-
Notifications
You must be signed in to change notification settings - Fork 20
207 lines (195 loc) · 6.27 KB
/
build-test-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
on:
push:
branches:
- "main"
- "develop"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches:
- "**"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
meta:
runs-on: ubuntu-latest
outputs:
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
steps:
- uses: actions/checkout@v4
- id: matrix
uses: splunk/addonfactory-test-matrix-action@v1
fossa-scan:
continue-on-error: true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: run fossa anlyze and create report
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
fossa analyze --debug
fossa report attribution --format text > /tmp/THIRDPARTY
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: upload THIRDPARTY file
uses: actions/upload-artifact@v4
with:
name: THIRDPARTY
path: /tmp/THIRDPARTY
- name: run fossa test
run: |
fossa test --debug
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
compliance-copyrights:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: apache/skywalking-eyes@v0.6.0
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.7"
- uses: pre-commit/action@v3.0.1
semgrep:
runs-on: ubuntu-latest
name: security-sast-semgrep
steps:
- uses: actions/checkout@v4
- id: semgrep
uses: semgrep/semgrep-action@v1
with:
publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
test-splunk-unit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install dependencies
run: |
curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
poetry install
poetry run pytest -v tests/unit
test-splunk-external:
runs-on: ubuntu-latest
needs:
- meta
- pre-commit
- fossa-scan
- compliance-copyrights
- test-splunk-unit
strategy:
fail-fast: false
matrix:
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Setup for testing
run: |
pip install git+https://github.com/pixelb/crudini
mkdir test-results-${{ matrix.splunk.version }}
- name: Test
run: |
export SPLUNK_APP_PACKAGE=./tests/e2e/addons/TA_fiction_indextime
export SPLUNK_ADDON=TA_fiction_indextime
export SPLUNK_APP_ID=TA_fiction_indextime
export SPLUNK_VERSION=${{ matrix.splunk.version }}
export SPLUNK_HEC_TOKEN="9b741d03-43e9-4164-908b-e09102327d22"
echo $SPLUNK_VERSION
docker compose -f "docker-compose.yml" build
SPLUNK_PASSWORD=Chang3d! docker compose -f docker-compose.yml up --abort-on-container-exit
docker volume ls
- name: Collect Results
run: |
docker volume ls
docker container create --name dummy \
-v pytest-splunk-addon_results:/work/test-results \
registry.access.redhat.com/ubi7/ubi
docker cp dummy:/work/test-results/test.xml test-results-${{ matrix.splunk.version }}
- uses: actions/upload-artifact@v4
if: always()
with:
name: splunk ${{ matrix.splunk.version }} external test artifacts
path: |
test-results-${{ matrix.splunk.version }}
test-splunk-matrix:
needs:
- meta
- pre-commit
- fossa-scan
- compliance-copyrights
- test-splunk-unit
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
test-marker: [
"splunk_connection_docker",
"splunk_app_fiction",
"splunk_app_broken",
"splunk_app_cim_fiction",
"splunk_app_cim_broken",
"splunk_fiction_indextime",
"splunk_fiction_indextime_broken",
"splunk_setup_fixture",
"splunk_app_req",
"splunk_app_req_broken",
"splunk_cim_model_ipv6_regex",
]
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: actions/setup-python@v5
with:
python-version: 3.7
- run: |
curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
poetry install
poetry run pytest -v --splunk-version=${{ matrix.splunk.version }} -m docker -m ${{ matrix.test-marker }} tests/e2e
publish:
needs:
- test-splunk-external
- test-splunk-matrix
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Very Important semantic-release won't trigger a tagged
# build if this is not set false
submodules: false
persist-credentials: false
- uses: actions/setup-python@v5
with:
python-version: "3.7"
- uses: actions/download-artifact@v4
with:
name: THIRDPARTY
- name: Update Notices
run: cp -f THIRDPARTY NOTICE
- name: Install Poetry
run: |
curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
- id: semantic
uses: splunk/semantic-release-action@v1.3
with:
git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }}
extra_plugins: |
semantic-release-replace-plugin
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
- if: ${{ steps.semantic.outputs.new_release_published == 'true' }}
run: |
poetry build
poetry publish -n -u ${{ secrets.PYPI_USERNAME }} -p ${{ secrets.PYPI_TOKEN }}