From 808f9e8ac9cb8633e11cb011b0ed98ec5407a786 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Dec 2022 17:03:10 +0000 Subject: [PATCH 01/37] chore(deps): bump splunk-appinspect from 2.14.1 to 2.30.0 Bumps [splunk-appinspect](https://splunk.com) from 2.14.1 to 2.30.0. --- updated-dependencies: - dependency-name: splunk-appinspect dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9f03473..2d0cc50 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,2 @@ pyyaml==5.4.1 -splunk-appinspect==2.14.1 \ No newline at end of file +splunk-appinspect==2.30.0 \ No newline at end of file From ca2f209ddb4f9639b024fc15820a64ccce847259 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Thu, 15 Dec 2022 13:53:58 +0530 Subject: [PATCH 02/37] test: dockerfile instead of image --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 50eb1e9..f3d8696 100644 --- a/action.yml +++ b/action.yml @@ -27,4 +27,4 @@ outputs: description: "value is success/fail based on app inspect result" runs: using: "docker" - image: "docker://ghcr.io/splunk/appinspect-cli-action/appinspect-cli-action:v1.5.0" + image: "Dockerfile" From 67deec772e57f118267a90d4c3fdce88c914440d Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Thu, 15 Dec 2022 15:01:49 +0530 Subject: [PATCH 03/37] test: failed action on not vetting entry --- entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/entrypoint.sh b/entrypoint.sh index b1d41f0..97f9aa9 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -46,6 +46,8 @@ if [ $exit_code != 0 ]; then echo "::group::failure_checks" python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "failure" exit_code=$? + python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" + exit_code=$? echo "::endgroup::" fi From 4afd00e1e81789d96e14ead13e492ba0054caed0 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Thu, 15 Dec 2022 17:34:04 +0530 Subject: [PATCH 04/37] test: resolved issue with failures --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 97f9aa9..13168c5 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -42,12 +42,12 @@ python3 /reporter.py $INPUT_RESULT_FILE exit_code=$? echo "::endgroup::" +python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" +exit_code=$? if [ $exit_code != 0 ]; then echo "::group::failure_checks" python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "failure" exit_code=$? - python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" - exit_code=$? echo "::endgroup::" fi From 718b7f5541e6e6c85c3db207b5f94deef04a7017 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Fri, 16 Dec 2022 09:29:35 +0530 Subject: [PATCH 05/37] test: updated conditions for checking vetting file --- entrypoint.sh | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 13168c5..c640ff9 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -42,25 +42,28 @@ python3 /reporter.py $INPUT_RESULT_FILE exit_code=$? echo "::endgroup::" -python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" -exit_code=$? if [ $exit_code != 0 ]; then echo "::group::failure_checks" python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "failure" - exit_code=$? + exit_code_failure=$? echo "::endgroup::" fi -if [[ "$INPUT_INCLUDED_TAGS" == *"manual"* ]] && [ $exit_code == 0 ]; then - echo "::group::manual_checks" - python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" - exit_code=$? - if [ $exit_code == 0 ]; then - echo "successful comparison, generating markdown" - echo "/export_to_markdown.py $INPUT_APP_VETTING $INPUT_MANUAL_CHECK_MARKDOWN" - python3 /export_to_markdown.py $INPUT_APP_VETTING $INPUT_MANUAL_CHECK_MARKDOWN - fi - echo "::endgroup::" -fi +echo "::group::manual_checks" +python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" +exit_code_manual_check=$? +echo "::endgroup::" + +# if [[ "$INPUT_INCLUDED_TAGS" == *"manual"* ]] && [ $exit_code == 0 ]; then +# echo "::group::manual_checks" +# python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" +# exit_code=$? +# if [ $exit_code == 0 ]; then +# echo "successful comparison, generating markdown" +# echo "/export_to_markdown.py $INPUT_APP_VETTING $INPUT_MANUAL_CHECK_MARKDOWN" +# python3 /export_to_markdown.py $INPUT_APP_VETTING $INPUT_MANUAL_CHECK_MARKDOWN +# fi +# echo "::endgroup::" +# fi -exit "$exit_code" +! (($exit_code_failure || $exit_code_manual_check)) From 49c7d36f30434afd7269232d305fd0f06453ac72 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Fri, 16 Dec 2022 09:50:25 +0530 Subject: [PATCH 06/37] test: fixed an error --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index c640ff9..c42d80d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -41,7 +41,7 @@ echo "::group::reporter" python3 /reporter.py $INPUT_RESULT_FILE exit_code=$? echo "::endgroup::" - +exit_code_failure=exit_code if [ $exit_code != 0 ]; then echo "::group::failure_checks" python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "failure" From b2ae886da38c3d0d2c7eeac77ad00e2dc94cf51c Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Fri, 16 Dec 2022 13:23:24 +0530 Subject: [PATCH 07/37] test: code added for 2 vetting files --- action.yml | 10 +++++++--- entrypoint.sh | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/action.yml b/action.yml index f3d8696..eda283f 100644 --- a/action.yml +++ b/action.yml @@ -14,10 +14,14 @@ inputs: excluded_tags: description: "Tags to exclude" required: false - app_vetting: - description: "Path to app vetting yaml file" + app_vetting_manual_checks: + description: "Path to app vetting yaml file for manual checks" required: false - default: ".app-vetting.yaml" + default: ".app-vetting-manual-checks.yaml" + app_vetting_expected_failures: + description: "Path to app vetting yaml file for expected failures" + required: false + default: ".app-vetting-expected-failure.yaml" manual_check_markdown: description: "Path for generated file with markdown for manual checks and exceptions" required: false diff --git a/entrypoint.sh b/entrypoint.sh index c42d80d..79a1001 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -44,13 +44,13 @@ echo "::endgroup::" exit_code_failure=exit_code if [ $exit_code != 0 ]; then echo "::group::failure_checks" - python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "failure" + python3 /compare_checks.py $INPUT_APP_VETTING_EXPECTED_FAILURES $INPUT_RESULT_FILE "failure" exit_code_failure=$? echo "::endgroup::" fi echo "::group::manual_checks" -python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" +python3 /compare_checks.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_RESULT_FILE "manual_check" exit_code_manual_check=$? echo "::endgroup::" From 1c00fdb5efacb9594d19d60245d0cccc2ce7f09a Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 19 Dec 2022 13:09:08 +0530 Subject: [PATCH 08/37] test: fixed typo in condition --- entrypoint.sh | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 79a1001..9eae559 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -41,7 +41,7 @@ echo "::group::reporter" python3 /reporter.py $INPUT_RESULT_FILE exit_code=$? echo "::endgroup::" -exit_code_failure=exit_code +exit_code_failure=$exit_code if [ $exit_code != 0 ]; then echo "::group::failure_checks" python3 /compare_checks.py $INPUT_APP_VETTING_EXPECTED_FAILURES $INPUT_RESULT_FILE "failure" @@ -54,16 +54,12 @@ python3 /compare_checks.