-
Notifications
You must be signed in to change notification settings - Fork 3
145 lines (131 loc) · 4.12 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: CI
on:
push:
branches:
- "main"
- "develop"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches:
- "main"
- "develop"
jobs:
# Run linters to help validate source code
lint:
name: Lint Code Base
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Lint Code Base
uses: github/super-linter@v4
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FILTER_REGEX_EXCLUDE: .*\.github/.*
VALIDATE_PYTHON_BLACK: false
# Semgrep detects and prevents bugs and anti-patterns in your codebase
semgrep:
name: Semgrep Scan
runs-on: ubuntu-latest
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Semgrep scan
uses: returntocorp/semgrep-action@v1
with:
config: p/r2c
# Build, package, inspect, and upload artifacts
build:
name: Build
needs:
- lint
- semgrep
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
# semantic-release won't trigger a tagged build if this is not set false
persist-credentials: false
# Our add-on contains Python code, so we need to install Python in the container
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: 3.7
# Install any dev Python requirements in requirements_dev.txt
- name: Install Python dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements_dev.txt ]; then pip install -r requirements_dev.txt; fi
# Get globalConfig contents as a variable
- name: Get globalConfig.json Settings
id: get-globalConfig
run: |
content=`cat globalConfig.json`
# the following lines are only required for multi line json
content="${content//'%'/'%25'}"
content="${content//$'\n'/'%0A'}"
content="${content//$'\r'/'%0D'}"
# end of optional handling for multi line json
echo "::set-output name=globalConfigJson::$content"
# Build the package with UCC generator
- name: Build Splunk Package
id: uccgen
uses: splunk/addonfactory-ucc-generator-action@v1
with:
version: ${{ fromJson(steps.get-globalConfig.outputs.globalConfigJson).meta.version }}
- name: Package Splunk App with SLIM
id: slim
uses: splunk/addonfactory-packaging-toolkit-action@v1
with:
source: ${{ steps.uccgen.outputs.OUTPUT }}
- name: Upload SLIM raw package as an artifact
uses: actions/upload-artifact@v2
with:
name: package-raw
path: ${{ steps.uccgen.outputs.OUTPUT }}**
if: always()
- name: Upload SLIM splunkbase package as an artifact
uses: actions/upload-artifact@v2
with:
name: package-splunkbase
path: ${{ steps.slim.outputs.OUTPUT }}
if: always()
- name: Upload SLIM deployment parts as an artifact
uses: actions/upload-artifact@v2
with:
name: package-deployment
path: build/package/deployment**
if: always()
# Run AppInspect CLI
appinspect-cli:
name: AppInspect CLI
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
tags:
- "cloud"
- "appapproval"
- "deprecated_feature"
- "developer_guidance"
- "future"
- "self-service"
- "splunk_appinspect"
steps:
- uses: actions/download-artifact@v2
with:
name: package-splunkbase
path: build/package/
- name: Run AppInspect CLI
uses: splunk/appinspect-cli-action@v1.1.1
with:
app_path: build/package/
included_tags: ${{ matrix.tags }}