Skip to content

Commit 4fc002a

Browse files
milkshakeukmilkshakeuk
authored
ci(oss-checker): improve Conftest installation with fallback version handling (#133)
1 parent dd59d44 commit 4fc002a

2 files changed

Lines changed: 33 additions & 3 deletions

File tree

.github/workflows/oss-checker.yml

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -103,10 +103,27 @@ jobs:
103103
core.info('Generated repository-metadata.json for policy context.');
104104
105105
- name: Install Conftest
106+
env:
107+
FALLBACK_VERSION: '0.37.0'
106108
run: |
107-
LATEST_VERSION=$(curl --proto "=https" -s "https://api.github.com/repos/open-policy-agent/conftest/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+')
108-
curl --proto "=https" -L "https://github.com/open-policy-agent/conftest/releases/download/v${LATEST_VERSION}/conftest_${LATEST_VERSION}_Linux_x86_64.tar.gz" | tar -xz
109-
sudo mv conftest /usr/local/bin/
109+
set -euo pipefail
110+
111+
install_conftest() {
112+
local version="$1"
113+
curl --proto "=https" --fail -sSL "https://github.com/open-policy-agent/conftest/releases/download/v${version}/conftest_${version}_Linux_x86_64.tar.gz" -o conftest.tar.gz
114+
tar -xzf conftest.tar.gz
115+
sudo mv conftest /usr/local/bin/
116+
rm -f conftest.tar.gz
117+
}
118+
119+
LATEST_VERSION="$(curl --proto "=https" --fail -s "https://api.github.com/repos/open-policy-agent/conftest/releases/latest" | grep -Po '"tag_name": "v\K[0-9.]+' || true)"
120+
121+
if [[ -n "${LATEST_VERSION}" ]] && install_conftest "${LATEST_VERSION}"; then
122+
echo "Installed latest Conftest version: ${LATEST_VERSION}"
123+
else
124+
echo "Failed to install latest Conftest. Falling back to version ${FALLBACK_VERSION}."
125+
install_conftest "${FALLBACK_VERSION}"
126+
fi
110127
111128
- name: Run Policy Checks
112129
id: run_conftest

CHANGELOG.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,19 @@ This project follows **Semantic Versioning (SemVer)** ([semver.org](https://semv
1717

1818
---
1919

20+
## [0.98.3] - 2026-03-25
21+
22+
### Fixed
23+
24+
- improve Conftest installation step with fallback version handling
25+
26+
### Updated
27+
28+
- bump dorny/test-reporter from 2.6.0 to 3.0.0
29+
- bump github/codeql-action from 4.33.0 to 4.34.1
30+
- bump trufflesecurity/trufflehog from 3.93.8 to 3.94.0 in /tools/credential-scanning
31+
- bump pytest-cov from 7.0.0 to 7.1.0 in /tools/sbom-aggregation
32+
2033
## [0.98.2] - 2026-03-17
2134

2235
### Update

0 commit comments

Comments
 (0)