swade1987
commented
4 years ago Working on it @tylerauerbeck I need some additional privileges on there I feel.
Closed tylerauerbeck closed 4 years ago
swade1987
commented
4 years ago Working on it @tylerauerbeck I need some additional privileges on there I feel.
tylerauerbeck
commented
4 years ago Agreed. I may have spoken too soon. Went to look at pushing ours as well and it doesn't look like I have access to anything except for helm charts.
swade1987
commented
4 years ago Sergio Castaño Arteaga 6:58 PM Hi @swade1987. We are still working on defining what OPA artifacts will be published to the Hub and what would be the best way of doing it. That section of the control panel is not yet ready and unfortunately, there is no way to publish OPA policies programmatically either. We’ll let you know when it’s available.
swade1987
commented
4 years ago Closing as hosted at https://artifacthub.io/packages/opa/deprek8ion/deprek8ion
fredgate
commented
3 years ago @swade1987 How do you use policies hosted at artifacthub.io ?
I would like to download them and use them with conftest :
conftest pull https://artifacthub.io/packages/opa/deprek8ion/deprek8ionbut in the downloaded policy directory I get a HTML file instead of Rego files.
swade1987
commented
3 years ago @tegioz is this something you could advise on please?
tegioz
commented
3 years ago Hi 👋
I think the best way to proceed would be to provide some installation instructions in the package metadata file. When that information is available, we display a INSTALL button on the UI that will display those instructions to users. For other package kinds that have a generic way of installation (like Helm charts), we provide the installation instructions automatically.
This would be an example of installation instructions for a Keptn instegration provided by the publisher:
Please keep in mind that Artifact Hub doesn't really hosts artifacts, only metadata about them. Our main goal is to make it easier for users to discover and explore content, but the installation instructions should point to the source, not Artifact Hub.
Hope this helps 🙂
fredgate
commented
3 years ago I was new to Artifact hub, and I came to understand that it only contained the metadata and not the artifacts themselves. Indeed it would be good to explain how to install these artefacts (Rego rules).
Here is the command that I used : conftest pull git::https://github.com/swade1987/deprek8ion.git//policies
fredgate
commented
3 years ago On the other hand, it would be good when a policy is modified, that a new publication is visible on artifact hub. This is currently not the case because the last visible release is the 0.1.0 of july 27, 2020 while the rules have since been modified.
https: //github.com/swade1987/deprek8ion/blob/master/policies/artifacthub-pkg.yml
fredgate
commented
3 years ago What do you think @swade1987 ?
swade1987
commented
3 years ago @fredgate it makes sense for the version to upgrade when changes are made, is this possible @tegioz ?
tegioz
commented
3 years ago This is something that needs to be managed manually by the publisher @swade1987. Artifact Hub doesn't inspect changes at the git repo level actually, only in the AH metadata files provided. Also, we wouldn't know if you wanted to publish a release, what version to use, etc.
It'd be great if you could update the version in the metadata file and even provide some notes for the changelog when you think it makes sense. This way we would notify users subscribed to your package in AH when the new release is available, letting them know what changed. You can even maintain multiple versions of your packages if you wish so. For more details please see the OPA section in the repositories guide and the metadata file reference.
fredgate
commented
3 years ago This is interesting. I understand that the publisher must update the artifacthub-pkg.yml file in its git repository. But next what happen :
tegioz
commented
3 years ago
- artifactoryhub will regularly fetch this file and check for changes ?
This one 😉 We poll all repositories regularly (every 30 mins at the moment) and index new packages and versions available in the repository. There are more than 1k at the moment and growing! Some have hundreds of packages and thousands of versions, others only one.
swade1987
commented
3 years ago @fredgate I am looking to potentially re-work the whole setup of this repository based on https://github.com/swade1987/deprek8ion/discussions/32 would love your input if possible.
Additionally, if you'd be interested in pairing on a restructure I would be more than happy to have some assistance.
Although still in alpha, looks like you can publish OPA policies to ArtifactHub. Would be good to see deprek8ion policies there to be able to pull down.