This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-test-release | ||
on: | ||
workflow_call: | ||
inputs: | ||
marker: | ||
required: false | ||
description: 'Parallel run mod_input marker' | ||
type: string | ||
default: >- | ||
[""] | ||
ui_marker: | ||
required: false | ||
description: 'Parallel run ui marker' | ||
type: string | ||
default: >- | ||
[""] | ||
k8s-environment: | ||
required: false | ||
description: Specifies which environment to use for k8s testing. ["production", "staging"] | ||
type: string | ||
default: "production" | ||
k8s-manifests-branch: | ||
required: false | ||
description: "branch for k8s manifests to run the tests on" | ||
type: string | ||
default: "v3.0.3" | ||
scripted-inputs-os-list: | ||
required: false | ||
description: "list of OS used for scripted input tests" | ||
type: string | ||
default: >- | ||
["ubuntu:14.04", "ubuntu:16.04","ubuntu:18.04","ubuntu:22.04", "ubuntu:24.04", "redhat:8.4", "redhat:8.5", "redhat:8.6", "redhat:8.8"] | ||
secrets: | ||
GH_TOKEN_ADMIN: | ||
description: Github admin token | ||
required: true | ||
SEMGREP_PUBLISH_TOKEN: | ||
description: Semgrep token | ||
required: true | ||
AWS_ACCESS_KEY_ID: | ||
description: AWS access key id | ||
required: true | ||
AWS_DEFAULT_REGION: | ||
description: AWS default region | ||
required: true | ||
AWS_SECRET_ACCESS_KEY: | ||
description: AWS secret access key | ||
required: true | ||
OTHER_TA_REQUIRED_CONFIGS: | ||
description: other required configs | ||
required: true | ||
FOSSA_API_KEY: | ||
description: API token for FOSSA app | ||
required: true | ||
SA_GH_USER_NAME: | ||
description: GPG signature username | ||
required: true | ||
SA_GH_USER_EMAIL: | ||
description: GPG signature user email | ||
required: true | ||
SA_GPG_PRIVATE_KEY: | ||
description: GPG signature private key | ||
required: true | ||
SA_GPG_PASSPHRASE: | ||
description: GPG signature passphrase | ||
required: true | ||
SPL_COM_USER: | ||
description: username to splunk.com | ||
required: true | ||
SPL_COM_PASSWORD: | ||
description: password to splunk.com | ||
required: true | ||
permissions: | ||
contents: read | ||
packages: read | ||
concurrency: | ||
group: ${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
jobs: | ||
setup-workflow: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
execute-knowledge-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_knowledge_labeled }} | ||
execute-ui-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_ui_labeled }} | ||
execute-modinput-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_modinput_functional_labeled }} | ||
execute-scripted_inputs-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_scripted_inputs_labeled }} | ||
execute-requirement-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_requirement_test_labeled }} | ||
s3_bucket_k8s: ${{ steps.k8s-environment.outputs.s3_bucket }} | ||
argo_server_domain_k8s: ${{ steps.k8s-environment.outputs.argo_server_domain }} | ||
argo_token_secret_id_k8s: ${{ steps.k8s-environment.outputs.argo_token_secret_id }} | ||
steps: | ||
- name: set k8s environment | ||
id: k8s-environment | ||
run: | | ||
if [[ ${{ inputs.k8s-environment }} == 'staging' ]]; then | ||
echo "setting up argo variables for staging" | ||
{ | ||
echo "s3_bucket=ta-staging-artifacts" | ||
echo "argo_server_domain=argo.staging.wfe.splgdi.com" | ||
echo "argo_token_secret_id=ta-staging-github-workflow-automation-token" | ||
} >> "$GITHUB_OUTPUT" | ||
else | ||
echo "setting up argo variables for production" | ||
{ | ||
echo "s3_bucket=ta-production-artifacts" | ||
echo "argo_server_domain=argo.wfe.splgdi.com" | ||
echo "argo_token_secret_id=ta-github-workflow-automation-token" | ||
} >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: configure tests based on labels | ||
id: configure-tests-on-labels | ||
run: | | ||
set +e | ||
declare -A EXECUTE_LABELED | ||
TESTSET=("execute_knowledge" "execute_ui" "execute_modinput_functional" "execute_scripted_inputs" "execute_requirement_test") | ||
for test_type in "${TESTSET[@]}"; do | ||
EXECUTE_LABELED["$test_type"]="false" | ||
done | ||
case "${{ github.event_name }}" in | ||
"pull_request") | ||
labels=$(echo '${{ toJSON(github.event.pull_request.labels) }}' | jq -r '.[] | .name') | ||
if ${{ github.base_ref == 'main' }} && ${{ contains(github.event.pull_request.labels.*.name, 'use_labels') }}; then | ||
for test_type in "${TESTSET[@]}"; do | ||
if [[ "$labels" =~ $test_type ]]; then | ||
EXECUTE_LABELED["$test_type"]="true" | ||
fi | ||
done | ||
elif ${{ github.base_ref == 'main' }} || ${{ contains(github.event.pull_request.labels.*.name, 'execute_all_tests') }}; then | ||
for test_type in "${TESTSET[@]}"; do | ||
EXECUTE_LABELED["$test_type"]="true" | ||
done | ||
else | ||
for test_type in "${TESTSET[@]}"; do | ||
if [[ "$labels" =~ $test_type ]]; then | ||
EXECUTE_LABELED["$test_type"]="true" | ||
fi | ||
done | ||
fi | ||
;; | ||
"push") | ||
if ${{ github.ref_name == 'main' }} || ${{ github.ref_name == 'develop' }} || ${{ github.ref_type == 'tag' }} ; then | ||
for test_type in "${TESTSET[@]}"; do | ||
EXECUTE_LABELED["$test_type"]="true" | ||
done | ||
fi | ||
;; | ||
"schedule") | ||
for test_type in "${TESTSET[@]}"; do | ||
EXECUTE_LABELED["$test_type"]="true" | ||
done | ||
;; | ||
*) | ||
echo "No tests were labeled for execution!" | ||
;; | ||
esac | ||
echo "Tests to execute based on labels:" | ||
for test_type in "${TESTSET[@]}"; do | ||
echo "$test_type""_labeled=${EXECUTE_LABELED["$test_type"]}" >> "$GITHUB_OUTPUT" | ||
echo "$test_type""_labeled: ${EXECUTE_LABELED["$test_type"]}" | ||
done | ||
- name: job summary | ||
# run: echo "### Test-Types to be executed [${{ steps.configure-tests-on-labels.outputs.execute_knowledge_labeled }}, ]" >> $GITHUB_STEP_SUMMARY | ||
run: | | ||
echo "| Test-Types to be executed |" >> $GITHUB_STEP_SUMMARY | ||
echo "| ------------- |" >> $GITHUB_STEP_SUMMARY | ||
if ${{ steps.configure-tests-on-labels.outputs.execute_knowledge_labeled }}; then | ||
echo "| Knowledge |" >> $GITHUB_STEP_SUMMARY | ||
fi | ||
if ${{ steps.configure-tests-on-labels.outputs.execute_ui_labeled }}; then | ||
echo "| UI |" >> $GITHUB_STEP_SUMMARY | ||
fi | ||
if ${{ steps.configure-tests-on-labels.outputs.execute_modinput_functional_labeled }}; then | ||
echo "| Modinput |" >> $GITHUB_STEP_SUMMARY | ||
fi | ||
if ${{ steps.configure-tests-on-labels.outputs.execute_scripted_inputs_labeled }}; then | ||
echo "| Scripted Input |" >> $GITHUB_STEP_SUMMARY | ||
fi | ||
if ${{ steps.configure-tests-on-labels.outputs.execute_requirement_test_labeled }}; then | ||
echo "| Requirement |" >> $GITHUB_STEP_SUMMARY | ||
fi | ||
validate-pr-title: | ||
name: Validate PR title | ||
if: github.event_name == 'pull_request' | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
packages: read | ||
pull-requests: read | ||
statuses: write | ||
steps: | ||
- uses: amannn/[email protected] | ||
with: | ||
wip: true | ||
validateSingleCommit: true | ||
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
meta: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }} | ||
matrix_latestSplunk: ${{ steps.matrix.outputs.latestSplunk }} | ||
matrix_supportedSC4S: ${{ steps.matrix.outputs.supportedSC4S }} | ||
matrix_supportedModinputFunctionalVendors: ${{ steps.matrix.outputs.supportedModinputFunctionalVendors }} | ||
matrix_supportedUIVendors: ${{ steps.matrix.outputs.supportedUIVendors }} | ||
permissions: | ||
contents: write | ||
packages: read | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: false | ||
persist-credentials: false | ||
- id: matrix | ||
uses: splunk/[email protected] | ||
- name: job summary | ||
run: | | ||
# apt-get install jq | ||
splunk_version_list=${{ steps.matrix.outputs.supportedSplunk }} | ||
sc4s_version_list=${{ steps.matrix.outputs.supportedSC4S }} | ||
splunk_version_list1=$(echo "$splunk_version_list" | jq -r '.[].version') | ||
sc4s_version_list1=$(echo "$sc4s_version_list" | jq -r '.[].version') | ||
echo "Below are the splunk versions and sc4s version used for testing" | ||
echo "| Splunk versions | SC4S version |" >> $GITHUB_STEP_SUMMARY | ||
echo "| ------------- | ------------- |" >> $GITHUB_STEP_SUMMARY | ||
echo "| ${splunk_version_list} | ${sc4s_version_list} |" >> $GITHUB_STEP_SUMMARY | ||
echo "| ${splunk_version_list1} | ${sc4s_version_list1} |" >> $GITHUB_STEP_SUMMARY | ||
fossa-scan: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: run fossa analyze and create report | ||
run: | | ||
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash | ||
fossa analyze --debug | ||
fossa report attribution --format text --timeout 600 > /tmp/THIRDPARTY | ||
env: | ||
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | ||
- name: upload THIRDPARTY file | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: THIRDPARTY | ||
path: /tmp/THIRDPARTY | ||
fossa-test: | ||
continue-on-error: true | ||
runs-on: ubuntu-latest | ||
needs: | ||
- fossa-scan | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: run fossa test | ||
run: | | ||
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash | ||
fossa test --debug | ||
env: | ||
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} | ||
compliance-copyrights: | ||
name: compliance-copyrights | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: REUSE Compliance Check | ||
uses: fsfe/[email protected] | ||
lint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-python@v5 | ||
with: | ||
python-version: "3.7" | ||
- uses: pre-commit/[email protected] | ||
review_secrets: | ||
name: security-detect-secrets | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
if: github.event_name != 'pull_request' | ||
uses: actions/checkout@v4 | ||
with: | ||
submodules: false | ||
fetch-depth: "0" | ||
- name: Checkout for PR | ||
if: github.event_name == 'pull_request' | ||
uses: actions/checkout@v4 | ||
