diff --git a/.github/actions/artifact_docs/action.yml b/.github/actions/artifact_docs/action.yml new file mode 100644 index 0000000..89d6685 --- /dev/null +++ b/.github/actions/artifact_docs/action.yml @@ -0,0 +1,15 @@ +name: Artifact Documentation +description: 'Create an artifact from the current documentation.' + +runs: + using: composite + steps: + - name: pack the documentation + working-directory: docs + shell: bash + run: tar --exclude .DS_Store --exclude sidebars.js -cvf documentation.tar * + - name: upload the documentation artifact + uses: actions/upload-artifact@v3 + with: + name: documentation + path: docs/documentation.tar \ No newline at end of file diff --git a/.github/actions/build_image/action.yml b/.github/actions/build_image/action.yml new file mode 100644 index 0000000..25c3e33 --- /dev/null +++ b/.github/actions/build_image/action.yml @@ -0,0 +1,69 @@ +name: Build Docker image +description: 'Builds a Docker image for XSOAR usage.' + +inputs: + python_version: + description: A version of Python to install + type: string + required: true + publish: + description: A flag that triggers publishing to GHCR + type: boolean + default: false + token: + description: Token to authenticate to GH, required to update the PR + type: string + required: true + +runs: + using: composite + steps: + - name: install Python + uses: actions/setup-python@v4 + with: + python-version: ${{ inputs.python_version }} + cache: pip + + - name: install Poetry + uses: Gr1N/setup-poetry@v8 + + - name: get the tag name for new image + id: tag + shell: bash + run: | + echo "version_tag=$(poetry version -s)" >> $GITHUB_OUTPUT + + - name: build and prepare package for containerization + shell: bash + run: | + poetry env use ${{ inputs.python_version }} + poetry lock + poetry build + poetry export --without-hashes --format=requirements.txt > requirements.txt + + - name: determine docker tags and labels + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/paloaltonetworks/panos_upgrade_assurance + tags: | + type=raw,value=latest + type=semver,pattern=v{{version}},value=${{ steps.tag.outputs.version_tag }} + type=semver,pattern=v{{major}}.{{minor}},value=${{ steps.tag.outputs.version_tag }} + type=semver,pattern=v{{major}},value=${{ steps.tag.outputs.version_tag }} + + - name: login to GHCR + if: inputs.publish + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ inputs.token }} + + - name: build ${{ inputs.publish && 'and publish' || '' }} + uses: docker/build-push-action@v5 + with: + context: . + push: ${{ inputs.publish }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/actions/pandev_pr/action.yml b/.github/actions/pandev_pr/action.yml new file mode 100644 index 0000000..1f33ca0 --- /dev/null +++ b/.github/actions/pandev_pr/action.yml @@ -0,0 +1,99 @@ +name: PanDev PR +description: 'Creates a PR in PanDev repository, a preview (PR) or a mergable (release) one.' + +inputs: + token: + description: Token to authenticate to PanDev repository + type: string + required: true + ref_name: + description: A branch name or a release tag + type: string + required: true + pr_no: + description: PR number, triggers creation of a preview PR + required: false + +runs: + using: composite + steps: + - name: checkout pan.dev + uses: actions/checkout@v4 + with: + repository: PaloAltoNetworks/pan.dev + token: ${{ inputs.token }} + + - name: download documentation artifact + uses: actions/download-artifact@v3 + with: + name: documentation + path: products/panos/docs + + - name: see where we are + shell: bash + run: tree -aL 2 + + - name: unpack the documentation + working-directory: products/panos/docs + shell: bash + run: | + rm -rf 'panos-upgrade-assurance' + tar xvf documentation.tar + rm -f documentation.tar + + - name: create a release PR to upstream pan.dev + if: inputs.pr_no == '' + uses: peter-evans/create-pull-request@v5 + with: + token: ${{ inputs.token }} + delete-branch: true + branch: "pua_release_${{ inputs.ref_name }}" + title: "[PAN-OS Upgrade Assurance] documentation update for release: ${{ inputs.ref_name }}" + commit-message: "docs: PanOS Upgrade Assurance documentation update" + labels: netsec + body: | + # Description + + A PR made for changes introduced into documentation on ${{ inputs.ref_name }} release. + + # Types of changes + + New feature (non-breaking change which adds functionality) + + - name: create a preview PR to pan.dev + id: preview + if: inputs.pr_no != '' + uses: peter-evans/create-pull-request@v5 + with: + token: ${{ inputs.token }} + delete-branch: true + branch: "pua_prev_${{ inputs.ref_name }}" + title: "[PAN-OS Upgrade Assurance][${{ inputs.ref_name }}] documentation PREVIEW - do NOT MERGE" + commit-message: "docs: PanOS Upgrade Assurance documentation update" + labels: