chore(release): 3.3.0 #366
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| - "develop" | |
| pull_request: | |
| branches: [main, develop] | |
| jobs: | |
| fossa-scan: | |
| continue-on-error: true | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: run fossa anlyze and create report | |
| run: | | |
| curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash | |
| fossa analyze --debug | |
| fossa report attribution --format text > /tmp/THIRDPARTY | |
| env: | |
| FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
| - name: upload THIRDPARTY file | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: THIRDPARTY | |
| path: /tmp/THIRDPARTY | |
| - name: run fossa test | |
| run: | | |
| fossa test --debug | |
| env: | |
| FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | |
| compliance-copyrights: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: apache/[email protected] | |
| test-unit: | |
| name: Test Unit ${{ matrix.splunk-version }} | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| splunk-version: | |
| - "8.2" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.7 | |
| - run: curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
| - name: Install Splunk | |
| run: | | |
| pip install --user git+https://github.com/pixelb/crudini | |
| export SPLUNK_PRODUCT=splunk | |
| export SPLUNK_VERSION=$(crudini --get deps/build/addonfactory_test_matrix_splunk/splunk_matrix.conf "${{ matrix.splunk-version }}" VERSION) | |
| export SPLUNK_BUILD=$(crudini --get deps/build/addonfactory_test_matrix_splunk/splunk_matrix.conf "${{ matrix.splunk-version }}" BUILD) | |
| export SPLUNK_SLUG=$SPLUNK_VERSION-SPLUNK_BUILD | |
| export SPLUNK_ARCH=x86_64 | |
| export SPLUNK_LINUX_FILENAME=splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz | |
| export SPLUNK_BUILD_URL=https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_LINUX_FILENAME} | |
| echo $SPLUNK_BUILD_URL | |
| export SPLUNK_HOME=/opt/splunk | |
| sudo wget -qO /tmp/splunk.tgz ${SPLUNK_BUILD_URL} | |
| sudo tar -C /opt -zxf /tmp/splunk.tgz | |
| sudo chown -R $USER:$USER /opt/splunk | |
| echo -e "[user_info]\nUSERNAME=Admin\nPASSWORD=Chang3d"'!' | sudo tee -a /opt/splunk/etc/system/local/user-seed.conf | |
| echo 'OPTIMISTIC_ABOUT_FILE_LOCKING=1' | sudo tee -a /opt/splunk/etc/splunk-launch.conf | |
| # | |
| /opt/splunk/bin/splunk start --accept-license | |
| env: | |
| SPLUNK_VERSION: 8.2 | |
| - name: Install Code | |
| run: poetry install | |
| - name: Run Pytest with coverage | |
| run: poetry run pytest --cov=./cloudconnectlib --cov-report=xml --junitxml=test-results/junit.xml test/unit | |
| env: | |
| SPLUNK_HOME: "/opt/splunk" | |
| - uses: actions/upload-artifact@v4 # upload test results | |
| if: success() || failure() # run this step even if previous step failed | |
| with: | |
| name: test-results-unit-python_${{ matrix.python-version }} | |
| path: test-results/* | |
| pre-commit: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.7" | |
| - uses: pre-commit/[email protected] | |
| semgrep: | |
| uses: splunk/sast-scanning/.github/workflows/sast-scan.yml@main | |
| secrets: | |
| SEMGREP_KEY: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} | |
| build: | |
| name: Build Release | |
| needs: | |
| - test-unit | |
| - compliance-copyrights | |
| - fossa-scan | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| #Very Important semantic-release won't trigger a tagged | |
| #build if this is not set false | |
| persist-credentials: false | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.7" | |
| - name: Install Poetry | |
| run: | | |
| curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1 | |
| poetry build | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: THIRDPARTY | |
| - name: Update Notices | |
| run: cp -f THIRDPARTY NOTICE | |
| - id: semantic | |
| uses: splunk/[email protected] | |
| with: | |
| git_committer_name: ${{ secrets.SA_GH_USER_NAME }} | |
| git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }} | |
| gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.SA_GPG_PASSPHRASE }} | |
| extra_plugins: | | |
| semantic-release-replace-plugin | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }} | |
| - if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | |
| run: | | |
| poetry build | |
| poetry publish -n -u ${{ secrets.PYPI_USERNAME }} -p ${{ secrets.PYPI_TOKEN }} |