with: | ||
submodules: false | ||
fetch-depth: "0" | ||
ref: ${{ github.head_ref }} | ||
- name: Secret Scanning Trufflehog | ||
uses: trufflesecurity/[email protected] | ||
with: | ||
extra_args: -x .github/workflows/exclude-patterns.txt --json --only-verified | ||
version: 3.77.0 | ||
semgrep: | ||
runs-on: ubuntu-latest | ||
name: security-sast-semgrep | ||
container: | ||
image: returntocorp/semgrep | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Semgrep | ||
id: semgrep | ||
run: semgrep ci | ||
env: | ||
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} | ||
test-inventory: | ||
runs-on: ubuntu-latest | ||
# Map a step output to a job output | ||
outputs: | ||
unit: ${{ steps.testset.outputs.unit }} | ||
knowledge: ${{ steps.testset.outputs.knowledge }} | ||
ui: ${{ steps.testset.outputs.ui }} | ||
modinput_functional: ${{ steps.testset.outputs.modinput_functional }} | ||
requirement_test: ${{ steps.testset.outputs.requirement_test }} | ||
scripted_inputs: ${{ steps.testset.outputs.scripted_inputs }} | ||
ucc_modinput_functional: ${{ steps.modinput-version.outputs.ucc_modinput_tests }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- id: testset | ||
name: Check available test types | ||
run: | | ||
find tests -type d -maxdepth 1 -mindepth 1 | sed 's|^tests/||g' | while read -r TESTSET; do echo "$TESTSET=true" >> "$GITHUB_OUTPUT"; echo "$TESTSET::true"; done | ||
- id: modinput-version | ||
name: Check modinput tests version | ||
run: | | ||
CENTAURS_MODINPUT_TESTS_CHECK_DIR="tests/modinput_functional/centaurs" | ||
ucc_modinput_tests="true" | ||
if [ -d "$CENTAURS_MODINPUT_TESTS_CHECK_DIR" ]; then | ||
ucc_modinput_tests="false" | ||
fi | ||
echo "ucc_modinput_tests=$ucc_modinput_tests" >> "$GITHUB_OUTPUT" | ||
run-unit-tests: | ||
name: test-unit-python3-${{ matrix.python-version }} | ||
if: ${{ needs.test-inventory.outputs.unit == 'true' }} | ||
runs-on: ubuntu-latest | ||
needs: | ||
- test-inventory | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
python-version: | ||
- "3.7" | ||
permissions: | ||
actions: read | ||
deployments: read | ||
contents: read | ||
packages: read | ||
statuses: read | ||
checks: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
- name: Setup addon | ||
run: | | ||
if [ -f "poetry.lock" ] | ||
then | ||
mkdir -p package/lib || true | ||
python${{ matrix.python-version }} -m pip install poetry==1.5.1 poetry-plugin-export==1.4.0 | ||
poetry lock --check | ||
poetry export --without-hashes -o package/lib/requirements.txt | ||
poetry export --without-hashes --with dev -o requirements_dev.txt | ||
fi | ||
if [ ! -f requirements_dev.txt ]; then echo no requirements;exit 0 ;fi | ||
git config --global --add url."https://${{ secrets.GH_TOKEN_ADMIN }}@github.com".insteadOf https://github.com | ||
git config --global --add url."https://${{ secrets.GH_TOKEN_ADMIN }}@github.com".insteadOf ssh://[email protected] | ||
poetry install --with dev | ||
- name: Create directories | ||
run: | | ||
mkdir -p /opt/splunk/var/log/splunk | ||
chmod -R 777 /opt/splunk/var/log/splunk | ||
- name: Copy pytest ini | ||
run: cp tests/unit/pytest-ci.ini pytest.ini | ||
- name: Run Pytest with coverage | ||
run: poetry run pytest --cov=./ --cov-report=xml --junitxml=test-results/junit.xml tests/unit | ||
- uses: actions/upload-artifact@v4 | ||
if: success() || failure() | ||
with: | ||
name: test-results-unit-python_${{ matrix.python-version }} | ||
path: test-results/* | ||
run-unit-tests-3_9: | ||
name: test-unit-python3-${{ matrix.python-version }} | ||
if: ${{ needs.test-inventory.outputs.unit == 'true' }} | ||
runs-on: ubuntu-latest | ||
needs: | ||
- test-inventory | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
python-version: | ||
- "3.9" | ||
permissions: | ||
actions: read | ||
deployments: read | ||
contents: read | ||
packages: read | ||
statuses: read | ||
checks: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
- name: Setup addon | ||
run: | | ||
if [ -f "poetry.lock" ] | ||
then | ||
mkdir -p package/lib || true | ||
python${{ matrix.python-version }} -m pip install poetry==1.5.1 poetry-plugin-export==1.4.0 | ||
poetry lock --check | ||
poetry export --without-hashes -o package/lib/requirements.txt | ||
poetry export --without-hashes --with dev -o requirements_dev.txt | ||
fi | ||
if [ ! -f requirements_dev.txt ]; then echo no requirements;exit 0 ;fi | ||
git config --global --add url."https://${{ secrets.GH_TOKEN_ADMIN }}@github.com".insteadOf https://github.com | ||
git config --global --add url."https://${{ secrets.GH_TOKEN_ADMIN }}@github.com".insteadOf ssh://[email protected] | ||
poetry install --with dev | ||
- name: Create directories | ||
run: | | ||
mkdir -p /opt/splunk/var/log/splunk | ||
chmod -R 777 /opt/splunk/var/log/splunk | ||
- name: Copy pytest ini | ||
run: cp tests/unit/pytest-ci.ini pytest.ini | ||
- name: Run Pytest with coverage | ||
run: poetry run pytest --cov=./ --cov-report=xml --junitxml=test-results/junit.xml tests/unit | ||
- uses: actions/upload-artifact@v4 | ||
if: success() || failure() | ||
with: | ||
name: test-results-unit-python_${{ matrix.python-version }} | ||
path: test-results/* | ||
build: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- setup-workflow | ||
- test-inventory | ||
- meta | ||
- compliance-copyrights | ||
- lint | ||
- review_secrets | ||
- semgrep | ||
- run-unit-tests | ||
- fossa-scan | ||
if: ${{ !cancelled() && (needs.run-unit-tests.result == 'success' || needs.run-unit-tests.result == 'skipped') }} | ||
outputs: | ||
buildname: ${{ steps.buildupload.outputs.name }} | ||
permissions: | ||
contents: write | ||
packages: read | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
# Very Important semantic-release won't trigger a tagged | ||
# build if this is not set false | ||
persist-credentials: false | ||
- name: Setup python | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: 3.7 | ||
- name: create requirements file for pip | ||
run: | | ||
if [ -f "poetry.lock" ] | ||
then | ||
echo " poetry.lock found " | ||
python3.7 -m pip install poetry==1.5.1 poetry-plugin-export==1.4.0 | ||
poetry export --without-hashes -o requirements.txt | ||
if [ "$(grep -cve '^\s*$' requirements.txt)" -ne 0 ] | ||
then | ||
echo "Prod dependencies were found, creating package/lib folder" | ||
mkdir -p package/lib || true | ||
mv requirements.txt package/lib | ||
else | ||
echo "No prod dependencies were found" | ||
rm requirements.txt | ||
fi | ||
poetry export --without-hashes --with dev -o requirements_dev.txt | ||
cat requirements_dev.txt | ||
fi | ||
- name: Get pip cache dir | ||
id: pip-cache | ||
run: | | ||
echo "dir=$(pip cache dir)" >> "$GITHUB_OUTPUT" | ||
- name: Run Check there are libraries to scan | ||
id: checklibs | ||
run: if [ -f requirements_dev.txt ]; then echo "ENABLED=true" >> "$GITHUB_OUTPUT"; fi | ||
- name: pip cache | ||
if: ${{ steps.checklibs.outputs.ENABLED == 'true' }} | ||
uses: actions/cache@v4 | ||
with: | ||
path: ${{ steps.pip-cache.outputs.dir }} | ||
key: ${{ runner.os }}-pip-${{ hashFiles('requirements_dev.txt') }} | ||
restore-keys: | | ||
${{ runner.os }}-pip- | ||
- name: Install deps | ||
if: ${{ steps.checklibs.outputs.ENABLED == 'true' }} | ||
run: | | ||
git config --global --add url."https://${{ secrets.GH_TOKEN_ADMIN }}@github.com".insteadOf https://github.com | ||
git config --global --add url."https://${{ secrets.GH_TOKEN_ADMIN }}@github.com".insteadOf ssh://[email protected] | ||
pip install -r requirements_dev.txt | ||
- name: Semantic Release Get Next | ||
id: semantic | ||
if: github.event_name != 'pull_request' | ||
uses: splunk/[email protected] | ||
with: | ||
dry_run: true | ||
git_committer_name: ${{ secrets.SA_GH_USER_NAME }} | ||
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }} | ||
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }} | ||
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }} | ||
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
- name: Determine the version to build | ||
id: BuildVersion | ||
run: | | ||
INPUT_SEMVER="${{ steps.semantic.outputs.new_release_version }}" | ||
echo "Initial semver ${INPUT_SEMVER}" | ||
INPUT_PRNUMBER="${{ github.event.number }}" | ||
SEMVER_REGEX='^v?[0-9]+\.[0-9]+\.[0-9]+$' | ||
BETA_REGEX='^v?[0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+$' | ||
echo working with version $INPUT_SEMVER | ||
if [[ $INPUT_SEMVER =~ $SEMVER_REGEX ]]; | ||
then | ||
echo using provided semver | ||
VERSION=$INPUT_SEMVER | ||
elif [[ $INPUT_SEMVER =~ $BETA_REGEX ]]; | ||
then | ||
VERSION=$(echo $INPUT_SEMVER | awk '{gsub("-beta\.", "-B");print}') | ||
else | ||
if [[ $GITHUB_EVENT_NAME != 'pull_request' ]]; | ||
then | ||
echo this is not a release build and NOT PR RUNID + run ID | ||
VERSION=0.0.${GITHUB_RUN_ID} | ||
else | ||
echo this is not a release build and is a PR use run ID | ||
VERSION=0.${INPUT_PRNUMBER}.${GITHUB_RUN_ID} | ||
fi | ||
fi | ||
FINALVERSION="${VERSION//v}" | ||
echo "Version to build is ${FINALVERSION}" | ||
echo "VERSION=${FINALVERSION}" >> "$GITHUB_OUTPUT" | ||
- name: Download THIRDPARTY | ||
if: github.event_name != 'pull_request' && github.event_name != 'schedule' | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: THIRDPARTY | ||
- name: Download THIRDPARTY (Optional for PR and schedule) | ||
if: github.event_name == 'pull_request' || github.event_name == 'schedule' | ||
continue-on-error: true | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: THIRDPARTY | ||
- name: Update Notices | ||
run: | | ||
cp -f THIRDPARTY package/THIRDPARTY || echo "THIRDPARTY file not found (allowed for PR and schedule)" | ||
- name: Build Package | ||
id: uccgen | ||
uses: splunk/addonfactory-ucc-generator-action@v2 | ||
with: | ||
version: ${{ steps.BuildVersion.outputs.VERSION }} | ||
- name: Slim Package | ||
id: slim | ||
run: | | ||
