diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 49fccb5d6..5f281b684 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -206,8 +206,7 @@ jobs: statuses: write steps: - name: Run title validation - # uses: ./.github/actions/validate-pr-title - uses: splunk/addonfactory-workflow-addon-release/.github/actions/validate-pr-title@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/validate-pr-title with: GITHUB_TOKEN: ${{ github.token }} @@ -235,8 +234,7 @@ jobs: steps: - name: Run meta preparation id: meta - # uses: ./.github/actions/meta - uses: splunk/addonfactory-workflow-addon-release/.github/actions/meta@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/meta with: SA_GH_USER_NAME: ${{ secrets.SA_GH_USER_NAME }} SA_GH_USER_EMAIL: ${{ secrets.SA_GH_USER_EMAIL }} @@ -251,8 +249,7 @@ jobs: if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }} steps: - name: Run FOSSA scan - # uses: ./.github/actions/fossa-scan - uses: splunk/addonfactory-workflow-addon-release/.github/actions/fossa-scan@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/fossa-scan with: FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} @@ -264,8 +261,7 @@ jobs: - fossa-scan steps: - name: Run FOSSA test - # uses: ./.github/actions/fossa-test - uses: splunk/addonfactory-workflow-addon-release/.github/actions/fossa-test@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/fossa-test with: FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} @@ -277,8 +273,7 @@ jobs: if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }} steps: - name: Run compliance copyrights - # uses: ./.github/actions/compliance-copyrights - uses: splunk/addonfactory-workflow-addon-release/.github/actions/compliance-copyrights@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/compliance-copyrights lint: name: Lint @@ -288,8 +283,7 @@ jobs: if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }} steps: - name: Run linting checks - # uses: ./.github/actions/lint - uses: splunk/addonfactory-workflow-addon-release/.github/actions/lint@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/lint review-secrets: name: Review secrets @@ -299,8 +293,7 @@ jobs: if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }} steps: - name: Run secrets review - # uses: ./.github/actions/review-secrets - uses: splunk/addonfactory-workflow-addon-release/.github/actions/review-secrets@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/review-secrets semgrep: name: Semgrep security check @@ -310,8 +303,7 @@ jobs: if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }} steps: - name: Run semgrep - # uses: ./.github/actions/semgrep - uses: splunk/addonfactory-workflow-addon-release/.github/actions/semgrep@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/semgrep with: SEMGREP_PUBLISH_TOKEN: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} @@ -333,11 +325,10 @@ jobs: steps: - name: Run test inventory check id: test-inventory - # uses: ./.github/actions/test-inventory - uses: splunk/addonfactory-workflow-addon-release/.github/actions/test-inventory@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/test-inventory # Two separate unit test jobs needed as jobs that depend on unit-test success can't proceed - # if any matrix job fails. Currently python 3.9 always fails as it's not supported. + # if any matrix job fails. Currently python 3.9 may fail as it's not supported in all TAs. # TODO: group these jobs into the matrix once python 3.9 is supported run-unit-tests-3_7: @@ -356,8 +347,7 @@ jobs: steps: - name: Run unit tests for python 3.7 id: unit-tests-3_7 - # uses: ./.github/actions/unit-tests - uses: splunk/addonfactory-workflow-addon-release/.github/actions/unit-tests@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/unit-tests with: python_version: '3.7' @@ -378,8 +368,7 @@ jobs: steps: - name: Run unit tests for python 3.9 id: unit-tests-3_9 - # uses: ./.github/actions/unit-tests - uses: splunk/addonfactory-workflow-addon-release/.github/actions/unit-tests@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/unit-tests with: python_version: '3.9' @@ -394,12 +383,6 @@ jobs: - review-secrets - semgrep - run-unit-tests-3_7 - # strategy: - # fail-fast: false - # matrix: - # python-version: - # - "3.7" - # - "3.9" if: ${{ !cancelled() && (needs.run-unit-tests-3_7.result == 'success' || needs.run-unit-tests-3_7.result == 'skipped') }} outputs: buildname: ${{ steps.build.outputs.buildname }} @@ -409,8 +392,7 @@ jobs: steps: - name: Run build 3.7 id: build - # uses: ./.github/actions/build - uses: splunk/addonfactory-workflow-addon-release/.github/actions/build@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/build with: python_version: "3.7" SA_GH_USER_NAME: ${{ secrets.SA_GH_USER_NAME }} @@ -434,20 +416,13 @@ jobs: - review-secrets - semgrep - run-unit-tests-3_7 - # strategy: - # fail-fast: false - # matrix: - # python-version: - # - "3.7" - # - "3.9" if: ${{ !cancelled() && (needs.run-unit-tests-3_7.result == 'success' || needs.run-unit-tests-3_7.result == 'skipped') }} permissions: contents: write packages: read steps: - name: Run build 3.9 - # uses: ./.github/actions/build - uses: splunk/addonfactory-workflow-addon-release/.github/actions/build@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/build with: python_version: "3.9" SA_GH_USER_NAME: ${{ secrets.SA_GH_USER_NAME }} @@ -461,13 +436,13 @@ jobs: modinput_functional: ${{ needs.test-inventory.outputs.modinput_functional}} virustotal: + continue-on-error: true runs-on: ubuntu-latest needs: build if: ${{ !cancelled() && needs.build.result == 'success' }} steps: - name: Run VirusTotal check - # uses: ./.github/actions/virustotal - uses: splunk/addonfactory-workflow-addon-release/.github/actions/virustotal@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/virustotal with: VT_API_KEY: ${{ secrets.VT_API_KEY }} @@ -487,8 +462,7 @@ jobs: checks: write steps: - name: Run requirements unit tests - # uses: ./.github/actions/requirements-unit-tests - uses: splunk/addonfactory-workflow-addon-release/.github/actions/requirements-unit-tests@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/requirements-unit-tests appinspect-cli: name: AppInspect CLI ${{ matrix.tags }} @@ -509,8 +483,7 @@ jobs: - "manual" steps: - name: Run appinspect CLI - # uses: ./.github/actions/appinspect-cli - uses: splunk/addonfactory-workflow-addon-release/.github/actions/appinspect-cli@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/appinspect-cli with: matrix_tags: ${{ matrix.tags }} @@ -531,8 +504,7 @@ jobs: - "" steps: - name: Run appinspect API - # uses: ./.github/actions/appinspect-api - uses: splunk/addonfactory-workflow-addon-release/.github/actions/appinspect-api@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/appinspect-api with: matrix_tags: ${{ matrix.tags }} SPL_COM_USER: ${{ secrets.SPL_COM_USER }} @@ -550,8 +522,7 @@ jobs: packages: write steps: - name: Run artifact registry - # uses: ./.github/actions/artifact-registry - uses: splunk/addonfactory-workflow-addon-release/.github/actions/artifact-registry@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/artifact-registry with: sc4s: ${{ needs.meta.outputs.sc4s }} diff --git a/.github/workflows/reusable-lightweight.yml b/.github/workflows/reusable-lightweight.yml index 42b0fb381..537da1083 100644 --- a/.github/workflows/reusable-lightweight.yml +++ b/.github/workflows/reusable-lightweight.yml @@ -60,8 +60,7 @@ jobs: statuses: write steps: - name: Run title validation - # uses: ./.github/actions/validate-pr-title - uses: splunk/addonfactory-workflow-addon-release/.github/actions/validate-pr-title@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/validate-pr-title with: GITHUB_TOKEN: ${{ github.token }} @@ -73,8 +72,7 @@ jobs: steps: - name: Run meta preparation id: meta - # uses: ./.github/actions/meta - uses: splunk/addonfactory-workflow-addon-release/.github/actions/meta@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/meta with: SA_GH_USER_NAME: ${{ secrets.SA_GH_USER_NAME }} SA_GH_USER_EMAIL: ${{ secrets.SA_GH_USER_EMAIL }} @@ -86,8 +84,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Run FOSSA scan - # uses: ./.github/actions/fossa-scan - uses: splunk/addonfactory-workflow-addon-release/.github/actions/fossa-scan@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/fossa-scan with: FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} @@ -98,8 +95,7 @@ jobs: - fossa-scan steps: - name: Run FOSSA test - # uses: ./.github/actions/fossa-test - uses: splunk/addonfactory-workflow-addon-release/.github/actions/fossa-test@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/fossa-test with: FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} @@ -108,32 +104,28 @@ jobs: runs-on: ubuntu-latest steps: - name: Run compliance copyrights - # uses: ./.github/actions/compliance-copyrights - uses: splunk/addonfactory-workflow-addon-release/.github/actions/compliance-copyrights@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/compliance-copyrights lint: name: Lint runs-on: ubuntu-latest steps: - name: Run linting checks - # uses: ./.github/actions/lint - uses: splunk/addonfactory-workflow-addon-release/.github/actions/lint@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/lint review-secrets: name: Review secrets runs-on: ubuntu-latest steps: - name: Run secrets review - # uses: ./.github/actions/review-secrets - uses: splunk/addonfactory-workflow-addon-release/.github/actions/review-secrets@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/review-secrets semgrep: name: Semgrep security check runs-on: ubuntu-latest steps: - name: Run semgrep - # uses: ./.github/actions/semgrep - uses: splunk/addonfactory-workflow-addon-release/.github/actions/semgrep@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/semgrep with: SEMGREP_PUBLISH_TOKEN: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} @@ -148,11 +140,10 @@ jobs: steps: - name: Run test inventory check id: test-inventory - # uses: ./.github/actions/test-inventory - uses: splunk/addonfactory-workflow-addon-release/.github/actions/test-inventory@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/test-inventory # Two separate unit test jobs needed as jobs that depend on unit-test success can't proceed - # if any matrix job fails. Currently python 3.9 always fails as it's not supported. + # if any matrix job fails. Currently python 3.9 may fail as it's not supported in all TAs. # TODO: group these jobs into the matrix once python 3.9 is supported run-unit-tests-3_7: @@ -171,8 +162,7 @@ jobs: steps: - name: Run unit tests for python 3.7 id: unit-tests-3_7 - # uses: ./.github/actions/unit-tests - uses: splunk/addonfactory-workflow-addon-release/.github/actions/unit-tests@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/unit-tests with: python_version: '3.7' @@ -193,8 +183,7 @@ jobs: steps: - name: Run unit tests for python 3.9 id: unit-tests-3_9 - # uses: ./.github/actions/unit-tests - uses: splunk/addonfactory-workflow-addon-release/.github/actions/unit-tests@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/unit-tests with: python_version: '3.9' @@ -221,8 +210,7 @@ jobs: packages: read steps: - name: Run build - # uses: ./.github/actions/build - uses: splunk/addonfactory-workflow-addon-release/.github/actions/build@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/build with: python_version: ${{ matrix.python-version }} SA_GH_USER_NAME: ${{ secrets.SA_GH_USER_NAME }} @@ -241,8 +229,7 @@ jobs: if: ${{ !cancelled() && needs.build.result == 'success' }} steps: - name: Run VirusTotal check - # uses: ./.github/actions/virustotal - uses: splunk/addonfactory-workflow-addon-release/.github/actions/virustotal@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/virustotal with: VT_API_KEY: ${{ secrets.VT_API_KEY }} @@ -262,8 +249,7 @@ jobs: checks: write steps: - name: Run requirements unit tests - # uses: ./.github/actions/requirements-unit-tests - uses: splunk/addonfactory-workflow-addon-release/.github/actions/requirements-unit-tests@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/requirements-unit-tests appinspect-cli: name: AppInspect CLI ${{ matrix.tags }} @@ -284,8 +270,7 @@ jobs: - "manual" steps: - name: Run appinspect CLI - # uses: ./.github/actions/appinspect-cli - uses: splunk/addonfactory-workflow-addon-release/.github/actions/appinspect-cli@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/appinspect-cli with: matrix_tags: ${{ matrix.tags }} @@ -301,7 +286,6 @@ jobs: packages: write steps: - name: Run artifact registry - # uses: ./.github/actions/artifact-registry - uses: splunk/addonfactory-workflow-addon-release/.github/actions/artifact-registry@ci/lightweight-workflow-ADDON-66448 + uses: ./.github/actions/artifact-registry with: sc4s: ${{ needs.meta.outputs.sc4s }}