From be8f3562c0f5dd720478fa48fe5e861f241b32d9 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 12:50:07 +0100 Subject: [PATCH 01/16] Use as cli package --- .gitignore | 1 + LICENCE | 21 ++++++++++++ README.md | 0 action.yml | 2 +- pyproject.toml | 33 +++++++++++++++++++ src/splunk_app_packager/__init__.py | 0 acs.py => src/splunk_app_packager/acs.py | 0 .../splunk_app_packager/jinja_replace_dict.py | 0 .../splunk_app_packager/package.py | 4 +-- 9 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 LICENCE create mode 100644 README.md create mode 100644 pyproject.toml create mode 100644 src/splunk_app_packager/__init__.py rename acs.py => src/splunk_app_packager/acs.py (100%) rename jinja_replace_dict.py => src/splunk_app_packager/jinja_replace_dict.py (100%) rename package.py => src/splunk_app_packager/package.py (99%) diff --git a/.gitignore b/.gitignore index 4d8e3ab..fb858f0 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ DCAP_*.json target/ venv/ __pycache__/ +dist/ diff --git a/LICENCE b/LICENCE new file mode 100644 index 0000000..904c7bd --- /dev/null +++ b/LICENCE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 Crown Copyright (Department for Education) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/action.yml b/action.yml index f296900..53546c4 100644 --- a/action.yml +++ b/action.yml @@ -45,4 +45,4 @@ runs: SPLUNK_PASSWORD: ${{ inputs.splunk_password }} SPLUNK_ACS_TOKEN: ${{ inputs.splunk_acs_token }} SPLUNK_ACS_STACK: ${{ inputs.splunk_acs_stack }} - run: ./package.py --prod DCAP + run: src/splunk_app_packager/package.py --prod DCAP diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..81fa8e8 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,33 @@ +[build-system] +requires = ["hatchling"] +build-backend = "hatchling.build" + +[project] +name = "splunk_app_packager" +version = "0.0.5" +authors = [ + { name="Sam Pritchard", email="sam.pritchard@education.gov.uk" }, + { name="Ian Pearl", email="ian.pearl@education.gov.uk" }, + { name="Alex Kinnane", email="alex.kinnane@education.gov.uk"} +] +description = "A tool to package up your splunk app and deploy it." +readme = "README.md" +requires-python = ">=3.8" +classifiers = [ + "Programming Language :: Python :: 3", + "License :: OSI Approved :: MIT License", + "Operating System :: OS Independent", +] +dependencies = [ + "requests", + "click", + "GitPython", + "jinja2" +] + +[project.scripts] +splunk_app_packager = "splunk_app_packager.package:main" + +[project.urls] +Homepage = "https://github.com/dfe-digital/splunk-app-packager" +Issues = "https://github.com/dfe-digital/splunk-app-packager/issues" \ No newline at end of file diff --git a/src/splunk_app_packager/__init__.py b/src/splunk_app_packager/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/acs.py b/src/splunk_app_packager/acs.py similarity index 100% rename from acs.py rename to src/splunk_app_packager/acs.py diff --git a/jinja_replace_dict.py b/src/splunk_app_packager/jinja_replace_dict.py similarity index 100% rename from jinja_replace_dict.py rename to src/splunk_app_packager/jinja_replace_dict.py diff --git a/package.py b/src/splunk_app_packager/package.py similarity index 99% rename from package.py rename to src/splunk_app_packager/package.py index 126b818..e5fd968 100755 --- a/package.py +++ b/src/splunk_app_packager/package.py @@ -17,12 +17,12 @@ from pathlib import PurePath from pprint import pprint -from jinja_replace_dict import REPLACEMENT_DICT +from splunk_app_packager.jinja_replace_dict import REPLACEMENT_DICT import click import requests from requests.auth import HTTPBasicAuth import os -from acs import SplunkACS +from splunk_app_packager.acs import SplunkACS class SplunkAppInspectReport: From 535de4b3019267cb59450e2e97c24568b692e999 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 16:06:05 +0100 Subject: [PATCH 02/16] Replace jinja dict --- README.md | 51 +++++++++++++++++++ pyproject.toml | 11 ++-- src/splunk_app_packager/jinja_replace_dict.py | 11 ++-- src/splunk_app_packager/package.py | 34 ++++++++----- 4 files changed, 85 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index e69de29..3e62298 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,51 @@ +# Splunk app packager + +The Splunk app packager runs as a cli tool to package your Splunk app, validate the app, and push it to your Splunk instance. + +## Install splunk-app-packager + +```shell +$ pip install splunk-app-packager +``` + +## Run splunk-app-packager + +### Set environment variables + +```shell +$ export SPLUNK_USER= +$ export SPLUNK_PASSWORD= +$ export SPLUNK_ACS_TOKEN= +$ export SPLUNK_ACS_STACK= +``` + +### CLI arguments + +```shell +$ sap --help +Usage: splunk_app_packager [OPTIONS] APP_PACKAGE + +Options: + --splunkuser TEXT The splunk.com username. Can also be set via + SPLUNK_USER environment variable [required] + --splunkpassword TEXT The splunk.com password. Can also be set via + SPLUNK_PASSWORD environment variable [required] + --justvalidate Provied a package .tag.gz instead of a directory and + validate it. + --prod Build a PRODUCTION package + --nodeploy Do NOT do the Deploy leg, just validate + --outfile TEXT Provied a package .tag.gz instead of a directory and + validate