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_RESULT_FILE " exit_code_manual_check=$? echo "::endgroup::" -# if [[ "$INPUT_INCLUDED_TAGS" == *"manual"* ]] && [ $exit_code == 0 ]; then -# echo "::group::manual_checks" -# python3 /compare_checks.py $INPUT_APP_VETTING $INPUT_RESULT_FILE "manual_check" -# exit_code=$? -# if [ $exit_code == 0 ]; then -# echo "successful comparison, generating markdown" -# echo "/export_to_markdown.py $INPUT_APP_VETTING $INPUT_MANUAL_CHECK_MARKDOWN" -# python3 /export_to_markdown.py $INPUT_APP_VETTING $INPUT_MANUAL_CHECK_MARKDOWN -# fi -# echo "::endgroup::" -# fi +if [[ "$INPUT_INCLUDED_TAGS" == *"manual"* ]] && [ $exit_code_failure == 0 ] && [ $exit_code_manual_check == 0 ] ; then + echo "::group::generate_markdown" + echo "successful comparison, generating markdown" + echo "/export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN" + python3 /export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN + echo "::endgroup::" +fi -! (($exit_code_failure || $exit_code_manual_check)) +exit "$(($exit_code_failure || $exit_code_manual_check))" From 439e099632efb69fc65b279fc1c2962e0d592bd1 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 19 Dec 2022 13:41:16 +0530 Subject: [PATCH 09/37] test: markdown for expected failures --- entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/entrypoint.sh b/entrypoint.sh index 9eae559..2c4caa0 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -59,6 +59,7 @@ if [[ "$INPUT_INCLUDED_TAGS" == *"manual"* ]] && [ $exit_code_failure == 0 ] && echo "successful comparison, generating markdown" echo "/export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN" python3 /export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN + python3 /export_to_markdown.py $INPUT_APP_VETTING_EXPECTED_FAILURES $INPUT_MANUAL_CHECK_MARKDOWN echo "::endgroup::" fi From 376a46c2abc3dba750922934f1f1545dbcf656ad Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 19 Dec 2022 13:50:48 +0530 Subject: [PATCH 10/37] test: file open with append mode --- export_to_markdown.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/export_to_markdown.py b/export_to_markdown.py index d76c96e..a8c7f7b 100644 --- a/export_to_markdown.py +++ b/export_to_markdown.py @@ -46,7 +46,7 @@ def _load_manual_checks(self): self.manual_checks = {} def _create_output_markup(self): - with open(self.markdown_output_path, "w") as output: + with open(self.markdown_output_path, "a") as output: output.write(MARKDOWN_START) for manual_check, check_attributes in self.manual_checks.items(): output.write( From b2966f45669c8caa5ebeb9b25dc6dd1041674b20 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 19 Dec 2022 14:59:16 +0530 Subject: [PATCH 11/37] test: testing --- action.yml | 8 ++++++-- entrypoint.sh | 6 +++--- export_to_markdown.py | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/action.yml b/action.yml index eda283f..9dcb1f0 100644 --- a/action.yml +++ b/action.yml @@ -17,15 +17,19 @@ inputs: app_vetting_manual_checks: description: "Path to app vetting yaml file for manual checks" required: false - default: ".app-vetting-manual-checks.yaml" + default: ".app-vetting.yaml" app_vetting_expected_failures: description: "Path to app vetting yaml file for expected failures" required: false default: ".app-vetting-expected-failure.yaml" manual_check_markdown: - description: "Path for generated file with markdown for manual checks and exceptions" + description: "Path for generated file with markdown for manual checks" required: false default: "manual_check_markdown.txt" + expected_failure_markdown: + description: "Path for generated file with markdown for exceptions" + required: false + default: "expected_failure_markdown.txt" outputs: status: description: "value is success/fail based on app inspect result" diff --git a/entrypoint.sh b/entrypoint.sh index 2c4caa0..db5b93d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -32,8 +32,8 @@ if [ ! -z $INPUT_EXCLUDED_TAGS ]; then EXCLUDED_TAGS="--excluded-tags ${INPUT_EX echo "::group::appinspect" rm -f $INPUT_RESULT_FILE || true 1>/dev/null -echo running: splunk-appinspect inspect $SCAN --output-file $INPUT_RESULT_FILE --mode test $INCLUDED_TAGS $EXCLUDED_TAGS -splunk-appinspect inspect $SCAN --output-file $INPUT_RESULT_FILE --mode test $INCLUDED_TAGS $EXCLUDED_TAGS +echo running: splunk-appinspect inspect $SCAN --output-file $INPUT_RESULT_FILE --mode test --included-tags cloud --included-tags manual $EXCLUDED_TAGS +splunk-appinspect inspect $SCAN --output-file $INPUT_RESULT_FILE --mode test --included-tags cloud --included-tags manual $EXCLUDED_TAGS if [ ! -f $INPUT_RESULT_FILE ]; then echo no result file; exit 1; fi echo "::endgroup::" @@ -59,7 +59,7 @@ if [[ "$INPUT_INCLUDED_TAGS" == *"manual"* ]] && [ $exit_code_failure == 0 ] && echo "successful comparison, generating markdown" echo "/export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN" python3 /export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN - python3 /export_to_markdown.py $INPUT_APP_VETTING_EXPECTED_FAILURES $INPUT_MANUAL_CHECK_MARKDOWN + python3 /export_to_markdown.py $INPUT_APP_VETTING_EXPECTED_FAILURES $INPUT_EXPECTED_FAILURE_MARKDOWN echo "::endgroup::" fi diff --git a/export_to_markdown.py b/export_to_markdown.py index a8c7f7b..d76c96e 100644 --- a/export_to_markdown.py +++ b/export_to_markdown.py @@ -46,7 +46,7 @@ def _load_manual_checks(self): self.manual_checks = {} def _create_output_markup(self): - with open(self.markdown_output_path, "a") as output: + with open(self.markdown_output_path, "w") as output: output.write(MARKDOWN_START) for manual_check, check_attributes in self.manual_checks.items(): output.write( From 6d8c3979d8ea4744139ec2f8e16b6fb28fbf624c Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 19 Dec 2022 15:20:17 +0530 Subject: [PATCH 12/37] test: reverted changes --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index db5b93d..501dbcb 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -32,8 +32,8 @@ if [ ! -z $INPUT_EXCLUDED_TAGS ]; then EXCLUDED_TAGS="--excluded-tags ${INPUT_EX echo "::group::appinspect" rm -f $INPUT_RESULT_FILE || true 1>/dev/null -echo running: splunk-appinspect inspect $SCAN --output-file $INPUT_RESULT_FILE --mode test --included-tags cloud --included-tags manual $EXCLUDED_TAGS -splunk-appinspect inspect $SCAN --output-file $INPUT_RESULT_FILE --mode test --included-tags cloud --included-tags manual $EXCLUDED_TAGS +echo running: splunk-appinspect inspect $SCAN --output-file $INPUT_RESULT_FILE --mode test $INCLUDED_TAGS $EXCLUDED_TAGS +splunk-appinspect inspect $SCAN --output-file $INPUT_RESULT_FILE --mode test $INCLUDED_TAGS $EXCLUDED_TAGS if [ ! -f $INPUT_RESULT_FILE ]; then echo no result file; exit 1; fi echo "::endgroup::" From 4bc7bd166f008d02e08ea45c9953d6f4161cc49e Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 19 Dec 2022 18:12:28 +0530 Subject: [PATCH 13/37] test: removed manual tag condition for generating markdown --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 501dbcb..fe05ec3 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -54,7 +54,7 @@ python3 /compare_checks.