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/open-policy-agent/opa from 1.2.0 to 1.3.0 (open-policy-agent#1092) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.2.0...v1.3.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump golang from 1.24.1-alpine to 1.24.2-alpine (open-policy-agent#1096) Bumps golang from 1.24.1-alpine to 1.24.2-alpine. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump cuelang.org/go from 0.12.0 to 0.12.1 (open-policy-agent#1094) Bumps cuelang.org/go from 0.12.0 to 0.12.1. --- updated-dependencies: - dependency-name: cuelang.org/go dependency-version: 0.12.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/magiconair/properties from 1.8.9 to 1.8.10 (open-policy-agent#1097) Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.9 to 1.8.10. - [Release notes](https://github.com/magiconair/properties/releases) - [Commits](magiconair/properties@v1.8.9...v1.8.10) --- updated-dependencies: - dependency-name: github.com/magiconair/properties dependency-version: 1.8.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * deps: Bump hcl2json to v0.6.7 (open-policy-agent#1074) Signed-off-by: James Alseth <[email protected]> * refactor(ci): replace Makefile-based Docker builds with GitHub Action (open-policy-agent#1082) Signed-off-by: Jesse Amamgbu <[email protected]> * docs: update default template link to use absolute URL (open-policy-agent#1099) Change the relative link to the default template to use an absolute URL pointing to the raw GitHub content for better accessibility. Currently the link is broken since the file from the relative path is not deployed to the docs site. Signed-off-by: Ville Vesilehto <[email protected]> * chore: Update Github Actions via Dependabot (open-policy-agent#1100) Signed-off-by: Manuel Rüger <[email protected]> * build(deps): bump golangci/golangci-lint-action from 6 to 7 (open-policy-agent#1103) * build(deps): bump golangci/golangci-lint-action from 6 to 7 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v6...v7) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * ci: Run "golangci-lint migrate" Signed-off-by: James Alseth <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: James Alseth <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Alseth <[email protected]> * build(deps): bump actions/setup-go from 4 to 5 (open-policy-agent#1102) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump bats-core/bats-action from 1.5.4 to 3.0.1 (open-policy-agent#1104) Bumps [bats-core/bats-action](https://github.com/bats-core/bats-action) from 1.5.4 to 3.0.1. - [Release notes](https://github.com/bats-core/bats-action/releases) - [Commits](bats-core/bats-action@1.5.4...3.0.1) --- updated-dependencies: - dependency-name: bats-core/bats-action dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: Move docker build to separate job in the PR workflow (open-policy-agent#1105) This step is slow to run and only needs to be tested after everything else. Signed-off-by: James Alseth <[email protected]> * feat(runner): add support for symlinks (open-policy-agent#1098) Signed-off-by: Dieter Bocklandt <[email protected]> * feat(output): redirect trace output to stderr (open-policy-agent#1084) Signed-off-by: Ville Vesilehto <[email protected]> * build(deps): bump github.com/moby/buildkit from 0.20.2 to 0.21.0 (open-policy-agent#1101) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.20.2 to 0.21.0. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.20.2...v0.21.0) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/moby/buildkit from 0.21.0 to 0.21.1 (open-policy-agent#1111) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.21.0 to 0.21.1. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.21.0...v0.21.1) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-version: 0.21.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.1 (open-policy-agent#1113) * build(deps): bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.1 Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.3.0 to 1.4.1. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.3.0...v1.4.1) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.4.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * chore: go mod tidy Signed-off-by: James Alseth <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: James Alseth <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Alseth <[email protected]> * docs: Make examples in the docs compatible with v1 syntax (open-policy-agent#1115) Signed-off-by: James Alseth <[email protected]> * cli: Make Rego v1 syntax the default (open-policy-agent#1114) Signed-off-by: James Alseth <[email protected]> * build(deps): bump golangci/golangci-lint-action from 7 to 8 (open-policy-agent#1119) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7 to 8. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v7...v8) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/google/go-jsonnet from 0.20.0 to 0.21.0 (open-policy-agent#1120) Bumps [github.com/google/go-jsonnet](https://github.com/google/go-jsonnet) from 0.20.0 to 0.21.0. - [Release notes](https://github.com/google/go-jsonnet/releases) - [Changelog](https://github.com/google/go-jsonnet/blob/master/.goreleaser.yml) - [Commits](google/go-jsonnet@v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: github.com/google/go-jsonnet dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs: Update README.md to make it compatible with v1 syntax (open-policy-agent#1122) Signed-off-by: William Burton <[email protected]> * fix: revert makefile changes --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Ville Vesilehto <[email protected]> Signed-off-by: Alexandre Couedelo <[email protected]> Signed-off-by: James Alseth <[email protected]> Signed-off-by: Jesse Amamgbu <[email protected]> Signed-off-by: Punith C K <[email protected]> Signed-off-by: Punith C K <[email protected]> Signed-off-by: boranx <[email protected]> Signed-off-by: Manuel Rüger <[email protected]> Signed-off-by: Dieter Bocklandt <[email protected]> Signed-off-by: William Burton <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ville Vesilehto <[email protected]> Co-authored-by: Anders Eknert <[email protected]> Co-authored-by: Alexandre Couedelo <[email protected]> Co-authored-by: James Alseth <[email protected]> Co-authored-by: Jesse Amamgbu <[email protected]> Co-authored-by: pckvcode <[email protected]> Co-authored-by: Punith C K <[email protected]> Co-authored-by: Boran Seref <[email protected]> Co-authored-by: Manuel Rüger <[email protected]> Co-authored-by: Dieter Bocklandt <[email protected]> Co-authored-by: William Burton <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change standardizes the behavior of the
--traceflag. When--traceis used, trace output is now consistently directed to stderr, while the primary formatted output (controlled by--output) remains on stdout.Previously, combining
--tracewith non-standard output formats (e.g.,--output=json,--output=table) resulted in trace output being suppressed entirely. This update resolves that limitation, enabling users to capture detailed trace information separately from the main results, regardless of the chosen output format. For instance, trace logs can be saved to a file using stderr redirection:conftest test --trace --output=table my_config.yaml 2> trace.logBREAKING CHANGE: Trace output is now always sent to stderr when
--traceis enabled, including when using the default (stdout) output format. Previously, trace output for the default format went to stdout. Users with scripts or workflows that captured trace logs from stdout will need to update them to read from stderr instead.Fixes #1031