Splunk TA Update #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Splunk TA Update | |
on: | |
workflow_dispatch: # Manually trigger the workflow | |
schedule: | |
- cron: '55 06 * * *' # Runs daily at midnight | |
jobs: | |
data-source-validation-and-update: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
ref: 'develop' | |
token: ${{ secrets.DATA_SOURCES_DEPENDABOT }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
architecture: 'x64' # or the version your script requires | |
- name: Install Python Dependencies and ContentCTL and Atomic Red Team | |
run: | | |
pip install "contentctl>=4.0.0" | |
- name: Run ContentCTL Data source TA validation | |
id: validate | |
run: | | |
pwd | |
contentctl validate --data-source-TA-validation 2>&1 | tee data_source_validation.log | |
continue-on-error: true | |
- name: Print Validation Log | |
run: | | |
cat data_source_validation.log | |
rm -f =4.0.0 | |
- name: Update Data Sources if Validation Fails | |
run: | | |
python .github/workflows/update_data_sources_ta.py | |
git status | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v7 | |
with: | |
token: ${{ secrets.DATA_SOURCES_DEPENDABOT }} | |
commit-message: Updated TAs | |
branch: auto-ta-update-${{ github.run_number }} | |
base: develop | |
title: Automated Splunk TA Update ${{ github.run_number }} | |
body: "This PR contains updates to Splunk TAs made by GitHub Actions workflow." | |
paths: | | |
security_content/data_sources/** |