From e74061730ea572dd7b65fed88a5e2f97a67da532 Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Fri, 12 Sep 2025 10:52:39 +0200
Subject: [PATCH] Upgrade OPA and regal to latest versions

---
 .github/actions/build-policies/action.yml | 3 ++-
 .github/workflows/ci.yaml                 | 3 ++-
 Dockerfile                                | 3 ++-
 policies/.regal/config.yaml               | 3 +++
 policies/Makefile                         | 6 ++++--
 5 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/actions/build-policies/action.yml b/.github/actions/build-policies/action.yml
index 0eba08e6e..e1dc28547 100644
--- a/.github/actions/build-policies/action.yml
+++ b/.github/actions/build-policies/action.yml
@@ -12,7 +12,8 @@ runs:
     - name: Install Open Policy Agent
       uses: open-policy-agent/setup-opa@v2.2.0
       with:
-        version: 1.1.0
+        # Keep in sync with the Dockerfile and policies/Makefile
+        version: 1.8.0
 
     - name: Build the policies
       run: make
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 93c3b1b5f..080fae3df 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -41,7 +41,8 @@ jobs:
       - name: Setup Regal
         uses: StyraInc/setup-regal@v1
         with:
-          version: 0.29.2
+          # Keep in sync with policies/Makefile
+          version: 0.36.1
 
       - name: Lint policies
         working-directory: ./policies
diff --git a/Dockerfile b/Dockerfile
index ed4f54ae7..0a6ff4322 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,7 +14,8 @@ ARG DEBIAN_VERSION=12
 ARG DEBIAN_VERSION_NAME=bookworm
 ARG RUSTC_VERSION=1.89.0
 ARG NODEJS_VERSION=22.19.0
-ARG OPA_VERSION=1.1.0
+# Keep in sync with .github/actions/build-policies/action.yml and policies/Makefile
+ARG OPA_VERSION=1.8.0 
 ARG CARGO_AUDITABLE_VERSION=0.7.0
 
 ##########################################
diff --git a/policies/.regal/config.yaml b/policies/.regal/config.yaml
index 0620e6872..2c99d0efa 100644
--- a/policies/.regal/config.yaml
+++ b/policies/.regal/config.yaml
@@ -4,6 +4,9 @@
 # Please see LICENSE files in the repository root for full details.
 
 rules:
+  imports:
+    unresolved-reference:
+      level: ignore
   style:
     external-reference:
       level: ignore
diff --git a/policies/Makefile b/policies/Makefile
index 0e4d8ebdd..2d4b7f2cb 100644
--- a/policies/Makefile
+++ b/policies/Makefile
@@ -6,8 +6,10 @@
 # Set to 1 to run OPA through Docker
 DOCKER := 0
 PODMAN := 0
-OPA_DOCKER_IMAGE := docker.io/openpolicyagent/opa:1.1.0-debug
-REGAL_DOCKER_IMAGE := ghcr.io/styrainc/regal:0.31.0
+# Keep in sync with Dockerfile and .github/actions/build-policies/action.yml
+OPA_DOCKER_IMAGE := docker.io/openpolicyagent/opa:1.8.0-debug
+# Keep in sync with .github/workflows/ci.yaml
+REGAL_DOCKER_IMAGE := ghcr.io/styrainc/regal:0.36.1
 
 INPUTS := \
 	common/common.rego \