feat: removing snyk, job validating PR (#13)

* feat: job validating pr title (#9) * feat: removing snyk (#11) * docs: base version of README (#12)
splunk · Jan 17, 2022 · d0936be · d0936be
1 parent d0d9eb5
commit d0936be
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 28 deletions.
diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml
@@ -12,9 +12,6 @@ on:
       SEMGREP_PUBLISH_TOKEN:
         description: Semgrep token
         required: true
-      SNYK_TOKEN:
-        description: Snyk token
-        required: true
       AWS_ACCESS_KEY_ID:
         description: AWS access key id
         required: true
@@ -175,28 +172,32 @@ jobs:
         with:
           publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
 
-  snyk:
-    name: security-vuln-snyk
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Setup python
-        uses: actions/setup-python@v2
-        with:
-          python-version: 3.7
-      - uses: snyk/actions/setup@master
-      - uses: actions/[email protected]
-        with:
-          go-version: "1.13"
-      - name: Snyk monitor
-        run: snyk test --sarif-file-output=snyk-scan_requirements.sarif --all-projects --print-deps --severity-threshold=high
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      - uses: actions/upload-artifact@v2
-        if: always()
-        with:
-          name: snyk-results
-          path: snyk-scan_requirements.sarif
+#   Commentig it out as a INFRA-35392
+#   TODO use FOSSA instead of SNYK
+
+#   snyk:
+#     name: security-vuln-snyk
+#     runs-on: ubuntu-latest
+#     steps:
+#       - uses: actions/checkout@v2
+#       - name: Setup python
+#         uses: actions/setup-python@v2
+#         with:
+#           python-version: 3.7
+#       - uses: snyk/actions/setup@master
+#       - uses: actions/[email protected]
+#         with:
+#           go-version: "1.13"
+#       - name: Snyk monitor
+#         run: snyk test --sarif-file-output=snyk-scan_requirements.sarif --all-projects --print-deps --severity-threshold=high
+#         env:
+#           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+#       - uses: actions/upload-artifact@v2
+#         if: always()
+#         with:
+#           name: snyk-results
+#           path: snyk-scan_requirements.sarif
+
   build:
     name: build
     runs-on: ubuntu-latest
@@ -1237,6 +1238,18 @@ jobs:
           path: "${{ needs.setup.outputs.directory-path }}/test-results/*.xml"
           reporter: java-junit
 
+  validate-pr-title:
+    name: Validate PR title
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/[email protected]
+        with:
+          wip: true
+          validateSingleCommit: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
   pre-publish:
     if: always()
     needs:
@@ -1247,7 +1260,6 @@ jobs:
       - lint
       - review_secrets
       - semgrep
-      - snyk
       - build
       - security-virustotal
       - test-inventory
@@ -1259,6 +1271,7 @@ jobs:
       - run-modinput-tests
       - run-ui-tests
       - run-requirement-tests
+      - validate-pr-title
     runs-on: ubuntu-latest
     env:
       NEEDS: ${{ toJson(needs) }}

diff --git a/README.md b/README.md
@@ -1,2 +1,32 @@
-# reusable-workflow-build-test-release
-Repository to store reusable build-test-release workflow
+# addonfactory-workflow-addon-release
+Repository to store reusable `build-test-release` workflow, which is used to release Splunk add-ons. 
+Worklow is used by add-ons created and managed by [addonfactory repository template](https://github.com/splunk/addonfactory-repository-template)
+Workflow defines jobs which perform security code scanning, execute different types of tests, build add-on package, make github release.
+
+## Example usage
+```yaml
+name: build-test-release
+on:
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+  pull_request:
+    branches: 
+      - "**"
+
+jobs:
+  call-workflow:
+    uses: splunk/addonfactory-workflow-addon-release/.github/workflows/[email protected]
+    secrets:
+      GH_TOKEN_ADMIN: ${{ secrets.GH_TOKEN_ADMIN }}
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      SEMGREP_PUBLISH_TOKEN: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      VT_API_KEY: ${{ secrets.VT_API_KEY }}
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      OTHER_TA_REQUIRED_CONFIGS: ${{ secrets.OTHER_TA_REQUIRED_CONFIGS }}
+```