feat(policy): policy eval should fail if no execution path is met

[Piskoo]

This PR adds error when no evaluations on provided material were performed.

Example

apiVersion: workflowcontract.chainloop.dev/v1
kind: Policy
metadata:
  name: policy
  description: Chainloop validation policy
spec:
  policies:
    - embedded: |
        package main

        import rego.v1

        ################################
        # Common section do NOT change #
        ################################

        result := {
          "skipped": skipped,
          "violations": violations,
          "skip_reason": skip_reason,
          "ignore": ignore,
        }

        default skip_reason := ""

        skip_reason := m if {
          not valid_input
          m := "invalid input"
        }

        default skipped := true

        skipped := false if valid_input

        default ignore := false

        ########################################
        # EO Common section, custom code below #
        ########################################
        # Validates if the input is valid and can be understood by this policy
        valid_input := true

        # insert code here

        # If the input is valid, check for any policy violation here
        # default violations := []

        violations contains msg if {
          valid_input
          msg := "test"
        }
      kind: EVIDENCE
    - embedded: |
        package main

        import rego.v1

        ################################
        # Common section do NOT change #
        ################################

        result := {
          "skipped": skipped,
          "violations": violations,
          "skip_reason": skip_reason,
          "ignore": ignore,
        }

        default skip_reason := ""

        skip_reason := m if {
          not valid_input
          m := "invalid input"
        }

        default skipped := true

        skipped := false if valid_input

        default ignore := false

        ########################################
        # EO Common section, custom code below #
        ########################################
        # Validates if the input is valid and can be understood by this policy
        valid_input := true

        # insert code here

        # If the input is valid, check for any policy violation here
        # default violations := []

        violations contains msg if {
          valid_input
          msg := "test"
        }
      kind: STRING

For policy with no defined path for kind SBOM_CYCLONEDX_JSON when validated against valid cyclonedx json file it outputs:

ERR evaluating policy: no execution branch matched for kind SBOM_CYCLONEDX_JSON
exit status 1

Closes #2334

[migmartri]

but does this also include if it was ignored on purpose? I mean, would ignore mean only that no script was evaluated?

cc/ @jiparis

[migmartri]

also do you think we could be more user friendly by including the kind, and the available kinds in the error output for example?

I'd like to make this tool super user friendly that would mean in general\

• removing technical boilerplate improve lint error message #2332 and error wrapping in general
• making errors self-explanatory
• showing useful if necessary

[jiparis]

Ignored means: The script was evaluated, but it must be ignored because it doesn't apply, so it will count as it if wasn't evaluated at all.
Note that this is different to skipped, where the evaluation still counts.
Ignored is for some cases where an input file has multiple purposes (CycloneDX for SBOMs and also for vulnerabilities report, for example)

So in this case, what we want to check whether result is empty.

[Piskoo]

Updated to return error only when no eval results were returned. Included material kind in the error msg. Available kinds require some more work I can create another issue to address that.

[migmartri]

can you please write the description of the PR with some examples of outputs so we can understand better what it solves? Thanks!

[Piskoo]

Updated the description

[migmartri]

LGTM