Update python_version 3.13 phase 5 #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reusable Push Workflow | |
| on: | |
| pull_request_target: | |
| types: | |
| - opened | |
| - synchronize | |
| jobs: | |
| pr-labeling: | |
| runs-on: ubuntu-latest | |
| if: github.event.action == 'opened' | |
| permissions: | |
| issues: write | |
| pull-requests: write | |
| contents: read | |
| steps: | |
| - name: Assign PR Labels | |
| uses: splunk-soar-connectors/.github/.github/actions/pr-labeling@main | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| jira-user: ${{ secrets.JIRA_USER }} | |
| jira-api-key: ${{ secrets.JIRA_API_KEY }} | |
| repo-name: ${{ github.repository }} | |
| pr-number: ${{ github.event.pull_request.number }} | |
| detect-app-type: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is_sdkfied: ${{ steps.detect.outputs.is_sdkfied }} | |
| uv_lock_directory: ${{ steps.detect.outputs.uv_lock_directory }} | |
| steps: | |
| - name: Check out app repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Detect App Type | |
| id: detect | |
| run: | | |
| echo "Detecting app type..." | |
| # Find uv.lock file and get its parent directory | |
| UV_LOCK_PATH=$(find . -name "uv.lock" -type f | head -1) | |
| if [ -n "$UV_LOCK_PATH" ]; then | |
| UV_LOCK_DIR=$(dirname "$UV_LOCK_PATH") | |
| echo "Found uv.lock in directory: $UV_LOCK_DIR" | |
| echo "This is an SDKfied app" | |
| echo "is_sdkfied=true" >> $GITHUB_OUTPUT | |
| echo "uv_lock_directory=$UV_LOCK_DIR" >> $GITHUB_OUTPUT | |
| else | |
| echo "No uv.lock found" | |
| echo "This is a traditional app" | |
| echo "is_sdkfied=false" >> $GITHUB_OUTPUT | |
| echo "uv_lock_directory=" >> $GITHUB_OUTPUT | |
| fi | |
| echo "App detection completed" | |
| shell: bash | |
| pre-commit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup Environment | |
| uses: splunk-soar-connectors/.github/.github/actions/env-setup@main | |
| - name: Pre-commit | |
| uses: splunk-soar-connectors/.github/.github/actions/pre-commit@main | |
| security-scans: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: detect-app-type | |
| env: | |
| IS_SDKFIED: ${{ needs.detect-app-type.outputs.is_sdkfied }} | |
| UV_LOCK_DIRECTORY: ${{ needs.detect-app-type.outputs.uv_lock_directory }} | |
| steps: | |
| - name: Check out app repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup SDKfied App Environment | |
| if: env.IS_SDKFIED == 'true' | |
| uses: splunk-soar-connectors/.github/.github/actions/sdkfied-app-setup@main | |
| with: | |
| uv_lock_directory: ${{ env.UV_LOCK_DIRECTORY }} | |
| - name: Create temporary manifest for SDKfied app | |
| if: env.IS_SDKFIED == 'true' | |
| run: | | |
| uv run --project "${{ env.UV_LOCK_DIRECTORY }}" soarapps manifests create temp_app.json "${{ env.UV_LOCK_DIRECTORY }}" | |
| echo "Created temporary manifest: temp_app.json" | |
| shell: bash | |
| - name: Run Security Scans | |
| uses: splunk-soar-connectors/.github/.github/actions/security-scans@main | |
| - name: Clean up temporary manifest for SDKfied app | |
| if: env.IS_SDKFIED == 'true' | |
| run: | | |
| rm -f temp_app.json | |
| echo "Deleted temporary manifest: temp_app.json" | |
| shell: bash | |
| compile: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: detect-app-type | |
| env: | |
| IS_SDKFIED: ${{ needs.detect-app-type.outputs.is_sdkfied }} | |
| UV_LOCK_DIRECTORY: ${{ needs.detect-app-type.outputs.uv_lock_directory }} | |
| steps: | |
| - name: Check out app repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup SDKfied App Environment | |
| if: env.IS_SDKFIED == 'true' | |
| uses: splunk-soar-connectors/.github/.github/actions/sdkfied-app-setup@main | |
| with: | |
| uv_lock_directory: ${{ env.UV_LOCK_DIRECTORY }} | |
| - name: Compile Application | |
| uses: splunk-soar-connectors/.github/.github/actions/compile-app@main | |
| with: | |
| current_phantom_ip: ${{ vars.PHANTOM_INSTANCE_CURRENT_VERSION_IP }} | |
| next_phantom_ip: ${{ vars.PHANTOM_INSTANCE_NEXT_OL8_VERSION_IP }} | |
