docs/projects/regal/cicd.md
It's possible to use Regal to lint your Rego policies in your CI/CD pipeline(s)!
This document will guide you on how to do so. Please also review the CLI documentation for more information on the available options.
If you'd like to run Regal in GitHub actions, please consider using
setup-regal. A simple .github/workflows/lint.yml to run regal
on PRs could look like this, where policy contains Rego files:
name: Regal Lint
on:
pull_request:
jobs:
lint-rego:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: open-policy-agent/setup-regal@v2
with:
# For production workflows, use a specific version, like v0.22.0
version: latest
- name: Lint
run: regal lint --format=github ./policy
Please see setup-regal for more information.
To use Regal in GitLab CI/CD, you could for example use the following stage in your .gitlab-ci.yml:
regal_lint_policies:
stage: regal-lint
image:
# For production workflows, use a specific version, like v0.22.0
name: ghcr.io/open-policy-agent/regal:latest
entrypoint: ['/bin/sh', '-c']
script:
- regal lint ./policy --format junit > regal-results.xml
artifacts:
reports:
junit: regal-results.xml
when: always
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
The above will run Regal on the policy directory when a merge request is created or updated and will show linting
violations as part of the merge request.