[deps]: Update lint-staged to v17 (#203) #1125
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| workflow_dispatch: | |
| schedule: | |
| # Splunk App Inspect checks - https://dev.splunk.com/enterprise/docs/whatsnew/#AppInspect-updates | |
| - cron: "0 0 1 * *" | |
| permissions: {} | |
| jobs: | |
| cloc: | |
| name: CLOC | |
| runs-on: ubuntu-22.04-arm | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - name: Install cloc | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get -y install cloc | |
| - name: Print lines of code | |
| run: cloc --include-lang CSS,JavaScript,XML,Python --vcs git | |
| build-ui: | |
| name: Build UI | |
| runs-on: ubuntu-22.04-arm | |
| defaults: | |
| run: | |
| working-directory: ./ui | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - name: Get Node version | |
| id: retrieve-node-version | |
| run: | | |
| NODE_NVMRC=$(cat .nvmrc) | |
| NODE_VERSION=${NODE_NVMRC/v/''} | |
| echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Set up Node | |
| uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| cache: "npm" | |
| cache-dependency-path: "**/package-lock.json" | |
| node-version: ${{ steps.retrieve-node-version.outputs.node_version }} | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build | |
| run: npm run build | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: bitwarden_event_logs_ui | |
| path: ui/dist/setup/* | |
| if-no-files-found: error | |
| build-artifacts: | |
| name: Build artifacts | |
| # Splunk AppInspect requires aarch64/arm64 binaries, the easiest way to comply with this is to build on an arm64 runner. | |
| # This is most important here, but we use it in all jobs in this workflow for consistency. | |
| runs-on: ubuntu-22.04-arm | |
| needs: build-ui | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - name: Install poetry | |
| run: pipx install poetry | |
| - name: Set up Python 3.13 | |
| uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # 6.1.0 | |
| with: | |
| python-version: "3.13" | |
| - name: Print environment | |
| run: | | |
| poetry env info | |
| echo "GitHub ref: $GITHUB_REF" | |
| echo "GitHub event: $GITHUB_EVENT" | |
| - name: Pull dependencies | |
| run: | | |
| poetry env use 3.13 | |
| poetry install --no-cache --no-root | |
| poetry self add poetry-plugin-export | |
| mkdir package/lib | |
| poetry export -f requirements.txt --output package/lib/requirements.txt | |
| poetry install --no-cache --no-root --with dev,test,splunkslim | |
| - name: Tests | |
| run: poetry run pytest | |
| - name: Prepare UI | |
| run: mkdir -p package/appserver/static/setup | |
| - name: Download UI | |
| uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: bitwarden_event_logs_ui | |
| path: package/appserver/static/setup | |
| - name: Build Splunk App | |
| run: | | |
| mkdir package/bin | |
| cp -R src/* package/bin/ | |
| APP_VERSION=$(poetry version | awk -F ' ' '{print $2}') | |
| poetry run ucc-gen build --ta-version "${APP_VERSION}" | |
| # cleanup python files | |
| rm -rf output/bitwarden_event_logs/{bin,lib}/__pycache__ | |
| rm -rf output/bitwarden_event_logs/bin/{bitwarden_event_logs_rh_settings.py,import_declare_test.py} | |
| # remove ucc-gen not used files | |
| rm -rf output/bitwarden_event_logs/appserver/static/{css,js,openapi.json} | |
| rm -rf output/bitwarden_event_logs/appserver/templates/base.html | |
| rm -rf output/bitwarden_event_logs/default/{restmap.conf,web.conf,bitwarden_event_logs_settings.conf} | |
| rm -rf output/bitwarden_event_logs/README/bitwarden_event_logs_settings.conf.spec | |
| poetry run ucc-gen package --path output/bitwarden_event_logs -o output/ | |
| mv output/bitwarden_event_logs*.tar.gz output/bitwarden_event_logs.tar.gz | |
| - name: Validate artifact | |
| run: | | |
| poetry run slim validate output/bitwarden_event_logs.tar.gz 2>&1 | tee output.txt | |
| if grep -q "\[ERROR\]" "output.txt"; then | |
| echo "ERROR(s) found." | |
| exit 1 | |
| fi | |
| rm -f output.txt | |
| poetry run splunk-appinspect inspect --mode precert output/bitwarden_event_logs.tar.gz 2>&1 | tee output.txt | |
| if ! grep -q -E "error:[ \t]+0" "output.txt"; then | |
| echo "ERRORS(s) found." | |
| exit 1 | |
| fi | |
| if ! grep -q -E "failure:[ \t]+0" "output.txt"; then | |
| echo "ERRORS(s) found." | |
| exit 1 | |
| fi | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: bitwarden_event_logs.tar.gz | |
| path: output/bitwarden_event_logs.tar.gz | |
| if-no-files-found: error |