Skip to content
ci-lite

Test ci #3063

Sign in to view logs

Test ci

Test ci #3063

Workflow file for this run

.github/workflows/ci-lite.yaml at 172499b
# ########################################################################
# Copyright 2021 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ########################################################################
name: ci-lite
on:
push:
branches:
- "main"
- "releases/*"
- "develop"
- "next*"
pull_request:
branches:
- "main"
- "releases/*"
- "develop"
- "next*"
permissions:
actions: read
contents: write
deployments: write
packages: write
jobs:
meta:
runs-on: ubuntu-latest
outputs:
sc4s: ghcr.io/${{ github.repository }}/container3lite:${{ fromJSON(steps.docker_action_meta.outputs.json).labels['org.opencontainers.image.version'] }}
container_tags: ${{ steps.docker_action_meta.outputs.tags }}
container_labels: ${{ steps.docker_action_meta.outputs.labels }}
container_buildtime: ${{ fromJSON(steps.docker_action_meta.outputs.json).labels['org.opencontainers.image.created'] }}
container_version: ${{ fromJSON(steps.docker_action_meta.outputs.json).labels['org.opencontainers.image.version'] }}
container_revision: ${{ fromJSON(steps.docker_action_meta.outputs.json).labels['org.opencontainers.image.revision'] }}
container_base: ${{ fromJSON(steps.docker_action_meta.outputs.json).tags[0] }}
matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- uses: actions/setup-node@v4
with:
node-version: "16"
- name: Semantic Release
id: version
uses: cycjimmy/semantic-release-action@v3
with:
semantic_version: 18
extra_plugins: |
@semantic-release/[email protected]
@semantic-release/git
semantic-release-helm
@google/[email protected]
[email protected]
dry_run: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: docker_action_meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}/container3lite
tags: |
type=sha,format=long
type=sha
type=semver,pattern={{version}},value=${{ steps.version.outputs.new_release_version }}
type=semver,pattern={{major}},value=${{ steps.version.outputs.new_release_version }}
type=semver,pattern={{major}}.{{minor}},value=${{ steps.version.outputs.new_release_version }}
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
- name: matrix
id: matrix
uses: splunk/[email protected]
security-fossa-scan:
continue-on-error: true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: run fossa anlyze and create report
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
fossa analyze --debug
fossa report attribution --format text > /tmp/THIRDPARTY
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: upload THIRDPARTY file
uses: actions/upload-artifact@v4
with:
name: THIRDPARTY
path: /tmp/THIRDPARTY
- name: run fossa test
run: |
fossa test --debug
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
build_action:
runs-on: ubuntu-latest
name: Build Action
needs:
- meta
steps:
# To use this repository's private action,
# you must check out the repository
- name: Checkout
uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Packages Docker Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push action
id: docker_action_build
uses: docker/build-push-action@v6
with:
context: .
provenance: false
file: package/Dockerfile.lite
#platforms: linux/amd64,linux/arm64
platforms: linux/amd64,linux/arm64
push: true
#tags: ${{ needs.meta.outputs.container_tags }}
tags: ${{ needs.meta.outputs.container_base }}
labels: ${{ needs.meta.outputs.container_labels }}
build-args: |
BUILDTIME=${{ needs.meta.outputs.container_buildtime }}
VERSION=${{ needs.meta.outputs.container_version }}
REVISION=${{ needs.meta.outputs.container_revision }}
