Skip to content

chore(deps): lock file maintenance #417

chore(deps): lock file maintenance

chore(deps): lock file maintenance #417

name: CI
on:
push:
branches:
- "main"
- "develop"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches: [main, develop]
jobs:
meta:
runs-on: ubuntu-latest
outputs:
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
steps:
- uses: actions/checkout@v4
- id: matrix
uses: splunk/[email protected]
fossa-scan:
continue-on-error: true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: run fossa anlyze and create report
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
fossa analyze --debug
fossa report attribution --format text > /tmp/THIRDPARTY
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: upload THIRDPARTY file
uses: actions/upload-artifact@v3
with:
name: THIRDPARTY
path: /tmp/THIRDPARTY
- name: run fossa test
run: |
fossa test --debug
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
compliance-copyrights:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: apache/[email protected]
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.7"
- uses: pre-commit/[email protected]
semgrep:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: semgrep
uses: semgrep/semgrep-action@v1
with:
publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
build:
runs-on: ubuntu-latest
needs:
- fossa-scan
- compliance-copyrights
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- run: pipx install poetry==1.5.1
- uses: actions/setup-python@v4
with:
python-version: "3.7"
cache: "poetry"
- name: Install Poetry
run: |
poetry build
- uses: actions/upload-artifact@v3
if: always()
with:
name: Package
path: dist/
test-unit:
name: test-unit ${{ matrix.python-version }}
runs-on: ubuntu-latest
continue-on-error: true
strategy:
matrix:
python-version:
- "3.7"
- "3.8"
- "3.9"
- "3.10"
- "3.11"
steps:
- uses: actions/checkout@v4
- run: pipx install poetry==1.5.1
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: "poetry"
- name: run tests
run: |
poetry install
poetry run pytest tests/unit
integration-tests:
runs-on: ubuntu-latest
needs:
- meta
- test-unit
strategy:
matrix:
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
steps:
- uses: actions/checkout@v4
- run: pipx install poetry==1.5.1
- uses: actions/setup-python@v4
with:
python-version: 3.7
cache: "poetry"
- run: poetry install
- name: build demo add-on
run: |
poetry run ucc-gen \
--source=tests/integration/demo/package \
--config=tests/integration/demo/globalConfig.json \
--ta-version=0.0.1
poetry build
pip install wheel
pip install dist/*.whl --target output/demo/lib
poetry run slim package output/demo
- name: install Splunk
run: |
export SPLUNK_PRODUCT=splunk
export SPLUNK_VERSION=${{ matrix.splunk.version }}
export SPLUNK_BUILD=${{ matrix.splunk.build }}
export SPLUNK_SLUG=$SPLUNK_VERSION-$SPLUNK_BUILD
export SPLUNK_ARCH=x86_64
export SPLUNK_LINUX_FILENAME=splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz
export SPLUNK_BUILD_URL=https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_LINUX_FILENAME}
echo "$SPLUNK_BUILD_URL"
export SPLUNK_HOME=/opt/splunk
wget -qO /tmp/splunk.tgz "${SPLUNK_BUILD_URL}"
sudo tar -C /opt -zxf /tmp/splunk.tgz
sudo chown -R "$USER":"$USER" /opt/splunk
echo -e "[user_info]\nUSERNAME=Admin\nPASSWORD=Chang3d"'!' | sudo tee -a /opt/splunk/etc/system/local/user-seed.conf
echo 'OPTIMISTIC_ABOUT_FILE_LOCKING=1' | sudo tee -a /opt/splunk/etc/splunk-launch.conf
sudo /opt/splunk/bin/splunk start --accept-license
sudo /opt/splunk/bin/splunk install app demo-0.0.1.tar.gz -auth admin:Chang3d!
sudo /opt/splunk/bin/splunk restart
- name: run tests
run: |
poetry run pytest tests/integration
publish:
needs:
- pre-commit
- build
- test-unit
- integration-tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Very important: semantic-release won't trigger a tagged
# build if this is not set false
persist-credentials: false
- run: pipx install poetry==1.5.1
- uses: actions/setup-python@v4
with:
python-version: "3.7"
cache: "poetry"
- name: Install and build
run: |
poetry install
poetry build
- id: semantic
uses: splunk/[email protected]
with:
git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }}
extra_plugins: |
semantic-release-replace-plugin
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
- if: ${{ steps.semantic.outputs.new_release_published == 'true' }}
run: |
poetry build
poetry publish -n -u ${{ secrets.PYPI_USERNAME }} -p ${{ secrets.PYPI_TOKEN }}