Skip to content

chore(deps): update dependency urllib3 to v1.26.18 [security] #1227

chore(deps): update dependency urllib3 to v1.26.18 [security]

chore(deps): update dependency urllib3 to v1.26.18 [security] #1227

on:
push:
branches:
- "main"
- "develop"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches:
- "**"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
meta:
runs-on: ubuntu-latest
outputs:
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
steps:
- uses: actions/checkout@v3
- id: matrix
uses: splunk/addonfactory-test-matrix-action@v1
fossa-scan:
continue-on-error: true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: run fossa anlyze and create report
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
fossa analyze --debug
fossa report attribution --format text > /tmp/THIRDPARTY
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: upload THIRDPARTY file
uses: actions/upload-artifact@v3
with:
name: THIRDPARTY
path: /tmp/THIRDPARTY
- name: run fossa test
run: |
fossa test --debug
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
compliance-copyrights:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: apache/[email protected]
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.7"
- uses: pre-commit/[email protected]
semgrep:
runs-on: ubuntu-latest
name: security-sast-semgrep
if: github.actor != 'dependabot[bot]'
steps:
- uses: actions/checkout@v3
- id: semgrep
uses: returntocorp/semgrep-action@v1
with:
publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
review_secrets:
name: security-detect-secrets
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: false
fetch-depth: "0"
- name: Trufflehog Actions Scan
uses: edplato/[email protected]
with:
scanArguments: "--max_dept 50 -x .github/workflows/exclude-patterns.txt"
test-splunk-unit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Install dependencies
run: |
curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
poetry install
poetry run pytest -v tests/unit
test-splunk-doc:
name: Test Docs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions/setup-python@v4
with:
python-version: 3.7
- name: Install and run tests
run: |
curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
poetry install --with docs -E docker
poetry run pytest -v -m doc tests/e2e
test-splunk-external:
runs-on: ubuntu-latest
needs:
- meta
- pre-commit
- fossa-scan
- compliance-copyrights
- test-splunk-doc
- test-splunk-unit
- review_secrets
strategy:
fail-fast: false
matrix:
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Setup for testing
run: |
pip install git+https://github.com/pixelb/crudini
mkdir test-results-${{ matrix.splunk.version }}
- name: Splunk Up
run: |
export SPLUNK_APP_PACKAGE=./tests/e2e/addons/TA_fiction
export SPLUNK_ADDON=TA_fiction
export SPLUNK_APP_ID=TA_fiction
export SPLUNK_VERSION=${{ matrix.splunk.version }}
echo $SPLUNK_VERSION
docker-compose -f "docker-compose-ci.yml" build
SPLUNK_PASSWORD=Chang3d! docker-compose -f docker-compose-ci.yml up -d splunk
sleep 90
- name: Test
run: |
SPLUNK_PASSWORD=Chang3d! docker-compose -f docker-compose-ci.yml up --abort-on-container-exit
docker volume ls
- name: Collect Results
run: |
docker volume ls
docker container create --name dummy \
-v pytest-splunk-addon_results:/work/test-results \
registry.access.redhat.com/ubi7/ubi
docker cp dummy:/work/test-results/test.xml test-results-${{ matrix.splunk-version }}
- uses: actions/upload-artifact@v3
if: always()
with:
name: splunk ${{ matrix.splunk-version }} external test artifacts
path: |
test-results-${{ matrix.splunk-version }}
test-splunk-matrix:
needs:
- meta
- pre-commit
- fossa-scan
- compliance-copyrights
- test-splunk-doc
- test-splunk-unit
- review_secrets
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
test-marker: [
"splunk_connection_docker",
"splunk_app_fiction",
"splunk_app_broken",
"splunk_app_cim_fiction",
"splunk_app_cim_broken",
"splunk_fiction_indextime",
"splunk_fiction_indextime_broken",
"splunk_setup_fixture",
"splunk_app_req",
"splunk_app_req_broken",
]
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions/setup-python@v4
with:
python-version: 3.7
- run: |
curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
poetry install -E docker
poetry run pytest -v --splunk-version=${{ matrix.splunk.version }} -m docker -m ${{ matrix.test-marker }} tests/e2e
publish:
needs:
- test-splunk-external
- test-splunk-matrix
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
# Very Important semantic-release won't trigger a tagged
# build if this is not set false
submodules: false
persist-credentials: false
- uses: actions/setup-python@v4
with:
python-version: "3.7"
- uses: actions/download-artifact@v3
with:
name: THIRDPARTY
- name: Update Notices
run: cp -f THIRDPARTY NOTICE
- name: Install Poetry
run: |
curl -sSL https://install.python-poetry.org | python3 - --version 1.5.1
- id: semantic
uses: splunk/[email protected]
with:
git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.SA_GPG_PASSPHRASE }}
extra_plugins: |
@google/semantic-release-replace-plugin
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
- if: ${{ steps.semantic.outputs.new_release_published == 'true' }}
uses: splunk/[email protected]
with:
pypi_username: ${{ secrets.PYPI_USERNAME }}
pypi_token: ${{ secrets.PYPI_TOKEN }}