.github/workflows/build-test-release.yaml

on:
  push:
    branches:
      - "main"
      - "develop"
    tags:
      - "v[0-9]+.[0-9]+.[0-9]+"
  pull_request:
    branches: [main, develop]

concurrency:
  group: ${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

env:
  PYTHON_VERSION: "3.7"
  POETRY_VERSION: "1.5.1"

jobs:
  meta:
    runs-on: ubuntu-latest
    outputs:
      matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
    steps:
      - uses: actions/checkout@v4
      - id: matrix
        uses: splunk/addonfactory-test-matrix-action@v2.1

  fossa-scan:
    continue-on-error: true
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: |
          curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
          fossa analyze --debug
          fossa report attribution --format text > /tmp/THIRDPARTY
        env:
          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
      - uses: actions/upload-artifact@v4
        with:
          name: THIRDPARTY
          path: /tmp/THIRDPARTY
      - run: |
          fossa test --debug
        env:
          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}

  compliance-copyrights:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: apache/skywalking-eyes@v0.6.0

  pre-commit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - uses: pre-commit/action@v3.0.1

  semgrep:
    uses: splunk/sast-scanning/.github/workflows/sast-scan.yml@main
    secrets:
      SEMGREP_KEY: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}

  run-unit-tests:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - run: |
          curl -sSL https://install.python-poetry.org | python3 - --version ${{ env.POETRY_VERSION }}
      - id: cache-poetry
        uses: actions/cache@v4
        with:
          path: ~/.cache/pypoetry
          key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
          restore-keys: |
            poetry-${{ runner.os }}-
      - run: poetry install
        if: ${{ steps.cache-poetry.outputs.cache-hit != 'true' }}
      - run: poetry run pytest -v tests/unit

  build:
    name: build
    runs-on: ubuntu-latest
    needs:
      - fossa-scan
      - compliance-copyrights
      - pre-commit
      - run-unit-tests
    steps:
      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - run: curl -sSL https://install.python-poetry.org | python3 - --version ${{ env.POETRY_VERSION }}
      - id: cache-poetry
        uses: actions/cache@v4
        with:
          path: ~/.cache/pypoetry
          key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
          restore-keys: |
            poetry-${{ runner.os }}-
      - run: poetry install
        if: ${{ steps.cache-poetry.outputs.cache-hit != 'true' }}
      - run: poetry build
      - run: |
          poetry run ucc-gen build \
            --source=tests/testdata/Splunk_TA_UCCExample/package \
            --config=tests/testdata/Splunk_TA_UCCExample/globalConfig.json \
            --ta-version=0.0.1
        if: always()
      - uses: actions/upload-artifact@v4
        with:
          name: output
          path: output/*
  
  run-ui-tests:
    name: test-ui Splunk ${{ matrix.splunk.version }} -k ${{ matrix.test_suite }}
    needs:
      - meta
      - build
    runs-on: ubuntu-latest
    if: |
      !contains(github.event.issue.labels.*.name, 'skip-ui-tests')
    permissions:
      id-token: write
      contents: read
      checks: write
    strategy:
      fail-fast: false
      matrix:
        splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
        browser: ["chrome", "firefox"]
        test_suite: [
          "test_splunk_ta_example_addon_logging",
          "test_splunk_ta_example_addon_account",
          "test_splunk_ta_example_addon_proxy",
          "test_splunk_ta_example_addon_input_common",
          "test_splunk_ta_example_addon_input_1",
          "test_splunk_ta_example_addon_input_2",
          "test_splunk_ta_example_addon_custom",
          "test_splunk_ta_example_addon_alert_actions"
        ]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - uses: actions/download-artifact@v4
        with:
          name: output
          path: output/
      - run: curl -sSL https://install.python-poetry.org | python3 - --version ${{ env.POETRY_VERSION }}
      - id: cache-poetry
        uses: actions/cache@v4
        with:
          path: ~/.cache/pypoetry
          key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }}
          restore-keys: |
            poetry-${{ runner.os }}-
      - run: poetry install
        if: ${{ steps.cache-poetry.outputs.cache-hit != 'true' }}
      - name: Link chromedriver and geckodriver
        # Use installed chromedriver https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md
        run: |
          export PATH=$PATH:$CHROMEWEBDRIVER
          chromedriver --version
          export PATH=$PATH:$GECKOWEBDRIVER
          geckodriver --version
      - run: |
          ./run_splunk.sh ${{ matrix.splunk.version }}
          until curl -Lsk "https://localhost:8088/services/collector/health" &>/dev/null ; do echo -n "Waiting for HEC-" && sleep 5 ; done
      - run: poetry run pytest tests/ui -k "${{ matrix.test_suite }}" --headless --junitxml=test-results/junit.xml
      - uses: actions/upload-artifact@v4
        if: always()
        with:
          name: test-results-${{ matrix.splunk.version }}_${{ matrix.python-version }}_${{ matrix.browser }}_${{ matrix.test_suite }}
          path: test-results/*
      - uses: dorny/test-reporter@v1
        if: always()
        with:
          name: test-report-${{ matrix.splunk.version }}_${{ matrix.python-version }}_${{ matrix.browser }}_${{ matrix.test_suite }}
          path: "test-results/*.xml"
          reporter: java-junit

  publish:
    needs:
      - pre-commit
      - build
      - run-ui-tests
      - run-unit-tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: false
          persist-credentials: false
      - uses: actions/setup-python@v5
        with:
          python-version: ${{ env.PYTHON_VERSION }}
      - run: curl -sSL https://install.python-poetry.org | python3 - --version ${{ env.POETRY_VERSION }}
      - id: semantic
        uses: splunk/semantic-release-action@v1.3
        with:
          git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
          git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
          gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.SA_GPG_PASSPHRASE }}
          extra_plugins: |
            semantic-release-replace-plugin
        env:
          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
      - if: ${{ steps.semantic.outputs.new_release_published == 'true' }}
        run: |
          poetry build
          poetry publish -n -u ${{ secrets.PYPI_USERNAME }} -p ${{ secrets.PYPI_TOKEN }}