pip install splunk-packaging-toolkit | ||
pip install semantic-version==2.6.0 | ||
INPUT_SOURCE=${{ steps.uccgen.outputs.OUTPUT }} | ||
SOURCE_REGEX='^.*/$' | ||
if [[ $INPUT_SOURCE =~ $SOURCE_REGEX ]];then | ||
echo Removing trailing / from INPUT_SOURCE slim is picky | ||
INPUT_SOURCE=$(echo $INPUT_SOURCE | sed 's/\(.*\)\//\1/') | ||
fi | ||
slim generate-manifest "${INPUT_SOURCE}" --update >/tmp/app.manifest || true | ||
cp /tmp/app.manifest "${INPUT_SOURCE}"/app.manifest | ||
mkdir -p build/package/splunkbase | ||
mkdir -p build/package/deployment | ||
slim package -o build/package/splunkbase "${INPUT_SOURCE}" | ||
for f in build/package/splunkbase/*.tar.gz; do | ||
n=$(echo "${f}" | awk '{gsub("-[0-9]+.[0-9]+.[0-9]+-[a-f0-9]+-?", "");print}' | sed 's/.tar.gz/.spl/') | ||
mv "${f}" "${n}" | ||
done | ||
PACKAGE=$(ls build/package/splunkbase/*) | ||
slim partition "${PACKAGE}" -o build/package/deployment/ || true | ||
for f in build/package/deployment/*.tar.gz; do | ||
n=$(echo "${f}" | awk '{gsub("-[0-9]+.[0-9]+.[0-9]+-[a-f0-9]+-?", "");print}' | sed 's/.tar.gz/.spl/') | ||
mv "${f}" "${n}" | ||
done | ||
slim validate "${PACKAGE}" | ||
chmod -R +r build | ||
echo "OUTPUT=$PACKAGE" >> "$GITHUB_OUTPUT" | ||
if: always() | ||
- name: artifact-openapi | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: artifact-openapi | ||
path: ${{ github.workspace }}/${{ steps.uccgen.outputs.OUTPUT }}/appserver/static/openapi.json | ||
if: ${{ !cancelled() && needs.test-inventory.outputs.ucc_modinput_functional == 'true' && needs.test-inventory.outputs.modinput_functional == 'true' }} | ||
- name: artifact-splunk-base | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: package-splunkbase | ||
path: ${{ steps.slim.outputs.OUTPUT }} | ||
if: ${{ !cancelled() }} | ||
- name: upload-build-to-s3 | ||
id: buildupload | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
run: | | ||
echo "name=$(basename "${{ steps.slim.outputs.OUTPUT }}")" >> "$GITHUB_OUTPUT" | ||
basename "${{ steps.slim.outputs.OUTPUT }}" | ||
aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" "s3://${{ needs.setup-workflow.outputs.s3_bucket_k8s }}/ta-apps/" | ||
- name: artifact-splunk-parts | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: package-deployment | ||
path: build/package/deployment** | ||
if: ${{ !cancelled() }} | ||
build-3_9: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- setup-workflow | ||
- test-inventory | ||
- meta | ||
- compliance-copyrights | ||
- lint | ||
- review_secrets | ||
- semgrep | ||
- run-unit-tests-3_9 | ||
- fossa-scan | ||
if: | | ||
always() && | ||
(needs.run-unit-tests-3_9.result == 'success' || needs.run-unit-tests-3_9.result == 'skipped') | ||
permissions: | ||
contents: write | ||
packages: read | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
# Very Important semantic-release won't trigger a tagged | ||
# build if this is not set false | ||
persist-credentials: false | ||
- name: Setup python | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: 3.9 | ||
- name: create requirements file for pip | ||
run: | | ||
if [ -f "poetry.lock" ] | ||
then | ||
echo " poetry.lock found " | ||
python3.9 -m pip install poetry==1.5.1 poetry-plugin-export==1.4.0 | ||
poetry export --without-hashes -o requirements.txt | ||
if [ "$(grep -cve '^\s*$' requirements.txt)" -ne 0 ] | ||
then | ||
echo "Prod dependencies were found, creating package/lib folder" | ||
mkdir -p package/lib || true | ||
mv requirements.txt package/lib | ||
else | ||
echo "No prod dependencies were found" | ||
rm requirements.txt | ||
fi | ||
poetry export --without-hashes --with dev -o requirements_dev.txt | ||
cat requirements_dev.txt | ||
fi | ||
- id: pip-cache | ||
run: | | ||
echo "dir=$(pip cache dir)" >> "$GITHUB_OUTPUT" | ||
- name: pip cache | ||
uses: actions/cache@v4 | ||
with: | ||
path: ${{ steps.pip-cache.outputs.dir }} | ||
key: ${{ runner.os }}-pip-python3_9-${{ hashFiles('requirements_dev.txt') }} | ||
restore-keys: | | ||
${{ runner.os }}-pip-python3_9 | ||
- run: | | ||
git config --global --add url."https://${{ secrets.GH_TOKEN_ADMIN }}@github.com".insteadOf https://github.com | ||
git config --global --add url."https://${{ secrets.GH_TOKEN_ADMIN }}@github.com".insteadOf ssh://[email protected] | ||
pip install -r requirements_dev.txt | ||
- id: semantic | ||
if: github.event_name != 'pull_request' | ||
uses: splunk/[email protected] | ||
with: | ||
dry_run: true | ||
git_committer_name: ${{ secrets.SA_GH_USER_NAME }} | ||
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }} | ||
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }} | ||
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }} | ||
env: | ||
GITHUB_TOKEN: ${{ github.token }} | ||
- id: BuildVersion | ||
run: | | ||
INPUT_SEMVER="${{ steps.semantic.outputs.new_release_version }}" | ||
echo "Initial semver ${INPUT_SEMVER}" | ||
INPUT_PRNUMBER="${{ github.event.number }}" | ||
SEMVER_REGEX='^v?[0-9]+\.[0-9]+\.[0-9]+$' | ||
BETA_REGEX='^v?[0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+$' | ||
echo working with version $INPUT_SEMVER | ||
if [[ $INPUT_SEMVER =~ $SEMVER_REGEX ]]; | ||
then | ||
echo using provided semver | ||
VERSION=$INPUT_SEMVER | ||
elif [[ $INPUT_SEMVER =~ $BETA_REGEX ]]; | ||
then | ||
VERSION=$(echo $INPUT_SEMVER | awk '{gsub("-beta\.", "-B");print}') | ||
else | ||
if [[ $GITHUB_EVENT_NAME != 'pull_request' ]]; | ||
then | ||
echo this is not a release build and NOT PR RUNID + run ID | ||
VERSION=0.0.${GITHUB_RUN_ID} | ||
else | ||
echo this is not a release build and is a PR use run ID | ||
VERSION=0.${INPUT_PRNUMBER}.${GITHUB_RUN_ID} | ||
fi | ||
fi | ||
FINALVERSION="${VERSION//v}" | ||
echo "Version to build is $FINALVERSION" | ||
echo "VERSION=$FINALVERSION" >> "$GITHUB_OUTPUT" | ||
- id: uccgen | ||
uses: splunk/addonfactory-ucc-generator-action@v2 | ||
with: | ||
version: ${{ steps.BuildVersion.outputs.VERSION }} | ||
run-requirements-unit-tests: | ||
runs-on: ubuntu-latest | ||
needs: | ||
- build | ||
- test-inventory | ||
if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.requirement_test == 'true' }} | ||
permissions: | ||
actions: read | ||
deployments: read | ||
contents: read | ||
packages: read | ||
statuses: read | ||
checks: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Install Python 3 | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: 3.7 | ||
- name: run-tests | ||
uses: splunk/[email protected] | ||
with: | ||
input-files: tests/requirement_test/logs | ||
- name: Archive production artifacts | ||
if: ${{ !cancelled() }} | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: test-results | ||
path: | | ||
test_*.txt | ||
appinspect: | ||
name: quality-appinspect-${{ matrix.tags }} | ||
needs: build | ||
if: ${{ !cancelled() && needs.build.result == 'success' }} | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
tags: | ||
- "cloud" | ||
- "appapproval" | ||
- "deprecated_feature" | ||
- "developer_guidance" | ||
- "future" | ||
- "self-service" | ||
- "splunk_appinspect" | ||
- "manual" | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/download-artifact@v4 | ||
with: | ||
name: package-splunkbase | ||
path: build/package/ | ||
- name: Scan | ||
uses: splunk/[email protected] | ||
with: | ||
app_path: build/package/ | ||
included_tags: ${{ matrix.tags }} | ||
result_file: appinspect_result_${{ matrix.tags }}.json | ||
- name: upload-appinspect-report | ||
if: ${{ !cancelled() }} | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: appinspect_${{ matrix.tags }}_checks.json | ||
path: appinspect_result_${{ matrix.tags }}.json | ||
- name: upload-markdown | ||
if: matrix.tags == 'manual' | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: check_markdown | ||
path: | | ||
*_markdown.txt | ||
appinspect-api: | ||
name: appinspect api ${{ matrix.tags }} | ||
needs: build | ||
if: | | ||
!cancelled() && | ||
needs.build.result == 'success' && | ||
( github.base_ref == 'main' || github.ref_name == 'main' ) | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
tags: | ||
- "cloud" | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/download-artifact@v4 | ||
with: | ||
name: package-splunkbase | ||
path: build/package | ||
- name: AppInspect API | ||
uses: splunk/[email protected] | ||
with: | ||
username: ${{ secrets.SPL_COM_USER }} | ||
password: ${{ secrets.SPL_COM_PASSWORD }} | ||
app_path: build/package/ | ||
included_tags: ${{ matrix.tags }} | ||
- uses: actions/upload-artifact@v4 | ||
if: always() | ||
with: | ||
name: appinspect-api-html-report-${{ matrix.tags }} | ||
path: AppInspect_response.html | ||
setup: | ||
needs: | ||
- setup-workflow | ||
- build | ||
- test-inventory | ||
if: ${{ !cancelled() && needs.build.result == 'success' }} | ||
runs-on: ubuntu-latest | ||
outputs: | ||
argo-server: ${{ steps.test-setup.outputs.argo-server }} | ||
argo-http1: ${{ steps.test-setup.outputs.argo-http1 }} | ||
argo-secure: ${{ steps.test-setup.outputs.argo-secure }} | ||
spl-host-suffix: ${{ steps.test-setup.outputs.spl-host-suffix }} | ||
argo-href: "" | ||
argo-base-href: ${{ steps.test-setup.outputs.argo-base-href }} | ||
argo-workflow-tmpl-name: ${{ steps.test-setup.outputs.argo-workflow-tmpl-name }} | ||
argo-cancel-workflow-tmpl-name: ${{ steps.test-setup.outputs.argo-cancel-workflow-tmpl-name }} | ||
k8s-manifests-branch: ${{ steps.test-setup.outputs.k8s-manifests-branch }} | ||
argo-namespace: ${{ steps.test-setup.outputs.argo-namespace }} | ||
addon-name: ${{ steps.test-setup.outputs.addon-name }} | ||
job-name: ${{ steps.test-setup.outputs.job-name }} | ||
labels: ${{ steps.test-setup.outputs.labels }} | ||
addon-upload-path: ${{ steps.test-setup.outputs.addon-upload-path }} | ||
directory-path: ${{ steps.test-setup.outputs.directory-path }} | ||
s3-bucket: ${{ steps.test-setup.outputs.s3-bucket }} | ||
env: | ||