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_RESULT_FILE " exit_code_manual_check=$? echo "::endgroup::" -if [[ "$INPUT_INCLUDED_TAGS" == *"manual"* ]] && [ $exit_code_failure == 0 ] && [ $exit_code_manual_check == 0 ] ; then +if [ $exit_code_failure == 0 ] && [ $exit_code_manual_check == 0 ] ; then echo "::group::generate_markdown" echo "successful comparison, generating markdown" echo "/export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN" From 954be012a718d4b1d1112b2e2c69258d08374eb7 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 20 Dec 2022 14:50:40 +0530 Subject: [PATCH 14/37] test: formated result --- entrypoint.sh | 3 ++- reporter.py | 12 ++++++++++++ requirements.txt | 3 ++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index fe05ec3..5cbf39e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -41,6 +41,7 @@ echo "::group::reporter" python3 /reporter.py $INPUT_RESULT_FILE exit_code=$? echo "::endgroup::" + exit_code_failure=$exit_code if [ $exit_code != 0 ]; then echo "::group::failure_checks" @@ -63,4 +64,4 @@ if [ $exit_code_failure == 0 ] && [ $exit_code_manual_check == 0 ] ; then echo "::endgroup::" fi -exit "$(($exit_code_failure || $exit_code_manual_check))" +exit "$(($exit_code_failure || $exit_code_manual_check))" \ No newline at end of file diff --git a/reporter.py b/reporter.py index e2fd47d..f0ac543 100644 --- a/reporter.py +++ b/reporter.py @@ -1,7 +1,18 @@ import json import sys +import tabulate from pprint import pprint +class BCOLORS: + HEADER = "\033[95m" + OKBLUE = "\033[94m" + OKCYAN = "\033[96m" + +def format_result(result): + header = result.keys() + row = [[result[x] for x in test]] + print(tabulate.tabulate(row, header)) + def main(args): try: @@ -28,6 +39,7 @@ def main(args): for group in result["reports"][0]["groups"]: for check in group["checks"]: if check["result"] == "failure": + print(check["name"]) for msg in check["messages"]: print(msg["message"]) sys.exit(1) diff --git a/requirements.txt b/requirements.txt index 2d0cc50..9b000d5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ pyyaml==5.4.1 -splunk-appinspect==2.30.0 \ No newline at end of file +splunk-appinspect==2.30.0 +tabulate==0.9.0 \ No newline at end of file From 672d040ea7ce4badec19b2c3e5a7832f60e304de Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 20 Dec 2022 14:59:09 +0530 Subject: [PATCH 15/37] test: formatted results --- reporter.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/reporter.py b/reporter.py index f0ac543..2baf81d 100644 --- a/reporter.py +++ b/reporter.py @@ -7,6 +7,7 @@ class BCOLORS: HEADER = "\033[95m" OKBLUE = "\033[94m" OKCYAN = "\033[96m" + BOLD = "\033[1m" def format_result(result): header = result.keys() @@ -29,7 +30,8 @@ def main(args): if check["result"] == "warning": for msg in check["messages"]: print(msg["message"]) - pprint(result["summary"]) + print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') + format_result(result["summary"]) print("::set-output name=status::pass") else: print(f"App Inspect returned {failures} failures.") From 2cb9f9f819de53df77c82a803c3219c885cb1126 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 20 Dec 2022 15:19:03 +0530 Subject: [PATCH 16/37] tets: format changed for failures --- reporter.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/reporter.py b/reporter.py index 2baf81d..43ec415 100644 --- a/reporter.py +++ b/reporter.py @@ -7,11 +7,12 @@ class BCOLORS: HEADER = "\033[95m" OKBLUE = "\033[94m" OKCYAN = "\033[96m" + FAIL = "\033[91m" BOLD = "\033[1m" def format_result(result): header = result.keys() - row = [[result[x] for x in test]] + row = [[result[x] for x in result]] print(tabulate.tabulate(row, header)) @@ -36,12 +37,13 @@ def main(args): else: print(f"App Inspect returned {failures} failures.") print("::set-output name=status::fail") - pprint(result["summary"]) - print("Failure List:") + print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') + format_result(result["summary"]) + print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} Failure List:') for group in result["reports"][0]["groups"]: for check in group["checks"]: if check["result"] == "failure": - print(check["name"]) + print(f'{BCOLORS.FAIL}check["name"]') for msg in check["messages"]: print(msg["message"]) sys.exit(1) From b33d64617c08684afba9e682aa586d2a576bc5cf Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 20 Dec 2022 15:27:10 +0530 Subject: [PATCH 17/37] test: fixed a typo --- reporter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reporter.py b/reporter.py index 43ec415..93f15e0 100644 --- a/reporter.py +++ b/reporter.py @@ -43,7 +43,7 @@ def main(args): for group in result["reports"][0]["groups"]: for check in group["checks"]: if check["result"] == "failure": - print(f'{BCOLORS.FAIL}check["name"]') + print(f'{BCOLORS.FAIL} {check["name"]}') for msg in check["messages"]: print(msg["message"]) sys.exit(1) From 1c050e50ff8784703dda628991dcf751a07b5c30 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 20 Dec 2022 16:00:37 +0530 Subject: [PATCH 18/37] test: warjings added --- reporter.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/reporter.py b/reporter.py index 93f15e0..dfb2542 100644 --- a/reporter.py +++ b/reporter.py @@ -7,6 +7,8 @@ class BCOLORS: HEADER = "\033[95m" OKBLUE = "\033[94m" OKCYAN = "\033[96m" + OKGREEN = "\033[92m" + WARNING = "\033[93m" FAIL = "\033[91m" BOLD = "\033[1m" @@ -23,12 +25,13 @@ def main(args): if "summary" in result and "failure" in result["summary"]: failures = result["summary"]["failure"] if failures == 0: - print("App Inspect Passed!") + print(f"{BCOLORS.BOLD}{BCOLORS.OKGREEN}App Inspect Passed!") if "warning" in result["summary"] and result["summary"]["warning"]: - print("Warning List:") + print(f"{BCOLORS.OKBLUE}Warning List:") for group in result["reports"][0]["groups"]: for check in group["checks"]: if check["result"] == "warning": + print(f'{BCOLORS.WARNING} {check["name"]}') for msg in check["messages"]: print(msg["message"]) print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') From 96f0f59e5faa56a4f4b8237fb68f5de186e83194 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 21 Dec 2022 13:37:34 +0530 Subject: [PATCH 19/37] test: validation added for comment --- compare_checks.py | 13 ++++++++++++- reporter.py | 2 +- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/compare_checks.py b/compare_checks.py index 3282988..4668f3e 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -25,6 +25,14 @@ class BCOLORS: BOLD = "\033[1m" UNDERLINE = "\033[4m" +def validate_comment(vetting_dat): + checks = [] + ticket_id=re.compile(r"((ADDON|APPCERT)-[0-9]+)") + for check, info in vetting_data.items(): + if not re.search(ticket_id,info.get("comment")): + checks.append(check) + return checks + def compare( check_type: str, @@ -89,8 +97,11 @@ def compare( print( f"{BCOLORS.FAIL}{BCOLORS.BOLD}Please see appinspect report for more detailed description about {check_type} checks and review them accordingly.{BCOLORS.ENDC}" ) + checks_with_no_id = [] + if check_type=="failure": + checks_with_no_id = validate_comment(vetting_data) - return new_checks + not_commented + return new_checks + not_commented + checks_with_no_id def get_checks_from_appinspect_result( diff --git a/reporter.py b/reporter.py index dfb2542..f5d5a0c 100644 --- a/reporter.py +++ b/reporter.py @@ -38,7 +38,7 @@ def main(args): format_result(result["summary"]) print("::set-output name=status::pass") else: - print(f"App Inspect returned {failures} failures.") + print(f"{BCOLORS.BOLD}{BCOLORS.FAIL}App Inspect returned {failures} failures.") print("::set-output name=status::fail") print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') format_result(result["summary"]) From 0406b25ab2658b866979a419a8c94532082a5de7 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 21 Dec 2022 13:44:41 +0530 Subject: [PATCH 20/37] test: re imported --- compare_checks.py | 1 + 1 file changed, 1 insertion(+) diff --git a/compare_checks.py b/compare_checks.py index 4668f3e..59a66f5 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -4,6 +4,7 @@ from typing import List import yaml +import re print( f"{os.path.basename(__file__)} script was called with parameters: {' '.join(sys.argv[1:])}" From 2196b6a2e7081a5e6144642202fc30971eb8bbbb Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 21 Dec 2022 13:50:45 +0530 Subject: [PATCH 21/37] test: fixed a tyopo --- compare_checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compare_checks.py b/compare_checks.py index 59a66f5..3b6df3e 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -26,7 +26,7 @@ class BCOLORS: BOLD = "\033[1m" UNDERLINE = "\033[4m" -def validate_comment(vetting_dat): +def validate_comment(vetting_data): checks = [] ticket_id=re.compile(r"((ADDON|APPCERT)-[0-9]+)") for check, info in vetting_data.items(): From 39926c22894d6aac987e162e3ac66f5c8470dda0 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 21 Dec 2022 15:20:08 +0530 Subject: [PATCH 22/37] test: comments added --- compare_checks.