ci: fix dorny/test-reporter permissions #1732
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- "main" | |
- "develop" | |
- "release/**" | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
pull_request: | |
branches: [main, develop, "release/**"] | |
jobs: | |
meta: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: matrix | |
uses: splunk/addonfactory-test-matrix-action@v1 | |
fossa-scan: | |
continue-on-error: true | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: | | |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash | |
fossa analyze --debug | |
fossa report attribution --format text > /tmp/THIRDPARTY | |
env: | |
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: THIRDPARTY | |
path: /tmp/THIRDPARTY | |
- run: | | |
fossa test --debug | |
env: | |
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
docs-build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.7" | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: poetry install | |
- run: poetry run mkdocs build --strict | |
compliance-copyrights: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: apache/skywalking-eyes@v0.5.0 | |
test-smoke: | |
name: test-smoke ${{ matrix.python-version }} | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
strategy: | |
matrix: | |
python-version: | |
- "3.7" | |
- "3.8" | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: | | |
./get-ucc-ui.sh | |
# Puts package and schema subdirs along with NOTICE (THIRDPARTY.npm) | |
tar -zxf splunk-ucc-ui.tgz -C splunk_add_on_ucc_framework/ | |
poetry install | |
poetry build | |
- name: Ensure all UCC UI files are in the final package | |
run: ./.github/workflows/check_ucc_ui_files.sh | |
- run: poetry run pytest tests/smoke | |
test-unit: | |
name: test-unit ${{ matrix.python-version }} | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
strategy: | |
matrix: | |
python-version: | |
- "3.7" | |
- "3.8" | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: | | |
./get-ucc-ui.sh | |
# Puts package and schema subdirs along with NOTICE (THIRDPARTY.npm) | |
tar -zxf splunk-ucc-ui.tgz -C splunk_add_on_ucc_framework/ | |
poetry install | |
poetry build | |
- run: ./.github/workflows/check_ucc_ui_files.sh | |
- run: poetry run pytest --cov=splunk_add_on_ucc_framework --cov-report=xml tests/unit | |
build-test-addon: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.7" | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: poetry install | |
- run: | | |
./get-ucc-ui.sh | |
tar -zxf splunk-ucc-ui.tgz -C splunk_add_on_ucc_framework/ | |
- run: poetry run ucc-gen build --source tests/testdata/test_addons/package_global_config_everything/package | |
- run: poetry run ucc-gen package --path output/Splunk_TA_UCCExample | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: Splunk_TA_UCCExample-raw-output | |
path: output/* | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: Splunk_TA_UCCExample-packaged | |
path: Splunk_TA_UCCExample*.tar.gz | |
test-ui: | |
name: test-ui Splunk ${{ matrix.splunk.version }} -m ${{ matrix.test-mark }} | |
if: | | |
github.base_ref == 'main' || | |
github.ref_name == 'main' || | |
contains(github.event.pull_request.labels.*.name, 'run-ui-tests') | |
permissions: | |
id-token: write | |
contents: read | |
checks: write | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
needs: | |
- meta | |
- build-test-addon | |
- test-unit | |
- test-smoke | |
strategy: | |
matrix: | |
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }} | |
test-mark: | |
- "logging" | |
- "proxy" | |
- "account" | |
- "custom" | |
- "alert" | |
- "input" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.7" | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: poetry install | |
- name: Link chromedriver | |
# Use installed chromedriver https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md | |
run: | | |
export PATH=$PATH:$CHROMEWEBDRIVER | |
chromedriver --version | |
- uses: actions/download-artifact@v3 | |
with: | |
name: Splunk_TA_UCCExample-raw-output | |
path: output/ | |
- run: | | |
./run_splunk.sh ${{ matrix.splunk.version }} | |
until curl -Lsk "https://localhost:8088/services/collector/health" &>/dev/null ; do echo -n "Waiting for HEC-" && sleep 5 ; done | |
timeout-minutes: 5 | |
- run: poetry run pytest tests/ui -m "${{ matrix.test-mark }}" --headless --junitxml=test-results/junit.xml | |
- uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: test-results-ui-${{ matrix.splunk.version }}-${{ matrix.test-mark }} | |
path: test-results/* | |
- uses: dorny/test-reporter@v1 | |
if: always() | |
with: | |
name: test-report-ui-${{ matrix.splunk.version }}-${{ matrix.test-mark }} | |
path: "test-results/*.xml" | |
reporter: java-junit | |
appinspect-for-expected-outputs: | |
name: splunk-appinspect ${{ matrix.tags }} tests/testdata/expected_addons/expected_output_global_config_everything/Splunk_TA_UCCExample | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
strategy: | |
matrix: | |
tags: | |
- "cloud" | |
- "appapproval" | |
- "deprecated_feature" | |
- "developer_guidance" | |
- "future" | |
- "self-service" | |
- "splunk_appinspect" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.7" | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- name: Package tests/expected_output_global_config_everything/Splunk_TA_UCCExample | |
run: | | |
poetry install | |
mkdir tests/packaged | |
poetry run ucc-gen package --path tests/testdata/expected_addons/expected_output_global_config_everything/Splunk_TA_UCCExample -o tests/packaged | |
- uses: splunk/appinspect-cli-action@v1.12 | |
with: | |
app_path: tests/packaged | |
included_tags: ${{ matrix.tags }} | |
appinspect_manual_checks: tests/testdata/expected_addons/expected_output_global_config_everything/.appinspect.manualcheck.yaml | |
appinspect_expected_failures: tests/testdata/expected_addons/expected_output_global_config_everything/.appinspect.expect.yaml | |
pre-commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.7" | |
- uses: pre-commit/action@v3.0.0 | |
semgrep: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- id: semgrep | |
uses: returntocorp/semgrep-action@v1 | |
with: | |
publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} | |
build: | |
needs: | |
- docs-build | |
- compliance-copyrights | |
- fossa-scan | |
- test-unit | |
- test-smoke | |
- pre-commit | |
- appinspect-for-expected-outputs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Very important: semantic-release won't trigger a tagged | |
# build if this is not set false | |
persist-credentials: false | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.7" | |
- run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
- run: | | |
./get-ucc-ui.sh | |
# Puts package and schema subdirs along with NOTICE (THIRDPARTY.npm) | |
tar -zxf splunk-ucc-ui.tgz -C splunk_add_on_ucc_framework/ | |
poetry build | |
- name: Ensure all UCC UI files are in the final package | |
run: ./.github/workflows/check_ucc_ui_files.sh | |
- uses: actions/download-artifact@v3 | |
with: | |
name: THIRDPARTY | |
- run: cp -f THIRDPARTY NOTICE | |
- id: semantic | |
uses: splunk/semantic-release-action@v1.3 | |
with: | |
git_committer_name: ${{ secrets.SA_GH_USER_NAME }} | |
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }} | |
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }} | |
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }} | |
extra_plugins: | | |
@google/semantic-release-replace-plugin | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }} | |
- if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | |
uses: splunk/pypi-publish-action@v1.0 | |
with: | |
pypi_username: ${{ secrets.PYPI_USERNAME }} | |
pypi_token: ${{ secrets.PYPI_TOKEN }} | |