BUILD_NAME: ${{ needs.build.outputs.buildname }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
token: ${{ secrets.GH_TOKEN_ADMIN }} | ||
- name: setup for test | ||
id: test-setup | ||
shell: bash | ||
run: | | ||
sudo apt-get install -y crudini | ||
ADDON_NAME=$(crudini --get package/default/app.conf id name | tr '[:lower:]' '[:upper:]') | ||
if [[ -n $(echo "${ADDON_NAME}" | awk -F 'SPLUNK_TA_' '{print $2}') ]]; | ||
then | ||
ADDON_NAME=$(echo "${ADDON_NAME}" | awk -F 'SPLUNK_TA_' '{print $2}') | ||
elif [[ -n $(echo "${ADDON_NAME}" | awk -F '_FOR_SPLUNK' '{print $1}') ]]; | ||
then | ||
ADDON_NAME=$(echo "${ADDON_NAME}" | awk -F '_FOR_SPLUNK' '{print $1}') | ||
fi | ||
JOB_NAME=$(echo "$ADDON_NAME" | tail -c 16)-$(echo "${GITHUB_SHA}" | tail -c 8)-TEST-TYPE-${GITHUB_RUN_ID} | ||
JOB_NAME=${JOB_NAME//[_.]/-} | ||
LABELS="addon-name=${ADDON_NAME}" | ||
ADDON_UPLOAD_PATH="s3://${{ needs.setup-workflow.outputs.s3_bucket_k8s }}/ta-apps/${{ needs.build.outputs.buildname }}" | ||
{ | ||
echo "argo-server=${{ needs.setup-workflow.outputs.argo_server_domain_k8s }}:443" | ||
echo "argo-http1=true" | ||
echo "argo-secure=true" | ||
echo "argo-base-href=\'\'" | ||
echo "argo-namespace=workflows" | ||
echo "argo-workflow-tmpl-name=ta-workflow" | ||
echo "argo-cancel-workflow-tmpl-name=cancel-workflow" | ||
echo "directory-path=/tmp" | ||
echo "s3-bucket=${{ needs.setup-workflow.outputs.s3_bucket_k8s }}" | ||
echo "addon-name=\"$ADDON_NAME\"" | ||
echo "job-name=wf-$JOB_NAME" | ||
echo "labels=$LABELS" | ||
echo "addon-upload-path=$ADDON_UPLOAD_PATH" | ||
echo "spl-host-suffix=wfe.splgdi.com" | ||
echo "k8s-manifests-branch=${{ inputs.k8s-manifests-branch }}" | ||
} >> "$GITHUB_OUTPUT" | ||
- uses: actions/download-artifact@v4 | ||
if: ${{ needs.test-inventory.outputs.ucc_modinput_functional == 'true' && needs.test-inventory.outputs.modinput_functional == 'true'}} | ||
id: download-openapi | ||
with: | ||
name: artifact-openapi | ||
path: ${{ github.workspace }} | ||
- name: Setup python | ||
if: steps.download-openapi.conclusion != 'skipped' | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: 3.7 | ||
- name: modinput-test-prerequisites | ||
if: steps.download-openapi.conclusion != 'skipped' | ||
shell: bash | ||
env: | ||
PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring | ||
run: | | ||
python3.7 -m pip install poetry==1.5.1 | ||
export POETRY_REPOSITORIES_SPLUNK_ADD_ON_UCC_MODINPUT_TEST_URL=https://github.com/splunk/addonfactory-ucc-test.git | ||
export POETRY_HTTP_BASIC_SPLUNK_ADD_ON_UCC_MODINPUT_TEST_USERNAME=${{ secrets.SA_GH_USER_NAME }} | ||
export POETRY_HTTP_BASIC_SPLUNK_ADD_ON_UCC_MODINPUT_TEST_PASSWORD=${{ secrets.GH_TOKEN_ADMIN }} | ||
poetry install --only modinput | ||
poetry run ucc-test-modinput -o ${{ steps.download-openapi.outputs.download-path }}/openapi.json -t ${{ steps.download-openapi.outputs.download-path }}/tmp/ | ||
- name: upload-swagger-artifacts-to-s3 | ||
if: steps.download-openapi.conclusion != 'skipped' | ||
id: swaggerupload | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
run: | | ||
swagger_name=swagger_$(basename "$BUILD_NAME" .spl) | ||
aws s3 sync "${{ steps.download-openapi.outputs.download-path }}/tmp/restapi_client/" "s3://${{ needs.setup-workflow.outputs.s3_bucket_k8s }}/ta-apps/$swagger_name/" --exclude "*" --include "README.md" --include "*swagger_client*" --only-show-errors | ||
run-knowledge-tests: | ||
if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.knowledge == 'true' && needs.setup-workflow.outputs.execute-knowledge-labeled == 'true' }} | ||
needs: | ||
- build | ||
- test-inventory | ||
- setup | ||
- meta | ||
- setup-workflow | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }} | ||
sc4s: ${{ fromJson(needs.meta.outputs.matrix_supportedSC4S) }} | ||
container: | ||
image: ghcr.io/splunk/workflow-engine-base:4.1.0 | ||
env: | ||
ARGO_SERVER: ${{ needs.setup.outputs.argo-server }} | ||
ARGO_HTTP1: ${{ needs.setup.outputs.argo-http1 }} | ||
ARGO_SECURE: ${{ needs.setup.outputs.argo-secure }} | ||
ARGO_BASE_HREF: ${{ needs.setup.outputs.argo-href }} | ||
ARGO_NAMESPACE: ${{ needs.setup.outputs.argo-namespace }} | ||
SPLUNK_VERSION_BASE: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} | ||
TEST_TYPE: "knowledge" | ||
TEST_ARGS: "" | ||
permissions: | ||
actions: read | ||
deployments: read | ||
contents: read | ||
packages: read | ||
statuses: read | ||
checks: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
- name: configure git # This step configures git to omit "dubious git ownership error" in later test-reporter stage | ||
id: configure-git | ||
run: | | ||
git --version | ||
git_path="$(pwd)" | ||
echo "$git_path" | ||
git config --global --add safe.directory "$git_path" | ||
- name: capture start time | ||
id: capture-start-time | ||
run: | | ||
echo "start_time=$(date +%s)" >> "$GITHUB_OUTPUT" | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
- name: Read secrets from AWS Secrets Manager into environment variables | ||
id: get-argo-token | ||
run: | | ||
ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') | ||
echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" | ||
- name: create job name | ||
id: create-job-name | ||
shell: bash | ||
run: | | ||
RANDOM_STRING=$(head -3 /dev/urandom | tr -cd '[:lower:]' | cut -c -4) | ||
JOB_NAME=${{ needs.setup.outputs.job-name }}-${RANDOM_STRING} | ||
JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} | ||
JOB_NAME=${JOB_NAME//[_.]/-} | ||
JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') | ||
echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" | ||
- name: run-tests | ||
id: run-tests | ||
timeout-minutes: 340 | ||
continue-on-error: true | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
uses: splunk/[email protected] | ||
with: | ||
splunk: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} | ||
test-type: ${{ env.TEST_TYPE }} | ||
test-args: "" | ||
job-name: ${{ steps.create-job-name.outputs.job-name }} | ||
labels: ${{ needs.setup.outputs.labels }} | ||
workflow-tmpl-name: ${{ needs.setup.outputs.argo-workflow-tmpl-name }} | ||
workflow-template-ns: ${{ needs.setup.outputs.argo-namespace }} | ||
addon-url: ${{ needs.setup.outputs.addon-upload-path }} | ||
addon-name: ${{ needs.setup.outputs.addon-name }} | ||
sc4s-version: ${{ matrix.sc4s.version }} | ||
sc4s-docker-registry: ${{ matrix.sc4s.docker_registry }} | ||
k8s-manifests-branch: ${{ needs.setup.outputs.k8s-manifests-branch }} | ||
- name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation | ||
id: update-argo-token | ||
if: ${{ !cancelled() }} | ||
run: | | ||
ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') | ||
echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" | ||
- name: calculate timeout | ||
id: calculate-timeout | ||
run: | | ||
start_time=${{ steps.capture-start-time.outputs.start_time }} | ||
current_time=$(date +%s) | ||
remaining_time_minutes=$(( 350-((current_time-start_time)/60) )) | ||
echo "remaining_time_minutes=$remaining_time_minutes" >> "$GITHUB_OUTPUT" | ||
- name: Check if pod was deleted | ||
id: is-pod-deleted | ||
timeout-minutes: ${{ fromJson(steps.calculate-timeout.outputs.remaining_time_minutes) }} | ||
if: ${{ !cancelled() }} | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
run: | | ||
set -o xtrace | ||
if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then | ||
echo "retry-workflow=true" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: Cancel workflow | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
if: ${{ cancelled() || steps.is-pod-deleted.outcome != 'success' }} | ||
run: | | ||
cancel_response=$(argo submit -v -o json --from wftmpl/${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} -l workflows.argoproj.io/workflow-template=${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} --argo-base-href '' -p workflow-to-cancel=${{ steps.run-tests.outputs.workflow-name }}) | ||
cancel_workflow_name=$( echo "$cancel_response" |jq -r '.metadata.name' ) | ||
cancel_logs=$(argo logs --follow "$cancel_workflow_name" -n workflows) | ||
if echo "$cancel_logs" | grep -q "workflow ${{ steps.run-tests.outputs.workflow-name }} stopped"; then | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} stopped" | ||
else | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} didn't stop" | ||
exit 1 | ||
fi | ||
- name: Retrying workflow | ||
id: retry-wf | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
if: ${{ !cancelled() }} | ||
run: | | ||
set -o xtrace | ||
set +e | ||
if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] | ||
then | ||
WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) | ||
echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" | ||
argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." | ||
else | ||
echo "No retry required" | ||
argo wait "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | ||
argo watch "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | grep "test-addon" | ||
fi | ||
- name: check if workflow completed | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
shell: bash | ||
if: ${{ !cancelled() }} | ||
run: | | ||
set +e | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
echo "Status of workflow:" "$ARGO_STATUS" | ||
while [ "$ARGO_STATUS" == "Running" ] || [ "$ARGO_STATUS" == "Pending" ] | ||
do | ||
echo "... argo Workflow ${WORKFLOW_NAME} is running, waiting for it to complete." | ||
argo wait "${WORKFLOW_NAME}" -n workflows || true | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
done | ||
- name: pull artifacts from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
echo "pulling artifacts" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/artifacts-${{ steps.create-job-name.outputs.job-name }}/${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
tar -xf ${{ needs.setup.outputs.directory-path }}/${{ steps.create-job-name.outputs.job-name }}.tgz -C ${{ needs.setup.outputs.directory-path }} | ||
