diff --git a/.github/workflows/build-test-release.yaml b/.github/workflows/build-test-release.yaml index 414e245a..ad9f07a7 100644 --- a/.github/workflows/build-test-release.yaml +++ b/.github/workflows/build-test-release.yaml @@ -32,7 +32,7 @@ jobs: python-version: "3.7" - name: Install actionlint run: | - bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.6.8/scripts/download-actionlint.bash) + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.6.22/scripts/download-actionlint.bash) - uses: pre-commit/action@v3.0.0 publish: @@ -46,15 +46,9 @@ jobs: with: submodules: false persist-credentials: false - - uses: actions/setup-node@v3 - with: - node-version: '14' - name: Semantic Release - uses: cycjimmy/semantic-release-action@v2.7.0 - with: - semantic_version: 17 - extra_plugins: | - @semantic-release/git + uses: splunk/semantic-release-action@v1.2 + env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }} diff --git a/.github/workflows/reusable-build-test-release.yml b/.github/workflows/reusable-build-test-release.yml index 8f60042c..b11e4f80 100644 --- a/.github/workflows/reusable-build-test-release.yml +++ b/.github/workflows/reusable-build-test-release.yml @@ -151,25 +151,16 @@ jobs: with: submodules: false persist-credentials: false - - uses: actions/setup-node@v3 - with: - node-version: '14' - name: Semantic Release id: version - uses: cycjimmy/semantic-release-action@v2.7.0 - with: - semantic_version: 17 - extra_plugins: | - @semantic-release/exec - @semantic-release/git - semantic-release-helm - @google/semantic-release-replace-plugin + uses: splunk/semantic-release-action@v1.2 + with: dry_run: true env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - name: Docker meta id: docker_action_meta - uses: docker/metadata-action@v4.0.1 + uses: docker/metadata-action@v4.1.1 with: images: ghcr.io/${{ github.repository }}/container tags: | @@ -185,7 +176,6 @@ jobs: uses: splunk/addonfactory-test-matrix-action@v1.8 fossa-scan: - continue-on-error: true runs-on: ubuntu-latest needs: - setup-workflow @@ -204,8 +194,18 @@ jobs: with: name: THIRDPARTY path: /tmp/THIRDPARTY + + fossa-test: + continue-on-error: true + runs-on: ubuntu-latest + needs: + - fossa-scan + if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }} + steps: + - uses: actions/checkout@v3 - name: run fossa test run: | + curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash fossa test --debug env: FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} @@ -290,9 +290,6 @@ jobs: uses: actions/setup-python@v4 with: python-version: 3.7 - - uses: actions/setup-node@v3 - with: - node-version: 14 - name: create requirements file for pip run: | if [ -f "poetry.lock" ] @@ -315,10 +312,10 @@ jobs: - name: Get pip cache dir id: pip-cache run: | - echo "::set-output name=dir::$(pip cache dir)" + echo "dir=$(pip cache dir)" >> "$GITHUB_OUTPUT" - name: Run Check there are libraries to scan id: checklibs - run: if [ -f requirements_dev.txt ]; then echo "::set-output name=ENABLED::true"; fi + run: if [ -f requirements_dev.txt ]; then echo "ENABLED=true" >> "$GITHUB_OUTPUT"; fi - name: pip cache if: ${{ steps.checklibs.outputs.ENABLED == 'true' }} uses: actions/cache@v3 @@ -333,12 +330,8 @@ jobs: - name: Semantic Release Get Next id: semantic if: github.event_name != 'pull_request' - uses: cycjimmy/semantic-release-action@v2.7.0 + uses: splunk/semantic-release-action@v1.2 with: - semantic_version: 17 - extra_plugins: | - @semantic-release/exec - @semantic-release/git dry_run: true env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }} @@ -391,7 +384,7 @@ jobs: AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: | - echo "::set-output name=name::$(basename "${{ steps.slim.outputs.OUTPUT }}")" + echo "name=$(basename "${{ steps.slim.outputs.OUTPUT }}")" >> "$GITHUB_OUTPUT" basename "${{ steps.slim.outputs.OUTPUT }}" aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" s3://ta-production-artifacts/ta-apps/ - name: artifact-splunk-parts @@ -411,7 +404,6 @@ jobs: with: name: package-splunkbase path: build/package/ - - name: VirusTotal Scan uses: crazy-max/ghaction-virustotal@v3 with: @@ -437,7 +429,7 @@ jobs: - id: testset name: testsets run: | - find tests -type d -maxdepth 1 -mindepth 1 | sed 's|^tests/||g' | while read -r TESTSET; do echo "::set-output name=$TESTSET::true"; echo "$TESTSET::true"; done + find tests -type d -maxdepth 1 -mindepth 1 | sed 's|^tests/||g' | while read -r TESTSET; do echo "$TESTSET=true" >> "$GITHUB_OUTPUT"; echo "$TESTSET::true"; done run-unit-tests: name: test-unit-python3-${{ matrix.python-version }} @@ -457,7 +449,6 @@ jobs: uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - - uses: actions/download-artifact@v3 with: name: package-raw @@ -483,7 +474,7 @@ jobs: run: pytest --cov=./ --cov-report=xml --junitxml=test-results/junit.xml tests/unit - name: Run Check if codecov enabled id: checkcodecov - run: if [ -n "$CODECOV_TOKEN" ]; then echo "::set-output name=ENABLED::true"; fi + run: if [ -n "$CODECOV_TOKEN" ]; then echo "ENABLED=true" >> "$GITHUB_OUTPUT"; fi env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - name: Upload coverage to Codecov @@ -582,12 +573,11 @@ jobs: with: name: package-splunkbase path: build/package/splunkbase - - id: getappid run: | appid=$(jq -r '.info.id.name' package/app.manifest) echo appid="$appid" - echo "::set-output name=result::$appid" + echo "result=$appid" >> "$GITHUB_OUTPUT" - run: | curl -LO https://github.com/oras-project/oras/releases/download/v0.12.0/oras_0.12.0_linux_amd64.tar.gz mkdir -p oras-install/ @@ -597,15 +587,14 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Login to GitHub Packages Docker Registry - uses: docker/login-action@v2.0.0 + uses: docker/login-action@v2.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GH_TOKEN }} - - name: Docker meta id: meta - uses: docker/metadata-action@v4.0.1 + uses: docker/metadata-action@v4.1.1 with: images: ghcr.io/${{ github.repository }} tags: | @@ -641,7 +630,7 @@ jobs: - name: Output artifact locator id: artifactid run: | - echo "::set-output name=result:: ${{ needs.meta.outputs.sc4s }}" + echo "result= ${{ needs.meta.outputs.sc4s }}" >> "$GITHUB_OUTPUT" setup: needs: @@ -674,15 +663,6 @@ jobs: id: test-setup shell: bash run: | - echo "::set-output name=argo-server::argo.wfe.splgdi.com:443" - echo "::set-output name=argo-http1::true" - echo "::set-output name=argo-secure::true" - echo "::set-output name=spl-host-suffix::wfe.splgdi.com" - echo "::set-output name=argo-base-href::\'\'" - echo "::set-output name=argo-namespace::workflows" - echo "::set-output name=argo-workflow-tmpl-name::ta-workflow" - echo "::set-output name=k8s-manifests-branch::main" - ADDON_NAME=$(crudini --get package/default/app.conf id name | tr '[:lower:]' '[:upper:]') if [[ -n $(echo "${ADDON_NAME}" | awk -F 'SPLUNK_TA_' '{print $2}') ]]; then @@ -691,19 +671,26 @@ jobs: then ADDON_NAME=$(echo "${ADDON_NAME}" | awk -F '_FOR_SPLUNK' '{print $1}') fi - echo "::set-output name=addon-name::\"$ADDON_NAME\"" - JOB_NAME=$(echo "$ADDON_NAME" | tail -c 16)-$(echo "${GITHUB_SHA}" | tail -c 8)-TEST-TYPE-${GITHUB_RUN_ID} JOB_NAME=${JOB_NAME//[_.]/-} - echo "::set-output name=job-name::wf-$JOB_NAME" - LABELS="addon-name=${ADDON_NAME}" - echo "::set-output name=labels::$LABELS" - ADDON_UPLOAD_PATH="s3://ta-production-artifacts/ta-apps/${{ needs.build.outputs.buildname }}" - echo "::set-output name=addon-upload-path::$ADDON_UPLOAD_PATH" - echo "::set-output name=directory-path::/tmp" - echo "::set-output name=s3-bucket::ta-production-artifacts" + { + echo "argo-server=argo.wfe.splgdi.com:443" + echo "argo-http1=true" + echo "argo-secure=true" + echo "argo-base-href=\'\'" + echo "argo-namespace=workflows" + echo "argo-workflow-tmpl-name=ta-workflow" + echo "directory-path=/tmp" + echo "s3-bucket=ta-production-artifacts" + echo "addon-name=\"$ADDON_NAME\"" + echo "job-name=wf-$JOB_NAME" + echo "labels=$LABELS" + echo "addon-upload-path=$ADDON_UPLOAD_PATH" + echo "spl-host-suffix=wfe.splgdi.com" + echo "k8s-manifests-branch=main" + } >> "$GITHUB_OUTPUT" run-knowledge-tests: if: ${{ needs.test-inventory.outputs.knowledge == 'true' && needs.setup-workflow.outputs.execute-ko == 'Yes' }} @@ -735,7 +722,7 @@ jobs: with: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v1-node16 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -744,7 +731,7 @@ jobs: id: get-argo-token run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name shell: bash @@ -754,7 +741,7 @@ jobs: JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} JOB_NAME=${JOB_NAME//[_.]/-} JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') - echo "::set-output name=job-name::$JOB_NAME" + echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" - name: Splunk instance details id: splunk-instance-details if: ${{ needs.setup-workflow.outputs.delay-destroy-ko == 'Yes' }} @@ -789,7 +776,7 @@ jobs: if: always() run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: Check if pod was deleted id: is-pod-deleted if: always() @@ -799,7 +786,7 @@ jobs: run: | set -o xtrace if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then - echo "::set-output name=retry-workflow::true" + echo "retry-workflow=true" >> "$GITHUB_OUTPUT" fi - name: Retrying workflow id: retry-wf @@ -813,7 +800,7 @@ jobs: if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] then WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) - echo "::set-output name=workflow-name::$WORKFLOW_NAME" + echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." else echo "No retry required" @@ -1115,7 +1102,7 @@ jobs: with: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v1-node16 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -1124,7 +1111,7 @@ jobs: id: get-argo-token run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name shell: bash @@ -1134,7 +1121,7 @@ jobs: JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}-${{ matrix.browser }}} JOB_NAME=${JOB_NAME//[_.:]/-} JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') - echo "::set-output name=job-name::$JOB_NAME" + echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" - name: Splunk instance details id: splunk-instance-details if: ${{ needs.setup-workflow.outputs.delay-destroy-ui == 'Yes' }} @@ -1169,7 +1156,7 @@ jobs: if: always() run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: Check if pod was deleted id: is-pod-deleted if: always() @@ -1179,7 +1166,7 @@ jobs: run: | set -o xtrace if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted" ; then - echo "::set-output name=retry-workflow::true" + echo "retry-workflow=true" >> "$GITHUB_OUTPUT" fi - name: Retrying workflow id: retry-wf @@ -1193,7 +1180,7 @@ jobs: if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] then WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) - echo "::set-output name=workflow-name::$WORKFLOW_NAME" + echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." else echo "No retry required" @@ -1303,7 +1290,7 @@ jobs: with: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v1-node16 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -1312,7 +1299,7 @@ jobs: id: get-argo-token run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name shell: bash @@ -1322,7 +1309,7 @@ jobs: JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} JOB_NAME=${JOB_NAME//[_.]