| previous_phantom_ip: ${{ vars.PHANTOM_INSTANCE_PREVIOUS_VERSION_IP }} | |
| phantom_username: ${{ vars.PHANTOM_USERNAME }} | |
| phantom_password: password | |
| is_sdkfied: ${{ needs.detect-app-type.outputs.is_sdkfied }} | |
| uv_lock_directory: ${{ needs.detect-app-type.outputs.uv_lock_directory }} | |
| build: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: [compile, detect-app-type] | |
| env: | |
| IS_SDKFIED: ${{ needs.detect-app-type.outputs.is_sdkfied }} | |
| UV_LOCK_DIRECTORY: ${{ needs.detect-app-type.outputs.uv_lock_directory }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Build Application | |
| if: env.IS_SDKFIED == 'false' | |
| uses: splunk-soar-connectors/.github/.github/actions/build-app@main | |
| - name: Setup SDKfied App Environment | |
| if: env.IS_SDKFIED == 'true' | |
| uses: splunk-soar-connectors/.github/.github/actions/sdkfied-app-setup@main | |
| with: | |
| uv_lock_directory: ${{ env.UV_LOCK_DIRECTORY }} | |
| - name: Build SDK app | |
| if: env.IS_SDKFIED == 'true' | |
| run: | | |
| cd "${{ env.UV_LOCK_DIRECTORY }}" | |
| echo "Building SDKfied app using soarapps CLI" | |
| uv run soarapps package build . --output-file /tmp/${{ github.event.repository.name }}.tgz | |
| echo "SDKfied app build completed successfully" | |
| - name: Upload app tar file as artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app-tar | |
| path: /tmp/${{ github.event.repository.name }}.tgz | |
| test-setup: | |
| runs-on: ubuntu-latest | |
| needs: [build, detect-app-type] | |
| env: | |
| IS_SDKFIED: ${{ needs.detect-app-type.outputs.is_sdkfied }} | |
| UV_LOCK_DIRECTORY: ${{ needs.detect-app-type.outputs.uv_lock_directory }} | |
| outputs: | |
| fips_compliant: ${{ steps.set-outputs.outputs.fips_compliant }} | |
| publisher: ${{ steps.set-outputs.outputs.publisher }} | |
| steps: | |
| - name: Check out actions repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup Python 3.13 for SDKfied apps | |
| if: env.IS_SDKFIED == 'true' | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.13' | |
| - name: Setup SDKfied App Environment | |
| if: env.IS_SDKFIED == 'true' | |
| uses: splunk-soar-connectors/.github/.github/actions/sdkfied-app-setup@main | |
| with: | |
| uv_lock_directory: ${{ env.UV_LOCK_DIRECTORY }} | |
| - name: Create temporary manifest for SDKfied app | |
| if: env.IS_SDKFIED == 'true' | |
| run: | | |
| uv run --project "${{ env.UV_LOCK_DIRECTORY }}" soarapps manifests create temp_app.json "${{ env.UV_LOCK_DIRECTORY }}" | |
| echo "Created temporary manifest: temp_app.json" | |
| shell: bash | |
| - name: Set sanity tests environment variables | |
| uses: splunk-soar-connectors/.github/.github/actions/test-setup@main | |
| - name: Clean up temporary manifest for SDKfied app | |
| if: env.IS_SDKFIED == 'true' | |
| run: | | |
| rm -f temp_app.json | |
| echo "Deleted temporary manifest: temp_app.json" | |
| shell: bash | |
| - name: Set outputs | |
| id: set-outputs | |
| run: | | |
| echo "${{ env.publisher }}" | |
| echo publisher="${{ env.publisher }}" >> $GITHUB_OUTPUT | |
| echo "fips_compliant=${{ env.fips_compliant }}" >> $GITHUB_OUTPUT | |
| test-coverage: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: [test-setup, detect-app-type] | |
| env: | |
| IS_SDKFIED: ${{ needs.detect-app-type.outputs.is_sdkfied }} | |
| UV_LOCK_DIRECTORY: ${{ needs.detect-app-type.outputs.uv_lock_directory }} | |
| if: ${{ needs.test-setup.outputs.publisher == 'Splunk' }} | |
| continue-on-error: true | |
| steps: | |
| - name: Check out actions repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Setup SDKfied App Environment | |
| if: env.IS_SDKFIED == 'true' | |
| uses: splunk-soar-connectors/.github/.github/actions/sdkfied-app-setup@main | |
| with: | |
| uv_lock_directory: ${{ env.UV_LOCK_DIRECTORY }} | |
| - name: Create temporary manifest for SDKfied app | |
| if: env.IS_SDKFIED == 'true' | |
| run: | | |
| uv run --project "${{ env.UV_LOCK_DIRECTORY }}" soarapps manifests create temp_app.json "${{ env.UV_LOCK_DIRECTORY }}" | |
| echo "Created temporary manifest: temp_app.json" | |
