GitHub detections improvement #1986
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: unit-testing | |
on: | |
pull_request: | |
types: [opened, reopened, synchronize] | |
jobs: | |
unit-testing: | |
runs-on: ubuntu-latest | |
if: "!contains(github.ref, 'refs/tags/')" #don't run on tags - future steps won't run either since they depend on this job | |
steps: | |
#For fork PRs, always check out security_content and the PR target in security content! | |
- name: Check out the repository code | |
uses: actions/checkout@v4 | |
with: | |
repository: 'splunk/security_content' #this should be the TARGET repo of the PR. we hardcode it for now | |
ref: ${{ github.base_ref }} | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' #Available versions here - https://github.com/actions/python-versions/releases easy to change/make a matrix/use pypy | |
architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified | |
- name: Install Python Dependencies and ContentCTL | |
run: | | |
python -m pip install --upgrade pip | |
pip install contentctl>=4.0.0 | |
# Running contentctl test with a few arguments, before running the command make sure you checkout into the current branch of the pull request. This step only performs unit testing on all the changes against the target-branch. In most cases this target branch will be develop | |
# Make sure we check out the PR, even if it actually lives in a fork | |
# Instructions for pulling a PR were taken from: | |
# https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally | |
- name: Run ContentCTL test for changes against target branch | |
run: | | |
echo "Current Branch (Head Ref): ${{ github.head_ref }}" | |
echo "Target Branch (Base Ref): ${{ github.base_ref }}" | |
git pull > /dev/null 2>&1 | |
#We checkout into a new branch - new_branch_for_testing to avoid name collisions with develop incase the forked PR is from develop | |
git fetch origin pull/${{ github.event.pull_request.number }}/head:new_branch_for_testing | |
#We must specifically get the PR's target branch from security_content, not the one that resides in the fork PR's forked repo | |
git switch new_branch_for_testing | |
contentctl test --disable-tqdm --no-enable-integration-testing --container-settings.num-containers 2 --post-test-behavior never_pause mode:changes --mode.target-branch ${{ github.base_ref }} | |
echo "contentctl test - COMPLETED" | |
continue-on-error: true | |
# Store test_results/summary.yml and dist/DA-ESS-ContentUpdate-latest.tar.gz to job artifact-test_summary_results.zip | |
- name: store_artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test_summary_results | |
path: | | |
test_results/summary.yml | |
dist/DA-ESS-ContentUpdate-latest.tar.gz | |
continue-on-error: true | |
# Print entire result summary so that the users can view it in the Github Actions logs | |
- name: Print entire test_results/summary.yml | |
run: cat test_results/summary.yml | |
continue-on-error: true | |
# Run a simple custom script created to pretty print results in a markdown friendly format in Github Actions Summary | |
- name: Check the test_results/summary.yml for pass/fail. | |
run: | | |
echo "This job will fail if there are failures in unit-testing" | |
python .github/workflows/format_test_results.py >> $GITHUB_STEP_SUMMARY | |
echo "The Unit testing is completed. See details in the unit-testing job summary UI " |