(chore) Move backwards compatibility checks to weaver.

.github/workflows/checks.yml

@@ -86,13 +86,6 @@ jobs:
         make attribute-registry-generation
         git diff --exit-code './docs/attributes-registry/*.md' || (echo 'Attribute registry markdown is out of date, please run "make attribute-registry-generation" and commit the changes in this PR.' && exit 1)
 
-  semantic-conventions-compatibility:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v1
-    - name: verify semantic convention compatibility with latest released version
-      run: make compatibility-check
-
   schemas-check:
     runs-on: ubuntu-latest
     steps:
@@ -115,3 +108,18 @@ jobs:
     - uses: actions/checkout@v1
     - name: verify semantic conventions yaml definitions
       run: make check-policies
+
+  polices-test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - name: verify semantic conventions yaml definitions
+      run: make test-policies
+
+  # TODO: Remove this once policies-check is the only enforcement on github.
+  semantic-conventions-compatibility:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - name: verify semantic convention compatibility with latest released version
+      run: make compatibility-check

Makefile

@@ -22,7 +22,11 @@ CHLOGGEN_CONFIG  := .chloggen/config.yaml
 # see https://github.com/open-telemetry/build-tools/releases for semconvgen updates
 # Keep links in model/README.md and .vscode/settings.json in sync!
 SEMCONVGEN_VERSION=0.25.0
-WEAVER_VERSION=0.7.0
+
+# see https://github.com/open-telemetry/weaver/releases for weaver updates
+WEAVER_VERSION=0.8.0
+
+OPA_POLICY_AGENT_VERSION=0.67.1
 
 # From where to resolve the containers (e.g. "otel/weaver").
 CONTAINER_REPOSITORY=docker.io
@@ -111,20 +115,6 @@ install-yamllint:
 yamllint:
 	yamllint .
 
-# Check semantic convention policies on YAML files
-.PHONY: check-policies
-check-policies:
-	docker run --rm -v $(PWD)/model:/source -v $(PWD)/policies:/policies -v $(PWD)/templates:/templates \
-		otel/weaver:${WEAVER_VERSION} registry check \
-		--registry=/source \
-		--diagnostic-format=ansi \
-		--policy=/policies/registry.rego
-
-# Test rego policies
-.PHONY: test-policies
-test-policies:
-	docker run --rm -v $(PWD)/policies:/policies openpolicyagent/opa:0.67.1 test --explain fails /policies
-
 # Generate markdown tables from YAML definitions
 .PHONY: table-generation
 table-generation:
@@ -159,26 +149,6 @@ table-check:
 		--dry-run \
 		/spec
 
-
-# A previous iteration of calculating "LATEST_RELEASED_SEMCONV_VERSION"
-# relied on "git describe". However, that approach does not work with
-# light-weight developer forks/branches that haven't synced tags. Hence the
-# more complex implementation of this using "git ls-remote".
-#
-# The output of "git ls-remote" looks something like this:
-#
-#    e531541025992b68177a68b87628c5dc75c4f7d9        refs/tags/v1.21.0
-#    cadfe53949266d33476b15ca52c92f682600a29c        refs/tags/v1.22.0
-#    ...
-#
-# .. which is why some additional processing is required to extract the
-# latest version number and strip off the "v" prefix.
-LATEST_RELEASED_SEMCONV_VERSION := $(shell git ls-remote --tags https://github.com/open-telemetry/semantic-conventions.git | cut -f 2 | sort --reverse | head -n 1 | tr '/' ' ' | cut -d ' ' -f 3 | $(SED) 's/v//g')
-.PHONY: compatibility-check
-compatibility-check:
-	docker run --rm -v $(PWD)/model:/source -v $(PWD)/docs:/spec --pull=always \
-		$(SEMCONVGEN_CONTAINER) -f /source compatibility --previous-version $(LATEST_RELEASED_SEMCONV_VERSION)
-
 .PHONY: schema-check
 schema-check:
 	$(TOOLS_DIR)/schema_check.sh
@@ -234,11 +204,40 @@ chlog-update: $(CHLOGGEN)
 generate-gh-issue-templates:
 	$(TOOLS_DIR)/scripts/update-issue-template-areas.sh
 
