App inspect tests #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: App inspect tests | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths-ignore: | |
| - '**.md' | |
| pull_request: | |
| branches: [ main ] | |
| paths-ignore: | |
| - '**.md' | |
| schedule: | |
| - cron: '25 02 * * THU' | |
| workflow_dispatch: | |
| jobs: | |
| appinspect: | |
| name: App inspect tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.9.16' | |
| - name: Install Splunk Packaging Toolkit | |
| run: | | |
| curl https://download.splunk.com/misc/packaging-toolkit/splunk-packaging-toolkit-1.0.1.tar.gz -o /tmp/spl.tar.gz | |
| pip install /tmp/spl.tar.gz | |
| - name: Create Splunk App Package | |
| run: | | |
| slim package . | |
| mv crowdsec-splunk-app-*.tar.gz /tmp/crowdsec-splunk-app.tar.gz | |
| - name: Retrieve Splunk API Token | |
| id: get_token | |
| run: | | |
| TOKEN=$(curl -s -u '${{ secrets.SPLUNKBASE_USERNAME }}:${{ secrets.SPLUNKBASE_PASSWORD }}' \ | |
| --url 'https://api.splunk.com/2.0/rest/login/splunk' | jq -r .data.token) | |
| echo "::add-mask::$TOKEN" | |
| echo "token=$TOKEN" >> $GITHUB_OUTPUT | |
| - name: Submit App for Validation | |
| id: submit_app | |
| run: | | |
| RESPONSE=$(curl -s -X POST \ | |
| -H "Authorization: bearer ${{ steps.get_token.outputs.token }}" \ | |
| -F "app_package=@/tmp/crowdsec-splunk-app.tar.gz" \ | |
| "https://appinspect.splunk.com/v1/app/validate") | |
| REQUEST_ID=$(echo "$RESPONSE" | jq -r '.request_id') | |
| echo "request_id=$REQUEST_ID" >> $GITHUB_OUTPUT | |
| - name: Poll Status and Download Report | |
| run: | | |
| TOKEN=${{ steps.get_token.outputs.token }} | |
| REQUEST_ID=${{ steps.submit_app.outputs.request_id }} | |
| STATUS_URL="https://appinspect.splunk.com/v1/app/validate/status/$REQUEST_ID" | |
| REPORT_URL="https://appinspect.splunk.com/v1/app/report/$REQUEST_ID" | |
| echo "Polling validation status for request ID: $REQUEST_ID" | |
| for i in {1..10}; do | |
| STATUS=$(curl -s -H "Authorization: bearer $TOKEN" "$STATUS_URL" | jq -r .status) | |
| echo "Status: $STATUS" | |
| if [[ "$STATUS" == "SUCCESS" ]]; then | |
| echo "Validation succeeded!" | |
| break | |
| elif [[ "$STATUS" == "FAILURE" ]]; then | |
| echo "Validation failed!" | |
| exit 1 | |
| fi | |
| sleep 5 | |
| done | |
| echo "Downloading final validation report..." | |
| curl -s -H "Authorization: bearer $TOKEN" "$REPORT_URL" > /tmp/report.json | |
| - name: Upload App Inspect Report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: Appinspect Report | |
| path: /tmp/report.json | |
| retention-days: 7 | |
| - name: Check App Inspect Report Results | |
| run: | | |
| if grep -q '"result": "failure"' /tmp/report.json; then | |
| echo "::error::App inspect check failed" | |
| exit 1 | |
| else | |
| exit 0 | |
| fi |