Add Snyk policy example

[jkodroff]

Made A Deliberate Choice (TM) to put this in the root directory instead of under policy-packs.

Joe and Luke's review is optional, since I know they are busy.

[pulumi-staging]

🍹 The Update for pulumi/k8s-ci-cluster/0fb933aabe27510488b11577549a7652284b9f20-1743 was successful.

Resource Changes

    Name                                                          Type                                        Operation
+   k8s-ci-cluster-0fb933aabe27510488b11577549a7652284b9f20-1743  pulumi:pulumi:Stack                         create
+   multicloud                                                    pulumi-kubernetes:ci:GkeCluster             create
+   password                                                      random:index/randomPassword:RandomPassword  create
+   ephemeral-ci-cluster                                          gcp:container/cluster:Cluster               create
+   primary-node-pool                                             gcp:container/nodePool:NodePool             create
+   gke                                                           pulumi:providers:kubernetes                 create

[pulumi-staging]

🍹 The Destroy for pulumi/k8s-ci-cluster/0fb933aabe27510488b11577549a7652284b9f20-1743 was successful.

Resource Changes

    Name                                                          Type                                        Operation
-   gke                                                           pulumi:providers:kubernetes                 delete
-   primary-node-pool                                             gcp:container/nodePool:NodePool             delete
-   ephemeral-ci-cluster                                          gcp:container/cluster:Cluster               delete
-   multicloud                                                    pulumi-kubernetes:ci:GkeCluster             delete
-   password                                                      random:index/randomPassword:RandomPassword  delete
-   k8s-ci-cluster-0fb933aabe27510488b11577549a7652284b9f20-1743  pulumi:pulumi:Stack                         delete

[cnunciato]

Generally looks good, couple bits of initial feedback for ya.

[cnunciato]

We should probably mention here:

• Ensure the Docker deamon is running
• npm install && npm -C ../policy install
• pulumi stack init dev (or whatever)

[cnunciato]

When I run this, I get the following error. Expected?

Previewing update (dev)

View in Browser (Ctrl+O): https://app.pulumi.com/christian-pulumi-corp/snyk-container-scan-policy-ts/dev/previews/45a17a21-3daf-45f6-abd9-38f60d8de683

Loading policy packs...

     Type                   Name                               Plan       Info
 +   pulumi:pulumi:Stack    snyk-container-scan-policy-ts-dev  create     1 error; 2 messages
 +   ├─ docker:index:Image  alpine                             create     
 +   └─ docker:index:Image  debian                             create     1 error

Policies:
    ✅ snyk-container-scanning@v0.0.1 (local: ../policy)

Diagnostics:
  pulumi:pulumi:Stack (snyk-container-scan-policy-ts-dev):
    (node:11647) DeprecationWarning: Calling start() is no longer necessary. It can be safely omitted.
    (Use `node --trace-deprecation ...` to show where the warning was created)

    error: preview failed

  docker:index:Image (debian):
    error: Preview failed: error reading build output: failed to register layer: write /var/cache/debconf/templates.dat: no space left on device

[cnunciato]

Suggest adding just a slight but of intro here that makes it clear this is an example that shows how to do this, rather than a tool for doing this, if that makes sense.

[jkodroff]

Putting this into draft as I'm likely going to pivot a bit to publish the policy in its own repo and consume it as an npm package.

[jkodroff]

This was eventually merged as a PR to pulumi/templates-policy. Closing.