nix: add rule to update coordinator-policy-hash

edgelesssys · Feb 9, 2024 · 9014b29 · 9014b29
1 parent 33efa0b
commit 9014b29
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/packages/default.nix b/packages/default.nix
@@ -269,4 +269,29 @@ rec {
       exit 1
     '';
   };
+
+  write-coordinator-yaml = writeShellApplication {
+    name = "print-coordinator-policy";
+    runtimeInputs = [
+      yq-go
+      genpolicy
+    ];
+    text = ''
+      imageRef=$1
+
+      tmpdir=$(mktemp -d)
+      trap 'rm -rf $tmpdir' EXIT
+
+      yq < deployments/simple/coordinator.yml > "$tmpdir/coordinator.yml" \
+        "del(.metadata.namespace) | (select(.kind == \"Deployment\") | .spec.template.spec.containers[0].image) = \"$imageRef\""
+
+      pushd "$tmpdir" >/dev/null
+      # TODO(burgerdev): this should not be dev, but there are unknown env vars
+      cp ${genpolicy.settings-dev}/genpolicy-settings.json .
+      cp ${genpolicy.rules-coordinator}/genpolicy-rules.rego rules.rego
+      genpolicy < "$tmpdir/coordinator.yml"
+      popd >/dev/null
+    '';
+  };
+
 }