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/compare_checks.py b/compare_checks.py index 3b6df3e..93a3111 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -101,6 +101,11 @@ def compare( checks_with_no_id = [] if check_type=="failure": checks_with_no_id = validate_comment(vetting_data) + if checks_with_no_id: + print( + f"{BCOLORS.FAIL}{BCOLORS.BOLD}All verified {check_type} checks require comment with proper tickiet id. Below checks are not commented with required tickiet id" + f" {vetting_file}:{BCOLORS.ENDC}" + ) return new_checks + not_commented + checks_with_no_id From 50b70ed051e26dcfecbeef69c182aee9af61b4cc Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 21 Dec 2022 15:42:58 +0530 Subject: [PATCH 23/37] test: added checklist --- compare_checks.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/compare_checks.py b/compare_checks.py index 93a3111..4ae45f9 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -105,6 +105,8 @@ def compare( print( f"{BCOLORS.FAIL}{BCOLORS.BOLD}All verified {check_type} checks require comment with proper tickiet id. Below checks are not commented with required tickiet id" f" {vetting_file}:{BCOLORS.ENDC}" + for check in checks_with_no_id: + print(f"{BCOLORS.FAIL}{BCOLORS.BOLD}\t{check}{BCOLORS.ENDC}") ) return new_checks + not_commented + checks_with_no_id From 15724d7d3bbda09ef4090a7cb5d299f966433b11 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 21 Dec 2022 17:29:55 +0530 Subject: [PATCH 24/37] test: added list --- compare_checks.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compare_checks.py b/compare_checks.py index 4ae45f9..a6eec34 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -105,9 +105,9 @@ def compare( print( f"{BCOLORS.FAIL}{BCOLORS.BOLD}All verified {check_type} checks require comment with proper tickiet id. Below checks are not commented with required tickiet id" f" {vetting_file}:{BCOLORS.ENDC}" - for check in checks_with_no_id: - print(f"{BCOLORS.FAIL}{BCOLORS.BOLD}\t{check}{BCOLORS.ENDC}") ) + for check in checks_with_no_id: + print(f"{BCOLORS.FAIL}{BCOLORS.BOLD}\t{check}{BCOLORS.ENDC}") return new_checks + not_commented + checks_with_no_id From 3ab75c86fe08a3bb55a3c1080799a4fefb10a874 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 21 Dec 2022 18:05:35 +0530 Subject: [PATCH 25/37] test: typo fixed --- compare_checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compare_checks.py b/compare_checks.py index a6eec34..2f0c684 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -103,7 +103,7 @@ def compare( checks_with_no_id = validate_comment(vetting_data) if checks_with_no_id: print( - f"{BCOLORS.FAIL}{BCOLORS.BOLD}All verified {check_type} checks require comment with proper tickiet id. Below checks are not commented with required tickiet id" + f"{BCOLORS.FAIL}{BCOLORS.BOLD}All verified {check_type} checks require comment with proper ticket id. Below checks are not commented with required ticket id" f" {vetting_file}:{BCOLORS.ENDC}" ) for check in checks_with_no_id: From bbc3465def3256e40e750d613c8e47c060f9ee54 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Fri, 23 Dec 2022 15:15:10 +0530 Subject: [PATCH 26/37] test: updated file names --- action.yml | 2 +- compare_checks.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 9dcb1f0..63dc379 100644 --- a/action.yml +++ b/action.yml @@ -21,7 +21,7 @@ inputs: app_vetting_expected_failures: description: "Path to app vetting yaml file for expected failures" required: false - default: ".app-vetting-expected-failure.yaml" + default: ".appinspect.expected.failure.yaml" manual_check_markdown: description: "Path for generated file with markdown for manual checks" required: false diff --git a/compare_checks.py b/compare_checks.py index 2f0c684..280711c 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -103,7 +103,7 @@ def compare( checks_with_no_id = validate_comment(vetting_data) if checks_with_no_id: print( - f"{BCOLORS.FAIL}{BCOLORS.BOLD}All verified {check_type} checks require comment with proper ticket id. Below checks are not commented with required ticket id" + f"{BCOLORS.FAIL}{BCOLORS.BOLD}All {check_type} checks require comment with proper ticket id. Below checks are not commented with required ticket id" f" {vetting_file}:{BCOLORS.ENDC}" ) for check in checks_with_no_id: From 2231123b01c24889dae0e60a8d2b1ae79caa5216 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 26 Dec 2022 14:13:52 +0530 Subject: [PATCH 27/37] test: added review comment --- action.yml | 2 +- compare_checks.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/action.yml b/action.yml index 63dc379..d710f89 100644 --- a/action.yml +++ b/action.yml @@ -21,7 +21,7 @@ inputs: app_vetting_expected_failures: description: "Path to app vetting yaml file for expected failures" required: false - default: ".appinspect.expected.failure.yaml" + default: ".appinspect.expect.yaml" manual_check_markdown: description: "Path for generated file with markdown for manual checks" required: false diff --git a/compare_checks.py b/compare_checks.py index 280711c..f71f97a 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -28,7 +28,7 @@ class BCOLORS: def validate_comment(vetting_data): checks = [] - ticket_id=re.compile(r"((ADDON|APPCERT)-[0-9]+)") + ticket_id=re.compile(r"((?i)(ADDON|APPCERT)-[0-9]+)") for check, info in vetting_data.items(): if not re.search(ticket_id,info.get("comment")): checks.append(check) @@ -103,11 +103,11 @@ def compare( checks_with_no_id = validate_comment(vetting_data) if checks_with_no_id: print( - f"{BCOLORS.FAIL}{BCOLORS.BOLD}All {check_type} checks require comment with proper ticket id. Below checks are not commented with required ticket id" + f"{BCOLORS.FAIL}{BCOLORS.BOLD}There are some checks which require comment with proper ticket id in {vetting_file}. Below checks are not commented with required ticket id" f" {vetting_file}:{BCOLORS.ENDC}" ) - for check in checks_with_no_id: - print(f"{BCOLORS.FAIL}{BCOLORS.BOLD}\t{check}{BCOLORS.ENDC}") + for check in checks_with_no_id: + print(f"{BCOLORS.FAIL}{BCOLORS.BOLD}\t{check}{BCOLORS.ENDC}") return new_checks + not_commented + checks_with_no_id From 2ce3dad1a55b46d9252365bf0abba254f7a2cf2f Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 27 Dec 2022 14:30:02 +0530 Subject: [PATCH 28/37] test: format related changes --- action.yml | 16 ++++++++-------- entrypoint.sh | 10 +++++----- reporter.py | 7 +++---- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/action.yml b/action.yml index d710f89..63d95b4 100644 --- a/action.yml +++ b/action.yml @@ -14,20 +14,20 @@ inputs: excluded_tags: description: "Tags to exclude" required: false - app_vetting_manual_checks: - description: "Path to app vetting yaml file for manual checks" + appinspect_manual_checks: + description: "Path to app vetting yaml for manual checks" required: false - default: ".app-vetting.yaml" - app_vetting_expected_failures: - description: "Path to app vetting yaml file for expected failures" + default: ".appinspect.manual.check" + appinspect_expected_failures: + description: "Path to app vetting yaml for expected appinspect failures" required: false - default: ".appinspect.expect.yaml" + default: ".appinspect.expect" manual_check_markdown: - description: "Path for generated file with markdown for manual checks" + description: "Path to generated file with markdown for manual checks" required: false default: "manual_check_markdown.txt" expected_failure_markdown: - description: "Path for generated file with markdown for exceptions" + description: "Path to generated file with markdown for exceptions" required: false default: "expected_failure_markdown.txt" outputs: diff --git a/entrypoint.sh b/entrypoint.sh index 5cbf39e..13cb834 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -45,22 +45,22 @@ echo "::endgroup::" exit_code_failure=$exit_code if [ $exit_code != 0 ]; then echo "::group::failure_checks" - python3 /compare_checks.py $INPUT_APP_VETTING_EXPECTED_FAILURES $INPUT_RESULT_FILE "failure" + python3 /compare_checks.py $INPUT_APPINSPECT_EXPECTED_FAILURES $INPUT_RESULT_FILE "failure" exit_code_failure=$? echo "::endgroup::" fi echo "::group::manual_checks" -python3 /compare_checks.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_RESULT_FILE "manual_check" +python3 /compare_checks.py $INPUT_APPINSPECT_MANUAL_CHECKS $INPUT_RESULT_FILE "manual_check" exit_code_manual_check=$? echo "::endgroup::" if [ $exit_code_failure == 0 ] && [ $exit_code_manual_check == 0 ] ; then echo "::group::generate_markdown" echo "successful comparison, generating markdown" - echo "/export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN" - python3 /export_to_markdown.py $INPUT_APP_VETTING_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN - python3 /export_to_markdown.py $INPUT_APP_VETTING_EXPECTED_FAILURES $INPUT_EXPECTED_FAILURE_MARKDOWN + echo "/export_to_markdown.py $INPUT_APPINSPECT_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN" + python3 /export_to_markdown.py $INPUT_APPINSPECT_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN + python3 /export_to_markdown.py $INPUT_APPINSPECT_EXPECTED_FAILURES $INPUT_EXPECTED_FAILURE_MARKDOWN echo "::endgroup::" fi diff --git a/reporter.py b/reporter.py index f5d5a0c..bb89db2 100644 --- a/reporter.py +++ b/reporter.py @@ -13,10 +13,9 @@ class BCOLORS: BOLD = "\033[1m" def format_result(result): - header = result.keys() - row = [[result[x] for x in result]] - print(tabulate.tabulate(row, header)) - + restructured_result = ["success","manual_check","not_applicable","skipped","warning","error","failure"] + row = [[result[x] for x in restructured_result]] + print(tabulate.tabulate(row, restructured_result)) def main(args): try: From 44a2d25a37dcbb2d5264bfc6b0bce49e6c23e6c1 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 28 Dec 2022 15:04:07 +0530 Subject: [PATCH 29/37] test: removed exttra debug statements --- Dockerfile | 2 +- reporter.py | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7b43229..a2e8acc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,4 +12,4 @@ COPY export_to_markdown.py / # Code file to execute when the docker container starts up (`entrypoint.sh`) WORKDIR /github/workspace -ENTRYPOINT ["bash", "-x", "/entrypoint.sh"] +ENTRYPOINT ["bash", "/entrypoint.sh"] diff --git a/reporter.py b/reporter.py index bb89db2..9c28d2b 100644 --- a/reporter.py +++ b/reporter.py @@ -35,10 +35,10 @@ def main(args): print(msg["message"]) print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') format_result(result["summary"]) - print("::set-output name=status::pass") + # print("::set-output name=status::pass") else: print(f"{BCOLORS.BOLD}{BCOLORS.FAIL}App Inspect returned {failures} failures.") - print("::set-output name=status::fail") + # print("::set-output name=status::fail") print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') format_result(result["summary"]) print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} Failure List:') @@ -51,7 +51,7 @@ def main(args): sys.exit(1) else: print("Unexpected JSON format") - print("::set-output name=status::fail") + # print("::set-output name=status::fail") sys.exit(1) except Exception as e: print(f"An error occurred {str(e)}") From 8de57d259579c69ffa4fdb5ce08d6061fcc7522e Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 28 Dec 2022 17:22:00 +0530 Subject: [PATCH 30/37] test: replaced set-output --- reporter.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/reporter.py b/reporter.py index 9c28d2b..3c3257c 100644 --- a/reporter.py +++ b/reporter.py @@ -1,6 +1,7 @@ import json import sys import tabulate +import os from pprint import pprint class BCOLORS: @@ -36,9 +37,13 @@ def main(args): print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') format_result(result["summary"]) # print("::set-output name=status::pass") + with open(os.environ["GITHUB_OUTPUT"], "a") as fh: + print("status=pass", file=fh) else: print(f"{BCOLORS.BOLD}{BCOLORS.FAIL}App Inspect returned {failures} failures.") # print("::set-output name=status::fail") + with open(os.environ["GITHUB_OUTPUT"], "a") as fh: + print("status=fail", file=fh) print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') format_result(result["summary"]) print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} Failure List:') @@ -52,6 +57,8 @@ def main(args): else: print("Unexpected JSON format") # print("::set-output name=status::fail") + with open(os.environ["GITHUB_OUTPUT"], "a") as fh: + print("status=fail", file=fh) sys.exit(1) except Exception as e: print(f"An error occurred {str(e)}") From 81a999583b9ec4db3d77ac387a8d062a7f06e44e Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 2 Jan 2023 14:14:50 +0530 Subject: [PATCH 31/37] test: code cleanup --- export_to_markdown.py | 2 +- reporter.py | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/export_to_markdown.py b/export_to_markdown.py index d76c96e..fd013ed 100644 --- a/export_to_markdown.py +++ b/export_to_markdown.py @@ -9,7 +9,7 @@ - + """ diff --git a/reporter.py b/reporter.py index 3c3257c..bc8c652 100644 --- a/reporter.py +++ b/reporter.py @@ -36,12 +36,10 @@ def main(args): print(msg["message"]) print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') format_result(result["summary"]) - # print("::set-output name=status::pass") with open(os.environ["GITHUB_OUTPUT"], "a") as fh: print("status=pass", file=fh) else: print(f"{BCOLORS.BOLD}{BCOLORS.FAIL}App Inspect returned {failures} failures.") - # print("::set-output name=status::fail") with open(os.environ["GITHUB_OUTPUT"], "a") as fh: print("status=fail", file=fh) print(f'{BCOLORS.OKBLUE}{BCOLORS.BOLD} SUMMARY') @@ -56,7 +54,6 @@ def main(args): sys.exit(1) else: print("Unexpected JSON format") - # print("::set-output name=status::fail") with open(os.environ["GITHUB_OUTPUT"], "a") as fh: print("status=fail", file=fh) sys.exit(1) From ce04283555b7c538dec2444104e222d5bef67ec4 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Mon, 2 Jan 2023 17:28:28 +0530 Subject: [PATCH 32/37] test: file name changed --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 