Overview
Encountering a "policy evaluation failed" error when using URL orbs in CircleCI can be frustrating. This issue typically arises when the URL orb being used does not match the allowed URL prefixes defined in your organization's policy. Understanding and adjusting these configurations can resolve the error.
Prerequisites
- Access to your CircleCI organization settings.
- Permissions to edit the URL orb allow-list configuration.
Solution
The error message indicates a mismatch between the URL orb being used and the allowed URL prefixes. Follow these steps to resolve the issue:
-
Identify the Allowed URL Prefixes:
- Navigate to your CircleCI organization settings.
- Locate the URL orb allow-list configuration. This is typically defined in a policy, such as
check_allowed_url_orbs.
-
Review the Error Message:
- The error message will specify the URL orb that is not allowed. For example:
policy evaluation failed: check_allowed_url_orbs: ... references URL orb https://raw.githubusercontent.com/test-org/fuzz-support/... which is not from an approved URL prefix! Allowed URL prefixes: {"https://raw.githubusercontent.com/test-org/devex-workflows/"}
- The error message will specify the URL orb that is not allowed. For example:
-
Update the Allowed URL Orbs:
- If the URL orb you wish to use is not included in the allowed prefixes, you need to update the configuration.
- Edit the policy to include the new URL orb prefix. Ensure it mirrors your organization's URL orb allow-list configuration. For example:
json allowed_url_orbs := { { "name": "devex-workflows", "url_prefix": "https://raw.githubusercontent.com/test-org/fuzz-support/", "auth": "github-app" } } - By ensuring your URL orbs align with the allowed prefixes, you can prevent policy evaluation errors and maintain smooth CI/CD workflows.
-
Test the Configuration:
- After updating the configuration, rerun your CircleCI build to ensure the error is resolved.
Comments
Article is closed for comments.