This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: lightweight-check | |
| on: | |
| workflow_call: | |
| secrets: | |
| GH_TOKEN_ADMIN: | |
| description: Github admin token | |
| required: true | |
| SA_GH_USER_NAME: | |
| description: GPG signature username | |
| required: true | |
| SA_GH_USER_EMAIL: | |
| description: GPG signature user email | |
| required: true | |
| SA_GPG_PRIVATE_KEY: | |
| description: GPG signature private key | |
| required: true | |
| SA_GPG_PASSPHRASE: | |
| description: GPG signature passphrase | |
| required: true | |
| SEMGREP_PUBLISH_TOKEN: | |
| description: Semgrep token | |
| required: true | |
| AWS_ACCESS_KEY_ID: | |
| description: AWS access key id | |
| required: true | |
| AWS_DEFAULT_REGION: | |
| description: AWS default region | |
| required: true | |
| AWS_SECRET_ACCESS_KEY: | |
| description: AWS secret access key | |
| required: true | |
| VT_API_KEY: | |
| description: Virustotal api key | |
| required: true | |
| SPL_COM_USER: | |
| description: username to splunk.com | |
| required: true | |
| SPL_COM_PASSWORD: | |
| description: password to splunk.com | |
| required: true | |
| FOSSA_API_KEY: | |
| description: API token for FOSSA app | |
| required: true | |
| permissions: | |
| contents: read | |
| packages: read | |
| concurrency: | |
| # allows for running this workflow simultaneously with main `resable-build-test-release.yml | |
| group: ${{ github.head_ref || github.run_id }}-lightweight | |
| cancel-in-progress: true | |
| jobs: | |
| get-called-sha: | |
| name: Get called SHA | |
| runs-on: ubuntu-latest | |
| outputs: | |
| sha: ${{ steps.get-sha.outputs.caller-sha }} | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: fix/lightweight-workflow-ADDON-66448 | |
| - id: get-sha | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/_called-wf-sha | |
| with: | |
| GH_TOKEN_ADMIN: ${{ secrets.GH_TOKEN_ADMIN }} | |
| validate-pr-title: | |
| name: Validate PR title | |
| runs-on: ubuntu-latest | |
| needs: get-called-sha | |
| if: ${{ github.event_name == 'pull_request' }} | |
| permissions: | |
| contents: read | |
| packages: read | |
| pull-requests: read | |
| statuses: write | |
| steps: | |
| - uses: jenseng/dynamic-uses@v1 | |
| with: | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/validate-pr-title@${{ needs.get-called-sha.outputs.sha }} | |
| with: | |
| '{ "GITHUB_TOKEN": "${{ github.token }}" }' | |
| meta: | |
| name: Prepare metadata | |
| runs-on: ubuntu-latest | |
| outputs: | |
| sc4s: ${{ steps.meta.outputs.sc4s }} | |
| needs: get-called-sha | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run meta preparation | |
| id: meta | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/meta | |
| with: | |
| SA_GH_USER_NAME: ${{ secrets.SA_GH_USER_NAME }} | |
| SA_GH_USER_EMAIL: ${{ secrets.SA_GH_USER_EMAIL }} | |
| SA_GPG_PRIVATE_KEY: ${{ secrets.SA_GPG_PRIVATE_KEY }} | |
| SA_GPG_PASSPHRASE: ${{ secrets.SA_GPG_PASSPHRASE }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| fossa-scan: | |
| name: FOSSA scan | |
| runs-on: ubuntu-latest | |
| needs: get-called-sha | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run FOSSA scan | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/fossa-scan | |
| with: | |
| FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
| fossa-test: | |
| name: FOSSA test | |
| runs-on: ubuntu-latest | |
| needs: | |
| - fossa-scan | |
| - get-called-sha | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run FOSSA test | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/fossa-test | |
| with: | |
| FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
| compliance-copyrights: | |
| name: Compliance copyrights | |
| runs-on: ubuntu-latest | |
| needs: get-called-sha | |
| steps: | |
| - uses: jenseng/dynamic-uses@v1 | |
| with: | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/compliance-copyrights@${{ needs.get-called-sha.outputs.sha }} | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| needs: get-called-sha | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| fetch-depth: 0 | |
| - name: Run linting checks | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/lint | |
| review-secrets: | |
| name: Review secrets | |
| runs-on: ubuntu-latest | |
| needs: get-called-sha | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run secrets review | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/review-secrets | |
| semgrep: | |
| name: Semgrep security check | |
| runs-on: ubuntu-latest | |
| needs: get-called-sha | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run semgrep | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/semgrep | |
| with: | |
| SEMGREP_PUBLISH_TOKEN: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} | |
| test-inventory: | |
| name: Test inventory | |
| runs-on: ubuntu-latest | |
| outputs: | |
| unit: ${{ steps.test-inventory.outputs.unit }} | |
| ucc_modinput_functional: ${{ steps.test-inventory.outputs.ucc_modinput_functional}} | |
| modinput_functional: ${{ steps.test-inventory.outputs.modinput_functional}} | |
| requirement_test: ${{ steps.test-inventory.outputs.requirement_test }} | |