/-} JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') - echo "::set-output name=job-name::$JOB_NAME" + echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" - name: Splunk instance details id: splunk-instance-details if: ${{ needs.setup-workflow.outputs.delay-destroy-modinput_functional == 'Yes' }} @@ -1344,7 +1331,7 @@ jobs: else TEST_ARG_M="-m" fi - echo "::set-output name=test-arg::$TEST_ARG_M" + echo "test-arg=$TEST_ARG_M" >> "$GITHUB_OUTPUT" - name: run-tests id: run-tests env: @@ -1369,7 +1356,7 @@ jobs: if: always() run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: Check if pod was deleted id: is-pod-deleted if: always() @@ -1379,7 +1366,7 @@ jobs: run: | set -o xtrace if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then - echo "::set-output name=retry-workflow::true" + echo "retry-workflow=true" >> "$GITHUB_OUTPUT" fi - name: Retrying workflow id: retry-wf @@ -1393,7 +1380,7 @@ jobs: if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] then WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) - echo "::set-output name=workflow-name::$WORKFLOW_NAME" + echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." else echo "No retry required" @@ -1500,7 +1487,7 @@ jobs: with: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v1-node16 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -1509,7 +1496,7 @@ jobs: id: get-argo-token run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name shell: bash @@ -1519,7 +1506,7 @@ jobs: JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} JOB_NAME=${JOB_NAME//[_.]/-} JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') - echo "::set-output name=job-name::$JOB_NAME" + echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" - name: Splunk instance details id: splunk-instance-details if: ${{ needs.setup-workflow.outputs.delay-destroy-scripted_inputs == 'Yes' }} @@ -1539,8 +1526,10 @@ jobs: OS_NAME_VERSION=(${OS_NAME_VERSION//:/ }) OS_NAME=${OS_NAME_VERSION[0]} OS_VERSION=${OS_NAME_VERSION[1]} - echo "::set-output name=os-name::$OS_NAME" - echo "::set-output name=os-version::$OS_VERSION" + { + echo "os-name=$OS_NAME" + echo "os-version=$OS_VERSION" + } >> "$GITHUB_OUTPUT" - name: run-tests id: run-tests env: @@ -1571,7 +1560,7 @@ jobs: run: | set -o xtrace if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then - echo "::set-output name=retry-workflow::true" + echo "retry-workflow=true" >> "$GITHUB_OUTPUT" fi - name: Retrying workflow id: retry-wf @@ -1585,7 +1574,7 @@ jobs: if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] then WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) - echo "::set-output name=workflow-name::$WORKFLOW_NAME" + echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." else echo "No retry required" @@ -1692,7 +1681,7 @@ jobs: with: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v1-node16 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -1701,7 +1690,7 @@ jobs: id: get-argo-token run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name shell: bash @@ -1711,7 +1700,7 @@ jobs: JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} JOB_NAME=${JOB_NAME//[_.]/-} JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') - echo "::set-output name=job-name::$JOB_NAME" + echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" - name: Splunk instance details id: splunk-instance-details if: ${{ needs.setup-workflow.outputs.delay-destroy-scripted_inputs == 'Yes' }} @@ -1730,8 +1719,10 @@ jobs: OS_NAME_VERSION=("${OS_NAME_VERSION//:/ }") OS_NAME=${OS_NAME_VERSION[0]} OS_VERSION=${OS_NAME_VERSION[1]} - echo "::set-output name=os-name::$OS_NAME" - echo "::set-output name=os-version::$OS_VERSION" + { + echo "os-name=$OS_NAME" + echo "os-version=$OS_VERSION" + } >> "$GITHUB_OUTPUT" - name: run-tests id: run-tests env: @@ -1762,7 +1753,7 @@ jobs: run: | set -o xtrace if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then - echo "::set-output name=retry-workflow::true" + echo "retry-workflow=true" >> "$GITHUB_OUTPUT" fi - name: Retrying workflow id: retry-wf @@ -1776,7 +1767,7 @@ jobs: if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] then WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) - echo "::set-output name=workflow-name::$WORKFLOW_NAME" + echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." else echo "No retry required" @@ -1882,7 +1873,7 @@ jobs: with: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v1-node16 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -1891,7 +1882,7 @@ jobs: id: get-argo-token run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name shell: bash @@ -1901,7 +1892,7 @@ jobs: JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} JOB_NAME=${JOB_NAME//[_.]