+# A previous iteration of calculating "LATEST_RELEASED_SEMCONV_VERSION"
+# relied on "git describe". However, that approach does not work with
+# light-weight developer forks/branches that haven't synced tags. Hence the
+# more complex implementation of this using "git ls-remote".
+#
+# The output of "git ls-remote" looks something like this:
+#
+#    e531541025992b68177a68b87628c5dc75c4f7d9        refs/tags/v1.21.0
+#    cadfe53949266d33476b15ca52c92f682600a29c        refs/tags/v1.22.0
+#    ...
+#
+# .. which is why some additional processing is required to extract the
+# latest version number and strip off the "v" prefix.
+LATEST_RELEASED_SEMCONV_VERSION := $(shell git ls-remote --tags https://github.com/open-telemetry/semantic-conventions.git | cut -f 2 | sort --reverse | head -n 1 | tr '/' ' ' | cut -d ' ' -f 3 | $(SED) 's/v//g')
 .PHONY: check-policies
 check-policies:
 	docker run --rm -v $(PWD)/model:/source -v $(PWD)/docs:/spec -v $(PWD)/policies:/policies \
 		otel/weaver:${WEAVER_VERSION} registry check \
 		--registry=/source \
-		--policy=/policies/registry.rego \
-		--policy=/policies/attribute_name_collisions.rego \
-		--policy=/policies/yaml_schema.rego
+		--baseline-registry=https://github.com/open-telemetry/semantic-conventions/archive/refs/tags/v$(LATEST_RELEASED_SEMCONV_VERSION).zip[model] \
+		--policy=/policies
+
+# Test rego policies
+.PHONY: test-policies
+test-policies:
+	docker run --rm -v $(PWD)/policies:/policies -v $(PWD)/policies_test:/policies_test \
+	openpolicyagent/opa:${OPA_POLICY_AGENT_VERSION} test \
+	--explain fails \
+	/policies \
+	/policies_test
+
+# TODO: This is now duplicative with weaver policy checks.  We can remove
+# once github action requirements are updated.
+.PHONY: compatibility-check
+compatibility-check:
+	docker run --rm -v $(PWD)/model:/source -v $(PWD)/docs:/spec --pull=always \
+		$(SEMCONVGEN_CONTAINER) -f /source compatibility --previous-version $(LATEST_RELEASED_SEMCONV_VERSION)

policies/attribute_name_collisions.rego

@@ -1,14 +1,16 @@
 package after_resolution
 
+import rego.v1
+
 # Data structures to make checking things faster.
-attribute_names := { data |
-  group := input.groups[_]
-  attr := group.attributes[_]
-  data := { "name": attr.name, "const_name": to_const_name(attr.name), "namespace_prefix": to_namespace_prefix(attr.name) }
+attribute_names := { obj |
+  group := input.groups[_];
+  attr := group.attributes[_];
+  obj := { "name": attr.name, "const_name": to_const_name(attr.name), "namespace_prefix": to_namespace_prefix(attr.name) }
 }
 
 
-deny[attr_registry_collision(description, name)] {
+deny contains attr_registry_collision(description, name) if {
     some i
     name := attribute_names[i].name
     const_name := attribute_names[i].const_name
@@ -24,7 +26,7 @@ deny[attr_registry_collision(description, name)] {
     description := sprintf("Attribute '%s' has the same constant name '%s' as '%s'.", [name, const_name, collisions])
 }
 
-deny[attr_registry_collision(description, name)] {
+deny contains attr_registry_collision(description, name) if {
     some i
     name := attribute_names[i].name
     prefix := attribute_names[i].namespace_prefix
@@ -39,7 +41,7 @@ deny[attr_registry_collision(description, name)] {
     description := sprintf("Attribute '%s' is used as a namespace in '%s'.", [name, collisions])
 }
 
-attr_registry_collision(description, attr_name) = violation {
+attr_registry_collision(description, attr_name) = violation if {
     violation := {
         "id": description,
         "type": "semconv_attribute",
@@ -49,11 +51,11 @@ attr_registry_collision(description, attr_name) = violation {
     }
 }
 
-to_namespace_prefix(name) = namespace {
+to_namespace_prefix(name) = namespace if {
     namespace := concat("", [name, "."])
 }
 
-to_const_name(name) = const_name {
+to_const_name(name) = const_name if {
     const_name := replace(name, ".", "_")
 }