it. + --acs-stack TEXT The name of the ACS stack. Can also be set via + SPLUNK_ACS_STACK environment variable. + --acs-token TEXT A bearer token for Splunk ACS. Can also be set via + SPLUNK_ACS_TOKEN environment variable. + --config-path TEXT A path to the config.toml file. [required] + --help Show this message and exit. +``` + +### Example usage + +```shell +$ sap /path/to/app/folder --prod +``` \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index 81fa8e8..345fbf5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,11 +4,11 @@ build-backend = "hatchling.build" [project] name = "splunk_app_packager" -version = "0.0.5" +version = "0.0.6" authors = [ - { name="Sam Pritchard", email="sam.pritchard@education.gov.uk" }, + { name="Sam Pritchard", email="47423802+pritchyspritch@users.noreply.github.com" }, { name="Ian Pearl", email="ian.pearl@education.gov.uk" }, - { name="Alex Kinnane", email="alex.kinnane@education.gov.uk"} + { name="Alex Kinnane", email="17098249+akinnane@users.noreply.github.com"} ] description = "A tool to package up your splunk app and deploy it." readme = "README.md" @@ -22,11 +22,12 @@ dependencies = [ "requests", "click", "GitPython", - "jinja2" + "jinja2", + "toml" ] [project.scripts] -splunk_app_packager = "splunk_app_packager.package:main" +sap = "splunk_app_packager.package:main" [project.urls] Homepage = "https://github.com/dfe-digital/splunk-app-packager" diff --git a/src/splunk_app_packager/jinja_replace_dict.py b/src/splunk_app_packager/jinja_replace_dict.py index 76adde0..a89e2dd 100644 --- a/src/splunk_app_packager/jinja_replace_dict.py +++ b/src/splunk_app_packager/jinja_replace_dict.py @@ -1,5 +1,6 @@ -REPLACEMENT_DICT = {'app' : 'DCAP', - 'environment' : '', - 'version' : '', - 'splunk_user' : 'ssphp_app_account', - } \ No newline at end of file +import toml + + +def load_config_toml(config_path): + config_dict = toml.load(config_path) + return config_dict["package_config"] \ No newline at end of file diff --git a/src/splunk_app_packager/package.py b/src/splunk_app_packager/package.py index e5fd968..1187939 100755 --- a/src/splunk_app_packager/package.py +++ b/src/splunk_app_packager/package.py @@ -17,7 +17,7 @@ from pathlib import PurePath from pprint import pprint -from splunk_app_packager.jinja_replace_dict import REPLACEMENT_DICT +from splunk_app_packager.jinja_replace_dict import load_config_toml import click import requests from requests.auth import HTTPBasicAuth @@ -264,10 +264,12 @@ def write_views_files(self, app_directory): -def update_jinja_context(env, app_package): - REPLACEMENT_DICT["version"] = git_hash(app_package) +def update_jinja_context(env, app_package, config_dict): + config_dict["version"] = git_hash(app_package) # going to be "" for prod, "DEV" for dev. This is probably wrong - REPLACEMENT_DICT["environment"] = env + config_dict["environment"] = env + return config_dict + def git_hash(app_package): print(app_package) @@ -289,7 +291,7 @@ def git_hash(app_package): return head.commit.hexsha -def render_templates(source, target): +def render_templates(source, target, updated_config_dict): env = Environment( loader=FileSystemLoader(source), autoescape=False, @@ -301,7 +303,7 @@ def render_templates(source, target): #print(template) with open(target + "/" + template, "w", encoding="utf8") as f: template_ = env.get_template(template) - rendered = template_.render(REPLACEMENT_DICT) + rendered = template_.render(updated_config_dict) f.write(rendered) @@ -358,7 +360,7 @@ def render_templates(source, target): @click.option( "--acs-stack", envvar="SPLUNK_ACS_STACK", - help="The name of the ACS stack", + help="The name of the ACS stack. Can also be set via SPLUNK_ACS_STACK environment variable.", type=str, required=False, default=None, @@ -366,12 +368,20 @@ def render_templates(source, target): @click.option( "--acs-token", envvar="SPLUNK_ACS_TOKEN", - help="A bearer token for Splunk ACS", + help="A bearer token for Splunk ACS. Can also be set via SPLUNK_ACS_TOKEN environment variable.", type=str, required=False, default=None, ) -def main(app_package, splunkuser, splunkpassword, justvalidate, outfile, prod, nodeploy, acs_stack, acs_token): +@click.option( + "--config-path", + help="A path to the config.toml file.", + type=str, + required=True, + default="config.toml", +) + +def main(app_package, splunkuser, splunkpassword, justvalidate, outfile, prod, nodeploy, acs_stack, acs_token, config_path): # All the code relating to Building the Package sai = SplunkAppInspect(splunkuser, splunkpassword, packagetargz=outfile) @@ -383,10 +393,10 @@ def main(app_package, splunkuser, splunkpassword, justvalidate, outfile, prod, n suffix = "" else: suffix = "_DEV" - update_jinja_context(suffix, app_package) - + config_dict = load_config_toml(config_path) + updated_config_dict = update_jinja_context(suffix, app_package, config_dict) app_target = sai.copy_app(app_package, suffix) - render_templates(app_package, app_target) + render_templates(app_package, app_target, updated_config_dict) sai.replace_tripple_quotes(app_target, suffix) sai.concat_conf_files(app_target) sai.write_views_files(app_target) From 87d604b305c2d0f91292f82013b610adf78d1e44 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 