cache-from: type=registry,ref=${{ needs.meta.outputs.container_base }}
cache-to: type=inline
scan-docker-image-cves:
runs-on: ubuntu-latest
name: Scan docker image on CVEs
needs:
- meta
- build_action
steps:
# To use .trivyignore file, you must check out the repository
- name: Checkout
uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- name: Run docker vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ needs.meta.outputs.container_base }}
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH,MEDIUM,LOW'
trivyignores: '.trivyignore'
scanners: "vuln"
test-container:
strategy:
matrix:
deployment_type: ["docker", "podman"]
runs-on: ubuntu-latest
continue-on-error: true
needs:
- meta
- build_action
services:
splunk:
image: splunk/splunk:${{ fromJson(needs.meta.outputs.matrix_supportedSplunk)[0].version }}
ports:
- 8000:8000
- 8088:8088
- 8089:8089
env:
SPLUNK_HEC_TOKEN: 70b6ae71-76b3-4c38-9597-0c5b37ad9630
SPLUNK_PASSWORD: Changed@11
SPLUNK_START_ARGS: --accept-license
SPLUNK_APPS_URL: https://github.com/splunk/splunk-configurations-base-indexes/releases/download/v1.0.0/splunk_configurations_base_indexes-1.0.0.tar.gz
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- name: Install Ansible and other dependencies as python package
run: |
pip install ansible~=6.1.0 --no-cache-dir \
&& pip install pywinrm>=0.4.2 --no-cache-dir \
&& pip install ansible-lint>=6.0.0 --no-cache-dir \
&& pip install docker
- name: Configure Ansible Environment Variables
env:
ANSIBLE_CONFIG: ansible.cfg
ANSIBLE_HOST_KEY_CHECKING: False
run: |
echo "ANSIBLE_CONFIG is set to: $ANSIBLE_CONFIG"
echo "ANSIBLE_HOST_KEY_CHECKING is set to: $ANSIBLE_HOST_KEY_CHECKING"
sudo systemctl set-environment SC4S_IMAGE=${{ needs.meta.outputs.container_base }}
- name: Update inventory file
run: |
cat << EOF > ansible/inventory/inventory.yaml
---
all:
hosts:
children:
node:
hosts:
node_1:
ansible_host: 127.0.0.1
ansible_connection: local
ansible_user: root
- name: Update env_file
run: |
echo "Updating ansible/inventory/inventory.yaml"
cat << EOF > ansible/resources/env_file
SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=https://127.0.0.1:8088
SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN=70b6ae71-76b3-4c38-9597-0c5b37ad9630
SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_VERIFY=no
SC4S_DEST_SPLUNK_HEC_DEFAULT_HTTP_COMPRESSION=yes
SC4S_LISTEN_PFSENSE_FIREWALL_TCP_PORT=6000
SC4S_LISTEN_SIMPLE_TEST_ONE_TCP_PORT=5514
SC4S_LISTEN_SIMPLE_TEST_ONE_UDP_PORT=5514
SC4S_LISTEN_SIMPLE_TEST_TWO_TCP_PORT=5601
SC4S_LISTEN_SPECTRACOM_NTP_TCP_PORT=6002
SC4S_LISTEN_CISCO_ESA_TCP_PORT=9000
SC4S_LISTEN_RARITAN_DSX_TCP_PORT=9001
SC4S_LISTEN_CHECKPOINT_SPLUNK_NOISE_CONTROL=yes
SC4S_SOURCE_RICOH_SYSLOG_FIXHOST=yes
TEST_SC4S_ACTIVATE_EXAMPLES=yes
SC4S_DEBUG_CONTAINER=yes
SC4S_SOURCE_VMWARE_VSPHERE_GROUPMSG=yes
SC4S_NETAPP_ONTAP_NEW_FORMAT=yes
SC4S_USE_VPS_CACHE=yes
- name: Update current SC4S image in unit file
run: |
sed -i 's|Environment="SC4S_IMAGE=ghcr.io/splunk/splunk-connect-for-syslog/container3:latest"|Environment="SC4S_IMAGE=${{ needs.meta.outputs.container_base }}"|' ansible/resources/${{ matrix.deployment_type }}_sc4s.service
- name: Run Ansible Playbook
run: |
ansible-playbook --connection=local -i ansible/inventory/inventory.yaml ansible/playbooks/${{ matrix.deployment_type }}.yml
- name: Run tests
run: |
pip3 install poetry
poetry install
mkdir -p test-results || true
poetry run pytest -v --tb=long \
--splunk_type=external \
--splunk_hec_token=70b6ae71-76b3-4c38-9597-0c5b37ad9630 \
--splunk_host=127.0.0.1 \
--sc4s_host=127.0.0.1 \
--junitxml=test-results/test.xml \
