Skip to content

chore(deps): lock file maintenance #950

chore(deps): lock file maintenance

chore(deps): lock file maintenance #950

on:
push:
branches:
- "main"
- "develop"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches: [main, develop]
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
PYTHON_VERSION: "3.7"
POETRY_VERSION: "1.5.1"
jobs:
meta:
runs-on: ubuntu-latest
outputs:
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
steps:
- uses: actions/checkout@v4
- id: matrix
uses: splunk/[email protected]
fossa-scan:
continue-on-error: true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
fossa analyze --debug
fossa report attribution --format text > /tmp/THIRDPARTY
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- uses: actions/upload-artifact@v3
with:
name: THIRDPARTY
path: /tmp/THIRDPARTY
- run: |
fossa test --debug
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
compliance-copyrights:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: apache/[email protected]
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- uses: pre-commit/[email protected]
semgrep:
uses: splunk/sast-scanning/.github/workflows/sast-scan.yml@main
secrets:
SEMGREP_KEY: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
run-unit-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- run: |
curl -sSL https://install.python-poetry.org | python3 - --version ${{ env.POETRY_VERSION }}
- id: cache-poetry
uses: actions/cache@v3
with:
path: ~/.cache/pypoetry
key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
restore-keys: |
poetry-${{ runner.os }}-
- run: poetry install
if: ${{ steps.cache-poetry.outputs.cache-hit != 'true' }}
- run: poetry run pytest -v tests/unit
build:
name: build
runs-on: ubuntu-latest
needs:
- fossa-scan
- compliance-copyrights
- pre-commit
- run-unit-tests
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- run: curl -sSL https://install.python-poetry.org | python3 - --version ${{ env.POETRY_VERSION }}
- id: cache-poetry
uses: actions/cache@v3
with:
path: ~/.cache/pypoetry
key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
restore-keys: |
poetry-${{ runner.os }}-
- run: poetry install
if: ${{ steps.cache-poetry.outputs.cache-hit != 'true' }}
- run: poetry build
- run: |
poetry run ucc-gen build \
--source=tests/testdata/Splunk_TA_UCCExample/package \
--config=tests/testdata/Splunk_TA_UCCExample/globalConfig.json \
--ta-version=0.0.1
if: always()
- uses: actions/upload-artifact@v3
with:
name: output
path: output/*
run-ui-tests:
name: test-ui Splunk ${{ matrix.splunk.version }} -k ${{ matrix.test_suite }}
needs:
- meta
- build
runs-on: ubuntu-latest
if: |
!contains(github.event.issue.labels.*.name, 'skip-ui-tests')
permissions:
id-token: write
contents: read
checks: write
strategy:
fail-fast: false
matrix:
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
browser: ["chrome", "firefox"]
test_suite: [
"test_splunk_ta_example_addon_logging",
"test_splunk_ta_example_addon_account",
"test_splunk_ta_example_addon_proxy",
"test_splunk_ta_example_addon_input_common",
"test_splunk_ta_example_addon_input_1",
"test_splunk_ta_example_addon_input_2",
"test_splunk_ta_example_addon_custom",
"test_splunk_ta_example_addon_alert_actions"
]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- uses: actions/download-artifact@v3
with:
name: output
path: output/
- run: curl -sSL https://install.python-poetry.org | python3 - --version ${{ env.POETRY_VERSION }}
- id: cache-poetry
uses: actions/cache@v3
with:
path: ~/.cache/pypoetry
key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
restore-keys: |
poetry-${{ runner.os }}-
- run: poetry install
if: ${{ steps.cache-poetry.outputs.cache-hit != 'true' }}
- name: Link chromedriver and geckodriver
# Use installed chromedriver https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md
run: |
export PATH=$PATH:$CHROMEWEBDRIVER
chromedriver --version
export PATH=$PATH:$GECKOWEBDRIVER
geckodriver --version
- run: |
./run_splunk.sh ${{ matrix.splunk.version }}
until curl -Lsk "https://localhost:8088/services/collector/health" &>/dev/null ; do echo -n "Waiting for HEC-" && sleep 5 ; done
- run: poetry run pytest tests/ui -k "${{ matrix.test_suite }}" --headless --junitxml=test-results/junit.xml
- uses: actions/upload-artifact@v3
if: always()
with:
name: test-results-${{ matrix.splunk.version }}_${{ matrix.python-version }}_${{ matrix.browser }}_${{ matrix.test_suite }}
path: test-results/*
- uses: dorny/test-reporter@v1
if: always()
with:
name: test-report-${{ matrix.splunk.version }}_${{ matrix.python-version }}_${{ matrix.browser }}_${{ matrix.test_suite }}
path: "test-results/*.xml"
reporter: java-junit
publish:
needs:
- pre-commit
- build
- run-ui-tests
- run-unit-tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- run: curl -sSL https://install.python-poetry.org | python3 - --version ${{ env.POETRY_VERSION }}
- id: semantic
uses: splunk/[email protected]
with:
git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }}
extra_plugins: |
semantic-release-replace-plugin
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
- if: ${{ steps.semantic.outputs.new_release_published == 'true' }}
run: |
poetry build
poetry publish -n -u ${{ secrets.PYPI_USERNAME }} -p ${{ secrets.PYPI_TOKEN }}