added schema checking to opa check

.github/workflows/regal-lint.yaml

@@ -13,6 +13,8 @@ jobs:
       OPA_VERSION: v0.69.0
       # renovate: datasource=github-releases depName=StyraInc/regal
       REGAL_VERSION: v0.27.0
+      # renovate: datasource=github-releases depName=garethahealy/openshift-json-schema
+      OCP_SCHEMA_VERSION: 4.16.0
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@@ -32,8 +34,20 @@ jobs:
         with:
           version: ${{ env.REGAL_VERSION }}
 
+      - name: Clone schemas
+        run: |
+          if [[ ! -d "_test/schema-generation/openshift-json-schema" ]]; then
+            mkdir -p _test/schema-generation/openshift-json-schema
+            rm -rf /tmp/openshift-json-schema
+        
+            # Download openshift-json-schema dynamically so it doesnt need to be added into source
+            git clone https://github.com/garethahealy/openshift-json-schema.git /tmp/openshift-json-schema --depth 1
+        
+            mv /tmp/openshift-json-schema/v${OCP_SCHEMA_VERSION}/schemas/* _test/schema-generation/openshift-json-schema
+          fi
+
       - name: Run OPA Check
-        run: opa check policy --strict
+        run: opa check policy --strict --schema _test/schema-generation/openshift-json-schema
 
       - name: Run Regal lint
         run: regal lint --format github policy

.pre-commit-config.yaml

@@ -5,7 +5,7 @@ repos:
         name: OPA check
         description: Check syntax of staged Rego files
         entry: opa check
-        args: [ 'policy', '--strict' ]
+        args: [ 'policy', '--strict', '--schema _test/schema-generation/openshift-json-schema' ]
         pass_filenames: false
         language: system
       - id: opa-fmt