Skip to content

chore(deps): update docker.io/openpolicyagent/opa docker tag to v1.6.0#3733

Merged
edgarvonk merged 1 commit intomainfrom
renovate/docker.io-openpolicyagent-opa-1.6.x
Jun 30, 2025
Merged

chore(deps): update docker.io/openpolicyagent/opa docker tag to v1.6.0#3733
edgarvonk merged 1 commit intomainfrom
renovate/docker.io-openpolicyagent-opa-1.6.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Jun 30, 2025

This PR contains the following updates:

Package Update Change
docker.io/openpolicyagent/opa (source) minor 1.5.1 -> 1.6.0
docker.io/openpolicyagent/opa (source) minor 1.5.1-static -> 1.6.0-static

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

open-policy-agent/opa (docker.io/openpolicyagent/opa)

v1.6.0

Compare Source

This release contains a mix of new features, performance improvements, and bugfixes. Notably:

  • Improvements to the OPA website and documentation
  • Allowing keywords in Rego references
  • Parallel test execution
  • Faster built-in function execution
Modernized OPA Website (#​7037)

We're continuing to modernize the OPA website with a new design and improved user experience.

Some highlights:

  • Builtins: You can now search them on the docs page!
  • Sidebar redesign: Making it easier to find what you're looking for in our docs
  • Feedback forms: Closing the feedback loop between docs authors and readers -- Please let us know if you dislike, or like, a docs page.
  • Downloads page: Find your OS' installation instructions on a less cluttered page!
  • And much more

Authored by @​sky3n3t and @​charlieegan3

Allowing keywords in Rego references (#​7709)

Previously, Rego references could not contain terms that conflict with Rego keywords such as package, if, else, not, etc.
in certain constructs:

package example

allow if {
    input.package.source         # not allowed (before v1.6.0)
    input["package"].destination # allowed
}

The constraints for valid Rego references have been relaxed to allow keywords.
The above example is now valid and will no longer cause a compilation error.

Authored by @​johanfylling

Parallel Test Execution (#​7442)

By default, OPA will now run tests in parallel (defaulting to one parallel execution thread per available CPU core), significantly speeding up test execution time for large test suites.
The performance boost is closely tied to the number of tests in your project and your selected parallelism level. For larger projects and default settings, 2-3x performance gains have been measured on a MacBook Pro.

Parallelism can be disabled to run tests sequentially by setting the --parallel flag to 1. E.g. opa test . --parallel=1.

Authored by @​sspaink reported by @​anderseknert

Faster Builtin Function Evaluation

The builtin context, an internal construct of OPA's evaluation engine, was previously provided to every builtin function.
As it turns out, only very few of them actually need it, for caching, cancellation, or lookups.
Those builtins are still provided with a builtin context, but for calls to all other builtins, we save the memory required by it.
The impact is tremendous: Even though the size of a single builtin context is only about 270 bytes, in an example application (Regal), this change brings about 360 MB of reduced memory usage!

