test

Author: awownysz-splunk

.github/actions/build/action.yml

@@ -5,8 +5,8 @@ description: >
   and uploads it to the Github registry
 
 inputs:
-  # python_version:
-  #   required: true
+  python_version:
+    required: true
   SA_GH_USER_NAME:
     required: true
   SA_GH_USER_EMAIL:
@@ -43,7 +43,7 @@ runs:
     - name: Setup python
       uses: actions/setup-python@v4
       with:
-        python-version: '3.7'
+        python-version: ${{ inputs.python_version }}
 
     - name: Create requirements file for pip
       shell: bash
@@ -114,20 +114,20 @@ runs:
         PrNumber: ${{ github.event.number }}
 
     - name: Download THIRDPARTY
-      if: '3.7' == '3.7' && github.event_name != 'pull_request' && github.event_name != 'schedule'
+      if: ${{ inputs.python_version }} == '3.7' && github.event_name != 'pull_request' && github.event_name != 'schedule'
       uses: actions/download-artifact@v3
       with:
         name: THIRDPARTY
 
     - name: Download THIRDPARTY (Optional for PR and schedule)
-      if: '3.7' == '3.7' && github.event_name == 'pull_request' || github.event_name == 'schedule'
+      if: ${{ inputs.python_version }} == '3.7' && github.event_name == 'pull_request' || github.event_name == 'schedule'
       continue-on-error: true
       uses: actions/download-artifact@v3
       with:
         name: THIRDPARTY
 
     - name: Update Notices
-      if: '3.7' == '3.7'
+      if: ${{ inputs.python_version }} == '3.7'
       shell: bash
       run: |
         cp -f THIRDPARTY package/THIRDPARTY || echo "THIRDPARTY file not found (allowed for PR and schedule)"
@@ -139,7 +139,7 @@ runs:
         version: ${{ steps.BuildVersion.outputs.VERSION }}
 
     - name: Slim Package
-      if: always() && '3.7' == '3.7'
+      if: always() && ${{ inputs.python_version }} == '3.7'
       id: slim
       uses: splunk/addonfactory-packaging-toolkit-action@v1
       with:
@@ -148,26 +148,26 @@ runs:
     - name: debug
       shell: bash
       run: |
-        echo "'3.7'"
+        echo "${{ inputs.python_version }}"
         echo "${{ inputs.ucc_modinput_functional }}"
         echo "${{ github.event_name }}"
 
     - name: Artifact OpenAPI
-      if: '3.7' == '3.7' && ${{ !cancelled() && inputs.ucc_modinput_functional == 'true' && inputs.modinput_functional == 'true' }}
+      if: ${{ inputs.python_version }} == '3.7' && ${{ !cancelled() && inputs.ucc_modinput_functional == 'true' && inputs.modinput_functional == 'true' }}
       uses: actions/upload-artifact@v3
       with:
         name: artifact-openapi
         path: ${{ github.workspace }}/${{ steps.uccgen.outputs.OUTPUT }}/static/openapi.json
 
     - name: Artifact Splunkbase
-      if: ${{ !cancelled() }} && '3.7' == '3.7'
+      if: ${{ !cancelled() }} && ${{ inputs.python_version }} == '3.7'
       uses: actions/upload-artifact@v3
       with:
         name: package-splunkbase
         path: ${{ steps.slim.outputs.OUTPUT }}
 
     - name: Upload build to S3
-      if: '3.7' == '3.7'
+      if: ${{ inputs.python_version }} == '3.7'
       id: buildupload
       shell: bash
       env:
@@ -180,7 +180,7 @@ runs:
         aws s3 cp "${{ steps.slim.outputs.OUTPUT }}" s3://ta-production-artifacts/ta-apps/
         
     - name: Artifact Splunk parts
-      if: ${{ !cancelled() }} && '3.7' == '3.7'
+      if: ${{ !cancelled() }} && ${{ inputs.python_version }} == '3.7'
       uses: actions/upload-artifact@v3
       with:
         name: package-deployment

.github/workflows/reusable-build-test-release.yml

@@ -306,42 +306,54 @@ jobs:
     runs-on: ubuntu-latest
     needs:
       - setup-workflow
+      - get-called-ref
     if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }}
     steps:
-      - name: Run compliance copyrights
-        uses: ./.github/actions/compliance-copyrights
+      - uses: jenseng/dynamic-uses@v1
+        with:
+          uses: splunk/addonfactory-workflow-addon-release/.github/actions/compliance-copyrights@${{ needs.get-called-ref.outputs.ref }}
 
   lint:
     name: Lint
     runs-on: ubuntu-latest
     needs:
       - setup-workflow
+      - get-called-ref
     if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }}
     steps:
-      - name: Run linting checks
-        uses: ./.github/actions/lint
+      - uses: jenseng/dynamic-uses@v1
+        with:
+          uses: splunk/addonfactory-workflow-addon-release/.github/actions/lint@${{ needs.get-called-ref.outputs.ref }}
 
   review-secrets:
     name: Review secrets
     runs-on: ubuntu-latest
     needs:
       - setup-workflow
+      - get-called-ref
     if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }}
     steps:
-      - name: Run secrets review
-        uses: ./.github/actions/review-secrets
+      - uses: jenseng/dynamic-uses@v1
+        with:
+          uses: splunk/addonfactory-workflow-addon-release/.github/actions/review-secrets@${{ needs.get-called-ref.outputs.ref }}
 
   semgrep:
     name: Semgrep security check
     runs-on: ubuntu-latest
+    # inputs to `dynamic-uses` step
+    env: 
+      SEMGREP_PUBLISH_TOKEN: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
     needs:
       - setup-workflow
+      - get-called-ref
     if: ${{ needs.setup-workflow.outputs.skip-workflow != 'Yes' }}
     steps:
-      - name: Run semgrep
-        uses: ./.github/actions/semgrep
+      - uses: jenseng/dynamic-uses@v1
         with:
-          SEMGREP_PUBLISH_TOKEN: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
+          uses: splunk/addonfactory-workflow-addon-release/.github/actions/semgrep@${{ needs.get-called-ref.outputs.ref }}
+          # inputs need to provided as a valid JSON string
+          with:
+            ${{ toJSON(env) }}
 
   test-inventory:
     name: Test inventory