63d95b4..00a06cf 100644 --- a/action.yml +++ b/action.yml @@ -17,7 +17,7 @@ inputs: appinspect_manual_checks: description: "Path to app vetting yaml for manual checks" required: false - default: ".appinspect.manual.check" + default: ".appinspect.manualcheck" appinspect_expected_failures: description: "Path to app vetting yaml for expected appinspect failures" required: false From bc68710bbf2606f2b7f25c70de8ed3aa316ae697 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 3 Jan 2023 10:17:59 +0530 Subject: [PATCH 33/37] test: variable name changes --- action.yml | 8 ++++---- compare_checks.py | 14 +++++++------- entrypoint.sh | 1 - export_to_markdown.py | 26 +++++++++++++------------- 4 files changed, 24 insertions(+), 25 deletions(-) diff --git a/action.yml b/action.yml index 00a06cf..ee5c8e3 100644 --- a/action.yml +++ b/action.yml @@ -1,9 +1,9 @@ # action.yml name: "Splunk AppInspect" -description: "Run Splunk App insect on a Splunk app directory." +description: "Run Splunk App inspect on a Splunk app directory." inputs: app_path: - description: "path to the application directory to be inspected" + description: "Path to the application directory to be inspected" default: build/splunkbase result_file: description: "json result file name" @@ -15,11 +15,11 @@ inputs: description: "Tags to exclude" required: false appinspect_manual_checks: - description: "Path to app vetting yaml for manual checks" + description: "Path to file with list of manual checks" required: false default: ".appinspect.manualcheck" appinspect_expected_failures: - description: "Path to app vetting yaml for expected appinspect failures" + description: "Path to file with list of expected appinspect failures" required: false default: ".appinspect.expect" manual_check_markdown: diff --git a/compare_checks.py b/compare_checks.py index f71f97a..cb08910 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -37,16 +37,16 @@ def validate_comment(vetting_data): def compare( check_type: str, - vetting_file: str = ".app-vetting.yaml", + vetting_file: str = ".appinspect.manualcheck", appinspect_result_file: str = "appinspect_output.json", ) -> List[str]: """ Compares checks from vetting file and appinspect result file. A lot prints are added to make it easier for users to create proper vetting_file and understand errors - :param vetting_file: path to yaml file with verified manual checks + :param vetting_file: path to file with varified list of checks :param appinspect_result_file: path to Splunk's AppInspect CLI result file - :return: list of non matching tests between vetting_file and appinspect_result_file or not commented ones + :return: list of non matching tests between vetting_file and appinspect_result_file or not commented ones or checks with inappropriate comment """ if not os.path.isfile(appinspect_result_file): raise FileNotFoundError( @@ -116,20 +116,20 @@ def get_checks_from_appinspect_result( path: str, result: str = "manual_check" ) -> List[str]: """ - Returns manual checks from appinspect json result file + Returns checks from appinspect json result file :param path: path to json result file :return: list of checks in string format """ - manual_checks = [] + checks = [] with open(path) as f: appinspect_results = json.load(f) for report in appinspect_results["reports"]: for group in report["groups"]: for check in group["checks"]: if check["result"] == result: - manual_checks.append(check["name"]) - return manual_checks + checks.append(check["name"]) + return checks def main(): diff --git a/entrypoint.sh b/entrypoint.sh index 13cb834..c6c299d 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -58,7 +58,6 @@ echo "::endgroup::" if [ $exit_code_failure == 0 ] && [ $exit_code_manual_check == 0 ] ; then echo "::group::generate_markdown" echo "successful comparison, generating markdown" - echo "/export_to_markdown.py $INPUT_APPINSPECT_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN" python3 /export_to_markdown.py $INPUT_APPINSPECT_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN python3 /export_to_markdown.py $INPUT_APPINSPECT_EXPECTED_FAILURES $INPUT_EXPECTED_FAILURE_MARKDOWN echo "::endgroup::" diff --git a/export_to_markdown.py b/export_to_markdown.py index fd013ed..d31feef 100644 --- a/export_to_markdown.py +++ b/export_to_markdown.py @@ -15,7 +15,7 @@ """ CHECK_MARKDOWN_TEMPLATE = """ - """ @@ -30,28 +30,28 @@ class ExportToMarkdown: Based on app vetting file generates file with markdown consisting names of validated checks and comments. """ - def __init__(self, manual_checks_path, markdown_output_path): - self.manual_checks_path = manual_checks_path + def __init__(self, checks_path, markdown_output_path): + self.checks_path = checks_path self.markdown_output_path = markdown_output_path - self.manual_checks = None + self.checks = None def __call__(self): - self._load_manual_checks() + self._load_checks() self._create_output_markup() - def _load_manual_checks(self): - with open(self.manual_checks_path) as vetting_data: - self.manual_checks = yaml.safe_load(vetting_data) - if self.manual_checks is None: - self.manual_checks = {} + def _load_checks(self): + with open(self.checks_path) as vetting_data: + self.checks = yaml.safe_load(vetting_data) + if self.checks is None: + self.checks = {} def _create_output_markup(self): with open(self.markdown_output_path, "w") as output: output.write(MARKDOWN_START) - for manual_check, check_attributes in self.manual_checks.items(): + for check, check_attributes in self.checks.items(): output.write( CHECK_MARKDOWN_TEMPLATE.format( - manual_check=manual_check, comment=check_attributes["comment"] + check=check, comment=check_attributes["comment"] ) ) output.write(MARKDOWN_END) @@ -59,7 +59,7 @@ def _create_output_markup(self): def main(): ExportToMarkdown( - manual_checks_path=APP_VETTING_PATH, markdown_output_path=MARKDOWN_OUTPUT_PATH + checks_path=APP_VETTING_PATH, markdown_output_path=MARKDOWN_OUTPUT_PATH )() From d2679e8f6ac6216f95e1331140f7ac04708fb0b2 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 3 Jan 2023 15:02:08 +0530 Subject: [PATCH 34/37] test: readme changed --- README.md | 57 ++++++++++++++++++++++++++++++++++++++++------------- action.yml | 6 +++--- reporter.py | 3 +-- 3 files changed, 47 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index af26cff..3515d28 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Splunk AppInspect action -This action runs Splunk's AppInspect CLI against a provided a directory of a Splunk App. -It fails if the result contains any failures. +This action runs Splunk's AppInspect CLI against a provided directory of Splunk App. +It fails if the result contains any failures or manual checks are not vetted. The (json) result will be written to the file specified with [`result-file`](#result-file). This can be uploaded for later viewing to use in another step/job using [`actions/upload-artifact@v2`](https://github.com/marketplace/actions/upload-a-build-artifact). @@ -29,35 +29,58 @@ Appinspect tags to exclude `required`: `false` -### `app_vetting` -Path to app vetting yaml file. Used only if `manual` in `included_tags` +### `appinspect_manual_checks` +Path to file which contains list of manual checks -`default`: `.app-vetting.yaml` +`required`: `false` +`default`: `.appinspect.manualcheck` + +### `appinspect_expected_failures` +Path to file which contains list of expected appinspect failures + +`required`: `false` +`default`: `.appinspect.expect` ### `manual_check_markdown` -Path for