add optimization level arg

Author: gertd

.goreleaser-pre.yml

@@ -15,7 +15,7 @@ before:
 
 builds:
   # https://goreleaser.com/customization/build/
-  - id: build
+  - id: policy
     main: ./cmd/policy
     binary: policy
     goos:
@@ -40,9 +40,10 @@ builds:
 
 archives:
   # https://goreleaser.com/customization/archive/
-  - format: zip
-    builds:
-    - build
+  - format: 
+      - zip
+    ids:
+      - policy
     files:
       - LICENSE
       - README.md

.goreleaser.yml

@@ -15,7 +15,7 @@ before:
 
 builds:
   # https://goreleaser.com/customization/build/
-  - id: build
+  - id: policy
     main: ./cmd/policy
     binary: policy
     goos:
@@ -40,9 +40,10 @@ builds:
 
 archives:
   # https://goreleaser.com/customization/archive/
-  - format: zip
-    builds:
-    - build
+  - formats: 
+      - zip
+    ids:
+      - policy
     files:
       - LICENSE
       - README.md

go.mod

@@ -2,7 +2,7 @@ module github.com/opcr-io/policy
 
 go 1.24
 
-toolchain go1.24.5
+toolchain go1.24.6
 
 require (
 	github.com/Masterminds/sprig v2.22.0+incompatible

go.work

@@ -1,6 +1,6 @@
 go 1.24
 
-toolchain go1.24.5
+toolchain go1.24.6
 
 use (
 	.

oci/go.mod

@@ -2,7 +2,7 @@ module github.com/opcr-io/policy/oci
 
 go 1.23.0
 
-toolchain go1.24.5
+toolchain go1.24.6
 
 require (
 	github.com/containerd/containerd v1.7.25

parser/go.mod

@@ -2,7 +2,7 @@ module github.com/opcr-io/policy/parser
 
 go 1.23
 
-toolchain go1.24.5
+toolchain go1.24.6
 
 require (
 	github.com/containerd/containerd v1.7.25

scripts/build.sh

@@ -1,17 +1,19 @@
 #!/usr/bin/env bash
 
 # set defaults when not set
-[ -z "${INPUT_REVISION}" ]   && INPUT_REVISION=${GITHUB_SHA}
-[ -z "${INPUT_VERBOSITY}" ]  && INPUT_VERBOSITY="error"
-[ -z "${INPUT_SOURCE_URL}" ] && INPUT_SOURCE_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}"
+[ -z "${INPUT_REVISION}" ]    && INPUT_REVISION=${GITHUB_SHA}
+[ -z "${INPUT_VERBOSITY}" ]   && INPUT_VERBOSITY="error"
+[ -z "${INPUT_SOURCE_URL}" ]  && INPUT_SOURCE_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}"
 [ -z "${INPUT_REGO_VERSION}"] && INPUT_REGO_VERSION="rego.v0"
+[ -z "${INPUT_OPTIMIZE}"]     && INPUT_OPTIMIZE="disabled"
 
 # validate if values are set
 [ -z "${INPUT_SRC}" ]        && echo "INPUT_SRC is not set exiting" && exit 2
 [ -z "${INPUT_TAG}" ]        && exit "INPUT_TAG is not set exiting" && exit 2
 [ -z "${INPUT_REVISION}" ]   && exit "INPUT_REVISION is not set exiting" && exit 2
 [ -z "${INPUT_VERBOSITY}" ]  && exit "INPUT_VERBOSITY is not set exiting" && exit 2
 [ -z "${INPUT_SOURCE_URL}" ] && exit "INPUT_SOURCE_URL is not set exiting" && exit 2
+[ -z "${INPUT_OPTIMIZE}" ]   && exit "INPUT_OPTIMIZE is not set exiting" && exit 2
 
 if [[ -z "${GITHUB_WORKSPACE}" ]]; then
   SRC_PATH=$PWD/$INPUT_SRC
@@ -42,6 +44,20 @@ case ${INPUT_VERBOSITY} in
     ;;
 esac
 
+OPTIMIZE=0
+case ${INPUT_OPTIMIZE} in
+  "disabled")
+    OPTIMIZE=0
+    ;;
+  "recommended")
+    OPTIMIZE=1
+    ;;
+  "aggressive")
+    OPTIMIZE=2
+    ;;
+esac
+
+
 # output all inputs env variables
 echo "POLICY-BUILD        $(/app/policy version | sed 's/Policy CLI.//g')"
 printf "\n"
@@ -52,6 +68,7 @@ echo "INPUT_REVISION      ${INPUT_REVISION}"
 echo "INPUT_VERBOSITY     ${INPUT_VERBOSITY} (${VERBOSITY})"
 echo "INPUT_SOURCE_URL    ${INPUT_SOURCE_URL}"
 echo "INPUT_REGO_VERSION  ${INPUT_REGO_VERSION}"
+echo "INPUT_OPTIMIZE      ${INPUT_OPTIMIZE} (${OPTIMIZE})"
 echo "SRC_PATH            ${SRC_PATH}"
 printf "\n"
 
@@ -61,7 +78,7 @@ printf "\n"
 e_code=0
 
 # construct commandline arguments 
-CMD="/app/policy build ${SRC_PATH} --tag ${INPUT_TAG} --rego-version=${INPUT_REGO_VERSION} --verbosity=${VERBOSITY} --annotations=org.opencontainers.image.source=${INPUT_SOURCE_URL}"
+CMD="/app/policy build ${SRC_PATH} --tag ${INPUT_TAG} --rego-version=${INPUT_REGO_VERSION} --verbosity=${VERBOSITY} --optimize=${OPTIMIZE} --annotations=org.opencontainers.image.source=${INPUT_SOURCE_URL}"
 
 # execute command
 eval "$CMD" || e_code=1

templates/github/.github/workflows/build-release-policy.yaml.tmpl

@@ -12,43 +12,40 @@ jobs:
     name: build
 
     steps:
-    - uses: actions/checkout@v3
+    - 
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
-
-    - name: Read config
+    - 
+      name: Read config
       id: config
-      uses: opcr-io/ga-yaml-parser@v0.1
+      uses: gertd/yaml-reader-action@v1
       with:
         file: .github/config.yaml
-
-    - name: List Sver Tags
-      uses: aserto-dev/sver-action@v0
-      id: "sver"
+    -
+      name: Calc Tags
+      id: meta
+      uses: docker/metadata-action@v5
       with:
-        docker_image:{{ ` ${{ steps.config.outputs.repo }}` }}
-        docker_registry:{{` ${{ steps.config.outputs.server }}` }}
-        docker_username:{{` ${{ steps.config.outputs.username }}` }}
-        docker_password:{{` ${{ secrets.` }}{{ pushkey}} }}
-
-    - name: Calculate image tags
-      id: "tags"
-      run: |
-        while read -r tag; do
-          tags="$tags {{`${{ steps.config.outputs.repo }}` }}:$tag"
-        done < <(echo "{{`${{ steps.sver.outputs.version }}` }}")
-
-        echo target_tags=${tags} >> $GITHUB_OUTPUT
-
-    - name: Policy Login
+        images: |
+          ${{ steps.config.outputs.server }}/${{ steps.config.outputs.repo }}
+        flavor: |
+          latest=auto
+        tags: |
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+          # type=sha
+    - 
+      name: Policy Login
       id: policy-login
       uses: opcr-io/policy-login-action@v3
       with:
         username: {{`${{ steps.config.outputs.username }}` }}
         password: {{`${{ secrets.`}}{{ pushkey }} }}
         server: {{`${{ steps.config.outputs.server }}` }}
-
-    - name: Policy Build
+    - 
+      name: Policy Build
       id: policy-build
       uses: opcr-io/policy-build-action@v4
       with:
@@ -58,26 +55,26 @@ jobs:
         rego_version: "rego.v1"
       env:
         POLICY_DEFAULT_DOMAIN: {{`${{ steps.config.outputs.server }}` }}
-
-    - name: Policy Tag
+    - 
+      name: Policy Tag
       id: policy-tag
       uses: opcr-io/policy-tag-action@v3
       with:
-        source_tag: {{`${{ steps.config.outputs.repo }}` }}
-        target_tags: {{`${{ steps.tags.outputs.target_tags }}` }}
+        source_tag: ${{ steps.config.outputs.repo }}
+        target_tags: ${{ steps.meta.outputs.tags }}
       env:
-        POLICY_DEFAULT_DOMAIN: {{`${{ steps.config.outputs.server }}` }}        
-
-    - name: Policy Push
+        POLICY_DEFAULT_DOMAIN: ${{ steps.config.outputs.server }}        
+    - 
+      name: Policy Push
       id: policy-push
       uses: opcr-io/policy-push-action@v3
       with:
-        tags: {{`${{ steps.tags.outputs.target_tags }}` }}
+        tags: ${{ steps.meta.outputs.tags }}
       env:
-        POLICY_DEFAULT_DOMAIN: {{`${{ steps.config.outputs.server }}` }}
-
-    - name: Policy Logout
+        POLICY_DEFAULT_DOMAIN: ${{ steps.config.outputs.server }}
+    - 
+      name: Policy Logout
       id: policy-logout
       uses: opcr-io/policy-logout-action@v3
       with:
-        server: {{`${{ steps.config.outputs.server }}` }}
+        server: ${{ steps.config.outputs.server }}