[deps]: Update poetry minor #395
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| workflow_dispatch: | |
| schedule: | |
| # Splunk App Inspect checks - https://dev.splunk.com/enterprise/docs/whatsnew/#AppInspect-updates | |
| - cron: "0 0 1 * *" | |
| jobs: | |
| cloc: | |
| name: CLOC | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install cloc | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get -y install cloc | |
| - name: Print lines of code | |
| run: cloc --include-lang CSS,JavaScript,XML,Python --vcs git | |
| build-artifacts: | |
| name: Build artifacts | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| app: | |
| - id: "bitwarden_event_logs" | |
| name: "Bitwarden Event Logs" | |
| - id: "bitwarden_event_logs_beta" | |
| name: "Bitwarden Event Logs (beta)" | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Change app name | |
| run: | | |
| find . -type f -exec sed -i 's/bitwarden_event_logs_beta/${{ matrix.app.id }}/g' {} \; | |
| find . -type f -exec sed -i 's/Bitwarden Event Logs (beta)/${{ matrix.app.name }}/g' {} \; | |
| - name: Install poetry | |
| run: pipx install poetry | |
| - name: Set up Python 3.9 | |
| uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # 5.3.0 | |
| with: | |
| python-version: "3.9" | |
| - name: Print environment | |
| run: | | |
| poetry env info | |
| echo "GitHub ref: $GITHUB_REF" | |
| echo "GitHub event: $GITHUB_EVENT" | |
| - name: Pull dependencies | |
| run: | | |
| poetry env use 3.9 | |
| poetry install --no-cache --no-root | |
| poetry self add poetry-plugin-export | |
| mkdir package/lib | |
| poetry export -f requirements.txt --output package/lib/requirements.txt | |
| poetry install --no-cache --no-root --with dev,test,splunkslim | |
| - name: Tests | |
| run: poetry run pytest | |
| - name: Build Splunk App | |
| run: | | |
| mkdir package/bin | |
| cp -R src/* package/bin/ | |
| export APP_VERSION=$(poetry version | awk -F ' ' '{print $2}') | |
| poetry run ucc-gen build --ta-version ${APP_VERSION} | |
| # cleanup python files | |
| rm -rf output/${{ matrix.app.id }}/{bin,lib}/__pycache__ | |
| rm -rf output/${{ matrix.app.id }}/bin/{bitwarden_event_logs_rh_settings.py,import_declare_test.py} | |
| # remove ucc-gen not used files | |
| rm -rf output/${{ matrix.app.id }}/appserver/static/{css,js,openapi.json} | |
| rm -rf output/${{ matrix.app.id }}/appserver/templates/base.html | |
| rm -rf output/${{ matrix.app.id }}/default/{restmap.conf,web.conf,bitwarden_event_logs_settings.conf} | |
| rm -rf output/${{ matrix.app.id }}/README/bitwarden_event_logs_settings.conf.spec | |
| poetry run ucc-gen package --path output/${{ matrix.app.id }} -o output/ | |
| mv output/bitwarden_event_logs*.tar.gz output/${{ matrix.app.id }}.tar.gz | |
| - name: Validate artifact | |
| run: | | |
| poetry run slim validate output/${{ matrix.app.id }}.tar.gz 2>&1 | tee output.txt | |
| if grep -q "\[ERROR\]" "output.txt"; then | |
| echo "ERROR(s) found." | |
| exit 1 | |
| fi | |
| rm -f output.txt | |
| poetry run splunk-appinspect inspect --mode precert output/${{ matrix.app.id }}.tar.gz 2>&1 | tee output.txt | |
| if ! grep -q -E "error:[ \t]+0" "output.txt"; then | |
| echo "ERRORS(s) found." | |
| exit 1 | |
| fi | |
| if ! grep -q -E "failure:[ \t]+0" "output.txt"; then | |
| echo "ERRORS(s) found." | |
| exit 1 | |
| fi | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
| with: | |
| name: ${{ matrix.app.id }}.tar.gz | |
| path: output/${{ matrix.app.id }}.tar.gz | |
| if-no-files-found: error | |
| check-failures: | |
| name: Check for failures | |
| if: always() | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - cloc | |
| - build-artifacts | |
| steps: | |
| - name: Check if any job failed | |
| if: | | |
| (github.ref == 'refs/heads/main' | |
| || github.ref == 'refs/heads/rc' | |
| || github.ref == 'refs/heads/hotfix-rc') | |
| && contains(needs.*.result, 'failure') | |
| run: exit 1 | |
| - name: Login to Azure - CI subscription | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| if: failure() | |
| with: | |
| creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| if: failure() | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "devops-alerts-slack-webhook-url" | |
| - name: Notify Slack on failure | |
| uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 | |
| if: failure() | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }} | |
| with: | |
| status: ${{ job.status }} |