| shell: bash | |
| - name: Run Test Coverage | |
| uses: splunk-soar-connectors/.github/.github/actions/test-coverage@main | |
| with: | |
| app_repo: ${{ github.event.repository.name }} | |
| - name: Clean up temporary manifest for SDKfied app | |
| if: env.IS_SDKFIED == 'true' | |
| run: | | |
| rm -f temp_app.json | |
| echo "Deleted temporary manifest: temp_app.json" | |
| shell: bash | |
| sanity-test: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: test-setup | |
| if: ${{ needs.test-setup.outputs.publisher == 'Splunk' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - version: "next_ol8" | |
| ip: ${{ vars.PHANTOM_INSTANCE_NEXT_OL8_VERSION_IP }} | |
| - version: "next_ol9" | |
| ip: ${{ vars.PHANTOM_INSTANCE_NEXT_OL9_VERSION_IP }} | |
| - version: "next_amzn2023" | |
| ip: ${{ vars.PHANTOM_INSTANCE_NEXT_AMZN2023_VERSION_IP }} | |
| - version: "previous" | |
| ip: ${{ vars.PHANTOM_INSTANCE_PREVIOUS_VERSION_IP }} | |
| - version: "cloud" | |
| ip: ${{ vars.PHANTOM_INSTANCE_CLOUD_HOST }} | |
| - version: "cloud_next" | |
| ip: ${{ vars.PHANTOM_INSTANCE_CLOUD_NEXT_HOST }} | |
| env: | |
| AWS_PHANTOM_INSTANCE_CURRENT_VERSION_IP: ${{ vars.AWS_PHANTOM_INSTANCE_CURRENT_VERSION_IP }} | |
| AWS_PHANTOM_INSTANCE_PREVIOUS_VERSION_IP: ${{ vars.AWS_PHANTOM_INSTANCE_PREVIOUS_VERSION_IP }} | |
| NUM_TEST_RETRIES: ${{ vars.NUM_TEST_RETRIES }} | |
| VAULT_ROLE: ${{ vars.VAULT_ROLE }} | |
| PHANTOM_INSTANCE_CURRENT_FIPS_VERSION_IP: ${{ vars.PHANTOM_INSTANCE_CURRENT_FIPS_VERSION_IP }} | |
| PLAYBOOK_EXCLUDE_REGEX: ${{ vars.PLAYBOOK_EXCLUDE_REGEX }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download app tar file | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-tar | |
| - name: Run Sanity Tests | |
| uses: splunk-soar-connectors/.github/.github/actions/sanity-tests@main | |
| with: | |
| phantom_ip: ${{ matrix.ip }} | |
| version: ${{ matrix.version }} | |
| app_repo: ${{ github.event.repository.name }} | |
| automation_broker: ${{ vars.AUTOMATION_BROKER_NAME }} | |
| automation_broker_next: ${{ vars.AUTOMATION_BROKER_NEXT_NAME }} | |
| - name: Upload Sanity Test Results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: sanity-test-results-${{ matrix.version }} | |
| path: ${{ github.workspace }}/test-results/ | |
| retention-days: 1 | |
| aggregate-sanity-results: | |
| runs-on: ubuntu-latest | |
| needs: [sanity-test, test-setup] | |
| if: always() && needs.test-setup.outputs.publisher == 'Splunk' | |
| steps: | |
| - name: Download All Sanity Test Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: sanity-test-results-* | |
| path: downloaded-artifacts/ | |
| merge-multiple: false | |
| - name: Aggregate Test Results | |
| uses: splunk-soar-connectors/.github/.github/actions/aggregate-sanity-results@main | |
| with: | |
| artifacts_path: downloaded-artifacts | |
| integration-test: | |
| runs-on: | |
| - codebuild-integration-tests-${{ github.run_id }}-${{ github.run_attempt }} | |
| - image:custom-linux-875003031410.dkr.ecr.us-west-2.amazonaws.com/soar-connectors/pytest:f7150dbb7f347d35f8f4bb285d36985ecd4cf231 | |
| needs: test-setup | |
| if: ${{ needs.test-setup.outputs.publisher == 'Splunk' }} | |
| env: | |
| PHANTOM_INSTANCE_IP: ${{ vars.PHANTOM_INSTANCE_CURRENT_VERSION_IP }} | |
| PHANTOM_INSTANCE_IP_FIPS: ${{ vars.PHANTOM_INSTANCE_CURRENT_FIPS_VERSION_IP }} | |
| AWS_PHANTOM_INSTANCE_CURRENT_VERSION_IP: ${{ vars.AWS_PHANTOM_INSTANCE_CURRENT_VERSION_IP }} | |
| AWS_PHANTOM_INSTANCE_PREVIOUS_VERSION_IP: ${{ vars.AWS_PHANTOM_INSTANCE_PREVIOUS_VERSION_IP }} | |
| NUM_TEST_RETRIES: ${{ vars.NUM_TEST_RETRIES }} | |
| VAULT_ROLE: ${{ vars.VAULT_ROLE }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download app tar file | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: app-tar | |
| - name: Run Integration Tests | |
| uses: splunk-soar-connectors/.github/.github/actions/integration-tests@main | |
| with: | |
| fips_compliant: ${{ needs.test-setup.outputs.fips_compliant }} | |
| app_repo: ${{ github.event.repository.name }} |