- name: pull logs from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
echo "pulling logs" | ||
mkdir -p ${{ needs.setup.outputs.directory-path }}/argo-logs | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/${WORKFLOW_NAME}/ ${{ needs.setup.outputs.directory-path }}/argo-logs/ --recursive | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} tests artifacts | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/test-results | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} tests logs | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/argo-logs | ||
- name: Upload cim-compliance-report for ${{ matrix.splunk.version }} | ||
uses: actions/upload-artifact@v4 | ||
if: ${{ matrix.splunk.islatest == true }} | ||
with: | ||
name: cim-compliance-report | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/test-results/cim-compliance-report.md | ||
- name: Upload cim-field-report for ${{ matrix.splunk.version }} | ||
uses: actions/upload-artifact@v4 | ||
if: ${{ matrix.splunk.islatest == true }} | ||
with: | ||
name: cim-field-report | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/test-results/cim_field_report.json | ||
- name: Test Report | ||
id: test_report | ||
uses: dorny/[email protected] | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} test report | ||
path: "${{ needs.setup.outputs.directory-path }}/test-results/*.xml" | ||
reporter: java-junit | ||
- name: pull diag from s3 bucket | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
run: | | ||
echo "pulling diag" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/diag-${{ steps.create-job-name.outputs.job-name }}/diag-${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} tests diag | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/diag* | ||
run-requirement-tests: | ||
if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.requirement_test == 'true' && needs.setup-workflow.outputs.execute-requirement-labeled == 'true' }} | ||
needs: | ||
- build | ||
- test-inventory | ||
- setup | ||
- meta | ||
- setup-workflow | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }} | ||
sc4s: ${{ fromJson(needs.meta.outputs.matrix_supportedSC4S) }} | ||
container: | ||
image: ghcr.io/splunk/workflow-engine-base:4.1.0 | ||
env: | ||
ARGO_SERVER: ${{ needs.setup.outputs.argo-server }} | ||
ARGO_HTTP1: ${{ needs.setup.outputs.argo-http1 }} | ||
ARGO_SECURE: ${{ needs.setup.outputs.argo-secure }} | ||
ARGO_BASE_HREF: ${{ needs.setup.outputs.argo-href }} | ||
ARGO_NAMESPACE: ${{ needs.setup.outputs.argo-namespace }} | ||
TEST_TYPE: "requirement_test" | ||
TEST_ARGS: "" | ||
permissions: | ||
actions: read | ||
deployments: read | ||
contents: read | ||
packages: read | ||
statuses: read | ||
checks: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
- name: configure git # This step configures git to omit "dubious git ownership error" in later test-reporter stage | ||
id: configure-git | ||
run: | | ||
git --version | ||
git_path="$(pwd)" | ||
echo "$git_path" | ||
git config --global --add safe.directory "$git_path" | ||
- name: capture start time | ||
id: capture-start-time | ||
run: | | ||
echo "start_time=$(date +%s)" >> "$GITHUB_OUTPUT" | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
- name: Read secrets from AWS Secrets Manager into environment variables | ||
id: get-argo-token | ||
run: | | ||
ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') | ||
echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" | ||
- name: create job name | ||
id: create-job-name | ||
shell: bash | ||
run: | | ||
RANDOM_STRING=$(head -3 /dev/urandom | tr -cd '[:lower:]' | cut -c -4) | ||
JOB_NAME=${{ needs.setup.outputs.job-name }}-${RANDOM_STRING} | ||
JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} | ||
JOB_NAME=${JOB_NAME//[_.]/-} | ||
JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') | ||
echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" | ||
- name: run-tests | ||
id: run-tests | ||
timeout-minutes: 340 | ||
continue-on-error: true | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
uses: splunk/[email protected] | ||
with: | ||
splunk: ${{ matrix.splunk.version }} | ||
test-type: ${{ env.TEST_TYPE }} | ||
test-args: "" | ||
job-name: ${{ steps.create-job-name.outputs.job-name }} | ||
labels: ${{ needs.setup.outputs.labels }} | ||
workflow-tmpl-name: ${{ needs.setup.outputs.argo-workflow-tmpl-name }} | ||
workflow-template-ns: ${{ needs.setup.outputs.argo-namespace }} | ||
addon-url: ${{ needs.setup.outputs.addon-upload-path }} | ||
addon-name: ${{ needs.setup.outputs.addon-name }} | ||
sc4s-version: ${{ matrix.sc4s.version }} | ||
sc4s-docker-registry: ${{ matrix.sc4s.docker_registry }} | ||
k8s-manifests-branch: ${{ needs.setup.outputs.k8s-manifests-branch }} | ||
- name: calculate timeout | ||
id: calculate-timeout | ||
run: | | ||
start_time=${{ steps.capture-start-time.outputs.start_time }} | ||
current_time=$(date +%s) | ||
remaining_time_minutes=$(( 350-((current_time-start_time)/60) )) | ||
echo "remaining_time_minutes=$remaining_time_minutes" >> "$GITHUB_OUTPUT" | ||
- name: Check if pod was deleted | ||
id: is-pod-deleted | ||
timeout-minutes: ${{ fromJson(steps.calculate-timeout.outputs.remaining_time_minutes) }} | ||
if: ${{ !cancelled() }} | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
run: | | ||
set -o xtrace | ||
if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then | ||
echo "retry-workflow=true" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: Cancel workflow | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
if: ${{ cancelled() || steps.is-pod-deleted.outcome != 'success' }} | ||
run: | | ||
cancel_response=$(argo submit -v -o json --from wftmpl/${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} -l workflows.argoproj.io/workflow-template=${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} --argo-base-href '' -p workflow-to-cancel=${{ steps.run-tests.outputs.workflow-name }}) | ||
cancel_workflow_name=$( echo "$cancel_response" |jq -r '.metadata.name' ) | ||
cancel_logs=$(argo logs --follow "$cancel_workflow_name" -n workflows) | ||
if echo "$cancel_logs" | grep -q "workflow ${{ steps.run-tests.outputs.workflow-name }} stopped"; then | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} stopped" | ||
else | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} didn't stop" | ||
exit 1 | ||
fi | ||
- name: Retrying workflow | ||
id: retry-wf | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
if: ${{ !cancelled() }} | ||
run: | | ||
set -o xtrace | ||
set +e | ||
if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] | ||
then | ||
WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) | ||
echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" | ||
argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." | ||
else | ||
echo "No retry required" | ||
argo wait "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | ||
argo watch "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | grep "test-addon" | ||
fi | ||
- name: check if workflow completed | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
shell: bash | ||
if: ${{ !cancelled() }} | ||
run: | | ||
set +e | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
echo "Status of workflow:" "$ARGO_STATUS" | ||
while [ "$ARGO_STATUS" == "Running" ] || [ "$ARGO_STATUS" == "Pending" ] | ||
do | ||
echo "... argo Workflow ${WORKFLOW_NAME} is running, waiting for it to complete." | ||
argo wait "${WORKFLOW_NAME}" -n workflows || true | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
done | ||
- name: pull artifacts from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
echo "pulling artifacts" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/artifacts-${{ steps.create-job-name.outputs.job-name }}/${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
tar -xf ${{ needs.setup.outputs.directory-path }}/${{ steps.create-job-name.outputs.job-name }}.tgz -C ${{ needs.setup.outputs.directory-path }} | ||
- name: pull logs from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
echo "pulling logs" | ||
mkdir -p ${{ needs.setup.outputs.directory-path }}/argo-logs | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/${WORKFLOW_NAME}/ ${{ needs.setup.outputs.directory-path }}/argo-logs/ --recursive | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }} ${{ env.TEST_TYPE }} tests artifacts | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/test-results | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }} ${{ env.TEST_TYPE }} tests logs | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/argo-logs | ||
- name: Test Report | ||
id: test_report | ||
uses: dorny/[email protected] | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: splunk ${{ matrix.splunk.version }} ${{ env.TEST_TYPE }} test report | ||
path: "${{ needs.setup.outputs.directory-path }}/test-results/*.xml" | ||
reporter: java-junit | ||
- name: pull diag from s3 bucket | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
run: | | ||
echo "pulling diag" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/diag-${{ steps.create-job-name.outputs.job-name }}/diag-${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }} ${{ env.TEST_TYPE }} tests diag | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/diag* | ||
run-ui-tests: | ||
if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.ui == 'true' && needs.setup-workflow.outputs.execute-ui-labeled == 'true' }} | ||
needs: | ||
- build | ||
- test-inventory | ||
- setup | ||
- meta | ||
- setup-workflow | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }} | ||
browser: [ "chrome" ] | ||
vendor-version: ${{ fromJson(needs.meta.outputs.matrix_supportedUIVendors) }} | ||
marker: ${{ fromJson(inputs.ui_marker) }} | ||
container: | ||
image: ghcr.io/splunk/workflow-engine-base:4.1.0 | ||
