Skip to content

chore: merge develop into main (#424) #946

chore: merge develop into main (#424)

chore: merge develop into main (#424) #946

name: CI
on:
push:
branches:
- "main"
- "develop"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches: [main, develop]
jobs:
meta:
runs-on: ubuntu-latest
outputs:
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
steps:
- uses: actions/checkout@v4
- id: matrix
uses: splunk/addonfactory-test-matrix-action@v2
fossa-scan:
continue-on-error: true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: run fossa anlyze and create report
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
fossa analyze --debug
fossa report attribution --format text > /tmp/THIRDPARTY
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: upload THIRDPARTY file
uses: actions/upload-artifact@v4
with:
name: THIRDPARTY
path: /tmp/THIRDPARTY
- name: run fossa test
run: |
fossa test --debug
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
compliance-copyrights:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: apache/[email protected]
pre-commit:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.7"
- uses: pre-commit/[email protected]
semgrep:
if: github.actor != 'dependabot[bot]'
uses: splunk/sast-scanning/.github/workflows/sast-scan.yml@main
secrets:
SEMGREP_KEY: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
run-unit-tests:
name: test-unit ${{ matrix.python-version }}
runs-on: ubuntu-22.04
continue-on-error: true
strategy:
matrix:
python-version:
- "3.7"
- "3.8"
- "3.9"
- "3.10"
- "3.11"
- "3.12"
- "3.13"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
- run: |
poetry install
poetry run pytest tests/unit
test-splunk:
runs-on: ubuntu-22.04
continue-on-error: true
needs:
- meta
strategy:
matrix:
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.7
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
- name: Install Splunk
run: |
export SPLUNK_PRODUCT=splunk
export SPLUNK_VERSION=${{ matrix.splunk.version }}
export SPLUNK_BUILD=${{ matrix.splunk.build }}
export SPLUNK_SLUG=$SPLUNK_VERSION-$SPLUNK_BUILD
export SPLUNK_ARCH=amd64
export SPLUNK_LINUX_FILENAME=splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-linux-${SPLUNK_ARCH}.tgz
# Before 9.4, the filename was splunk-<version>-<build>-Linux-x86_64.tgz
if [[ $(echo $SPLUNK_VERSION | cut -d. -f1) -le 8 ]] || \
[[ $SPLUNK_VERSION == 9.0.* ]] || \
[[ $SPLUNK_VERSION == 9.1.* ]] || \
[[ $SPLUNK_VERSION == 9.2.* ]] || \
[[ $SPLUNK_VERSION == 9.3.* ]]
then
export SPLUNK_ARCH=x86_64
export SPLUNK_LINUX_FILENAME=splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz
fi
export SPLUNK_BUILD_URL=https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_LINUX_FILENAME}
echo "$SPLUNK_BUILD_URL"
export SPLUNK_HOME=/opt/splunk
wget -qO /tmp/splunk.tgz "${SPLUNK_BUILD_URL}"
sudo tar -C /opt -zxf /tmp/splunk.tgz
sudo chown -R "$USER":"$USER" $SPLUNK_HOME
cp -r tests/integration/data/solnlib_demo $SPLUNK_HOME/etc/apps
cp -r solnlib $SPLUNK_HOME/etc/apps/solnlib_demo/bin/
mkdir -p $SPLUNK_HOME/etc/apps/Splunk_TA_test/default/
ls $SPLUNK_HOME/etc/apps/solnlib_demo/bin/
echo -e "[user_info]\nUSERNAME=Admin\nPASSWORD=Chang3d"'!' | tee -a $SPLUNK_HOME/etc/system/local/user-seed.conf
echo 'OPTIMISTIC_ABOUT_FILE_LOCKING=1' | tee -a $SPLUNK_HOME/etc/splunk-launch.conf
$SPLUNK_HOME/bin/splunk start --accept-license
$SPLUNK_HOME/bin/splunk cmd python -m pip install solnlib
$SPLUNK_HOME/bin/splunk set servername custom-servername -auth admin:Chang3d!
$SPLUNK_HOME/bin/splunk restart
until curl -k -s -u admin:Chang3d! https://localhost:8089/services/server/info\?output_mode\=json | jq '.entry[0].content.kvStoreStatus' | grep -o "ready" ; do echo -n "Waiting for KVStore to become ready-" && sleep 5 ; done
timeout-minutes: 5
- name: Run tests
run: |
poetry install
SPLUNK_HOME=/opt/splunk SPLUNK_DB=$SPLUNK_HOME/var/lib/splunk poetry run pytest --junitxml=test-results/results.xml -v tests/integration
- uses: actions/upload-artifact@v4
with:
name: test-splunk-${{ matrix.splunk.version }}
path: test-results
publish:
needs:
- fossa-scan
- compliance-copyrights
- pre-commit
- semgrep
- run-unit-tests
- test-splunk
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
submodules: false
# Very important: semantic-release won't trigger a tagged
# build if this is not set false
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: "3.7"
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
- run: |
poetry install
poetry build
- id: semantic
uses: splunk/[email protected]
with:
git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }}
extra_plugins: |
semantic-release-replace-plugin
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
- if: ${{ steps.semantic.outputs.new_release_published == 'true' }}
run: |
poetry build
poetry publish -n -u ${{ secrets.PYPI_USERNAME }} -p ${{ secrets.PYPI_TOKEN }}