# Development
This documentation contains developer notes for those working on EOPA.
Install using brew or directly from download page.
- golang:
brew install go - golanglint-ci:
brew install golangci-lint - ko-build:
brew install ko - skopeo:
brew install skopeo - apko:
brew install apko - Docker (or OrbStack)
- Make:
xcode-select --install - goreleaser:
brew install goreleaser - protobuf: see
pkg/grpc/README.md - bufbuild
- grpcurl:
brew install grpcurl - quill:
curl -sSfL https://raw.githubusercontent.com/anchore/quill/main/install.sh | sh -s -- -b /usr/local/bin
- goreleaser-cross:
make release(1.5GB) - visual studio code
- delve:
brew install delve - vault
Build with make build, run with make run, publish with make push.
bin: built binariesbuild: additional build scriptscmd: cobra command CLIe2e: end-to-end testspkg: enterprise OPA sourceproto: protobuf sourcestest: smoke tests data
Makefile: top-level makemain.go: golang maingo.mod,go.sum: golang module configuration: 'make update'.goreleaser.yaml: goreleaser build scripts.golangci.yaml: golang lint configuration.github/workflows: github actions.ko.yaml: ko-build
make: build eopamake fmt: go fmtmake update/make update-e2e/make update-examples: update module configurationmake test: run unittestsmake check: run linter
From fetchdb repo; see <fetchdb>/docs/public/docs-website/README.md
brew install npm
cd <fetchdb>/docs/public/docs-website
npm install
npm run start
from browser: http://localhost:3000/enterprise-opa
Run the following command to regenerate the CLI documentation. Apply diff manually to fetchdb
make generate-cli-docs
diff tmp-docs/cli.md ../fetchdb/docs/public/docs/enterprise-opa/cli-reference.md
If you get "permission denied: ./eopa"
% chmod +x eopa
% xattr -d com.apple.quarantine eopa
Follow the instruction to create an Apple developer certificate (P12) and notary on the Quill README.md.
Set up the following environment variables, and perform a make release:
QUILL_SIGN_P12: ${{ secrets.QUILL_SIGN_P12 }} # base64 encoded contents
QUILL_SIGN_PASSWORD: ${{ secrets.QUILL_SIGN_PASSWORD }} # p12 password
QUILL_NOTARY_KEY: ${{ secrets.QUILL_NOTARY_KEY }}
QUILL_NOTARY_KEY_ID: ${{ secrets.QUILL_NOTARY_KEY_ID }}
QUILL_NOTARY_ISSUER: ${{ secrets.QUILL_NOTARY_ISSUER }}
You can safely ignore the error, or set up Quill as described above.
⨯ release failed after 5s error=post hook failed: failed to run 'quill sign-and-notarize /Users/kevin/src/github.com/open-policy-agent/eopa/dist/darwin-build_darwin_amd64_v1/eopa -vv': exit status 1
make: *** [release] Error 1
We have seen two different causes of failure so far for Quill signing and notarization of the binaries in CI:
- Our company Apple Developer account needs to accept a new agreement.
- Resolution: Ask @srenatus to check for a new agreement. If there was a new agreement, then re-run the job after accepting. (Links: page with quill keys, Account overview)
- The Apple notarization service itself is down.
- Resolution: Check the Apple Developer System Status page for outages. If there's an outage, just wait until the service comes back up, and then re-run the job.
Setting the tag version will trigger the .github/workflows/push-tags.yaml action; which will publish 'eopa' release and 'eopa' containers to https://github.com/open-policy-agent/eopa
# check the current tag/release
git fetch
git tag -l --sort -version:refname | head -n 1
# Edit the CHANGELOG.md
git commit
git push
# create capabilities (tag+1) and submit capabilities
build/gen-release-patch.sh --version=0.100.1
# create PR and submit generated file: capabiles/v0.100.1.json
git add capabilities/v0.100.1.json
git commit
git push
Final step.
# always on main!
git checkout main
# make sure our copy of `main` is up-to-date
git pull
# create tag +1
git tag v0.100.1
# push
git push origin v0.100.1