generated file with markdown for manual checks. Used only if `manual` in `included_tags` +Path to generated file with markdown for manual checks +`required`: `false` `default`: `manual_check_markdown.txt` +### `appinspect_expected_failures` +Path to generated file with markdown for expected appinspect failures + +`required`: `false` +`default`: `expected_failure_markdown.txt` + ## Outputs ### `status`: `pass|fail` -## Using manual tag -Running `appinspect-cli-action` with `manual` tag in `included_tags` detects checks that need to be verified manually and tests if all of them were already reviewed - if not the action will fail. ### Manual checks review -To see checks to be verified inspect the `result_file` from `appinspect-cli-action` run with manual tag. Verify manual checks and mark them as reviewed by adding them one by one into `.app-vetting.yaml`, ex: +To see checks to be verified, inspect the `result_file` from `appinspect-cli-action`. Verify manual checks and mark them as reviewed by adding them one by one into `.appinspect.manualcheck`, ex: ```yml name_of_manual_check_1: comment: 'your comment' name_of_manual_check_2: comment: 'your comment' ``` -please note that names of validated manual checks should be aligned with those from `result_file` and your comment can't be empty. +Please note that names of validated manual checks should be aligned with those from `result_file` and your comment can't be empty. + +### Failure checks review +To mark Failures as expected, add them into `.appinspect.expect` with proper comment containing ticket id of ADDON/APPCERT project associated with the exception, ex: +```yml +name_of_exception_1: + comment: 'ADDON-123: your comment' +name_of_exception_2: + comment: 'APPCERT-123: your comment' +``` +Please note that your comment can't be empty, it must include ticket id of ADDON/APPCERT project associated with the exception and the names of exceptions should be aligned with those from `result_file`. + ### Running the job -When `appinspect-cli-action` is called with `manual` tag, it scans the package with Splunk's AppInspect CLI and searches for manual checks. In the next step, action compares `results_file` with `.app-vetting.yaml` if any check wasn't reviewed and isn't in `.app-vetting.yaml` then the job fails. +When `appinspect-cli-action` is called, it scans the package with Splunk's AppInspect CLI. If there are any failures observed then action compares `results_file` with `.appinspect.expect`. If that failure isn't present in `appinspect.expect` or it does not contain an appropriate comment(containing ADDON/APPCERT ticket id associated with the exception) then the job fails with proper failure reason. In the next step, action compares `results_file` with `.appinspect.manualcheck`. If any manual check wasn't reviewed and isn't in `.appinspect.manualcheck` then the job fails. ## Example usage @@ -66,20 +89,26 @@ When `appinspect-cli-action` is called with `manual` tag, it scans the package w with: app_path: 'test' ``` -### Downloading manual checks markdown -If the comparison is successful then a markdown consisting a table with manual check names and comments is generated. It can be uploaded to artifacts. +### Downloading markdowns +If the comparison is successful then a markdown consisting a table with check names and comments is generated. It can be uploaded to artifacts. ```yml - uses: actions/checkout@v2 - uses: splunk/appinspect-cli-action@v1.3 with: app_path: 'test' - included_tags: manual + included_tags: cloud manual_check_markdown: manual_check_markdown.txt + expected_failure_markdown: expected_failure_markdown.txt - name: upload-manual-check-markodown uses: actions/upload-artifact@v2 with: name: manual_check_markdown.txt path: manual_check_markdown.txt +- name: upload-expected_failure-markodown + uses: actions/upload-artifact@v2 + with: + name: expected_failure_markdown.txt + path: expected_failure_markdown.txt ``` The markdown is ready to paste into confluence, by: `Edit -> Insert more content -> Markup`, change insert type to `Markdown` and paste the contents of the file. diff --git a/action.yml b/action.yml index ee5c8e3..e6bf0a8 100644 --- a/action.yml +++ b/action.yml @@ -15,11 +15,11 @@ inputs: description: "Tags to exclude" required: false appinspect_manual_checks: - description: "Path to file with list of manual checks" + description: "Path to file which contains list of manual checks" required: false default: ".appinspect.manualcheck" appinspect_expected_failures: - description: "Path to file with list of expected appinspect failures" + description: "Path to file which contains list of expected appinspect failures" required: false default: ".appinspect.expect" manual_check_markdown: @@ -27,7 +27,7 @@ inputs: required: false default: "manual_check_markdown.txt" expected_failure_markdown: - description: "Path to generated file with markdown for exceptions" + description: "Path to generated file with markdown for expected appinspect failures" required: false default: "expected_failure_markdown.txt" outputs: diff --git a/reporter.py b/reporter.py index bc8c652..cb1fe3c 100644 --- a/reporter.py +++ b/reporter.py @@ -1,8 +1,7 @@ import json +import os import sys import tabulate -import os -from pprint import pprint class BCOLORS: HEADER = "\033[95m" From b07851fde99f10713bf8e3c425f2a41f83303719 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Tue, 3 Jan 2023 17:54:59 +0530 Subject: [PATCH 35/37] test: resolved review comments --- README.md | 4 ++-- action.yml | 4 ++-- entrypoint.sh | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 3515d28..577ebf1 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ name_of_exception_2: Please note that your comment can't be empty, it must include ticket id of ADDON/APPCERT project associated with the exception and the names of exceptions should be aligned with those from `result_file`. ### Running the job -When `appinspect-cli-action` is called, it scans the package with Splunk's AppInspect CLI. If there are any failures observed then action compares `results_file` with `.appinspect.expect`. If that failure isn't present in `appinspect.expect` or it does not contain an appropriate comment(containing ADDON/APPCERT ticket id associated with the exception) then the job fails with proper failure reason. In the next step, action compares `results_file` with `.appinspect.manualcheck`. If any manual check wasn't reviewed and isn't in `.appinspect.manualcheck` then the job fails. +When `appinspect-cli-action` is called, it scans the package with Splunk's AppInspect CLI. If there are any failures observed then action compares `results_file` with `.appinspect.expect`. If that failure isn't present in `appinspect.expect` or it does not contain an appropriate comment(containing ADDON/APPCERT ticket id associated with the exception) then the job fails with proper failure reason. In the next step, action compares `results_file` with `.appinspect.manualcheck`. If any manual check wasn't reviewed by addon developer and isn't in `.appinspect.manualcheck` then the job fails. ## Example usage @@ -96,7 +96,7 @@ If the comparison is successful then a markdown consisting a table with check na - uses: splunk/appinspect-cli-action@v1.3 with: app_path: 'test' - included_tags: cloud + included_tags: {appinspect-tags-to-include} manual_check_markdown: manual_check_markdown.txt expected_failure_markdown: expected_failure_markdown.txt - name: upload-manual-check-markodown diff --git a/action.yml