16:16:46 +0100 Subject: [PATCH 03/16] Update action to use app_package_path --- action.yml | 9 +++------ pyproject.toml | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/action.yml b/action.yml index 53546c4..1b4fe44 100644 --- a/action.yml +++ b/action.yml @@ -30,13 +30,10 @@ runs: python-version: '3.12.3' architecture: 'x64' cache: 'pip' - - - run: pip install -U setuptools && pip install -r requirements.txt - shell: bash - - name: Pip audit + - name: Install splunk-app-packager shell: bash - run: pip-audit -S + run: pip install splunk-app-packager - name: package, validate, deploy shell: bash @@ -45,4 +42,4 @@ runs: SPLUNK_PASSWORD: ${{ inputs.splunk_password }} SPLUNK_ACS_TOKEN: ${{ inputs.splunk_acs_token }} SPLUNK_ACS_STACK: ${{ inputs.splunk_acs_stack }} - run: src/splunk_app_packager/package.py --prod DCAP + run: sap --prod ${{ inputs.app_package_path }} diff --git a/pyproject.toml b/pyproject.toml index 345fbf5..0856014 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "splunk_app_packager" -version = "0.0.6" +version = "0.0.1" authors = [ { name="Sam Pritchard", email="47423802+pritchyspritch@users.noreply.github.com" }, { name="Ian Pearl", email="ian.pearl@education.gov.uk" }, From 790abca3a3ac74cceaf16fb1709a23f8f7578adf Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 16:33:39 +0100 Subject: [PATCH 04/16] Auto tagging workflow --- .github/workflows/tag_workflow.yml | 42 ++++++++++++++++++++++++++++++ action.yml | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/tag_workflow.yml diff --git a/.github/workflows/tag_workflow.yml b/.github/workflows/tag_workflow.yml new file mode 100644 index 0000000..17d620d --- /dev/null +++ b/.github/workflows/tag_workflow.yml @@ -0,0 +1,42 @@ +name: GitHub composite action tag release + +on: + push: + branches: + - main + paths: + - 'src/**' + - 'action.yml' + - 'pyproject.toml' + +jobs: + tag-release-on-push: + runs-on: ubuntu-latest + permissions: + contents: write + + steps: + + - uses: actions/checkout@v4 + with: + fetch-depth: '0' + + - name: Bump version and push tag + id: bump-version + uses: anothrNick/github-tag-action@1.67.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: true + DEFAULT_BUMP: patch + + - name: Extract major tag + id: extract-major + run: > + echo major_tag=$(echo ${{ steps.bump-version.outputs.new_tag }} | cut -d'.' -f1) >> $GITHUB_OUTPUT + + - name: Update major tag + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git tag --force ${{ steps.extract-major.outputs.major_tag }} ${{ steps.bump-version.outputs.new_tag }} + git push origin ${{ steps.extract-major.outputs.major_tag }} --force \ No newline at end of file diff --git a/action.yml b/action.yml index 1b4fe44..b406be8 100644 --- a/action.yml +++ b/action.yml @@ -33,7 +33,7 @@ runs: - name: Install splunk-app-packager shell: bash - run: pip install splunk-app-packager + run: pip install splunk-app-packager==0.0.1 - name: package, validate, deploy shell: bash From 03d2dc8e2d8796785b61c9b1f55bbcd868f9f1f4 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 17:29:57 +0100 Subject: [PATCH 05/16] Release workflow --- .github/workflows/release.yml | 114 +++++++++++++++++++++++++++++ .github/workflows/tag_workflow.yml | 71 +++++++++--------- 2 files changed, 150 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..8f19991 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,114 @@ +name: Publish Python 🐍 distribution 📦 to PyPI and TestPyPI + +on: + push: + branches: + - main + paths: + - 'src/**' + - 'pyproject.toml' + +jobs: + tag-release-on-push: + runs-on: ubuntu-latest + permissions: + contents: write + outputs: + new_tag: ${{ steps.bump-version.outputs.new_tag }} + + steps: + + - uses: actions/checkout@v4 + with: + fetch-depth: '0' + + - name: Bump version and push tag + id: bump-version + uses: anothrNick/github-tag-action@1.70.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch + + build: + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - uses: actions/checkout@v4 + + - name: Set up python + uses: actions/setup-python@v5 + with: + python-version: '3.12.3' + architecture: 'x64' + cache: 'pip' + + - name: Install pypa/build + run: python3 -m pip install build --user + + - name: Build binary wheel and source tarball + run: python3 -m build + + - name: Store the packages + uses: actions/upload-artifact@v4 + with: + name: python-package-distributions + path: dist/ + + publish-to-pypi: + needs: [build] + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/splunk-app-packager + permissions: + contents: read + id-token: write + + steps: + - name: Download dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + + - name: Publish distribution 📦 to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + + github-release: + needs: [tag-release-on-push, publish-to-pypi] + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + + steps: + + - name: Download all the dists + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: dist/ + + - name: Sign the dists with Sigstore + uses: sigstore/gh-action-sigstore-python@v2.1.1 + with: + inputs: >- + ./dist/*.tar.gz + ./dist/*.whl + + - name: Create GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + run: gh release create '${{ needs.tag-release-on-push.outputs.new_tag }}' --repo '${{ github.repository }}' --notes "" + + - name: Upload artifact signatures to GitHub Release + env: + GITHUB_TOKEN: ${{ github.token }} + # Upload to GitHub Release using the `gh` CLI. + # `dist/` contains the built packages, and the + # sigstore-produced signatures and certificates. + run: gh release upload '${{ github.ref_name }}' dist/** --repo '${{ github.repository }}' + \ No newline at end of file diff --git a/.github/workflows/tag_workflow.yml b/.github/workflows/tag_workflow.yml index 17d620d..03ca3d3 100644 --- a/.github/workflows/tag_workflow.yml +++ b/.github/workflows/tag_workflow.yml @@ -1,42 +1,43 @@ -name: GitHub composite action tag release +# Get pip release working, and either tie them as one or create new repo for action +# name: GitHub composite action tag release -on: - push: - branches: - - main - paths: - - 'src/**' - - 'action.yml' - - 'pyproject.toml' +# on: +# push: +# branches: +# - main +# paths: +# - 'src/**' +# - 'action.yml' +# - 'pyproject.toml' -jobs: - tag-release-on-push: - runs-on: ubuntu-latest - permissions: - contents: write +# jobs: +# tag-release-on-push: +# runs-on: ubuntu-latest +# permissions: +# contents: write - steps: +# steps: - - uses: actions/checkout@v4 - with: - fetch-depth: '0' +# - uses: actions/checkout@v4 +# with: +# fetch-depth: '0' - - name: Bump version and push tag - id: bump-version - uses: anothrNick/github-tag-action@1.67.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: true - DEFAULT_BUMP: patch +# - name: Bump version and push tag +# id: bump-version +# uses: anothrNick/github-tag-action@1.67.0 +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# WITH_V: false +# DEFAULT_BUMP: patch - - name: Extract major tag - id: extract-major - run: > - echo major_tag=$(echo ${{ steps.bump-version.outputs.new_tag }} | cut -d'.' -f1) >> $GITHUB_OUTPUT +# - name: Extract major tag +# id: extract-major +# run: > +# echo major_tag=$(echo ${{ steps.bump-version.outputs.new_tag }} | cut -d'.' -f1) >> $GITHUB_OUTPUT - - name: Update major tag - run: | - git config user.name github-actions - git config user.email github-actions@github.com - git tag --force ${{ steps.extract-major.outputs.major_tag }} ${{ steps.bump-version.outputs.new_tag }} - git push origin ${{ steps.extract-major.outputs.major_tag }} --force \ No newline at end of file +# - name: Update major tag +# run: | +# git config user.name github-actions +# git config user.email github-actions@github.com +# git tag --force ${{ steps.extract-major.outputs.major_tag }} ${{ steps.bump-version.outputs.new_tag }} +# git push origin ${{ steps.extract-major.outputs.major_tag }} --force \ No newline at end of file From 554603ac7c4e348510f0b0ea2bbd8a7a4fc73d20 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:38:39 +0100 Subject: [PATCH 06/16] Check tags workflow --- .github/workflows/verify_tags.yml | 48 +++++++++++++++++++++++++++++++ action.yml | 7 ++++- 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/verify_tags.yml diff --git a/.github/workflows/verify_tags.yml b/.github/workflows/verify_tags.yml new file mode 100644 index 0000000..2349e34 --- /dev/null +++ b/.github/workflows/verify_tags.yml @@ -0,0 +1,48 @@ +name: Verify tags are the same + +on: + pull_request: + branches: + - main + - composite-deploy-action + +jobs: + verify-tags: + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + + - uses: actions/checkout@v4 + with: + fetch-depth: '0' + + - name: Check next git tag + id: git-tag + uses: anothrNick/github-tag-action@1.70.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch + DRY_RUN: true + + - name: Check pyproject tag + id: pyproject-tag + run: | + echo py_version=$(grep version pyproject.toml | cut -d'"' -f2) >> $GITHUB_OUTPUT + + - name: Check action.yml tag + id: action-tag + run: | + echo action_version=$(grep '==' action.yml | cut -d'=' -f3) >> $GITHUB_OUTPUT + + - name: Verify tags + run: | + if [ ${{ steps.git-tag.outputs.new_tag }} == ${{ steps.pyproject-tag.outputs.py_version }}] && [ ${{ steps.pyproject-tag.outputs.py_version }} == ${{ steps.action-tag.outputs.action_version }}] + then + echo "All tags are equal. Good to release.\nGit Tag: ${{ steps.git-tag.outputs.new_tag }}\npyproject.toml tag: ${{ steps.pyproject-tag.outputs.py_version }}\naction.yml tag: ${{ steps.action-tag.outputs.action_version }}" + else + echo "Tags aren't equal.\nGit Tag: ${{ steps.git-tag.outputs.new_tag }}\npyproject.toml tag: ${{ steps.pyproject-tag.outputs.py_version }}\naction.yml tag: ${{ steps.action-tag.outputs.action_version }}" + exit 1 + fi \ No newline at end of file diff --git a/action.yml b/action.yml index b406be8..4a611ba 100644 --- a/action.yml +++ b/action.yml @@ -21,6 +21,11 @@ inputs: description: The splunk stack. required: true type: string + config_toml_path: + description: Path to your config.toml file. + required: true + type: string + default: config.toml runs: using: composite steps: @@ -42,4 +47,4 @@ runs: SPLUNK_PASSWORD: ${{ inputs.splunk_password }} SPLUNK_ACS_TOKEN: ${{ inputs.splunk_acs_token }} SPLUNK_ACS_STACK: ${{ inputs.splunk_acs_stack }} - run: sap --prod ${{ inputs.app_package_path }} + run: sap --prod ${{ inputs.app_package_path }} --config-path ${{ inputs.config_toml_path }} From 9ae05501cab288c89027b9d1cce58fbf20018a86 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:41:20 +0100 Subject: [PATCH 07/16] Test push --- .github/workflows/verify_tags.