Bump splunk-appinspect from 3.5.0 to 3.7.0 #54
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Splunk App CI/CD 2 | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| tags: | |
| - "v*.*.*" | |
| jobs: | |
| package: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install poetry | |
| run: pipx install poetry | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.7" | |
| cache: "poetry" | |
| architecture: "x64" | |
| - name: "Setup Environment" | |
| run: | | |
| poetry install --no-root | |
| - name: Generate Documentation | |
| run: | | |
| cat README.md | sed 's/package\/appserver/appserver/g' > package/README.md | |
| poetry run grip README.md --export README.html --title "" | |
| #poetry run pandoc -s README.html -o package/README.pdf | |
| - name: Generate Addon | |
| run: | | |
| echo "Version is now calculated by ucc-gen" | |
| [ -f ./globalConfig.json ] && poetry run ucc-gen -o output -v || poetry run scripts/build.sh | |
| mv output/$(basename $(pwd)) output/app | |
| - name: Generating package | |
| run: | | |
| set -x | |
| rm -rf output/app/lib/3rdparty/**/*.pyc || true | |
| rm -rf output/app/lib/__pycache__ || true | |
| mkdir -p dist | |
| poetry run ucc-gen package -o dist --path output/app | |
| - name: Local Inspect package | |
| run: | | |
| PACKAGE_ID=$(basename $(pwd)) | |
| PACKAGE=$(ls dist/*) | |
| mkdir -p reports | |
| poetry run splunk-appinspect inspect $PACKAGE --mode=precert --data-format junitxml --output-file reports/$PACKAGE_ID-splunk_appinspect.xml --excluded-tags manual --excluded-tags prerelease --included-tags splunk_appinspect | |
| poetry run splunk-appinspect inspect $PACKAGE --mode=precert --data-format junitxml --output-file reports/$PACKAGE_ID-cloud.xml --excluded-tags manual --excluded-tags prerelease --included-tags cloud | |
| poetry run splunk-appinspect inspect $PACKAGE --mode=precert --data-format junitxml --output-file reports/$PACKAGE_ID-private-victoria.xml --included-tags private_victoria | |
| poetry run splunk-appinspect inspect $PACKAGE --mode=precert --data-format junitxml --output-file reports/$PACKAGE_ID-future.xml --included-tags future | |
| # - name: Run App Inspect CLI | |
| # uses: splunk/[email protected] | |
| # with: | |
| # app_path: $PACKAGE | |
| # included_tags: cloud, splunk_appinspect | |
| - uses: splunk/[email protected] | |
| name: "AppInspect API" | |
| with: | |
| username: ${{ secrets.SPLUNKBASE_USERNAME }} | |
| password: ${{ secrets.SPLUNKBASE_PASSWORD }} | |
| app_path: dist | |
| included_tags: "splunk_appinspect" | |
| excluded_tags: "offensive" | |
| - name: Upload package artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Upload Reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: reports | |
| path: reports | |
| publish-gh: | |
| needs: package | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| container: cimg/go:1.19 | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: . | |
| - uses: ncipollo/release-action@v1 | |
| with: | |
| artifacts: "dist/*" | |
| allowUpdates: true |