Pre-commit version updates #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reusable Push Workflow | |
| on: | |
| pull_request_target: | |
| types: | |
| - opened | |
| - synchronize | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup Environment | |
| uses: splunk-soar-connectors/.github/.github/actions/env-setup@main | |
| - name: Pre-commit | |
| uses: splunk-soar-connectors/.github/.github/actions/pre-commit@main | |
| security-scans: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| steps: | |
| - name: Check out app repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Determine if community app | |
| id: community_app_check | |
| run: | | |
| app_json=$(find . -maxdepth 1 -name '*.json' ! -name '*.postman_collection.json') | |
| publisher=$(jq -r '.publisher' "$app_json") | |
| is_splunk_supported=false | |
| if [[ "$publisher" == "Splunk" ]]; then | |
| is_splunk_supported=true | |
| else | |
| echo "Security scans will not fail for community or developer supported apps. The SOAR team will handle the results." | |
| fi | |
| echo "is_splunk_supported=$is_splunk_supported" >> $GITHUB_OUTPUT | |
| - name: Run fossa scan | |
| run: | | |
| curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash | |
| fossa analyze | |
| fossa test | |
| continue-on-error: ${{ !fromJson(steps.community_app_check.outputs.is_splunk_supported) }} | |
| compile: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| steps: | |
| - name: Check out app repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Compile Application | |
| uses: splunk-soar-connectors/.github/.github/actions/compile-app@main | |
| with: | |
| current_phantom_ip: ${{ vars.PHANTOM_INSTANCE_CURRENT_VERSION_IP }} | |
| next_phantom_ip: ${{ vars.PHANTOM_INSTANCE_NEXT_OL8_VERSION_IP }} | |
| previous_phantom_ip: ${{ vars.PHANTOM_INSTANCE_PREVIOUS_VERSION_IP }} | |
| phantom_username: ${{ vars.PHANTOM_USERNAME }} | |
| build: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: [compile] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Build Application | |
| uses: splunk-soar-connectors/.github/.github/actions/build-app@main | |
| - name: Upload app tar file as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-tar | |
| path: /tmp/${{ github.event.repository.name }}.tgz | |
| test-setup: | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| outputs: | |
| fips_compliant: ${{ steps.set-outputs.outputs.fips_compliant }} | |
| publisher: ${{ steps.set-outputs.outputs.publisher }} | |
| steps: | |
| - name: Check out actions repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Set sanity tests environment variables | |
| uses: splunk-soar-connectors/.github/.github/actions/test-setup@main | |
| - name: Set outputs | |
| id: set-outputs | |
| run: | | |
| echo "${{ env.publisher }}" | |
| echo publisher="${{ env.publisher }}" >> $GITHUB_OUTPUT | |
| echo "fips_compliant=${{ env.fips_compliant }}" >> $GITHUB_OUTPUT | |
| test-coverage: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: test-setup | |
| if: ${{ needs.test-setup.outputs.publisher == 'Splunk' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Test Coverage | |
| uses: splunk-soar-connectors/.github/.github/actions/test-coverage@main | |
| with: | |
| app_repo: ${{ github.event.repository.name }} | |
| sanity-test: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: test-setup | |
| if: ${{ needs.test-setup.outputs.publisher == 'Splunk' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - version: "next_ol8" | |
| ip: ${{ vars.PHANTOM_INSTANCE_NEXT_OL8_VERSION_IP }} | |
| - version: "next_ol9" | |
| ip: ${{ vars.PHANTOM_INSTANCE_NEXT_OL9_VERSION_IP }} | |
| - version: "next_amzn2023" | |
| ip: ${{ vars.PHANTOM_INSTANCE_NEXT_AMZN2023_VERSION_IP }} | |
| - version: "previous" | |
| ip: ${{ vars.PHANTOM_INSTANCE_PREVIOUS_VERSION_IP }} | |
| - version: "cloud" | |
| ip: ${{ vars.PHANTOM_INSTANCE_CLOUD_HOST }} | |
| env: | |
| AWS_PHANTOM_INSTANCE_CURRENT_VERSION_IP: ${{ vars.AWS_PHANTOM_INSTANCE_CURRENT_VERSION_IP }} | |
| AWS_PHANTOM_INSTANCE_PREVIOUS_VERSION_IP: ${{ vars.AWS_PHANTOM_INSTANCE_PREVIOUS_VERSION_IP }} | |
| NUM_TEST_RETRIES: ${{ vars.NUM_TEST_RETRIES }} | |
| VAULT_ROLE: ${{ vars.VAULT_ROLE }} | |
| PHANTOM_INSTANCE_CURRENT_FIPS_VERSION_IP: ${{ vars.PHANTOM_INSTANCE_CURRENT_FIPS_VERSION_IP }} | |
| PLAYBOOK_EXCLUDE_REGEX: ${{ vars.PLAYBOOK_EXCLUDE_REGEX }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download app tar file | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-tar | |
| - name: Run Sanity Tests | |
| uses: splunk-soar-connectors/.github/.github/actions/sanity-tests@main | |
| with: | |
| phantom_ip: ${{ matrix.ip }} | |
| version: ${{ matrix.version }} | |
| app_repo: ${{ github.event.repository.name }} | |
| automation_broker: ${{ vars.AUTOMATION_BROKER_NAME }} | |
| integration-test: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: test-setup | |
| if: ${{ needs.test-setup.outputs.publisher == 'Splunk' }} | |
| env: | |
| PHANTOM_INSTANCE_IP: ${{ vars.PHANTOM_INSTANCE_CURRENT_VERSION_IP }} | |
| PHANTOM_INSTANCE_IP_FIPS: ${{ vars.PHANTOM_INSTANCE_CURRENT_FIPS_VERSION_IP }} | |
| AWS_PHANTOM_INSTANCE_CURRENT_VERSION_IP: ${{ vars.AWS_PHANTOM_INSTANCE_CURRENT_VERSION_IP }} | |
| AWS_PHANTOM_INSTANCE_PREVIOUS_VERSION_IP: ${{ vars.AWS_PHANTOM_INSTANCE_PREVIOUS_VERSION_IP }} | |
| NUM_TEST_RETRIES: ${{ vars.NUM_TEST_RETRIES }} | |
| VAULT_ROLE: ${{ vars.VAULT_ROLE }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download app tar file | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-tar | |
| - name: Run Integration Tests | |
| uses: splunk-soar-connectors/.github/.github/actions/integration-tests@main | |
| with: | |
| fips_compliant: ${{ needs.test-setup.outputs.fips_compliant }} | |
| app_repo: ${{ github.event.repository.name }} |