Skip to content

Splunk TA Update

Splunk TA Update #10

name: Splunk TA Update
on:
workflow_dispatch: # Manually trigger the workflow
schedule:
- cron: '55 06 * * *' # Runs daily at midnight
jobs:
data-source-validation-and-update:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: 'develop'
token: ${{ secrets.DATA_SOURCES_DEPENDABOT }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
architecture: 'x64' # or the version your script requires
- name: Install Python Dependencies and ContentCTL and Atomic Red Team
run: |
pip install "contentctl>=4.0.0"
- name: Run ContentCTL Data source TA validation
id: validate
run: |
pwd
contentctl validate --data-source-TA-validation 2>&1 | tee data_source_validation.log
continue-on-error: true
- name: Print Validation Log
run: |
cat data_source_validation.log
rm -f =4.0.0
- name: Update Data Sources if Validation Fails
run: |
python .github/workflows/update_data_sources_ta.py
git status
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7
with:
token: ${{ secrets.DATA_SOURCES_DEPENDABOT }}
commit-message: Updated TAs
branch: auto-ta-update-${{ github.run_number }}
base: develop
title: Automated Splunk TA Update ${{ github.run_number }}
body: "This PR contains updates to Splunk TAs made by GitHub Actions workflow."
paths: |
security_content/data_sources/**