| needs: get-called-sha | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run test inventory check | |
| id: test-inventory | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/test-inventory | |
| # Two separate unit test jobs needed as jobs that depend on unit-test success can't proceed | |
| # if any matrix job fails. Currently python 3.9 may fail as it's not supported in all TAs. | |
| # TODO: group these jobs into the matrix once python 3.9 is supported | |
| run-unit-tests-3_7: | |
| name: Unit tests 3.7 | |
| if: ${{ needs.test-inventory.outputs.unit == 'true' }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - test-inventory | |
| - get-called-sha | |
| permissions: | |
| actions: read | |
| deployments: read | |
| contents: read | |
| packages: read | |
| statuses: read | |
| checks: write | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run unit tests for python 3.7 | |
| id: unit-tests-3_7 | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/unit-tests | |
| with: | |
| python_version: '3.7' | |
| GH_TOKEN_ADMIN: ${{ secrets.GH_TOKEN_ADMIN }} | |
| run-unit-tests-3_9: | |
| name: Unit tests 3.9 | |
| if: ${{ needs.test-inventory.outputs.unit == 'true' }} | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| needs: | |
| - test-inventory | |
| - get-called-sha | |
| permissions: | |
| actions: read | |
| deployments: read | |
| contents: read | |
| packages: read | |
| statuses: read | |
| checks: write | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run unit tests for python 3.9 | |
| id: unit-tests-3_9 | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/unit-tests | |
| with: | |
| python_version: '3.9' | |
| GH_TOKEN_ADMIN: ${{ secrets.GH_TOKEN_ADMIN }} | |
| build: | |
| name: Build python-${{ matrix.python-version }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - test-inventory | |
| - meta | |
| - compliance-copyrights | |
| - lint | |
| - review-secrets | |
| - semgrep | |
| - run-unit-tests-3_7 | |
| - fossa-scan | |
| - get-called-sha | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| python-version: | |
| - "3.7" | |
| - "3.9" | |
| if: ${{ !cancelled() && (needs.run-unit-tests-3_7.result == 'success' || needs.run-unit-tests-3_7.result == 'skipped') }} | |
| permissions: | |
| contents: write | |
| packages: read | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run build | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/build | |
| with: | |
| python_version: ${{ matrix.python-version }} | |
| SA_GH_USER_NAME: ${{ secrets.SA_GH_USER_NAME }} | |
| SA_GH_USER_EMAIL: ${{ secrets.SA_GH_USER_EMAIL }} | |
| SA_GPG_PRIVATE_KEY: ${{ secrets.SA_GPG_PRIVATE_KEY }} | |
| SA_GPG_PASSPHRASE: ${{ secrets.SA_GPG_PASSPHRASE }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| ucc_modinput_functional: ${{ needs.test-inventory.outputs.ucc_modinput_functional}} | |
| modinput_functional: ${{ needs.test-inventory.outputs.modinput_functional}} | |
| virustotal: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - get-called-sha | |
| if: ${{ !cancelled() && needs.build.result == 'success' }} | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run VirusTotal check | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/virustotal | |
| with: | |
| VT_API_KEY: ${{ secrets.VT_API_KEY }} | |
| run-requirements-unit-tests: | |
| name: Requirements unit tests | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - test-inventory | |
| - get-called-sha | |
| if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.requirement_test == 'true' }} | |
| permissions: | |
| actions: read | |
| deployments: read | |
| contents: read | |
| packages: read | |
| statuses: read | |
| checks: write | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run requirements unit tests | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/requirements-unit-tests | |
| appinspect-cli: | |
| name: AppInspect CLI ${{ matrix.tags }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - get-called-sha | |
| if: ${{ !cancelled() && needs.build.result == 'success' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tags: | |
| - "cloud" | |
| - "appapproval" | |
| - "deprecated_feature" | |
| - "developer_guidance" | |
| - "future" | |
| - "self-service" | |
| - "splunk_appinspect" | |
| - "manual" | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run appinspect CLI | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/appinspect-cli | |
| with: | |
| matrix_tags: ${{ matrix.tags }} | |
| artifact-registry: | |
| name: Artifact registry | |
| runs-on: ubuntu-latest | |
| needs: | |
| - virustotal | |
| - meta | |
| - get-called-sha | |
| if: ${{ !cancelled() && needs.virustotal.result == 'success' && needs.meta.result == 'success' }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Repo checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: splunk/addonfactory-workflow-addon-release | |
| ref: ${{ needs.get-called-sha.outputs.sha }} | |
| - name: Run artifact registry | |
| uses: splunk/addonfactory-workflow-addon-release/.github/actions/artifact-registry | |
| with: | |
| sc4s: ${{ needs.meta.outputs.sc4s }} |