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/verify_tags.yml b/.github/workflows/verify_tags.yml index 2349e34..258aeb1 100644 --- a/.github/workflows/verify_tags.yml +++ b/.github/workflows/verify_tags.yml @@ -4,6 +4,8 @@ on: pull_request: branches: - main + push: + branches: - composite-deploy-action jobs: From 113dde2a37b01a7e71973a5cbabcde9c549eff08 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:45:45 +0100 Subject: [PATCH 08/16] Fix output new lines --- .github/workflows/verify_tags.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/verify_tags.yml b/.github/workflows/verify_tags.yml index 258aeb1..8103688 100644 --- a/.github/workflows/verify_tags.yml +++ b/.github/workflows/verify_tags.yml @@ -41,10 +41,16 @@ jobs: - name: Verify tags run: | - if [ ${{ steps.git-tag.outputs.new_tag }} == ${{ steps.pyproject-tag.outputs.py_version }}] && [ ${{ steps.pyproject-tag.outputs.py_version }} == ${{ steps.action-tag.outputs.action_version }}] + if [ ${{ steps.git-tag.outputs.new_tag }} == ${{ steps.pyproject-tag.outputs.py_version }}] && [ ${{ steps.pyproject-tag.outputs.py_version }} == ${{ steps.action-tag.outputs.action_version }} ] then - echo "All tags are equal. Good to release.\nGit Tag: ${{ steps.git-tag.outputs.new_tag }}\npyproject.toml tag: ${{ steps.pyproject-tag.outputs.py_version }}\naction.yml tag: ${{ steps.action-tag.outputs.action_version }}" + echo "All tags are equal. Good to release." + echo "Git Tag: ${{ steps.git-tag.outputs.new_tag }}" + echo "pyproject.toml tag: ${{ steps.pyproject-tag.outputs.py_version }}" + echo "action.yml tag: ${{ steps.action-tag.outputs.action_version }}" else - echo "Tags aren't equal.\nGit Tag: ${{ steps.git-tag.outputs.new_tag }}\npyproject.toml tag: ${{ steps.pyproject-tag.outputs.py_version }}\naction.yml tag: ${{ steps.action-tag.outputs.action_version }}" + echo "Tags aren't equal." + echo "Git Tag: ${{ steps.git-tag.outputs.new_tag }}" + echo "pyproject.toml tag: ${{ steps.pyproject-tag.outputs.py_version }}" + echo "action.yml tag: ${{ steps.action-tag.outputs.action_version }}" exit 1 fi \ No newline at end of file From 8336b87c0633383d6229843359b8003a9f56511b Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:46:56 +0100 Subject: [PATCH 09/16] Missing space --- .github/workflows/verify_tags.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/verify_tags.yml b/.github/workflows/verify_tags.yml index 8103688..439c6e7 100644 --- a/.github/workflows/verify_tags.yml +++ b/.github/workflows/verify_tags.yml @@ -41,7 +41,7 @@ jobs: - name: Verify tags run: | - if [ ${{ steps.git-tag.outputs.new_tag }} == ${{ steps.pyproject-tag.outputs.py_version }}] && [ ${{ steps.pyproject-tag.outputs.py_version }} == ${{ steps.action-tag.outputs.action_version }} ] + if [ ${{ steps.git-tag.outputs.new_tag }} == ${{ steps.pyproject-tag.outputs.py_version }} ] && [ ${{ steps.pyproject-tag.outputs.py_version }} == ${{ steps.action-tag.outputs.action_version }} ] then echo "All tags are equal. Good to release." echo "Git Tag: ${{ steps.git-tag.outputs.new_tag }}" From 2bb29c8af7faa5095aa8018218095560240f3798 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Wed, 18 Sep 2024 18:58:36 +0100 Subject: [PATCH 10/16] Release pipeline, format --- .github/workflows/tag_workflow.yml | 43 ------------------ .github/workflows/verify_tags.yml | 3 -- action.yml | 2 +- pyproject.toml | 2 +- src/splunk_app_packager/acs.py | 18 ++++---- src/splunk_app_packager/jinja_replace_dict.py | 2 +- src/splunk_app_packager/package.py | 44 ++++++++++++------- 7 files changed, 40 insertions(+), 74 deletions(-) delete mode 100644 .github/workflows/tag_workflow.yml diff --git a/.github/workflows/tag_workflow.yml b/.github/workflows/tag_workflow.yml deleted file mode 100644 index 03ca3d3..0000000 --- a/.github/workflows/tag_workflow.yml +++ /dev/null @@ -1,43 +0,0 @@ -# Get pip release working, and either tie them as one or create new repo for action -# name: GitHub composite action tag release - -# on: -# push: -# branches: -# - main -# paths: -# - 'src/**' -# - 'action.yml' -# - 'pyproject.toml' - -# jobs: -# tag-release-on-push: -# runs-on: ubuntu-latest -# permissions: -# contents: write - -# steps: - -# - uses: actions/checkout@v4 -# with: -# fetch-depth: '0' - -# - name: Bump version and push tag -# id: bump-version -# uses: anothrNick/github-tag-action@1.67.0 -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -# WITH_V: false -# DEFAULT_BUMP: patch - -# - name: Extract major tag -# id: extract-major -# run: > -# echo major_tag=$(echo ${{ steps.bump-version.outputs.new_tag }} | cut -d'.' -f1) >> $GITHUB_OUTPUT - -# - name: Update major tag -# run: | -# git config user.name github-actions -# git config user.email github-actions@github.com -# git tag --force ${{ steps.extract-major.outputs.major_tag }} ${{ steps.bump-version.outputs.new_tag }} -# git push origin ${{ steps.extract-major.outputs.major_tag }} --force \ No newline at end of file diff --git