netsec, DO NOT MERGE + body: | + # Description + + DO NOT MERGE - preview PR made for changes on branch: ${{ inputs.ref_name }}. + + # Types of changes + + New feature (non-breaking change which adds functionality) + + - name: find if we have a comment + id: find + if: steps.preview.outputs.pull-request-url != '' + uses: peter-evans/find-comment@v2 + with: + issue-number: ${{ github.event.pull_request.number }} + body-includes: A Preview PR in PanDev repo has been created + repository: ${{ github.repository }} + + - name: comment back on the original PR + if: steps.find.outputs.comment-id == '' + uses: peter-evans/create-or-update-comment@v3 + with: + issue-number: ${{ github.event.pull_request.number }} + repository: ${{ github.repository }} + body: | + A Preview PR in PanDev repo has been created. You can view it [here](${{ steps.pr.outputs.pull-request-url }}). diff --git a/.github/actions/unit_tests/action.yml b/.github/actions/unit_tests/action.yml index 5512213..6a5c43e 100644 --- a/.github/actions/unit_tests/action.yml +++ b/.github/actions/unit_tests/action.yml @@ -34,7 +34,7 @@ runs: run: poetry run make test_coverage # requires pull-requests: write permissions when triggered from PRs - - name: g et coverage + - name: get coverage if: ${{ github.event_name == 'pull_request' }} uses: orgoro/coverage@v3.1 with: diff --git a/.github/workflows/_docker.yml b/.github/workflows/_docker.yml deleted file mode 100644 index 70caecf..0000000 --- a/.github/workflows/_docker.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: (sub) Build Docker image - -defaults: - run: - shell: bash - -on: - workflow_call: - inputs: - publish: - description: A flag that triggers publishing to GHCR - type: boolean - default: false - python_version: - description: A version of Python to install - type: string - required: true - tag_name: - description: A tag to checkout - type: string - -jobs: - - build: - name: Build ${{ inputs.publish && 'and publish' || '' }} a Docker image - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - steps: - - name: checkout code - uses: actions/checkout@v4 - with: - ref: ${{ inputs.tag_name }} - - - name: install Python - uses: actions/setup-python@v4 - with: - python-version: ${{ inputs.python_version }} - - - name: install Poetry - uses: Gr1N/setup-poetry@v8 - - - name: get the tag name for new image - id: tag - run: | - echo "version_tag=$(poetry version -s)" >> $GITHUB_OUTPUT - - - name: build and prepare package for containerization - run: | - poetry env use ${{ inputs.python_version }} - poetry lock - poetry build - poetry export --without-hashes --format=requirements.txt > requirements.txt - - - name: determine docker tags and labels - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/paloaltonetworks/panos_upgrade_assurance - tags: | - type=raw,value=latest - type=semver,pattern=v{{version}},value=${{ steps.tag.outputs.version_tag }} - type=semver,pattern=v{{major}}.{{minor}},value=${{ steps.tag.outputs.version_tag }} - type=semver,pattern=v{{major}},value=${{ steps.tag.outputs.version_tag }} - - - name: login to GHCR - if: inputs.publish - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build ${{ inputs.publish && 'and publish' || '' }} - uses: docker/build-push-action@v5 - with: - context: . - push: ${{ inputs.publish }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 15e8829..38821aa 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -19,88 +19,88 @@ concurrency: jobs: - pyversion: - name: Discover minimum Python version - runs-on: ubuntu-latest - outputs: - pyversion: ${{ steps.pyversion.outputs.pyversion }} - steps: - - name: checkout code - uses: actions/checkout@v4 - - name: discover Python version - id: pyversion - uses: ./.github/actions/discover_python_version - - code_format: - name: SCA tests - needs: pyversion - runs-on: ubuntu-latest - steps: - - name: checkout code - uses: actions/checkout@v4 - - name: run SCA tests - uses: ./.github/actions/sca - with: - python_version: ${{ needs.pyversion.outputs.pyversion }} - - unit_tests: - name: Unit tests - needs: pyversion - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: write - steps: - - name: checkout code - uses: actions/checkout@v4 - - name: run SCA tests - uses: ./.github/actions/unit_tests - with: - python_version: ${{ needs.pyversion.outputs.pyversion }} - token: ${{ secrets.GITHUB_TOKEN }} - - documentation_check: - name: Docs tests - needs: pyversion - runs-on: ubuntu-latest - steps: - - name: checkout code - uses: actions/checkout@v4 - - name: run SCA tests - uses: ./.github/actions/docs_tests - with: - python_version: ${{ needs.pyversion.outputs.pyversion }} - - docker_image_test_build: - name: Build Docker image - needs: pyversion - permissions: - contents: read - packages: write - uses: ./.github/workflows/_docker.yml - with: - publish: false - python_version: ${{ needs.pyversion.outputs.pyversion }} + # pyversion: + # name: Discover minimum Python version + # runs-on: ubuntu-latest + # outputs: + # pyversion: ${{ steps.pyversion.outputs.pyversion }} + # steps: + # - name: checkout code + # uses: actions/checkout@v4 + # - name: discover Python version + # id: pyversion + # uses: ./.github/actions/discover_python_version + + # code_format: + # name: SCA tests + # needs: pyversion + # runs-on: ubuntu-latest + # steps: + # - name: checkout code + # uses: actions/checkout@v4 + # - name: run SCA tests + # uses: ./.github/actions/sca + # with: + # python_version: ${{ needs.pyversion.outputs.pyversion }} + + # unit_tests: + # name: Unit tests + # needs: pyversion + # runs-on: ubuntu-latest + # permissions: + # contents: read + # pull-requests: write + # steps: + # - name: checkout code + # uses: actions/checkout@v4 + # - name: run Unit tests + # uses: ./.github/actions/unit_tests + # with: + # python_version: ${{ needs.pyversion.outputs.pyversion }} + # token: ${{ secrets.GITHUB_TOKEN }} + + # documentation_check: + # name: Docs tests + # needs: pyversion + # runs-on: ubuntu-latest + # steps: + # - name: checkout code + # uses: actions/checkout@v4 + # - name: run documentation tests + # uses: ./.github/actions/docs_tests + # with: + # python_version: ${{ needs.pyversion.outputs.pyversion }} + + # docker_image_test_build: + # name: Build Docker image + # needs: pyversion + # runs-on: ubuntu-latest + # permissions: + # contents: read + # packages: write + # steps: + # - name: checkout code + # uses: actions/checkout@v4 + # - name: build docker image + # uses: ./.github/actions/build_image + # with: + # token: ${{ secrets.GITHUB_TOKEN }} + # python_version: ${{ needs.pyversion.outputs.pyversion }} + # publish: false store_documentation: name: Fetch the updated documentation - needs: - - code_format - - unit_tests - - documentation_check - - docker_image_test_build + # needs: + # - code_format + # - unit_tests + # - documentation_check + # - docker_image_test_build runs-on: ubuntu-latest steps: - name: checkout code uses: actions/checkout@v4 - - name: pack the documentation - working-directory: docs - run: tar --exclude .DS_Store --exclude sidebars.js -cvf documentation.tar * - - name: upload the documentation artifact - uses: actions/upload-artifact@v3 - with: - name: documentation - path: docs/documentation.tar + - name: artifact documentation + uses: ./.github/actions/artifact_docs pandev_pr: name: Create a preview PR for pan.dev @@ -110,57 +110,16 @@ jobs: contents: write pull-requests: write steps: - - name: checkout pan.dev + - name: checkout code uses: actions/checkout@v4 - with: - repository: PaloAltoNetworks/pan.dev - token: ${{ secrets.CLSC_PAT }} - - - name: download documentation artifact - uses: actions/download-artifact@v3 - with: - name: documentation - path: products/panos/docs - - - name: unpack the documentation - working-directory: products/panos/docs - run: | - rm -rf 'panos-upgrade-assurance' - tar xvf documentation.tar - rm -f documentation.tar - - - name: create a PR to upstream pan.dev - id: pr - uses: peter-evans/create-pull-request@v5 + # - name: checkout pan.dev + # uses: actions/checkout@v4 + # with: + # repository: PaloAltoNetworks/pan.dev + # token: ${{ secrets.CLSC_PAT }} + - name: create preview PR + uses: ./.github/actions/pandev_pr with: token: ${{ secrets.CLSC_PAT }} - delete-branch: true - branch: "pua_prev_${{ github.event.pull_request.head.ref }}" - title: "[PAN-OS Upgrade Assurance][${{ github.event.pull_request.head.ref }}] documentation PREVIEW - do NOT MERGE" - commit-message: "docs: PanOS Upgrade Assurance documentation update" - labels: netsec, DO NOT MERGE - body: | - # Description - - DO NOT MERGE - preview PR made for changes on branch: ${{ github.event.pull_request.head.ref }}. - - # Types of changes - - New feature (non-breaking change which adds functionality) - - - name: find if we have a comment - uses: peter-evans/find-comment@v2 - id: find - with: - issue-number: ${{ github.event.pull_request.number }} - body-includes: A Preview PR in PanDev repo has been created - repository: ${{ github.repository }} - - - name: comment back on the original PR - if: steps.find.outputs.comment-id == '' && steps.pr.outputs.pull-request-url != '' - uses: peter-evans/create-or-update-comment@v3 - with: - issue-number: ${{ github.event.pull_request.number }} - repository: ${{ github.repository }} - body: | - A Preview PR in PanDev repo has been created. You can view it [here](${{ steps.pr.outputs.pull-request-url }}). + ref_name: ${{ github.event.pull_request.head.ref }} + pr_no: ${{ github.event.pull_request.number }}