ci:changed release workflow

.appinspect.manualcheck.yaml

@@ -59,4 +59,6 @@ check_for_supported_tls:
 check_for_remote_code_execution_in_javascript:
   comment: 'Ok'
 check_python_untrusted_xml_functions:
+  comment: 'Ok'
+check_all_python_files_are_well_formed:
   comment: 'Ok'

.github/workflows/build-appinspect.yml

@@ -12,15 +12,15 @@ on:
 jobs:
   build:
     name: Bundle the App
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     outputs:
       app_name: ${{ steps.app.outputs.name }}
       app_version: ${{ steps.app.outputs.version }}
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.7
+          python-version: 3.9
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
@@ -62,7 +62,7 @@ jobs:
 
   appinspect-cli:
     name: appinspect-cli ${{ matrix.tags }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     continue-on-error: true
     needs: build
     strategy:
@@ -76,7 +76,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.7
+          python-version: 3.9
       - uses: actions/download-artifact@v4
         with:
           name: ${{ needs.build.outputs.app_name }}-${{ needs.build.outputs.app_version }}

.github/workflows/release.yml

@@ -1,23 +1,31 @@
-name: Package and Upload Release
+name: Release from Changelog
 
 on:
   push:
-    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
+    paths:
+      - "CHANGELOG.md"
+    branches:
+      - main
 
 # Grants permission to create releases
 permissions:
   contents: write
 
 jobs:
-  build-and-release:
-    name: Build and Upload Release
+  build:
+    name: Build the App
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [ 3.9 ]
+    outputs:
+      artifact_name: ${{ steps.artifact.outputs.name }}
+      ta_version: ${{ steps.app.outputs.version }}
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: ${{ matrix.python-version }}
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
@@ -52,11 +60,53 @@ jobs:
           ucc-gen package --path output/${{ steps.app.outputs.name }}
         shell: bash
 
-      # Release Notes to be added manually by editing the Release via UI!
-      - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
+      - id: artifact
+        run: |
+          echo "name=${{ steps.app.outputs.name }}-${{ steps.app.outputs.version }}-py${{ matrix.python-version }}" >> $GITHUB_OUTPUT
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.artifact.outputs.name }}
+          path: ${{ steps.app.outputs.name }}*.tar.gz
+
+  release:
+    name: Upload Release
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/download-artifact@v4
         with:
-          tag_name: ${{ github.ref_name }}
-          files: ${{ steps.app.outputs.name }}*.tar.gz
+          name: ${{ needs.build.outputs.artifact_name }}
+          path: dist
+      - name: Fetch latest release info from CHANGELOG
+        id: changelog
+        uses: release-flow/keep-a-changelog-action@v3
+        with:
+          command: query
+          version: latest
+      - name: Validate version consistency
+        env:
+          VERSION: ${{ steps.changelog.outputs.version }}
+          TA_VERSION: ${{ needs.build.outputs.ta_version }}
+        run: |
+          if [ "$VERSION" != "$TA_VERSION" ]; then
+            echo "❌ Add-On and Changelog version mismatch. Did you forget to bump the Add-On version?"
+            exit 1
+          fi
+      - name: Create GitHub release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: v${{ steps.changelog.outputs.version }}
+          RELEASE_NOTES: ${{ steps.changelog.outputs.release-notes }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          LATEST_RELEASE=$(gh release view --json tagName --jq '.tagName' 2>/dev/null || echo "v0.0.0")
+          if [ "$VERSION" == "$LATEST_RELEASE" ]; then
+            echo "Versions match nothing to do!"
+          else
+            echo "Releasing $VERSION"
+            gh release create $VERSION \
+              --title "$VERSION" \
+              --notes "$RELEASE_NOTES" \
+              dist/*.tar.gz
+          fi

