Skip to content

GitHub detections improvement #1985

GitHub detections improvement

GitHub detections improvement #1985

Workflow file for this run

name: unit-testing
on:
pull_request:
types: [opened, reopened, synchronize]
jobs:
unit-testing:
runs-on: ubuntu-latest
if: "!contains(github.ref, 'refs/tags/')" #don't run on tags - future steps won't run either since they depend on this job
steps:
#For fork PRs, always check out security_content and the PR target in security content!
- name: Check out the repository code
uses: actions/checkout@v4
with:
repository: 'splunk/security_content' #this should be the TARGET repo of the PR. we hardcode it for now
ref: ${{ github.base_ref }}
- uses: actions/setup-python@v5
with:
python-version: '3.11' #Available versions here - https://github.com/actions/python-versions/releases easy to change/make a matrix/use pypy
architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified
- name: Install Python Dependencies and ContentCTL
run: |
python -m pip install --upgrade pip
pip install contentctl>=4.0.0
# Running contentctl test with a few arguments, before running the command make sure you checkout into the current branch of the pull request. This step only performs unit testing on all the changes against the target-branch. In most cases this target branch will be develop
# Make sure we check out the PR, even if it actually lives in a fork
# Instructions for pulling a PR were taken from:
# https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally
- name: Run ContentCTL test for changes against target branch
run: |
echo "Current Branch (Head Ref): ${{ github.head_ref }}"
echo "Target Branch (Base Ref): ${{ github.base_ref }}"
git pull > /dev/null 2>&1
#We checkout into a new branch - new_branch_for_testing to avoid name collisions with develop incase the forked PR is from develop
git fetch origin pull/${{ github.event.pull_request.number }}/head:new_branch_for_testing
#We must specifically get the PR's target branch from security_content, not the one that resides in the fork PR's forked repo
git switch new_branch_for_testing
contentctl test --disable-tqdm --no-enable-integration-testing --container-settings.num-containers 2 --post-test-behavior never_pause mode:changes --mode.target-branch ${{ github.base_ref }}
echo "contentctl test - COMPLETED"
continue-on-error: true
# Store test_results/summary.yml and dist/DA-ESS-ContentUpdate-latest.tar.gz to job artifact-test_summary_results.zip
- name: store_artifacts
uses: actions/upload-artifact@v4
with:
name: test_summary_results
path: |
test_results/summary.yml
dist/DA-ESS-ContentUpdate-latest.tar.gz
continue-on-error: true
# Print entire result summary so that the users can view it in the Github Actions logs
- name: Print entire test_results/summary.yml
run: cat test_results/summary.yml
continue-on-error: true
# Run a simple custom script created to pretty print results in a markdown friendly format in Github Actions Summary
- name: Check the test_results/summary.yml for pass/fail.
run: |
echo "This job will fail if there are failures in unit-testing"
python .github/workflows/format_test_results.py >> $GITHUB_STEP_SUMMARY
echo "The Unit testing is completed. See details in the unit-testing job summary UI "