b/action.yml index e6bf0a8..1214b91 100644 --- a/action.yml +++ b/action.yml @@ -23,11 +23,11 @@ inputs: required: false default: ".appinspect.expect" manual_check_markdown: - description: "Path to generated file with markdown for manual checks" + description: "Path for generated file with markdown for manual checks" required: false default: "manual_check_markdown.txt" expected_failure_markdown: - description: "Path to generated file with markdown for expected appinspect failures" + description: "Path for generated file with markdown for expected appinspect failures" required: false default: "expected_failure_markdown.txt" outputs: diff --git a/entrypoint.sh b/entrypoint.sh index c6c299d..5d21e33 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -42,11 +42,11 @@ python3 /reporter.py $INPUT_RESULT_FILE exit_code=$? echo "::endgroup::" -exit_code_failure=$exit_code +exit_code_failure_check=$exit_code if [ $exit_code != 0 ]; then echo "::group::failure_checks" python3 /compare_checks.py $INPUT_APPINSPECT_EXPECTED_FAILURES $INPUT_RESULT_FILE "failure" - exit_code_failure=$? + exit_code_failure_check=$? echo "::endgroup::" fi @@ -55,7 +55,7 @@ python3 /compare_checks.py $INPUT_APPINSPECT_MANUAL_CHECKS $INPUT_RESULT_FILE "m exit_code_manual_check=$? echo "::endgroup::" -if [ $exit_code_failure == 0 ] && [ $exit_code_manual_check == 0 ] ; then +if [ $exit_code_failure_check == 0 ] && [ $exit_code_manual_check == 0 ] ; then echo "::group::generate_markdown" echo "successful comparison, generating markdown" python3 /export_to_markdown.py $INPUT_APPINSPECT_MANUAL_CHECKS $INPUT_MANUAL_CHECK_MARKDOWN @@ -63,4 +63,4 @@ if [ $exit_code_failure == 0 ] && [ $exit_code_manual_check == 0 ] ; then echo "::endgroup::" fi -exit "$(($exit_code_failure || $exit_code_manual_check))" \ No newline at end of file +exit "$(($exit_code_failure_check || $exit_code_manual_check))" \ No newline at end of file From 5f516602521cabd2f65dac3c2fc3df484bc0f837 Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 4 Jan 2023 12:28:18 +0530 Subject: [PATCH 36/37] test: pre-commit fixes and added yaml extension --- README.md | 10 +++++----- action.yml | 4 ++-- compare_checks.py | 2 +- entrypoint.sh | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 577ebf1..d876174 100644 --- a/README.md +++ b/README.md @@ -33,13 +33,13 @@ Appinspect tags to exclude Path to file which contains list of manual checks `required`: `false` -`default`: `.appinspect.manualcheck` +`default`: `.appinspect.manualcheck.yaml` ### `appinspect_expected_failures` Path to file which contains list of expected appinspect failures `required`: `false` -`default`: `.appinspect.expect` +`default`: `.appinspect.expect.yaml` ### `manual_check_markdown` Path to generated file with markdown for manual checks @@ -60,7 +60,7 @@ Path to generated file with markdown for expected appinspect failures `pass|fail` ### Manual checks review -To see checks to be verified, inspect the `result_file` from `appinspect-cli-action`. Verify manual checks and mark them as reviewed by adding them one by one into `.appinspect.manualcheck`, ex: +To see checks to be verified, inspect the `result_file` from `appinspect-cli-action`. Verify manual checks and mark them as reviewed by adding them one by one into `.appinspect.manualcheck.yaml`, ex: ```yml name_of_manual_check_1: comment: 'your comment' @@ -70,7 +70,7 @@ name_of_manual_check_2: Please note that names of validated manual checks should be aligned with those from `result_file` and your comment can't be empty. ### Failure checks review -To mark Failures as expected, add them into `.appinspect.expect` with proper comment containing ticket id of ADDON/APPCERT project associated with the exception, ex: +To mark Failures as expected, add them into `.appinspect.expect.yaml` with proper comment containing ticket id of ADDON/APPCERT project associated with the exception, ex: ```yml name_of_exception_1: comment: 'ADDON-123: your comment' @@ -80,7 +80,7 @@ name_of_exception_2: Please note that your comment can't be empty, it must include ticket id of ADDON/APPCERT project associated with the exception and the names of exceptions should be aligned with those from `result_file`. ### Running the job -When `appinspect-cli-action` is called, it scans the package with Splunk's AppInspect CLI. If there are any failures observed then action compares `results_file` with `.appinspect.expect`. If that failure isn't present in `appinspect.expect` or it does not contain an appropriate comment(containing ADDON/APPCERT ticket id associated with the exception) then the job fails with proper failure reason. In the next step, action compares `results_file` with `.appinspect.manualcheck`. If any manual check wasn't reviewed by addon developer and isn't in `.appinspect.manualcheck` then the job fails. +When `appinspect-cli-action` is called, it scans the package with Splunk's AppInspect CLI. If there are any failures observed then action compares `results_file` with `.appinspect.expect.yaml`. If that failure isn't present in `.appinspect.expect.yaml` or it does not contain an appropriate comment(containing ADDON/APPCERT ticket id associated with the exception) then the job fails with proper failure reason. In the next step, action compares `results_file` with `.appinspect.manualcheck.yaml`. If any manual check wasn't reviewed by addon developer and isn't in `.appinspect.manualcheck.yaml` then the job fails. ## Example usage diff --git a/action.yml b/action.yml index 1214b91..d7849eb 100644 --- a/action.yml +++ b/action.yml @@ -17,11 +17,11 @@ inputs: appinspect_manual_checks: description: "Path to file which contains list of manual checks" required: false - default: ".appinspect.manualcheck" + default: ".appinspect.manualcheck.yaml" appinspect_expected_failures: description: "Path to file which contains list of expected appinspect failures" required: false - default: ".appinspect.expect" + default: ".appinspect.expect.yaml" manual_check_markdown: description: "Path for generated file with markdown for manual checks" required: false diff --git a/compare_checks.py b/compare_checks.py index cb08910..1e4966b 100644 --- a/compare_checks.py +++ b/compare_checks.py @@ -37,7 +37,7 @@ def validate_comment(vetting_data): def compare( check_type: str, - vetting_file: str = ".appinspect.manualcheck", + vetting_file: str = ".appinspect.manualcheck.yaml", appinspect_result_file: str = "appinspect_output.json", ) -> List[str]: """ diff --git a/entrypoint.sh b/entrypoint.sh index 5d21e33..b792dc5 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -63,4 +63,4 @@ if [ $exit_code_failure_check == 0 ] && [ $exit_code_manual_check == 0 ] ; then echo "::endgroup::" fi -exit "$(($exit_code_failure_check || $exit_code_manual_check))" \ No newline at end of file +exit "$(($exit_code_failure_check || $exit_code_manual_check))" From be7541ab5d63cb557f37f0a076003d0653ed0efb Mon Sep 17 00:00:00 2001 From: truptilangalia-crest <79827058+truptilangalia-crest@users.noreply.github.com> Date: Wed, 4 Jan 2023 14:30:12 +0530 Subject: [PATCH 37/37] test: conflict from main --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index d7849eb..60a4574 100644 --- a/action.yml +++ b/action.yml @@ -35,4 +35,4 @@ outputs: description: "value is success/fail based on app inspect result" runs: using: "docker" - image: "Dockerfile" + image: "docker://ghcr.io/splunk/appinspect-cli-action/appinspect-cli-action:v1.5.1"
manual checkcheck comment
{manual_check} +{check} {comment}