env: | ||
ARGO_SERVER: ${{ needs.setup.outputs.argo-server }} | ||
ARGO_HTTP1: ${{ needs.setup.outputs.argo-http1 }} | ||
ARGO_SECURE: ${{ needs.setup.outputs.argo-secure }} | ||
ARGO_BASE_HREF: ${{ needs.setup.outputs.argo-href }} | ||
ARGO_NAMESPACE: ${{ needs.setup.outputs.argo-namespace }} | ||
SPLUNK_VERSION_BASE: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} | ||
TEST_TYPE: "ui" | ||
TEST_ARGS: "--browser ${{ matrix.browser }}" | ||
TEST_BROWSER: ${{ matrix.browser }} | ||
permissions: | ||
actions: read | ||
deployments: read | ||
contents: read | ||
packages: read | ||
statuses: read | ||
checks: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
- name: configure git # This step configures git to omit "dubious git ownership error" in later test-reporter stage | ||
id: configure-git | ||
run: | | ||
git --version | ||
git_path="$(pwd)" | ||
echo "$git_path" | ||
git config --global --add safe.directory "$git_path" | ||
- name: capture start time | ||
id: capture-start-time | ||
run: | | ||
echo "start_time=$(date +%s)" >> "$GITHUB_OUTPUT" | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
- name: Read secrets from AWS Secrets Manager into environment variables | ||
id: get-argo-token | ||
run: | | ||
ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') | ||
echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" | ||
- name: create job name | ||
id: create-job-name | ||
shell: bash | ||
run: | | ||
RANDOM_STRING=$(head -3 /dev/urandom | tr -cd '[:lower:]' | cut -c -4) | ||
JOB_NAME=${{ needs.setup.outputs.job-name }}-${RANDOM_STRING} | ||
JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}-${{ matrix.browser }}} | ||
JOB_NAME=${JOB_NAME//[_.:]/-} | ||
JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') | ||
echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" | ||
- name: create test argument | ||
id: create-test-arg | ||
shell: bash | ||
run: | | ||
TEST_ARG_M="" | ||
EMPTY_MARKER="[]" | ||
if [[ "${{ inputs.ui_marker }}" != "$EMPTY_MARKER" ]]; then | ||
TEST_ARG_M="-m" | ||
fi | ||
echo "test-arg=$TEST_ARG_M" >> "$GITHUB_OUTPUT" | ||
- name: run-tests | ||
id: run-tests | ||
timeout-minutes: 340 | ||
continue-on-error: true | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
uses: splunk/[email protected] | ||
with: | ||
splunk: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} | ||
test-type: ${{ env.TEST_TYPE }} | ||
test-args: ${{ env.TEST_ARGS }} ${{ steps.create-test-arg.outputs.test-arg }} ${{ matrix.marker }} | ||
job-name: ${{ steps.create-job-name.outputs.job-name }} | ||
labels: ${{ needs.setup.outputs.labels }} | ||
workflow-tmpl-name: ${{ needs.setup.outputs.argo-workflow-tmpl-name }} | ||
workflow-template-ns: ${{ needs.setup.outputs.argo-namespace }} | ||
addon-url: ${{ needs.setup.outputs.addon-upload-path }} | ||
addon-name: ${{ needs.setup.outputs.addon-name }} | ||
vendor-version: ${{ matrix.vendor-version.image }} | ||
sc4s-version: "No" | ||
k8s-manifests-branch: ${{ needs.setup.outputs.k8s-manifests-branch }} | ||
test-browser: ${{ env.TEST_BROWSER }} | ||
- name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation | ||
id: update-argo-token | ||
if: ${{ !cancelled() }} | ||
run: | | ||
ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') | ||
echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" | ||
- name: calculate timeout | ||
id: calculate-timeout | ||
run: | | ||
start_time=${{ steps.capture-start-time.outputs.start_time }} | ||
current_time=$(date +%s) | ||
remaining_time_minutes=$(( 350-((current_time-start_time)/60) )) | ||
echo "remaining_time_minutes=$remaining_time_minutes" >> "$GITHUB_OUTPUT" | ||
- name: Check if pod was deleted | ||
id: is-pod-deleted | ||
timeout-minutes: ${{ fromJson(steps.calculate-timeout.outputs.remaining_time_minutes) }} | ||
if: ${{ !cancelled() }} | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
run: | | ||
set -o xtrace | ||
if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted" ; then | ||
echo "retry-workflow=true" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: Cancel workflow | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
if: ${{ cancelled() || steps.is-pod-deleted.outcome != 'success' }} | ||
run: | | ||
cancel_response=$(argo submit -v -o json --from wftmpl/${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} -l workflows.argoproj.io/workflow-template=${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} --argo-base-href '' -p workflow-to-cancel=${{ steps.run-tests.outputs.workflow-name }}) | ||
cancel_workflow_name=$( echo "$cancel_response" |jq -r '.metadata.name' ) | ||
cancel_logs=$(argo logs --follow "$cancel_workflow_name" -n workflows) | ||
if echo "$cancel_logs" | grep -q "workflow ${{ steps.run-tests.outputs.workflow-name }} stopped"; then | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} stopped" | ||
else | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} didn't stop" | ||
exit 1 | ||
fi | ||
- name: Retrying workflow | ||
id: retry-wf | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
if: ${{ !cancelled() }} | ||
run: | | ||
set -o xtrace | ||
set +e | ||
if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] | ||
then | ||
WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) | ||
echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" | ||
argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." | ||
else | ||
echo "No retry required" | ||
argo wait "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | ||
argo watch "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | grep "test-addon" | ||
fi | ||
- name: check if workflow completed | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
if: ${{ !cancelled() }} | ||
shell: bash | ||
run: | | ||
set +e | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
echo "Status of workflow:" "$ARGO_STATUS" | ||
while [ "$ARGO_STATUS" == "Running" ] || [ "$ARGO_STATUS" == "Pending" ] | ||
do | ||
echo "... argo Workflow ${WORKFLOW_NAME} is running, waiting for it to complete." | ||
argo wait "${WORKFLOW_NAME}" -n workflows || true | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
done | ||
- name: pull artifacts from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
echo "pulling artifacts" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/artifacts-${{ steps.create-job-name.outputs.job-name }}/${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
tar -xf ${{ needs.setup.outputs.directory-path }}/${{ steps.create-job-name.outputs.job-name }}.tgz -C ${{ needs.setup.outputs.directory-path }} | ||
- name: pull logs from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
echo "pulling logs" | ||
mkdir -p ${{ needs.setup.outputs.directory-path }}/argo-logs | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/${WORKFLOW_NAME}/ ${{ needs.setup.outputs.directory-path }}/argo-logs/ --recursive | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.browser }} ${{ matrix.vendor-version.image }} ${{ matrix.marker }} tests artifacts | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/test-results | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.browser }} ${{ matrix.vendor-version.image }} ${{ matrix.marker }} tests logs | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/argo-logs | ||
- name: Test Report | ||
id: test_report | ||
uses: dorny/[email protected] | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.browser }} ${{ matrix.vendor-version.image }} test report | ||
path: "${{ needs.setup.outputs.directory-path }}/test-results/*.xml" | ||
reporter: java-junit | ||
- name: pull diag from s3 bucket | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
run: | | ||
echo "pulling diag" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/diag-${{ steps.create-job-name.outputs.job-name }}/diag-${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.browser }} ${{ matrix.vendor-version.image }} tests diag | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/diag* | ||
run-modinput-tests: | ||
if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.modinput_functional == 'true' && needs.setup-workflow.outputs.execute-modinput-labeled == 'true' }} | ||
needs: | ||
- build | ||
- test-inventory | ||
- setup | ||
- meta | ||
- setup-workflow | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }} | ||
modinput-type: [ "modinput_functional" ] | ||
vendor-version: ${{ fromJson(needs.meta.outputs.matrix_supportedModinputFunctionalVendors) }} | ||
marker: ${{ fromJson(inputs.marker) }} | ||
container: | ||
image: ghcr.io/splunk/workflow-engine-base:4.1.0 | ||
env: | ||
ARGO_SERVER: ${{ needs.setup.outputs.argo-server }} | ||
ARGO_HTTP1: ${{ needs.setup.outputs.argo-http1 }} | ||
ARGO_SECURE: ${{ needs.setup.outputs.argo-secure }} | ||
ARGO_BASE_HREF: ${{ needs.setup.outputs.argo-href }} | ||
ARGO_NAMESPACE: ${{ needs.setup.outputs.argo-namespace }} | ||
SPLUNK_VERSION_BASE: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} | ||
TEST_TYPE: "modinput_functional" | ||
TEST_ARGS: "" | ||
permissions: | ||
actions: read | ||
deployments: read | ||
contents: read | ||
packages: read | ||
statuses: read | ||
checks: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
- name: configure git # This step configures git to omit "dubious git ownership error" in later test-reporter stage | ||
id: configure-git | ||
run: | | ||
git --version | ||
git_path="$(pwd)" | ||
echo "$git_path" | ||
git config --global --add safe.directory "$git_path" | ||
- name: capture start time | ||
id: capture-start-time | ||
run: | | ||
echo "start_time=$(date +%s)" >> "$GITHUB_OUTPUT" | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
- name: Read secrets from AWS Secrets Manager into environment variables | ||
id: get-argo-token | ||
run: | | ||
ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') | ||
echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" | ||