/-} JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') - echo "::set-output name=job-name::$JOB_NAME" + echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" - name: Splunk instance details id: splunk-instance-details if: ${{ needs.setup-workflow.outputs.delay-destroy-escu == 'Yes' }} @@ -1925,8 +1916,10 @@ jobs: RUN_TEST=true fi DETECTIONS="-tf $DETECTIONS" - echo "::set-output name=escu-detections::$DETECTIONS" - echo "::set-output name=escu-test-run::$RUN_TEST" + { + echo "escu-detections=$DETECTIONS" + echo "escu-test-run=$RUN_TEST" + } >> "$GITHUB_OUTPUT" - name: run-tests id: run-tests if: ${{ steps.get-escu-detections.outputs.escu-test-run == 'true' }} @@ -1956,7 +1949,7 @@ jobs: run: | set -o xtrace if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then - echo "::set-output name=retry-workflow::true" + echo "retry-workflow=true" >> "$GITHUB_OUTPUT" fi - name: Retrying workflow id: retry-wf @@ -1970,7 +1963,7 @@ jobs: if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] then WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) - echo "::set-output name=workflow-name::$WORKFLOW_NAME" + echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." else echo "No retry required" @@ -2062,7 +2055,7 @@ jobs: if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' && github.event_name == 'pull_request' }} runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v4.5.0 + - uses: amannn/action-semantic-pull-request@v5.0.2 with: wip: true validateSingleCommit: true @@ -2098,9 +2091,9 @@ jobs: RUN_PUBLISH=$(echo "$NEEDS" | jq ".[] | select( ( .result != \"skipped\" ) and .result != \"success\" ) | length == 0") if [[ "$RUN_PUBLISH" != *'false'* ]] then - echo "::set-output name=run-publish::true" + echo "run-publish=true" >> "$GITHUB_OUTPUT" else - echo "::set-output name=run-publish::false" + echo "run-publish=false" >> "$GITHUB_OUTPUT" fi - name: exit without publish if: ${{ steps.check.outputs.run-publish == 'false' || ( github.event.action == 'labeled' && github.event.label.name == 'preserve_infra' ) }} @@ -2120,20 +2113,9 @@ jobs: with: submodules: false persist-credentials: false - - uses: actions/setup-node@v3 - with: - node-version: '14' - name: Semantic Release id: semantic - uses: cycjimmy/semantic-release-action@v2.7.0 - with: - semantic_version: 17 - extra_plugins: | - @semantic-release/exec - @semantic-release/git - @semantic-release/commit-analyzer - @semantic-release/release-notes-generator - @semantic-release/github + uses: splunk/semantic-release-action@v1.2 env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }} - name: Download package-deployment diff --git a/.github/workflows/reusable-escu-manual-workflow.yml b/.github/workflows/reusable-escu-manual-workflow.yml index c93c10bc..0dd914d0 100644 --- a/.github/workflows/reusable-escu-manual-workflow.yml +++ b/.github/workflows/reusable-escu-manual-workflow.yml @@ -48,7 +48,7 @@ jobs: - id: testset name: testsets run: | - find tests -type d -maxdepth 1 -mindepth 1 | sed 's|^tests/||g' | while read -r TESTSET; do echo "::set-output name=$TESTSET::true"; echo "$TESTSET::true"; done + find tests -type d -maxdepth 1 -mindepth 1 | sed 's|^tests/||g' | while read -r TESTSET; do echo "$TESTSET=true" >> "$GITHUB_OUTPUT"; echo "$TESTSET::true"; done setup: runs-on: ubuntu-latest @@ -76,12 +76,6 @@ jobs: id: test-setup shell: bash run: | - echo "::set-output name=argo-server::argo.wfe.splgdi.com:443" - echo "::set-output name=argo-http1::true" - echo "::set-output name=argo-secure::true" - echo "::set-output name=argo-base-href::\'\'" - echo "::set-output name=argo-namespace::workflows" - echo "::set-output name=argo-workflow-tmpl-name::ta-workflow" ADDON_NAME=$(crudini --get package/default/app.conf id name | tr '[:lower:]' '[:upper:]') if [[ -n $(echo "${ADDON_NAME}" | awk -F 'SPLUNK_TA_' '{print $2}') ]]; then @@ -90,17 +84,25 @@ jobs: then ADDON_NAME=$(echo "${ADDON_NAME}" | awk -F '_FOR_SPLUNK' '{print $1}') fi - echo "::set-output name=addon-name::\"$ADDON_NAME\"" JOB_NAME=$(echo "$ADDON_NAME" | tail -c 16)-$(echo "${GITHUB_SHA}" | tail -c 8)-TEST-TYPE-${GITHUB_RUN_ID} JOB_NAME=${JOB_NAME//[_.]