diff --git a/.app-vetting.yaml b/.appinspect.expect.yaml similarity index 100% rename from .app-vetting.yaml rename to .appinspect.expect.yaml diff --git a/.appinspect.manualcheck.yaml b/.appinspect.manualcheck.yaml new file mode 100644 index 0000000..e69de29 diff --git a/.github/workflows/.ci-metadata.json b/.github/workflows/.ci-metadata.json new file mode 100644 index 0000000..c9193fd --- /dev/null +++ b/.github/workflows/.ci-metadata.json @@ -0,0 +1,3 @@ +{ + "template-version": "v1.0.0" +} diff --git a/.github/workflows/agreements.yaml b/.github/workflows/agreements.yaml index 5913246..49f89ca 100644 --- a/.github/workflows/agreements.yaml +++ b/.github/workflows/agreements.yaml @@ -4,10 +4,14 @@ on: types: [created] pull_request_target: types: [opened, closed, synchronize] - +permissions: + actions: read + contents: read + pull-requests: read + statuses: read jobs: call-workflow-agreements: - uses: splunk/addonfactory-github-workflows/.github/workflows/reusable-agreements.yaml@v1.2 + uses: splunk/addonfactory-github-workflows/.github/workflows/reusable-agreements.yaml@v1.3 secrets: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }} diff --git a/.github/workflows/build-test-release.yml b/.github/workflows/build-test-release.yml index cfdce4e..7c3343b 100644 --- a/.github/workflows/build-test-release.yml +++ b/.github/workflows/build-test-release.yml @@ -9,13 +9,25 @@ on: pull_request: branches: - "**" - + types: + - opened + - reopened + - synchronize + - labeled +permissions: + actions: read + checks: write + contents: write + deployments: read + packages: write + pull-requests: read + statuses: write jobs: call-workflow: - uses: splunk/addonfactory-workflow-addon-release/.github/workflows/reusable-build-test-release.yml@v2.1 + if: github.event.action != 'labeled' || github.event.label.name == 'preserve_infra' + uses: splunk/addonfactory-workflow-addon-release/.github/workflows/reusable-build-test-release.yml@v3.8 secrets: GH_TOKEN_ADMIN: ${{ secrets.GH_TOKEN_ADMIN }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} SEMGREP_PUBLISH_TOKEN: ${{ secrets.SEMGREP_PUBLISH_TOKEN }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} @@ -24,3 +36,7 @@ jobs: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} OTHER_TA_REQUIRED_CONFIGS: ${{ secrets.OTHER_TA_REQUIRED_CONFIGS }} FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }} + SA_GH_USER_NAME: ${{ secrets.SA_GH_USER_NAME }} + SA_GH_USER_EMAIL: ${{ secrets.SA_GH_USER_EMAIL }} + SA_GPG_PRIVATE_KEY: ${{ secrets.SA_GPG_PRIVATE_KEY }} + SA_GPG_PASSPHRASE: ${{ secrets.SA_GPG_PASSPHRASE }} diff --git a/.github/workflows/escu-manual-workflow.yml b/.github/workflows/escu-manual-workflow.yml index 4dab4e9..3aa1a95 100644 --- a/.github/workflows/escu-manual-workflow.yml +++ b/.github/workflows/escu-manual-workflow.yml @@ -11,7 +11,7 @@ on: jobs: call-workflow: - uses: splunk/addonfactory-workflow-addon-release/.github/workflows/reusable-escu-manual-workflow.yml@v2.1 + uses: splunk/addonfactory-workflow-escu-test/.github/workflows/reusable-escu-manual-workflow.yml@v1.0 with: TA_BUILD: ${{ inputs.TA_BUILD }} TESTS: ${{ inputs.TESTS }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9765933..574855f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -13,7 +13,7 @@ repos: - id: end-of-file-fixer exclude: ^(tests/requirement_test/logs|tests/knowledge/samples|tests/escu/.escu_detections) - repo: https://github.com/psf/black - rev: 22.3.0 + rev: 22.8.0 hooks: - id: black - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks diff --git a/.releaserc b/.releaserc index 6dc5b2c..03a95a6 100644 --- a/.releaserc +++ b/.releaserc @@ -22,8 +22,14 @@ ], "plugins": [ "@semantic-release/commit-analyzer", + [ + "@semantic-release/exec", + { + "verifyReleaseCmd": "echo \"version=${nextRelease.version}\" >> $GITHUB_OUTPUT", + "successCmd": "echo \"new_release_published=${'true'}\" >> $GITHUB_OUTPUT", + } + ], "@semantic-release/release-notes-generator", - ["@semantic-release/exec", {}], [ "@semantic-release/git", { diff --git a/.reuse/dep5 b/.reuse/dep5 index ec2faf5..63f3160 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -64,3 +64,7 @@ License: LicenseRef-Splunk-8-2021 Files: package.json Copyright: $YEAR $NAME <$CONTACT> License: LicenseRef-Splunk-8-2021 + +Files: renovate.json +Copyright: $YEAR $NAME <$CONTACT> +License: LicenseRef-Splunk-8-2021 diff --git a/Dockerfile-splunk-local b/Dockerfile-splunk-local index 3de488c..98270e6 100644 --- a/Dockerfile-splunk-local +++ b/Dockerfile-splunk-local @@ -5,10 +5,7 @@ ARG SPLUNK_APP_PACKAGE=$SPLUNK_APP_PACKAGE RUN echo Splunk VERSION=$SPLUNK_VERSION COPY deps/apps /opt/splunk/etc/apps/ -COPY deps/build/addonfactory_test_matrix_splunk/packages/all/common /opt/splunk/etc/apps/ -COPY deps/build/addonfactory_test_matrix_splunk/packages/all/sh /opt/splunk/etc/apps/ -COPY deps/build/addonfactory_test_matrix_splunk/packages/all/addon_factory_web /opt/splunk/etc/system/local COPY $SPLUNK_APP_PACKAGE /opt/splunk/etc/apps/$SPLUNK_APP_ID COPY .pytest.expect /home/circleci/work_backend/.pytest.expect -COPY tests /home/circleci/work_backend/tests +COPY tests /home/circleci/work_backend/tests diff --git a/Dockerfile-uf b/Dockerfile-uf index 3f0e455..fc16e67 100644 --- a/Dockerfile-uf +++ b/Dockerfile-uf @@ -1,6 +1,7 @@ -ARG SPLUNK_VERSION=latest -FROM splunk/universalforwarder:$SPLUNK_VERSION -ARG SPLUNK_VERSION=latest +# hardcoded SPLUNK_VERSION due to connection issues in versions > 9.0.0 +ARG SPLUNK_VERSION=8.2.6 +FROM splunk/universalforwarder:8.2.6 +ARG SPLUNK_VERSION=8.2.6 ARG SPLUNK_APP_ID=TA_UNKNOWN ARG SPLUNK_APP_PACKAGE=$SPLUNK_APP_PACKAGE RUN echo Splunk VERSION=$SPLUNK_VERSION diff --git a/README.md b/README.md index a645fcc..3d7c1eb 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,3 @@ -## Setup of developer env +# Add-on documentation -Note: Must install docker desktop, vscode or pycharm pro optional - -Note2: Appinspect requires libmagic verify this has been installed correctly each time a new workstation/vm is used https://dev.splunk.com/enterprise/docs/releaseapps/appinspect/splunkappinspectclitool/installappinspect - -```bash -git clone git@github.com:splunk/.git -cd -git submodule update --init --recursive - -#setup python venv must be 3.7 -/Library/Frameworks/Python.framework/Versions/3.7/bin/python3 -m venv .venv -source .venv/bin/activate -pip install -r requirements_dev.txt -pip install https://download.splunk.com/misc/appinspect/splunk-appinspect-latest.tar.gz - -``` - - -## Test - -Using docker - -```bash -pytest -``` - -Using external Splunk instance with Eventgen and app pre-installed - -```bash -pytest --splunk-type=external --splunk-host=something --splunk-user=foo --splunk-password=something -``` +For general add-on documentation please follow use this [README](https://github.com/splunk/addonfactory-repository-template/blob/main/README-addons.md) file. diff --git a/docker-compose-ci.yml b/docker-compose-ci.yml index 5fdc1dd..c9a3111 100644 --- a/docker-compose-ci.yml +++ b/docker-compose-ci.yml @@ -41,7 +41,7 @@ services: - results:/home/circleci/work sc4s: - image: splunk/scs:${SC4S_VERSION} + image: ghcr.io/splunk/splunk-connect-for-syslog/container2:${SC4S_VERSION} hostname: sc4s #When this is enabled test_common will fail # command: -det diff --git a/docker-compose.yml b/docker-compose.yml index 1e3f73c..da85da7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -42,7 +42,7 @@ services: - results:/home/circleci/work sc4s: - image: splunk/scs:${SC4S_VERSION} + image: ghcr.io/splunk/splunk-connect-for-syslog/container2:${SC4S_VERSION} hostname: sc4s #When this is enabled test_common will fail # command: -det diff --git a/pyproject.toml b/pyproject.toml index 200131b..14238cb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,7 +8,7 @@ license = "Apache-2.0" [tool.poetry.dependencies] python = "^3.7" -[tool.poetry.dev-dependencies] +[tool.poetry.group.dev.dependencies] pytest-expect = "^1.1.0" pytest-splunk-addon = "^1.11.3" splunk-add-on-ucc-framework = "^5.10.1" diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..d622a34 --- /dev/null +++ b/renovate.json @@ -0,0 +1,89 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:base", + ":semanticCommitTypeAll(ci)" + ], + "prConcurrentLimit": 0, + "prHourlyLimit": 0, + "rangeStrategy": "pin", + "dependencyDashboardApproval": true, + "transitiveRemediation": true, + "enabledManagers": ["poetry", "npm", "gradle"], + "separateMinorPatch": true, + "labels": ["dependencies"], + "semanticCommits": "enabled", + "lockFileMaintenance": { + "enabled": true, + "extends": [ + "schedule:daily" + ] + }, + "vulnerabilityAlerts": { + "labels": ["dependencies", "security"] + }, + "packageRules": [ + { + "groupName": "splunk dependencies", + "matchPackageNames": [ + "splunktaucclib", + "splunktalib", + "splunk-add-on-ucc-framework", + "pytest-splunk-addon", + "splunk-packaging-toolkit", + "pytest-splunk-addon-ui-smartx", + "solnlib" + ], + "matchUpdateTypes": ["minor", "patch"], + "labels": ["dependencies", "splunk-packages", "minor", "patch"] + }, + { + "matchUpdateTypes": ["patch"], + "matchManagers": ["poetry"], + "groupName": "python dependencies", + "labels": ["dependencies", "python", "patch"] + }, + { + "matchUpdateTypes": ["minor"], + "matchManagers": ["poetry"], + "labels": ["dependencies", "python", "minor"] + }, + { + "matchUpdateTypes": ["major"], + "matchManagers": ["poetry"], + "labels": ["dependencies", "python", "major"] + }, + { + "matchUpdateTypes": ["patch"], + "matchManagers": ["npm"], + "groupName": "javascript dependencies", + "labels": ["dependencies", "javascript", "patch"] + }, + { + "matchUpdateTypes": ["minor"], + "matchManagers": ["npm"], + "labels": ["dependencies", "javascript", "minor"] + }, + { + "matchUpdateTypes": ["major"], + "matchManagers": ["npm"], + "labels": ["dependencies", "javascript", "major"] + }, + { + "matchUpdateTypes": ["patch"], + "matchManagers": ["gradle"], + "groupName": "java dependencies", + "labels": ["dependencies", "java", "patch"] + }, + { + "matchUpdateTypes": ["minor"], + "matchManagers": ["gradle"], + "labels": ["dependencies", "java", "minor"] + }, + { + "matchUpdateTypes": ["major"], + "matchManagers": ["gradle"], + "labels": ["dependencies", "java", "major"] + } + ] +}