- name: create job name | ||
id: create-job-name | ||
shell: bash | ||
run: | | ||
RANDOM_STRING=$(head -3 /dev/urandom | tr -cd '[:lower:]' | cut -c -4) | ||
JOB_NAME=${{ needs.setup.outputs.job-name }}-${RANDOM_STRING} | ||
JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} | ||
JOB_NAME=${JOB_NAME//[_.]/-} | ||
JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') | ||
echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" | ||
- name: create test argument | ||
id: create-test-arg | ||
shell: bash | ||
run: | | ||
TEST_ARG_M="" | ||
EMPTY_MARKER="[]" | ||
if [[ "${{ inputs.marker }}" != "$EMPTY_MARKER" ]]; then | ||
TEST_ARG_M="-m" | ||
fi | ||
echo "test-arg=$TEST_ARG_M" >> "$GITHUB_OUTPUT" | ||
- name: run-tests | ||
id: run-tests | ||
timeout-minutes: 340 | ||
continue-on-error: true | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
uses: splunk/[email protected] | ||
with: | ||
splunk: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} | ||
test-type: ${{ env.TEST_TYPE }} | ||
test-args: ${{ env.TEST_ARGS }} ${{ steps.create-test-arg.outputs.test-arg }} ${{ matrix.marker }} | ||
job-name: ${{ steps.create-job-name.outputs.job-name }} | ||
labels: ${{ needs.setup.outputs.labels }} | ||
workflow-tmpl-name: ${{ needs.setup.outputs.argo-workflow-tmpl-name }} | ||
workflow-template-ns: ${{ needs.setup.outputs.argo-namespace }} | ||
addon-url: ${{ needs.setup.outputs.addon-upload-path }} | ||
addon-name: ${{ needs.setup.outputs.addon-name }} | ||
vendor-version: ${{ matrix.vendor-version.image }} | ||
sc4s-version: "No" | ||
k8s-manifests-branch: ${{ needs.setup.outputs.k8s-manifests-branch }} | ||
- name: Read secrets from AWS Secrets Manager again into environment variables in case credential rotation | ||
id: update-argo-token | ||
if: ${{ !cancelled() }} | ||
run: | | ||
ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') | ||
echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" | ||
- name: calculate timeout | ||
id: calculate-timeout | ||
run: | | ||
start_time=${{ steps.capture-start-time.outputs.start_time }} | ||
current_time=$(date +%s) | ||
remaining_time_minutes=$(( 350-((current_time-start_time)/60) )) | ||
echo "remaining_time_minutes=$remaining_time_minutes" >> "$GITHUB_OUTPUT" | ||
- name: Check if pod was deleted | ||
id: is-pod-deleted | ||
timeout-minutes: ${{ fromJson(steps.calculate-timeout.outputs.remaining_time_minutes) }} | ||
if: ${{ !cancelled() }} | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
run: | | ||
set -o xtrace | ||
if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then | ||
echo "retry-workflow=true" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: Cancel workflow | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
if: ${{ cancelled() || steps.is-pod-deleted.outcome != 'success' }} | ||
run: | | ||
cancel_response=$(argo submit -v -o json --from wftmpl/${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} -l workflows.argoproj.io/workflow-template=${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} --argo-base-href '' -p workflow-to-cancel=${{ steps.run-tests.outputs.workflow-name }}) | ||
cancel_workflow_name=$( echo "$cancel_response" |jq -r '.metadata.name' ) | ||
cancel_logs=$(argo logs --follow "$cancel_workflow_name" -n workflows) | ||
if echo "$cancel_logs" | grep -q "workflow ${{ steps.run-tests.outputs.workflow-name }} stopped"; then | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} stopped" | ||
else | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} didn't stop" | ||
exit 1 | ||
fi | ||
- name: Retrying workflow | ||
id: retry-wf | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
if: ${{ !cancelled() }} | ||
run: | | ||
set -o xtrace | ||
set +e | ||
if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] | ||
then | ||
WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) | ||
echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" | ||
argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." | ||
else | ||
echo "No retry required" | ||
argo wait "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | ||
argo watch "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | grep "test-addon" | ||
fi | ||
- name: check if workflow completed | ||
env: | ||
ARGO_TOKEN: ${{ steps.update-argo-token.outputs.argo-token }} | ||
if: ${{ !cancelled() }} | ||
shell: bash | ||
run: | | ||
set +e | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
echo "Status of workflow:" "$ARGO_STATUS" | ||
while [ "$ARGO_STATUS" == "Running" ] || [ "$ARGO_STATUS" == "Pending" ] | ||
do | ||
echo "... argo Workflow ${WORKFLOW_NAME} is running, waiting for it to complete." | ||
argo wait "${WORKFLOW_NAME}" -n workflows || true | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
done | ||
- name: pull artifacts from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
echo "pulling artifacts" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/artifacts-${{ steps.create-job-name.outputs.job-name }}/${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
tar -xf ${{ needs.setup.outputs.directory-path }}/${{ steps.create-job-name.outputs.job-name }}.tgz -C ${{ needs.setup.outputs.directory-path }} | ||
- name: pull logs from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
echo "pulling logs" | ||
mkdir -p ${{ needs.setup.outputs.directory-path }}/argo-logs | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/${WORKFLOW_NAME}/ ${{ needs.setup.outputs.directory-path }}/argo-logs/ --recursive | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} ${{ matrix.marker }} tests artifacts | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/test-results | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} ${{ matrix.marker }} tests logs | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/argo-logs | ||
- name: Test Report | ||
id: test_report | ||
uses: dorny/[email protected] | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} test report | ||
path: "${{ needs.setup.outputs.directory-path }}/test-results/*.xml" | ||
reporter: java-junit | ||
- name: pull diag from s3 bucket | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
run: | | ||
echo "pulling diag" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/diag-${{ steps.create-job-name.outputs.job-name }}/diag-${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} tests diag | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/diag* | ||
run-scripted-input-tests-full-matrix: | ||
if: ${{ !cancelled() && needs.build.result == 'success' && needs.test-inventory.outputs.scripted_inputs == 'true' && ( github.base_ref == 'main' || github.ref_name == 'main' ) && needs.setup-workflow.outputs.execute-scripted_inputs-labeled == 'true' }} | ||
needs: | ||
- build | ||
- test-inventory | ||
- setup | ||
- meta | ||
- setup-workflow | ||
runs-on: ubuntu-latest | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }} | ||
os: ${{ fromJson(inputs.scripted-inputs-os-list) }} | ||
container: | ||
image: ghcr.io/splunk/workflow-engine-base:4.1.0 | ||
env: | ||
ARGO_SERVER: ${{ needs.setup.outputs.argo-server }} | ||
ARGO_HTTP1: ${{ needs.setup.outputs.argo-http1 }} | ||
ARGO_SECURE: ${{ needs.setup.outputs.argo-secure }} | ||
ARGO_BASE_HREF: ${{ needs.setup.outputs.argo-href }} | ||
ARGO_NAMESPACE: ${{ needs.setup.outputs.argo-namespace }} | ||
SPLUNK_VERSION_BASE: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} | ||
TEST_TYPE: "scripted_inputs" | ||
permissions: | ||
actions: read | ||
deployments: read | ||
contents: read | ||
packages: read | ||
statuses: read | ||
checks: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
- name: configure git # This step configures git to omit "dubious git ownership error" in later test-reporter stage | ||
id: configure-git | ||
run: | | ||
git --version | ||
git_path="$(pwd)" | ||
echo "$git_path" | ||
git config --global --add safe.directory "$git_path" | ||
- name: capture start time | ||
id: capture-start-time | ||
run: | | ||
echo "start_time=$(date +%s)" >> "$GITHUB_OUTPUT" | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
- name: Read secrets from AWS Secrets Manager into environment variables | ||
id: get-argo-token | ||
run: | | ||
ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id "${{ needs.setup-workflow.outputs.argo_token_secret_id_k8s }}" | jq -r '.SecretString') | ||
echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" | ||
- name: create job name | ||
id: create-job-name | ||
shell: bash | ||
run: | | ||
RANDOM_STRING=$(head -3 /dev/urandom | tr -cd '[:lower:]' | cut -c -4) | ||
JOB_NAME=${{ needs.setup.outputs.job-name }}-${RANDOM_STRING} | ||
JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} | ||
JOB_NAME=${JOB_NAME//[_.]/-} | ||
JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') | ||
echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" | ||
- name: get os name and version | ||
id: os-name-version | ||
shell: bash | ||
run: | | ||
OS_NAME_VERSION=${{ matrix.os }} | ||
# shellcheck disable=SC2206 | ||
OS_NAME_VERSION=(${OS_NAME_VERSION//:/ }) | ||
OS_NAME=${OS_NAME_VERSION[0]} | ||
OS_VERSION=${OS_NAME_VERSION[1]} | ||
{ | ||
echo "os-name=$OS_NAME" | ||
echo "os-version=$OS_VERSION" | ||
} >> "$GITHUB_OUTPUT" | ||
- name: run-tests | ||
id: run-tests | ||
timeout-minutes: 340 | ||
continue-on-error: true | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
uses: splunk/[email protected] | ||
with: | ||
splunk: ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} | ||
test-type: ${{ env.TEST_TYPE }} | ||
test-args: "--hostname=spl --os-name=${{ steps.os-name-version.outputs.os-name }} --os-version=${{ steps.os-name-version.outputs.os-version }} -m script_input" | ||
job-name: ${{ steps.create-job-name.outputs.job-name }} | ||
labels: ${{ needs.setup.outputs.labels }} | ||
workflow-tmpl-name: ${{ needs.setup.outputs.argo-workflow-tmpl-name }} | ||