Authored by @​anderseknert

Runtime, Tooling, SDK
  • cmd/check: opa check --bundle report virtual/base doc conflicts (#​7701) authored by @​anderseknert
    When opa check is used with the --bundle flag, an error will be reported if the provided json/yaml data has a conflicting overlap with the virtual documents generated by Rego rules. Such conflicts are ambiguous and can lead to unexpected evaluation results, and should be resolved.
  • cmd/inspect: Fixing missing annotations location in opa inspect with JSON format (#​7459) authored by @​johanfylling reported by @​mostealth
  • cmd/parse: Expose --v0-compatible flag (#​7668) authored by @​tsandall
  • cmd/refactor: Fix src:dst parsing to deal with colons (#​7648) authored by @​tsandall
  • metrics: Fix restartable timer bug. (#​7669) authored by @​philipaconrad
  • metrics: Prealloc maps + add benchmark (#​7664) authored by @​philipaconrad
  • oracle: Add support for some and every (#​7716) authored by @​charlieegan3
  • oracle: Support object refs in FindDefinition (#​7711) authored by @​charlieegan3
  • plugin/decision: Check if event is too large after compression (#​7526) authored by @​sspaink
  • runtime,server: Replace gorilla/mux dependency with http.ServeMux (#​7676) authored by @​anderseknert
    Note: This is a potentially breaking change for go API users directly interfacing with the OPA server's routing.
  • server: Fix deferred metrics timers. (#​7671) authored by @​philipaconrad
  • server: Fix query url when opa is served not from root path (#​7644) authored by @​olegKoshmeliuk
    Note: This is only applicable for the web UI hosted by OPA on its root path (/) and OPA is served at some other path than root.
Compiler, Topdown and Rego
  • ast: Ensure surplus leading zeros always error (#​7726) authored by @​charlieegan3
    Note: Primitive Rego number values with leading zeros (e.g. 0123) are now considered invalid at time of parsing and will generate an error. If you're impacted by this change, please update your policies to not have numbers with leading zeros. E.g. 0123 should be changed to 123.
  • ast: Fixing type-checker schema cache race condition for inlined schemas (#​7679, 7571) authored by @​johanfylling reported by @​daniel-petrov-gig
  • perf: Improve performance when referencing "global" in loop (#​7654) authored by @​anderseknert
  • topdown: Fix issue where path in walk would get mutated (#​7656) authored by @​anderseknert reported by @​robmyersrobmyers
  • topdown/http: Lenient application/json Content-Type header (#​6684) authored by @​sspaink reported by @​mrvanes
Docs, Website, Ecosystem
Miscellaneous
  • build: Better detection of go changes (#​7696) authored by @​charlieegan3
  • build: Bump golang 1.24.3 -> 1.24.4 (#​7672) authored by @​srenatus
  • Adding Clarification to merge instructions when cutting a patch release (#​7660) authored by @​johanfylling
  • build: Make summary failure source clearer (#​7697) authored by @​charlieegan3
  • build: Skip jobs for non docs changes (#​7688) authored by @​charlieegan3
  • deps: Use google.golang.org/protobuf (#​7655) authored by @​sspaink
  • perf: Simplify interning (#​7714) authored by @​anderseknert
  • perf: Only pass built-in context to calls depending on it (#​7728) authored by @​anderseknert
  • perf: Improve built-in concat performance (#​7702) authored by @​anderseknert
  • perf: More efficient data/v1 POST handler (#​7673) authored by @​anderseknert
  • test: Fix flaky TestRaisingHTTPClientQueryError (#​7698) authored by @​sspaink
  • test: Fix flaky topdown query cache tests (#​7590) authored by @​sspaink
  • Dependency updates; notably:
    • build(deps): Bump gqlparser from v2.5.27 to v2.5.28 (#​7699) authored by @​robmyersrobmyers
    • build(deps): bump github.com/go-logr/logr from 1.4.2 to 1.4.3
    • build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.26 to 2.5.27
    • build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
    • build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.2
    • build(deps): bump oras.land/oras-go/v2 from 2.5.0 to 2.6.0
    • build(deps): bump go.opentelemetry.io deps to 1.36.0/0.61.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from hsiliev as a code owner June 30, 2025 09:46
@renovate renovate Bot requested a review from hsiliev June 30, 2025 09:46
@renovate renovate Bot requested review from a team and DaxRiool as code owners June 30, 2025 09:46
@renovate renovate Bot requested a review from a team June 30, 2025 09:46
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 30, 2025

🎉 Merging this PR at this moment should result in version 3.9.24

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 30, 2025
edited
Loading

unit-test-results

109 files  ±0  156 suites  ±0   2m 44s ⏱️ -1s
657 tests ±0  656 ✅ ±0  1 💤 ±0  0 ❌ ±0 
812 runs  ±0  811 ✅ ±0  1 💤 ±0  0 ❌ ±0 

Results for commit 64c07d7. ± Comparison against base commit a972b44.

♻️ This comment has been updated with latest results.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 30, 2025
edited
Loading

integration-test-results

 39 files  ±0   39 suites  ±0   54s ⏱️ +7s
142 tests ±0  142 ✅ ±0  0 💤 ±0  0 ❌ ±0 
162 runs  ±0  162 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 64c07d7. ± Comparison against base commit a972b44.

♻️ This comment has been updated with latest results.

@codecov
Copy link
Copy Markdown

codecov Bot commented Jun 30, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 43.09%. Comparing base (a972b44) to head (64c07d7).
Report is 3 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##               main    #3733    +/-   ##
==========================================
  Coverage     43.09%   43.09%            
  Complexity     3867     3867            
==========================================
  Files          1307     1307            
  Lines         35943    35943            
  Branches       4109     4184    +75     
==========================================
  Hits          15488    15488            
+ Misses        19570    19166   -404     
- Partials        885     1289   +404
Flag Coverage Δ
integrationtests 45.47% <ø> (ø)
unittests 30.67% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate Bot force-pushed the renovate/docker.io-openpolicyagent-opa-1.6.x branch from c6ee30b to 64c07d7 Compare June 30, 2025 10:26
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 30, 2025

🎉 Merging this PR at this moment should result in version 3.9.24

@edgarvonk edgarvonk added this pull request to the merge queue Jun 30, 2025
Merged via the queue into main with commit 57405e0 Jun 30, 2025
23 checks passed
@edgarvonk edgarvonk deleted the renovate/docker.io-openpolicyagent-opa-1.6.x branch June 30, 2025 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edgarvonk edgarvonk edgarvonk approved these changes

@hsiliev hsiliev Awaiting requested review from hsiliev

@DaxRiool DaxRiool Awaiting requested review from DaxRiool

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@edgarvonk