/-} - echo "::set-output name=job-name::wf-$JOB_NAME" LABELS="addon-name=${ADDON_NAME}" - echo "::set-output name=labels::$LABELS" ADDON_BUILD_NAME=$(crudini --get package/default/app.conf id name) ADDON_UPLOAD_PATH="s3://ta-production-artifacts/ta-apps/${ADDON_BUILD_NAME}-${{ inputs.TA_BUILD }}.spl" - echo "::set-output name=addon-upload-path::$ADDON_UPLOAD_PATH" - echo "::set-output name=directory-path::/tmp" - echo "::set-output name=s3-bucket::ta-production-artifacts" + { + echo "argo-server=argo.wfe.splgdi.com:443" + echo "argo-http1=true" + echo "argo-secure=true" + echo "argo-base-href=\'\'" + echo "argo-namespace=workflows" + echo "argo-workflow-tmpl-name=ta-workflow" + echo "directory-path=/tmp" + echo "s3-bucket=ta-production-artifacts" + echo "addon-name=\"$ADDON_NAME\"" + echo "job-name=wf-$JOB_NAME" + echo "labels=$LABELS" + echo "addon-upload-path=$ADDON_UPLOAD_PATH" + } >> "$GITHUB_OUTPUT" run-escu-tests: if: ${{ needs.test-inventory.outputs.escu == 'true' }} @@ -128,7 +130,7 @@ jobs: with: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@v1-node16 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -137,7 +139,7 @@ jobs: id: get-argo-token run: | ARGO_TOKEN=$(aws secretsmanager get-secret-value --secret-id ta-github-workflow-automation-token | jq -r '.SecretString') - echo "::set-output name=argo-token::$ARGO_TOKEN" + echo "argo-token=$ARGO_TOKEN" >> "$GITHUB_OUTPUT" - name: create job name id: create-job-name shell: bash @@ -147,7 +149,7 @@ jobs: JOB_NAME=${JOB_NAME//TEST-TYPE/${{ env.TEST_TYPE }}} JOB_NAME=${JOB_NAME//[_.]/-} JOB_NAME=$(echo "$JOB_NAME" | tr '[:upper:]' '[:lower:]') - echo "::set-output name=job-name::$JOB_NAME" + echo "job-name=$JOB_NAME" >> "$GITHUB_OUTPUT" - name: run-tests id: run-tests env: @@ -175,7 +177,7 @@ jobs: run: | set -o xtrace if argo watch ${{ steps.run-tests.outputs.workflow-name }} -n workflows | grep "pod deleted"; then - echo "::set-output name=retry-workflow::true" + echo "retry-workflow=true" >> "$GITHUB_OUTPUT" fi - name: Retrying workflow id: retry-wf @@ -189,7 +191,7 @@ jobs: if [[ "${{ steps.is-pod-deleted.outputs.retry-workflow }}" == "true" ]] then WORKFLOW_NAME=$(argo resubmit -v -o json -n workflows "${{ steps.run-tests.outputs.workflow-name }}" | jq -r .metadata.name) - echo "::set-output name=workflow-name::$WORKFLOW_NAME" + echo "workflow-name=$WORKFLOW_NAME" >> "$GITHUB_OUTPUT" argo logs --follow "${WORKFLOW_NAME}" -n workflows || echo "... there was an error fetching logs, the workflow is still in progress. please wait for the workflow to complete ..." else echo "No retry required" diff --git a/.releaserc b/.releaserc index fb03bbc0..5ae2a4e4 100644 --- a/.releaserc +++ b/.releaserc @@ -23,6 +23,13 @@ plugins: [ "@semantic-release/commit-analyzer", + [ + "@semantic-release/exec", + { + "verifyReleaseCmd": "echo \"version=${nextRelease.version}\" >> $GITHUB_OUTPUT", + "successCmd": "echo \"new_release_published=${'true'}\" >> $GITHUB_OUTPUT", + } + ], "@semantic-release/release-notes-generator", "@semantic-release/git", "@semantic-release/github" diff --git a/README.md b/README.md index 7188366b..7c29166b 100644 --- a/README.md +++ b/README.md @@ -650,7 +650,7 @@ publish - It downloads the artifacts which are shown under assets in Releases Page -**Action used:** https://github.com/cycjimmy/semantic-release-action +**Action used:** https://github.com/splunk/semantic-release-action **Pass/fail behaviour:**