a/.github/workflows/verify_tags.yml b/.github/workflows/verify_tags.yml index 439c6e7..d76b136 100644 --- a/.github/workflows/verify_tags.yml +++ b/.github/workflows/verify_tags.yml @@ -4,9 +4,6 @@ on: pull_request: branches: - main - push: - branches: - - composite-deploy-action jobs: verify-tags: diff --git a/action.yml b/action.yml index 4a611ba..5a6a9aa 100644 --- a/action.yml +++ b/action.yml @@ -38,7 +38,7 @@ runs: - name: Install splunk-app-packager shell: bash - run: pip install splunk-app-packager==0.0.1 + run: pip install splunk-app-packager==0.0.2 - name: package, validate, deploy shell: bash diff --git a/pyproject.toml b/pyproject.toml index 0856014..89fd222 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "splunk_app_packager" -version = "0.0.1" +version = "0.0.2" authors = [ { name="Sam Pritchard", email="47423802+pritchyspritch@users.noreply.github.com" }, { name="Ian Pearl", email="ian.pearl@education.gov.uk" }, diff --git a/src/splunk_app_packager/acs.py b/src/splunk_app_packager/acs.py index cfc2d6e..b970124 100644 --- a/src/splunk_app_packager/acs.py +++ b/src/splunk_app_packager/acs.py @@ -1,7 +1,4 @@ -import json import requests -import os -from pprint import pprint class SplunkACS: @@ -10,7 +7,10 @@ def __init__(self, acs_stack, acs_token, validation_token): self.acs_token = acs_token self.validation_token = validation_token self.url = f"https://admin.splunk.com/{self.stack}/adminconfig/v2/apps/victoria" - self.headers = {"Authorization": f"Bearer {self.acs_token}", "X-Splunk-Authorization": self.validation_token} + self.headers = { + "Authorization": f"Bearer {self.acs_token}", + "X-Splunk-Authorization": self.validation_token, + } self.ack_header = {"ACS-Legal-Ack": "Y"} self.all_headers = dict(self.ack_header, **self.headers) @@ -22,19 +22,19 @@ def get_app_list(self): def check_app_exists(self, app): self.app = app app_list = self.get_app_list() - + for app in app_list: if app["name"] == self.app: return True - + return False def install_app(self, app_path): print(f"Starting install of {app_path}") - - with open(app_path,"rb") as f: + + with open(app_path, "rb") as f: data = f.read() - response = requests.post(self.url, headers=self.all_headers, data = data) + response = requests.post(self.url, headers=self.all_headers, data=data) return response diff --git a/src/splunk_app_packager/jinja_replace_dict.py b/src/splunk_app_packager/jinja_replace_dict.py index a89e2dd..df24e18 100644 --- a/src/splunk_app_packager/jinja_replace_dict.py +++ b/src/splunk_app_packager/jinja_replace_dict.py @@ -3,4 +3,4 @@ def load_config_toml(config_path): config_dict = toml.load(config_path) - return config_dict["package_config"] \ No newline at end of file + return config_dict["package_config"] diff --git a/src/splunk_app_packager/package.py b/src/splunk_app_packager/package.py index 1187939..cd3be05 100755 --- a/src/splunk_app_packager/package.py +++ b/src/splunk_app_packager/package.py @@ -8,7 +8,7 @@ import glob import re import sys -from jinja2 import Environment, PackageLoader, select_autoescape, FileSystemLoader +from jinja2 import Environment, FileSystemLoader from git import Repo, InvalidGitRepositoryError from copy import deepcopy from datetime import datetime @@ -21,7 +21,6 @@ import click import requests from requests.auth import HTTPBasicAuth -import os from splunk_app_packager.acs import SplunkACS @@ -88,7 +87,7 @@ def login(self): if auth_res.status_code != 200: raise Exception(f"Authentication failed: {auth_res.text}") - + self.token = auth_res.json().get("data", {}).get("token") self.headers.update( { @@ -225,14 +224,13 @@ def replace_tripple_quotes(self, app_directory, environment=""): with open(each, "w", encoding="utf8") as target_file: target_file.write(contents) - def concat_conf_files(self, app_directory): directories = glob.glob(f"{app_directory}/default/*.conf.d/", recursive=True) for directory in directories: target = open(".".join(directory.split(".")[:-1]), "w") conf_files = glob.glob(f"{directory}/**/*.conf", recursive=True) - #print(conf_files) + # print(conf_files) for conf_file in conf_files: if ".archive" in conf_file: continue @@ -244,14 +242,15 @@ def concat_conf_files(self, app_directory): shutil.rmtree(directory) # IP added as a work around 24/8/2023 for package building the metrics dashboard failing - directories = glob.glob(f"{app_directory}/default/**/*.d.archive/", recursive=True) + directories = glob.glob( + f"{app_directory}/default/**/*.d.archive/", recursive=True + ) for directory in directories: try: shutil.rmtree(directory) except FileNotFoundError: pass - def write_views_files(self, app_directory): directories = glob.glob(f"{app_directory}/default/**/*.xml.d/", recursive=True) for directory in directories: @@ -263,7 +262,6 @@ def write_views_files(self, app_directory): shutil.rmtree(directory) - def update_jinja_context(env, app_package, config_dict): config_dict["version"] = git_hash(app_package) # going to be "" for prod, "DEV" for dev. This is probably wrong @@ -283,7 +281,7 @@ def git_hash(app_package): except InvalidGitRepositoryError: print("App package directory does not contain a .git file") p = p.parent - if bytes(p) == b'/': + if bytes(p) == b"/": break print(p) @@ -295,12 +293,16 @@ def render_templates(source, target, updated_config_dict): env = Environment( loader=FileSystemLoader(source), autoescape=False, - ) - templates = [ template for template in env.list_templates() - if template.endswith(".xml") or template.endswith(".conf") or template.endswith(".json") ] + ) + templates = [ + template + for template in env.list_templates() + if template.endswith(".xml") + or template.endswith(".conf") + or template.endswith(".json") + ] for template in templates: - #print(template) with open(target + "/" + template, "w", encoding="utf8") as f: template_ = env.get_template(template) rendered = template_.render(updated_config_dict) @@ -380,8 +382,18 @@ def render_templates(source, target, updated_config_dict): required=True, default="config.toml", ) - -def main(app_package, splunkuser, splunkpassword, justvalidate, outfile, prod, nodeploy, acs_stack, acs_token, config_path): +def main( + app_package, + splunkuser, + splunkpassword, + justvalidate, + outfile, + prod, + nodeploy, + acs_stack, + acs_token, + config_path, +): # All the code relating to Building the Package sai = SplunkAppInspect(splunkuser, splunkpassword, packagetargz=outfile) @@ -400,7 +412,7 @@ def main(app_package, splunkuser, splunkpassword, justvalidate, outfile, prod, n sai.replace_tripple_quotes(app_target, suffix) sai.concat_conf_files(app_target) sai.write_views_files(app_target) - + report = sai.package_then_validate(app_target) report = SplunkAppInspectReport(report) From 290f1d8cbf7ab64ab1ad1186d07d13dcd4fa6d71 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Thu, 19 Sep 2024 09:47:49 +0100 Subject: [PATCH 11/16] Paths --- .github/workflows/release.yml | 1 + .github/workflows/verify_tags.yml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8f19991..2a63780 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,7 @@ on: paths: - 'src/**' - 'pyproject.toml' + - 'action.yml' jobs: tag-release-on-push: diff --git a/.github/workflows/verify_tags.yml b/.github/workflows/verify_tags.yml index d76b136..fee3da2 100644 --- a/.github/workflows/verify_tags.yml +++ b/.github/workflows/verify_tags.yml @@ -4,6 +4,10 @@ on: pull_request: branches: - main + paths: + - 'src/**' + - 'pyproject.toml' + - 'action.yml' jobs: verify-tags: From 2f3d6d3c1247b89b4b8a7736d1d720650d0a4ec2 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Thu, 19 Sep 2024 10:01:30 +0100 Subject: [PATCH 12/16] Security scans --- .github/codeql-config.yaml | 12 ++++++++++++ .github/dependabot.yml | 32 ++++++++++++++++++++++++++++++++ .github/workflows/codeql.yml | 31 +++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 .github/codeql-config.yaml create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/codeql.yml diff --git a/.github/codeql-config.yaml b/.github/codeql-config.yaml new file mode 100644 index 0000000..e6b0322 --- /dev/null +++ b/.github/codeql-config.yaml @@ -0,0 +1,12 @@ +paths-ignore: + - .github +query-filters: + - exclude: + problems.severity: + - Note # ignore notes when there's too much noise +queries: + - uses: security-experimental + - uses: security-extended + - uses: security-and-quality + - uses: advanced-security/codeql-queries/python/suites/codeql-python.qls@main + - uses: advanced-security/codeql-queries/javascript/suites/codeql-javascript.qls@main \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3b07fd2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,32 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "Dependabot (python): " + groups: + pip: + applies-to: version-updates + patterns: + - "*" + pip-security: + applies-to: security-updates + patterns: + - "*" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "Dependabot (github actions): " + groups: + gh-actions: + applies-to: version-updates + patterns: + - "*" + gh-actions-security: + applies-to: security-updates + patterns: + - "*" \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..7364fb4 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,31 @@ +--- +name: "CodeQL" + +on: + push: + branches: ["main"] + paths: + - 'DCAP/appserver/static/js/**' + - '*.py' + pull_request: + # The branches below must be a subset of the branches above + types: [opened, reopened] + paths: + - 'DCAP/appserver/static/js/**' + - '**.py' + schedule: + - cron: '0 8 * * *' + workflow_dispatch: + +jobs: + + run-codeql: + uses: DFE-Digital/github-actions/.github/workflows/reusable-workflow-sast.yml@master + with: + language: 'python' + policy_action: 'break' + queries: 'security-extended' + config_file: '.github/codeql-config.yaml' + secrets: + CODEQL_APP_ID: ${{ secrets.CODEQL_APP_ID }} + CODEQL_AUTHENTICATION_PRIVATE_KEY: ${{ secrets.CODEQL_AUTHENTICATION_PRIVATE_KEY }} \ No newline at end of file From e76b26ac1f6cb4852968228350819faa275bd451 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Thu, 19 Sep 2024 10:03:12 +0100 Subject: [PATCH 13/16] python files only --- .github/workflows/codeql.