ci: fix gosec action and opa syntax

haasonsaas · haasonsaas · commit 7beaff5225f3 · 2025-10-18T13:35:13.000-07:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -135,10 +135,11 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
+      - name: Install gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+
       - name: Run gosec security scanner
-        uses: securecodewarrior/github-action-gosec@master
-        with:
-          args: '-fmt sarif -out gosec.sarif ./...'
+        run: gosec -fmt sarif -out gosec.sarif ./...
 
       - name: Upload gosec results
         uses: github/codeql-action/upload-sarif@v3
diff --git a/policies/keep.rego b/policies/keep.rego
@@ -1,5 +1,7 @@
 package keep
 
+import future.keywords.if
+
 default decision := "deny"
 
 decision := "allow" if {
@@ -27,9 +29,7 @@ decision := "deny" if {
 	input.device.posture == "unregistered"
 }
 
-allow if {
-	decision == "allow"
-}
+allow if decision == "allow"
 
 valid_user if {
 	input.user.email != ""
diff --git a/policies/test/allow_test.rego b/policies/test/allow_test.rego
@@ -1,5 +1,7 @@
 package keep_test
 
+import future.keywords.if
+
 test_allow_healthy_device if {
 	input := {
 		"user": {"email": "alice@example.com"},
