OPA policies repositories are expected to be hosted in GitHub, GitLab or Bitbucket repos. When adding your repository to Artifact Hub, the url used must follow the following format:
By default the
master branch is used, but it’s possible to specify a different one from the UI.
Please NOTE that the repository URL used when adding the repository to Artifact Hub must NOT contain the git hosting platform specific parts, like tree/branch, just the path to your packages like it would show in the filesystem.
The path to packages provided can contain one or more packages. Each package version must be on a separate folder. You can have multiple policies in a single package, or create a package for each policy, it’s completely up to you. In the same way, you can decide if you want to provide one or multiple versions of your policies packages.
The structure of a repository with multiple packages and versions could look something like this:
$ tree path/to/packages path/to/packages ├── artifacthub-repo.yml ├── package1 │ ├── 1.0.0 │ │ ├── README.md │ │ ├── artifacthub-pkg.yml │ │ ├── more │ │ │ └── policies3.rego │ │ ├── policies1.rego │ │ └── policies2.rego │ └── 2.0.0 │ ├── README.md │ ├── artifacthub-pkg.yml │ └── policies1.rego └── package2 └── 1.0.0 ├── README.md ├── artifacthub-pkg.yml └── policies1.rego
This structure is flexible, and in some cases where you only have a package and a version it can be greatly simplified. The Deprek8ion policies repository illustrated below, for example, is using a simpler structure.
In the case of a single package with a single version available at a time (the publisher doesn’t want to make previous ones available, for example), the structure could look like this:
$ tree path/to/packages path/to/packages ├── artifacthub-repo.yml └── package1 ├── README.md ├── artifacthub-pkg.yml ├── policies1.rego └── policies2.rego
In the previous case, even the
package1 directory could be omitted. The reason is that both packages names and versions are read from the
artifacthub-pkg.yml metadata file, so directories names are not used at all.
Each package version needs an
artifacthub-pkg.yml metadata file. Please see the file spec for more details. Policies files must have the
.rego extension. If you want to exclude some paths in your package from the indexing, you can do it using the
ignore field in your package metadata file, which uses
Once you have added your repository, you are all set up. As you add new versions of your policies or even new policies packages to your git repository, they’ll be automatically indexed and listed in Artifact Hub.
- Policies source GitHub URL: https://github.com/swade1987/deprek8ion/tree/master/policies
- Repository metadata file: https://github.com/swade1987/deprek8ion/blob/master/policies/artifacthub-repo.yml
- Package metadata file: https://github.com/swade1987/deprek8ion/blob/master/policies/artifacthub-pkg.yml
- Repository URL used in Artifact Hub:
https://github.com/swade1987/deprek8ion/policies(please note how the tree/master part is not used)
- Policies displayed in Artifact Hub: https://artifacthub.io/packages/opa/deprek8ion/deprek8ion