From a41cc1577dca5e86614fbb42277af9202ce51469 Mon Sep 17 00:00:00 2001 From: Gustavo Carvalho Date: Wed, 13 May 2026 13:01:47 -0300 Subject: [PATCH] feat: policy input support Signed-off-by: Gustavo Carvalho --- main.go | 26 ++++++++++++++++++++++++++ repository_controls.go | 6 +++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/main.go b/main.go index eeddaa7..500308f 100644 --- a/main.go +++ b/main.go @@ -2,6 +2,7 @@ package main import ( "context" + "encoding/json" "errors" "fmt" "slices" @@ -32,11 +33,13 @@ type PluginConfig struct { DeploymentLookbackDays string `mapstructure:"deployment_lookback_days"` // Number of days to look back for deployments (default: 90) OnlyActiveDeployments string `mapstructure:"only_active_deployments"` // Only fetch deployments that are still active (not superseded) (default: false) IncludeFailedDeployments string `mapstructure:"include_failed_deployments"` // Include deployments with failure/error states (default: false) + PolicyInput string `mapstructure:"policy_input"` // Policy-specific input as JSON string (e.g., {"workflow_names": ["ci.yml", "build.yml"]}) // Parsed values (set during Configure) deploymentLookbackDays int onlyActiveDeployments bool includeFailedDeployments bool + policyInputMap map[string]interface{} } func (c *PluginConfig) Validate() error { @@ -92,6 +95,21 @@ func (c *PluginConfig) parseDeploymentConfig() error { return nil } +func (c *PluginConfig) parsePolicyInput() error { + // Parse policy input JSON string (default: empty map) + if c.PolicyInput == "" { + c.policyInputMap = make(map[string]interface{}) + return nil + } + + var result map[string]interface{} + if err := json.Unmarshal([]byte(c.PolicyInput), &result); err != nil { + return fmt.Errorf("invalid policy_input JSON: %w", err) + } + c.policyInputMap = result + return nil +} + type DeploymentWithStatuses struct { Deployment *github.Deployment `json:"deployment"` Statuses []*github.DeploymentStatus `json:"statuses"` @@ -118,6 +136,7 @@ type SaturatedRepository struct { RepositoryTeams []*RepositoryTeam `json:"repository_teams"` Environments []*RepositoryEnvironment `json:"environments"` EffectiveBranchRules map[string]*BranchRuleEvidence `json:"effective_branch_rules"` + PolicyInput map[string]interface{} `json:"policy_input"` } type GithubReposPlugin struct { @@ -148,6 +167,12 @@ func (l *GithubReposPlugin) Configure(req *proto.ConfigureRequest) (*proto.Confi return nil, err } + // Parse policy input JSON string + if err := config.parsePolicyInput(); err != nil { + l.Logger.Error("Error parsing policy input", "error", err) + return nil, err + } + l.config = config httpClient := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(&oauth2.Token{ AccessToken: config.Token, @@ -362,6 +387,7 @@ func (l *GithubReposPlugin) Eval(req *proto.EvalRequest, apiHelper runner.ApiHel RepositoryTeams: repositoryTeams, Environments: environments, EffectiveBranchRules: effectiveBranchRules, + PolicyInput: l.config.policyInputMap, } // Uncomment to check the data that is being passed through from // the client, as data formats are often slightly different than diff --git a/repository_controls.go b/repository_controls.go index 1104b21..efb8f32 100644 --- a/repository_controls.go +++ b/repository_controls.go @@ -99,7 +99,7 @@ func (l *GithubReposPlugin) GatherRepositoryEnvironments(ctx context.Context, re if err != nil { if isPermissionError(err) { l.Logger.Debug("Repository environments fetch skipped due to permissions", "repo", repo.GetFullName(), "error", err) - return nil, nil + return []*RepositoryEnvironment{}, nil } return nil, err } @@ -114,6 +114,10 @@ func (l *GithubReposPlugin) GatherRepositoryEnvironments(ctx context.Context, re opts.Page = resp.NextPage } + if environments == nil { + return []*RepositoryEnvironment{}, nil + } + return environments, nil }