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7364fb4..dfe6be2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -5,13 +5,11 @@ on: push: branches: ["main"] paths: - - 'DCAP/appserver/static/js/**' - '*.py' pull_request: # The branches below must be a subset of the branches above types: [opened, reopened] paths: - - 'DCAP/appserver/static/js/**' - '**.py' schedule: - cron: '0 8 * * *' From 7c4690774e341ad30166c4263292ff64c676d59b Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Thu, 19 Sep 2024 10:37:13 +0100 Subject: [PATCH 14/16] Flake8 and README include config.toml --- .github/workflows/flake8.yml | 33 +++++++++++++++++++++++++++++++++ README.md | 13 +++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 .github/workflows/flake8.yml diff --git a/.github/workflows/flake8.yml b/.github/workflows/flake8.yml new file mode 100644 index 0000000..040a241 --- /dev/null +++ b/.github/workflows/flake8.yml @@ -0,0 +1,33 @@ +name: Flake8 + +on: + push: + branches: + - 'main' + paths: + - '*.py' + workflow_call: + +jobs: + + run-flake8: + runs-on: ubuntu-latest + + permissions: + contents: read + + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Setup python + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: flake8 Lint + uses: py-actions/flake8@v2 + with: + path: "src/splunk_app_packager" + ignore: "E501,W503" + plugins: "flake8-black" \ No newline at end of file diff --git a/README.md b/README.md index 3e62298..aeb2171 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,19 @@ $ export SPLUNK_ACS_TOKEN= $ export SPLUNK_ACS_STACK= ``` +### Create a config.toml file + +Create a `package_config` section within your config.toml file and set the app name and splunk_user name as shown below: +``` +[package_config] +app = "NAME" +environment = "" +version = "" +splunk_user = "SPLUNK_APP_ACCOUNT" +``` + +splunk_app_packager will look for a `config.toml` file in your current working directory, otherwise you can use the `--config-path` option to specify it's name and location. + ### CLI arguments ```shell From be33856856f1c72e08712522ad2ea1e126e63f5f Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Thu, 19 Sep 2024 11:26:33 +0100 Subject: [PATCH 15/16] Generic maintenance files --- .github/CODEOWNERS | 1 + .github/CONTRIBUTING.md | 13 +++++++++++++ .github/PULL_REQUEST_TEMPLATE.md | 11 +++++++++++ README.md | 5 ++++- requirements.txt | 12 ------------ 5 files changed, 29 insertions(+), 13 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/CONTRIBUTING.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md delete mode 100644 requirements.txt diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..bf48ea3 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @dfe-digital/security-engineering \ No newline at end of file diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..f3f55af --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,13 @@ +# Contribution guidelines + +If you’ve got an idea or suggestion you can [create a GitHub issue](https://github.com/DFE-Digital/splunk-app-packager/issues), or feel free to [raise a pull request](https://github.com/DFE-Digital/splunk-app-packager/compare). + +## Raising bugs + +When raising bugs please explain the issue in good detail and provide a guide to how to replicate it. + +When describing the bug it's useful to follow the format: + +- what you did +- what you expected to happen +- what actually happened diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..c595a82 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +## Checklist +Please tick off where applicable. Have you: +- [ ] updated the version number in [pyproject.toml](pyproject.toml)? +- [ ] updated the version number in [action.yml](https://github.com/DFE-Digital/splunk-app-packager/blob/composite-deploy-action/action.yml#L41)? +- [ ] explained the change? +- [ ] confirmed the PR checks have passed? + +## Explanation of change + + +## Link to bug report or github issue diff --git a/README.md b/README.md index aeb2171..36644f1 100644 --- a/README.md +++ b/README.md @@ -61,4 +61,7 @@ Options: ```shell $ sap /path/to/app/folder --prod -``` \ No newline at end of file +``` + +## Contributing +Refer to [our contributing guidelines](.github/CONTRIBUTING.md) if you'd like to raise a bug or pull request. \ No newline at end of file diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 94ecb3d..0000000 --- a/requirements.txt +++ /dev/null @@ -1,12 +0,0 @@ -requests -click -pip-audit -bandit -pycodestyle -pylint -flake8 -ruff -black -pypdf -GitPython -jinja2 From ba1237f940dedbe638702e452ec1ec1806c894e0 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Thu, 19 Sep 2024 11:30:45 +0100 Subject: [PATCH 16/16] yamllint --- .github/codeql-config.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/codeql-config.yaml b/.github/codeql-config.yaml index e6b0322..e9c6d87 100644 --- a/.github/codeql-config.yaml +++ b/.github/codeql-config.yaml @@ -1,12 +1,13 @@ +-- paths-ignore: - .github query-filters: - exclude: problems.severity: - - Note # ignore notes when there's too much noise + - Note # ignore notes when there's too much noise queries: - uses: security-experimental - uses: security-extended - uses: security-and-quality - uses: advanced-security/codeql-queries/python/suites/codeql-python.qls@main - - uses: advanced-security/codeql-queries/javascript/suites/codeql-javascript.qls@main \ No newline at end of file + - uses: advanced-security/codeql-queries/javascript/suites/codeql-javascript.qls@main