From 9b8fb85d891a8bd2924fc245dfa320feef96ea90 Mon Sep 17 00:00:00 2001 From: Marcin Bruzda <94437843+mbruzda-splunk@users.noreply.github.com> Date: Mon, 7 Aug 2023 11:13:33 +0200 Subject: [PATCH] feat: Add Appinspect API action (#168) * ci: always upload artifact * ci: add secrets * ci: rename appinspect stage * docs: update readme * ci: appinpsect api now runs only on push and PR to main --- .../workflows/reusable-build-test-release.yml | 40 +++++++++++++++ README.md | 49 +++++++++++++++++++ 2 files changed, 89 insertions(+) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 69171d51f..93856290d 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -45,6 +45,12 @@ on: SA_GPG_PASSPHRASE: description: GPG signature passphrase required: true + SPL_COM_USER: + description: username to splunk.com + required: true + SPL_COM_PASSWORD: + description: password to splunk.com + required: true permissions: contents: read packages: read @@ -793,6 +799,40 @@ jobs: path: | *_markdown.txt + appinspect-api: + name: appinspect api ${{ matrix.tags }} + needs: build + if: | + !cancelled() && + needs.build.result == 'success' && + ( github.base_ref == 'main' || github.ref_name == 'main' ) + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + tags: + - "cloud" + - "self-service" + - "" + steps: + - uses: actions/checkout@v3 + - uses: actions/download-artifact@v3 + with: + name: package-splunkbase + path: build/package + - name: AppInspect API + uses: splunk/appinspect-api-action@v3.0 + with: + username: ${{ secrets.SPL_COM_USER }} + password: ${{ secrets.SPL_COM_PASSWORD }} + app_path: build/package/ + included_tags: ${{ matrix.tags }} + - uses: actions/upload-artifact@v3 + if: always() + with: + name: appinspect-api-html-report-${{ matrix.tags }} + path: AppInspect_response.html + artifact-registry: runs-on: ubuntu-latest needs: diff --git a/README.md b/README.md index b067e8918..fbf6c8f16 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,8 @@ jobs: SA_GH_USER_EMAIL: ${{ secrets.SA_GH_USER_EMAIL }} SA_GPG_PRIVATE_KEY: ${{ secrets.SA_GPG_PRIVATE_KEY }} SA_GPG_PASSPHRASE: ${{ secrets.SA_GPG_PASSPHRASE }} + SPL_COM_USER: ${{ secrets.SPL_COM_USER }} + SPL_COM_PASSWORD: ${{ secrets.SPL_COM_PASSWORD }} ``` *** @@ -403,6 +405,53 @@ appinspect_self-service_checks.json appinspect_splunk_appinspect_checks.json ``` + +AppInspect API +======================= + +**Description** + +- Splunk AppInspect performs validation checks on your Splunk app package against a set of standardized criteria to evaluate the app structure, features, security, and adherence to Splunk Cloud Platform requirements. Unlike previous job that uses AppInspect CLI, this one uses AppInspect API + +- [https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/](https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/useappinspectapi/) + +- Respective Appinspect tags used in stage: + +- https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/#Validate-an-app-using-tags + +``` +"cloud" +"self-service" +"" (no tags) +``` +**Action used:** https://github.com/splunk/appinspect-api-action + +**Pass/fail behaviour:** + +- Splunk AppInspect API generates HTML report that details the successes, warnings, and failures flagged by the checks. + +- By using the results of the report, user can fix any issues in your app before you submit it for cloud vetting or for publication to Splunkbase. + +**Exception file:** + +- `.appinspect_api.expect.yaml` We can use this file to add false positives with appropriate comments. + +- ref: https://github.com/splunk/splunk-add-on-for-cisco-meraki/blob/main/.app-vetting.yaml - Connect to preview + +**Troubleshooting steps for failures if any:** + +- User can refer to this for failures https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/#Common-issues-reported-by-Splunk-AppInspect + + +**Artifacts:** + +``` +appinspect-api-html-report +appinspect-api-html-report-cloud +appinspect-api-html-report-self-service +``` + + # setup **Description:**