From f8a551c5a63869f735c343e1ecdc79560ab1efc2 Mon Sep 17 00:00:00 2001 From: Siddharth Khatsuriya <62132600+siddharth-khatsuriya@users.noreply.github.com> Date: Wed, 25 Jun 2025 11:39:09 +0530 Subject: [PATCH 1/2] chore(release): merge develop to main (#398) ### Description Changes in the PR: --- - Update in AppInspect CLI action version Ref: https://github.com/splunk/addonfactory-workflow-addon-release/pull/394 - Added conditions skip tests, build, app-inspect and publish if the changes in PR are only related to documentation Ref: https://github.com/splunk/addonfactory-workflow-addon-release/pull/389 - Changes in the runbok for appinspect update Ref: https://github.com/splunk/addonfactory-workflow-addon-release/pull/395 - Run appinspect api job for release/ branches in build-test-release pipeline Ref: https://github.com/splunk/addonfactory-workflow-addon-release/pull/376 - Bumps the k8s-manifests-branch version from v3.3.2 to v3.4.1 Ref: https://github.com/splunk/addonfactory-workflow-addon-release/pull/393 - k8s-manifests-branch changes references - Fix for the issue with the scripted input where the tests were failing with invalid HEC token error. Ref: https://github.com/splunk/ta-automation-k8s-manifests/pull/120 - Added support for the new unified modinput tests framework in upgrade tests. Ref: https://github.com/splunk/ta-automation-k8s-manifests/pull/118 - This PR fixes deployments for TAs using vendor products. It's required change to succesfully run ucc modinput tests ref: https://github.com/splunk/ta-automation-k8s-manifests/pull/123 - Enabled JMX authentication in Tomcat Docker by adding jmxremote.access and jmxremote.password files. Updated CATALINA_OPTS to support authentication for automation purposes. ref: https://github.com/splunk/ta-automation-k8s-manifests/pull/124 ### Checklist - [ ] `README.md` has been updated or is not required - [ ] push trigger tests - [ ] manual release test - [ ] automated releases test - [ ] pull request trigger tests - [ ] schedule trigger tests - [ ] workflow errors/warnings reviewed and addressed ### Testing done FDR: https://github.com/splunk/splunk-add-on-for-crowdstrike-fdr/actions/runs/15320727045 --------- Co-authored-by: mgrandys-splunk <153620320+mgrandys-splunk@users.noreply.github.com> Co-authored-by: dvarasani-crest <151819886+dvarasani-crest@users.noreply.github.com> Co-authored-by: Dmytro Kvashnin Co-authored-by: kdoroszko-splunk Co-authored-by: mkolasinski-splunk Co-authored-by: mkolasinski-splunk <105011638+mkolasinski-splunk@users.noreply.github.com> Co-authored-by: Dmytro Kvashnin <139753462+dkvashninsplunk@users.noreply.github.com> Co-authored-by: harshilgajera-crest <69803385+harshilgajera-crest@users.noreply.github.com> --- .../workflows/reusable-build-test-release.yml | 52 +++++++++++++++---- runbooks/update_appinspect_cli_action.md | 4 +- 2 files changed, 44 insertions(+), 12 deletions(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index db4edf602..083d421ed 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -39,13 +39,13 @@ on: required: false description: "branch for k8s manifests to run the tests on" type: string - default: "v3.3.4" + default: "v3.5.0" scripted-inputs-os-list: required: false description: "list of OS used for scripted input tests" type: string default: >- - ["ubuntu:14.04", "ubuntu:16.04","ubuntu:18.04","ubuntu:22.04", "ubuntu:24.04", "redhat:8.4", "redhat:8.5", "redhat:8.6", "redhat:8.8"] + ["ubuntu:16.04", "ubuntu:18.04", "ubuntu:20.04", "ubuntu:22.04", "ubuntu:24.04", "redhat:8.4", "redhat:8.5", "redhat:8.6", "redhat:8.8", "redhat:9.5"] upgrade-tests-ta-versions: required: false description: "List with TA versions (in 'X.X.X' format) that should be used as starting points for upgrade tests. Example: ['7.6.0', '7.7.0']" @@ -122,8 +122,36 @@ jobs: exit 1 fi + check-docs-changes: + runs-on: ubuntu-latest + outputs: + docs-only: ${{ steps.check.outputs.docs-only }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Fetch all refs + run: git fetch --prune --unshallow + + - name: Check if the changes are only in docs/*, mkdocs.yml, or .github/workflows/docs.yml + id: check + run: | + set -o xtrace + # List all files modified in the commit or PR + changed_files=$(git diff --name-only --diff-filter=ACMRT ${{ github.event.pull_request.base.sha }} ${{ github.sha }}) + + # Check if any of the changed files are not in docs/*, mkdocs.yml, or .github/workflows/docs.yml + if echo "$changed_files" | grep -vqE '^(docs/|mkdocs.yml|.github/workflows/docs.yml)'; then + echo "docs-only=false" >> "$GITHUB_OUTPUT" + else + echo "Only documentation changes found." + echo "docs-only=true" >> "$GITHUB_OUTPUT" + fi + setup-workflow: runs-on: ubuntu-latest + needs: + - check-docs-changes outputs: execute-knowledge-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_knowledge_labeled }} execute-spl2-labeled: ${{ steps.configure-tests-on-labels.outputs.execute_spl2_labeled }} @@ -381,6 +409,8 @@ jobs: test-inventory: runs-on: ubuntu-latest + needs: + - check-docs-changes # Map a step output to a job output outputs: spl2: ${{ steps.testset.outputs.spl2 }} @@ -396,8 +426,8 @@ jobs: - id: testset name: Check available test types run: | - find tests -type d -maxdepth 1 -mindepth 1 | sed 's|^tests/||g' | while read -r TESTSET; do echo "$TESTSET=true" >> "$GITHUB_OUTPUT"; echo "$TESTSET::true"; done - find package/default/data -type d -name "spl2" -maxdepth 1 -mindepth 1 | sed 's|^package/default/data/||g' | while read -r TESTSET; do echo "$TESTSET=true" >> "$GITHUB_OUTPUT"; echo "$TESTSET::true"; done + find tests -type d -maxdepth 1 -mindepth 1 | sed 's|^tests/||g' | while read -r TESTSET; do echo "$TESTSET=${{ needs.check-docs-changes.outputs.docs-only == 'false' && 'true' || 'false' }}" >> "$GITHUB_OUTPUT"; echo "$TESTSET::${{ needs.check-docs-changes.outputs.docs-only == 'false' && 'true' || 'false' }}"; done + find package/default/data -type d -name "spl2" -maxdepth 1 -mindepth 1 | sed 's|^package/default/data/||g' | while read -r TESTSET; do echo "$TESTSET=${{ needs.check-docs-changes.outputs.docs-only == 'false' && 'true' || 'false' }}" >> "$GITHUB_OUTPUT"; echo "$TESTSET::${{ needs.check-docs-changes.outputs.docs-only == 'false' && 'true' || 'false' }}"; done run-unit-tests: name: test-unit-python3-${{ matrix.python-version }} @@ -540,6 +570,7 @@ jobs: build: runs-on: ubuntu-22.04 needs: + - check-docs-changes - validate-custom-version - setup-workflow - test-inventory @@ -550,7 +581,7 @@ jobs: - semgrep - run-unit-tests - fossa-scan - if: ${{ !cancelled() && (needs.run-unit-tests.result == 'success' || needs.run-unit-tests.result == 'skipped') && (needs.validate-custom-version.result == 'success' || needs.validate-custom-version.result == 'skipped') }} + if: ${{ !cancelled() && (needs.run-unit-tests.result == 'success' || needs.run-unit-tests.result == 'skipped') && (needs.validate-custom-version.result == 'success' || needs.validate-custom-version.result == 'skipped') && (needs.check-docs-changes.outputs.docs-only == 'false') }} outputs: buildname: ${{ steps.buildupload.outputs.name }} permissions: @@ -728,6 +759,7 @@ jobs: build-3_9: runs-on: ubuntu-latest needs: + - check-docs-changes - validate-custom-version - setup-workflow - test-inventory @@ -741,7 +773,8 @@ jobs: if: | always() && (needs.run-unit-tests-3_9.result == 'success' || needs.run-unit-tests-3_9.result == 'skipped') && - (needs.validate-custom-version.result == 'success' || needs.validate-custom-version.result == 'skipped') + (needs.validate-custom-version.result == 'success' || needs.validate-custom-version.result == 'skipped') && + (needs.check-docs-changes.outputs.docs-only == 'false') permissions: contents: write packages: read @@ -856,7 +889,7 @@ jobs: name: package-splunkbase path: build/package/ - name: Scan - uses: splunk/appinspect-cli-action@v2.9 + uses: splunk/appinspect-cli-action@v2.10 with: app_path: build/package/ included_tags: ${{ matrix.tags }} @@ -881,7 +914,7 @@ jobs: if: | !cancelled() && needs.build.result == 'success' && - ( github.base_ref == 'main' || github.ref_name == 'main' ) + ( github.base_ref == 'main' || github.ref_name == 'main' || startsWith(github.base_ref, 'release/') || startsWith(github.ref_name, 'release/') ) runs-on: ubuntu-latest strategy: fail-fast: false @@ -2903,6 +2936,7 @@ jobs: outputs: run-publish: ${{ steps.check.outputs.run-publish }} needs: + - check-docs-changes - validate-custom-version - meta - compliance-copyrights @@ -2928,7 +2962,7 @@ jobs: shell: bash run: | RUN_PUBLISH=$(echo "$NEEDS" | jq ".[] | select( ( .result != \"skipped\" ) and .result != \"success\" ) | length == 0") - if [[ "$RUN_PUBLISH" != *'false'* ]] + if [[ "$RUN_PUBLISH" != *'false'* ]] && [[ "${{ needs.check-docs-changes.outputs.docs-only }}" == 'false' ]] then echo "run-publish=true" >> "$GITHUB_OUTPUT" echo "Publish conditions are met." diff --git a/runbooks/update_appinspect_cli_action.md b/runbooks/update_appinspect_cli_action.md index 2a4f27434..3670962b7 100644 --- a/runbooks/update_appinspect_cli_action.md +++ b/runbooks/update_appinspect_cli_action.md @@ -22,10 +22,8 @@ Once Splunk AppInspect team releases AppInspect CLI - we need to make sure that - create a PR in this repository with a new version of the action ([example PR](https://github.com/splunk/addonfactory-workflow-addon-release/pull/247)) - make sure that PR is towards `main` branch + - make sure the title of the PR follows the format: "fix: update AppInspect CLI action to v.X.Y" - make sure that the pipeline is green - - determine which version of `appinspect-cli-action` needs to be released based on the PR - - if it is a bug fix or dependecnies update - "fix" in the title of the PR - - if it is a feature release - "feat" in the title of the PR - attach a link to a test run of reusable workflow - get review from the team - "Squash and merge" the PR From 6c82519a0f6fec8b4834ae04df85ae070d4c9819 Mon Sep 17 00:00:00 2001 From: mkolasinski-splunk <105011638+mkolasinski-splunk@users.noreply.github.com> Date: Thu, 26 Jun 2025 15:49:53 +0200 Subject: [PATCH 2/2] fix: bump k8s-manifests branch to latest (#417) ### Description (PR description goes here) ### Checklist - [ ] `README.md` has been updated or is not required - [ ] push trigger tests - [ ] manual release test - [ ] automated releases test - [ ] pull request trigger tests - [ ] schedule trigger tests - [ ] workflow errors/warnings reviewed and addressed ### Testing done (for each selected checkbox, the corresponding test results link should be listed here) --- .github/workflows/reusable-build-test-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 083d421ed..149cf6924 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -39,7 +39,7 @@ on: required: false description: "branch for k8s manifests to run the tests on" type: string - default: "v3.5.0" + default: "v3.5.1" scripted-inputs-os-list: required: false description: "list of OS used for scripted input tests"