-n 14 -m "lite or addons"
- name: artifact-test-results
uses: actions/upload-artifact@v4
with:
name: test-container-results_${{ matrix.deployment_type }}.xml
path: test-results/test.xml
if: ${{ !cancelled() }}
test-name-cache:
strategy:
matrix:
SC4S_IPV6_ENABLE: ["yes","no"]
runs-on: ubuntu-latest
needs:
- meta
- build_action
# runs all of the steps inside the specified container rather than on the VM host.
# Because of this the network configuration changes from host based network to a container network.
container:
image: python:3.9-buster
services:
splunk:
image: splunk/splunk:${{ fromJson(needs.meta.outputs.matrix_supportedSplunk)[0].version }}
ports:
- 8088:8088
- 8089:8089
env:
SPLUNK_HEC_TOKEN: 70b6ae71-76b3-4c38-9597-0c5b37ad9630
SPLUNK_PASSWORD: Changed@11
SPLUNK_START_ARGS: --accept-license
SPLUNK_APPS_URL: https://github.com/splunk/splunk-configurations-base-indexes/releases/download/v1.0.0/splunk_configurations_base_indexes-1.0.0.tar.gz
sc4s:
image: ${{ needs.meta.outputs.container_base }}
ports:
- 514:514
env:
SC4S_DEST_SPLUNK_HEC_DEFAULT_URL: https://splunk:8088
SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN: 70b6ae71-76b3-4c38-9597-0c5b37ad9630
SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_VERIFY: "no"
SC4S_USE_NAME_CACHE: "yes"
SC4S_CLEAR_NAME_CACHE: "yes"
SC4S_IPV6_ENABLE: "${{ matrix.SC4S_IPV6_ENABLE }}"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- name: Run tests
run: |
pip3 install poetry
poetry install
mkdir -p test-results || true
poetry run pytest -v --tb=long \
--splunk_type=external \
--splunk_hec_token=70b6ae71-76b3-4c38-9597-0c5b37ad9630 \
--splunk_host=splunk \
--sc4s_host=sc4s \
--junitxml=test-results/test.xml \
-n 1 \
-m 'name_cache'
- name: artifact-test-results
uses: actions/upload-artifact@v4
with:
name: test-name-cache-results_IPv6_${{ matrix.SC4S_IPV6_ENABLE }}.xml
path: test-results/test.xml
if: ${{ !cancelled() }}
test-healthcheck:
runs-on: ubuntu-latest
needs:
- meta
- build_action
container:
image: python:3.9-buster
services:
sc4s:
image: ${{ needs.meta.outputs.container_base }}
ports:
- 8090:8090
- 514:514
env:
SC4S_DEST_SPLUNK_HEC_DEFAULT_URL: https://splunk:8088
SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN: 00000000-0000-0000-0000-000000000000
SC4S_LISTEN_STATUS_PORT: 8090 # the default is 8080
HEALTHCHECK_CHECK_QUEUE_SIZE: yes
HEALTHCHECK_MAX_QUEUE_SIZE: 10000
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- name: Install requests
run: pip3 install requests
- name: Return status 'healthy'
run: python3 tests/test_healthcheck_healthy.py --host sc4s --port 8090
- name: Return status 'queue size exceeded limit'
run: python3 tests/test_healthcheck_queue_size_limit.py --limit 20000 --host sc4s --port 8090
test-healthcheck-unit-tests:
runs-on: ubuntu-latest
needs:
- meta
- build_action
container:
image: python:3.9-buster
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- name: Install dependencies
run: |
pip3 install poetry
poetry install
- name: Run tests
run: poetry run pytest tests/test_healthcheck_unit_tests.py
release:
name: Release
runs-on: ubuntu-latest
needs:
- meta
- build_action
- test-container
- test-name-cache
- test-healthcheck
- test-healthcheck-unit-tests
steps:
- uses: actions/checkout@v4
with:
submodules: false
persist-credentials: false
- uses: actions/setup-node@v4
with:
node-version: "16"
- name: Semantic Release
id: version
uses: cycjimmy/semantic-release-action@v3
with:
semantic_version: 18
extra_plugins: |
@semantic-release/[email protected]
@semantic-release/git
semantic-release-helm
@google/[email protected]
[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}