@@ -28,6 +28,7 @@ import (
2828 "github.com/bufbuild/protoyaml-go"
2929 v1 "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1"
3030 "github.com/chainloop-dev/chainloop/app/controlplane/pkg/unmarshal"
31+ "github.com/chainloop-dev/chainloop/pkg/resourceloader"
3132 "github.com/open-policy-agent/opa/v1/format"
3233 "github.com/styrainc/regal/pkg/config"
3334 "github.com/styrainc/regal/pkg/linter"
@@ -79,35 +80,32 @@ func (p *PolicyToLint) AddError(path, message string, line int) {
7980 })
8081}
8182
82- // Read policy files from the given directory or file
83+ // Read policy files
8384func Lookup (absPath , config string , format bool ) (* PolicyToLint , error ) {
84- fileInfo , err := os .Stat (absPath )
85+ resolvedPath , err := resourceloader .GetPathForResource (absPath )
86+ if err != nil {
87+ return nil , fmt .Errorf ("failed to resolve policy file: %w" , err )
88+ }
89+
90+ fileInfo , err := os .Stat (resolvedPath )
8591 if err != nil {
8692 if os .IsNotExist (err ) {
87- return nil , fmt .Errorf ("path does not exist: %s" , absPath )
93+ return nil , fmt .Errorf ("policy file does not exist: %s" , resolvedPath )
8894 }
89- return nil , fmt .Errorf ("failed to stat path %q: %w" , absPath , err )
95+ return nil , fmt .Errorf ("failed to stat file %q: %w" , resolvedPath , err )
96+ }
97+ if fileInfo .IsDir () {
98+ return nil , fmt .Errorf ("expected a file but got a directory: %s" , resolvedPath )
9099 }
91100
92101 policy := & PolicyToLint {
93- Path : absPath ,
102+ Path : resolvedPath ,
94103 Format : format ,
95104 Config : config ,
96105 }
97106
98- if fileInfo .IsDir () {
99- // If it's a directory, look for policy.yaml
100- policyYamlPath := filepath .Join (absPath , "policy.yaml" )
101- if err := processFile (policy , policyYamlPath ); err != nil {
102- if os .IsNotExist (err ) {
103- return nil , fmt .Errorf ("policy.yaml not found in directory: %s" , absPath )
104- }
105- return nil , fmt .Errorf ("failed to read policy.yaml: %w" , err )
106- }
107- } else {
108- if err := processFile (policy , absPath ); err != nil {
109- return nil , err
110- }
107+ if err := processFile (policy , resolvedPath ); err != nil {
108+ return nil , err
111109 }
112110
113111 // Load referenced rego files from all YAML files
@@ -132,22 +130,19 @@ func loadReferencedRegoFiles(policy *PolicyToLint) error {
132130 // Ignore parse errors here; they'll be caught in validation
133131 continue
134132 }
135- dir := filepath .Dir (yamlFile .Path )
136133 for _ , spec := range parsed .Spec .Policies {
137134 regoPath := spec .GetPath ()
138135 if regoPath != "" {
139- var absRegoPath string
140- if filepath .IsAbs (regoPath ) {
141- absRegoPath = regoPath
142- } else {
143- absRegoPath = filepath .Join (dir , regoPath )
136+ resolvedPath , err := resourceloader .GetPathForResource (regoPath )
137+ if err != nil {
138+ return fmt .Errorf ("failed to resolve rego file %q: %w" , regoPath , err )
144139 }
145- if _ , ok := seen [absRegoPath ]; ok {
140+ if _ , ok := seen [resolvedPath ]; ok {
146141 continue // avoid duplicates
147142 }
148- seen [absRegoPath ] = struct {}{}
149- if err := processFile (policy , absRegoPath ); err != nil {
150- return fmt .Errorf ("failed to load referenced rego file %q: %w" , absRegoPath , err )
143+ seen [resolvedPath ] = struct {}{}
144+ if err := processFile (policy , resolvedPath ); err != nil {
145+ return fmt .Errorf ("failed to load referenced rego file %q: %w" , resolvedPath , err )
151146 }
152147 }
153148 }
0 commit comments