workflow-template-ns: ${{ needs.setup.outputs.argo-namespace }} | ||
addon-url: ${{ needs.setup.outputs.addon-upload-path }} | ||
addon-name: ${{ needs.setup.outputs.addon-name }} | ||
vendor-version: ${{ matrix.vendor-version.image }} | ||
sc4s-version: "No" | ||
os-name: ${{ steps.os-name-version.outputs.os-name }} | ||
os-version: ${{ steps.os-name-version.outputs.os-version }} | ||
k8s-manifests-branch: ${{ needs.setup.outputs.k8s-manifests-branch }} | ||
- name: calculate timeout | ||
id: calculate-timeout | ||
run: | | ||
start_time=${{ steps.capture-start-time.outputs.start_time }} | ||
current_time=$(date +%s) | ||
remaining_time_minutes=$(( 350-((current_time-start_time)/60) )) | ||
echo "remaining_time_minutes=$remaining_time_minutes" >> "$GITHUB_OUTPUT" | ||
- name: Check if pod was deleted | ||
id: is-pod-deleted | ||
timeout-minutes: ${{ fromJson(steps.calculate-timeout.outputs.remaining_time_minutes) }} | ||
if: ${{ !cancelled() }} | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
run: | | ||
set -o xtrace | ||
if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then | ||
echo "retry-workflow=true" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: Cancel workflow | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
if: ${{ cancelled() || steps.is-pod-deleted.outcome != 'success' }} | ||
run: | | ||
cancel_response=$(argo submit -v -o json --from wftmpl/${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} -l workflows.argoproj.io/workflow-template=${{ needs.setup.outputs.argo-cancel-workflow-tmpl-name }} --argo-base-href '' -p workflow-to-cancel=${{ steps.run-tests.outputs.workflow-name }}) | ||
cancel_workflow_name=$( echo "$cancel_response" |jq -r '.metadata.name' ) | ||
cancel_logs=$(argo logs --follow "$cancel_workflow_name" -n workflows) | ||
if echo "$cancel_logs" | grep -q "workflow ${{ steps.run-tests.outputs.workflow-name }} stopped"; then | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} stopped" | ||
else | ||
echo "Workflow ${{ steps.run-tests.outputs.workflow-name }} didn't stop" | ||
exit 1 | ||
fi | ||
- name: Retrying workflow | ||
id: retry-wf | ||
shell: bash | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
if: ${{ !cancelled() }} | ||
run: | | ||
set -o xtrace | ||
set +e | ||
if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] | ||
then | ||
WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) | ||
echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" | ||
argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." | ||
else | ||
echo "No retry required" | ||
argo wait "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | ||
argo watch "${{ steps.run-tests.outputs.workflow-name }}" -n workflows | grep "test-addon" | ||
fi | ||
- name: check if workflow completed | ||
env: | ||
ARGO_TOKEN: ${{ steps.get-argo-token.outputs.argo-token }} | ||
if: ${{ !cancelled() }} | ||
shell: bash | ||
run: | | ||
set +e | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
echo "Status of workflow:" "$ARGO_STATUS" | ||
while [ "$ARGO_STATUS" == "Running" ] || [ "$ARGO_STATUS" == "Pending" ] | ||
do | ||
echo "... argo Workflow ${WORKFLOW_NAME} is running, waiting for it to complete." | ||
argo wait "${WORKFLOW_NAME}" -n workflows || true | ||
ARGO_STATUS=$(argo get "${WORKFLOW_NAME}" -n workflows -o json | jq -r '.status.phase') | ||
done | ||
- name: pull artifacts from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
echo "pulling artifacts" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/artifacts-${{ steps.create-job-name.outputs.job-name }}/${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
tar -xf ${{ needs.setup.outputs.directory-path }}/${{ steps.create-job-name.outputs.job-name }}.tgz -C ${{ needs.setup.outputs.directory-path }} | ||
- name: pull logs from s3 bucket | ||
if: ${{ !cancelled() }} | ||
run: | | ||
# shellcheck disable=SC2157 | ||
if [ -z "${{ steps.retry-wf.outputs.workflow-name }}" ]; then | ||
WORKFLOW_NAME=${{ steps.run-tests.outputs.workflow-name }} | ||
else | ||
WORKFLOW_NAME="${{ steps.retry-wf.outputs.workflow-name }}" | ||
fi | ||
echo "pulling logs" | ||
mkdir -p ${{ needs.setup.outputs.directory-path }}/argo-logs | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/${WORKFLOW_NAME}/ ${{ needs.setup.outputs.directory-path }}/argo-logs/ --recursive | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} ${{ steps.os-name-version.outputs.os-name }} ${{ steps.os-name-version.outputs.os-version }} tests artifacts | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/test-results | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} ${{ steps.os-name-version.outputs.os-name }} ${{ steps.os-name-version.outputs.os-version }} tests logs | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/argo-logs | ||
- name: Test Report | ||
id: test_report | ||
uses: dorny/[email protected] | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} ${{ steps.os-name-version.outputs.os-name }} ${{ steps.os-name-version.outputs.os-version }} test report | ||
path: "${{ needs.setup.outputs.directory-path }}/test-results/*.xml" | ||
reporter: java-junit | ||
- name: pull diag from s3 bucket | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
run: | | ||
echo "pulling diag" | ||
aws s3 cp s3://${{ needs.setup.outputs.s3-bucket }}/diag-${{ steps.create-job-name.outputs.job-name }}/diag-${{ steps.create-job-name.outputs.job-name }}.tgz ${{ needs.setup.outputs.directory-path }}/ | ||
- uses: actions/upload-artifact@v4 | ||
if: ${{ failure() && steps.test_report.outputs.conclusion == 'failure' }} | ||
with: | ||
name: archive splunk ${{ matrix.splunk.version }}${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} ${{ env.TEST_TYPE }} ${{ matrix.vendor-version.image }} ${{ steps.os-name-version.outputs.os-name }} ${{ steps.os-name-version.outputs.os-version }} tests diag | ||
path: | | ||
${{ needs.setup.outputs.directory-path }}/diag* | ||
pre-publish: | ||
if: ${{ !cancelled() }} | ||
# The following line will rename 'pre-publish' to 'pre-publish-not_main_pr' when PR is created towards main branch | ||
# It is necessary to avoid confusion caused by githubactions considering pre-publish for both push to develop branch | ||
# and pull_request to main branch events. | ||
name: ${{ github.event_name == 'pull_request' && github.base_ref == 'main' && 'pre-publish' || 'pre-publish-not_main_pr' }} | ||
needs: | ||
- meta | ||
- compliance-copyrights | ||
- lint | ||
- review_secrets | ||
- semgrep | ||
- build | ||
- test-inventory | ||
- run-unit-tests | ||
- appinspect | ||
- setup | ||
- run-knowledge-tests | ||
- run-modinput-tests | ||
- run-ui-tests | ||
- validate-pr-title | ||
runs-on: ubuntu-latest | ||
env: | ||
NEEDS: ${{ toJson(needs) }} | ||
steps: | ||
- name: check if tests have passed or skipped | ||
id: check | ||
shell: bash | ||
run: | | ||
RUN_PUBLISH=$(echo "$NEEDS" | jq ".[] | select( ( .result != \"skipped\" ) and .result != \"success\" ) | length == 0") | ||
if [[ "$RUN_PUBLISH" != *'false'* ]] | ||
then | ||
echo "run-publish=true" >> "$GITHUB_OUTPUT" | ||
else | ||
echo "run-publish=false" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: exit without publish | ||
if: ${{ steps.check.outputs.run-publish == 'false' || ( github.event.action == 'labeled') }} | ||
run: | | ||
echo "Expand check step to see which job has failed pre-publish step." | ||
exit 1 | ||
publish: | ||
if: ${{ !cancelled() && needs.pre-publish.result == 'success' && github.event_name != 'pull_request' && github.event_name != 'schedule' }} | ||
needs: | ||
- pre-publish | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
packages: read | ||
pull-requests: read | ||
statuses: write | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
with: | ||
submodules: false | ||
persist-credentials: false | ||
- name: Semantic Release | ||
id: semantic | ||
uses: splunk/[email protected] | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }} | ||
with: | ||
git_committer_name: ${{ secrets.SA_GH_USER_NAME }} | ||
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }} | ||
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }} | ||
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }} | ||
- name: Download package-deployment | ||
if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | ||
uses: actions/download-artifact@v4 | ||
id: download-package-deployment | ||
with: | ||
name: package-deployment | ||
path: download/artifacts/ | ||
- name: Download package-splunkbase | ||
if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | ||
uses: actions/download-artifact@v4 | ||
id: download-package-splunkbase | ||
with: | ||
name: package-splunkbase | ||
path: download/artifacts/deployment | ||
- name: Download cim-compliance-report | ||
id: download-cim-compliance-report | ||
if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | ||
continue-on-error: true | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: cim-compliance-report | ||
path: download/artifacts/deployment | ||
- name: Download cim-field-report | ||
id: download-cim-field-report | ||
if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | ||
continue-on-error: true | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: cim-field-report | ||
path: download/artifacts/deployment | ||
- name: List of assets | ||
if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | ||
run: | | ||
ls -la ${{ steps.download-package-splunkbase.outputs.download-path }} | ||
- name: Upload assets to release | ||
if: ${{ steps.semantic.outputs.new_release_published == 'true' }} | ||
uses: svenstaro/upload-release-action@v2 | ||
with: | ||
repo_token: ${{ github.token }} | ||
file: ${{ steps.download-package-splunkbase.outputs.download-path }}/* | ||
overwrite: true | ||
file_glob: true | ||
tag: v${{ steps.semantic.outputs.new_release_version }} |