.github/workflows/tests.yml

@@ -14,9 +14,143 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  splunk-test:
+  splunk-10x:
     name: Deploy and test the TA
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        version: [10.2.0]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install --upgrade splunk-packaging-toolkit splunk-add-on-ucc-framework
+
+      - name: Build TA
+        id: build
+        run: |
+          app_version=$(cat "package/app.manifest" | jq -r '.info.id.version')
+          echo "app_version=${app_version}" >> $GITHUB_OUTPUT
+          app_id=$(cat "package/app.manifest" | jq -r '.info.id.name')
+          echo "app_id=${app_id}" >> $GITHUB_OUTPUT
+          ucc-gen build --ta-version ${app_version}
+          mkdir -p output/${app_id}/local
+          cp etc/cicd/inputs.conf output/${app_id}/local
+          chmod -R +r output
+          chmod -R go-w output
+        shell: bash
+
+      - run: docker network create shared-net
+
+      # NOTE:
+      # Not having services because of: connectivity and volumes mounting
+      - name: Start Mockoon container
+        run: |
+          docker run -d --name mockoon \
+            --network shared-net \
+            -v ${{ github.workspace }}/tests/genesyscloud_mock.json:/data/mockoon.json \
+            -p 3004:3004 \
+            mockoon/cli:latest \
+            --data /data/mockoon.json --port 3004 --log-transaction
+
+      # NOTE:
+      # Splunk to be executed as root to avoid errors when toggling inputs states via REST
+      - name: Start Splunk container
+        env:
+          SPLUNK_START_ARGS: "--answer-yes --no-prompt --accept-license --run-as-root"
+          SPLUNK_GENERAL_TERMS: "--accept-sgt-current-at-splunk-com"
+          SPLUNK_PASSWORD: password
+          GENESYSCLOUD_HOST: http://mockoon:3004
+        run: |
+          docker run -d --name splunk \
+            --network shared-net \
+            -e SPLUNK_START_ARGS="$SPLUNK_START_ARGS" \
+            -e SPLUNK_GENERAL_TERMS="$SPLUNK_GENERAL_TERMS" \
+            -e SPLUNK_PASSWORD="$SPLUNK_PASSWORD" \
+            -e GENESYSCLOUD_HOST="$GENESYSCLOUD_HOST" \
+            -v ${{ github.workspace }}/etc/cicd/environment:/etc/environment \
+            -v ${{ github.workspace }}/output/${{ steps.build.outputs.app_id }}:/opt/splunk/etc/apps/${{ steps.build.outputs.app_id }} \
+            -p 8000:8000 \
+            -p 8089:8089 \
+            splunk/splunk:${{ matrix.version }}
+          # Wait for splunk to be up and running (~2min)
+          sleep 150
+          value=$(docker exec splunk printenv GENESYSCLOUD_HOST)
+          echo "GENESYSCLOUD_HOST=$value" >> $GITHUB_ENV
+
+      # Enable this to troubleshoot errors with the splunk docker
+      # - name: Debug Splunk Logs
+      #   if: always()
+      #   run: docker logs $(docker ps -a -q --filter ancestor=splunk/splunk:10.2.0)
+
+      - name: Test mockoon is alive
+        run: |
+          docker logs mockoon
+          for i in {1..30}; do
+            if curl --silent --fail http://localhost:3004/; then
+              echo "Mockoon is up!"
+              exit 0
+            fi
+            echo "Waiting for Mockoon..."
+            sleep 2
+          done
+          echo "Mockoon failed to start"
+          exit 1
+
+      - name: Test connectivity from Splunk to Mockoon
+        run: |
+          echo "Test whether Splunk is ready..."
+          EXPECTED="Ansible playbook complete, will begin streaming splunkd_stderr.log"
+          docker logs splunk 2>&1 | tail -n 20 | grep -F "$EXPECTED" && echo "Found expected line near end of logs." || (echo "Expected line not found." && exit 1)
+          echo "Test connectivity..."
+          docker exec splunk curl -v http://mockoon:3004/ || echo "Failed to reach Mockoon from Splunk"
+
+      - name: Run integration tests
+        env:
+          GENESYSCLOUD_HOST: http://localhost:3004
+        run: |
+          pip install -r test-requirements.txt
+          mkdir -p junit
+          python -m pytest integration/* --junitxml=junit/integration-test-results-${{ matrix.version }}.xml
+        working-directory: ./tests
+
+      - name: Run functional tests
+        if: success()
+        env:
+          GENESYSCLOUD_HOST: ${{ env.GENESYSCLOUD_HOST }}
+        run: |
+          python -m pytest modinput_functional/* --junitxml=junit/test-results-${{ matrix.version }}.xml
+        working-directory: ./tests
+
+      - name: Exporting Mockoon logs
+        if: always()
+        run: |
+          mkdir -p logs/
+          docker logs mockoon > ${{ github.workspace }}/logs/mockoon-${{ matrix.version }}.log 2>&1
+
+      - name: Upload Mockoon logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: mockoon-logs-${{ matrix.version }}
+          path: logs/mockoon-${{ matrix.version }}.log
+
+      - uses: dorny/test-reporter@v2
+        if: always()
+        with:
+          name: Tests Results
+          path: 'tests/junit/*.xml'
+          reporter: java-junit
+          fail-on-error: 'false'
+
+  splunk-9x:
+    name: Deploy and test the TA
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
@@ -25,7 +159,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: 3.7
+          python-version: 3.9
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip