WatchGuard - add connector #3737
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Modules | |
on: | |
pull_request: | |
types: [ opened, synchronize, reopened ] | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
REGISTRY: ghcr.io | |
SECONDARY_REGISTRY: registry.sekoia.io | |
IMAGE_PREFIX_NAME: sekoia-io | |
jobs: | |
find-modules: | |
name: Find modules in repo | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.list-modules.outputs.matrix }} | |
steps: | |
- name: Check-out the repo under $GITHUB_WORKSPACE | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} | |
- id: list-modules | |
name: List modules having changed files | |
run: | | |
if ${{ github.event_name == 'workflow_dispatch' }}; then | |
echo "matrix=$(cut -d "/" -f1 <<< "$(ls -a */manifest.json)" | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT | |
exit 0 | |
fi | |
if ${{ github.event_name == 'pull_request' }}; then | |
start="HEAD^1" | |
end="HEAD" | |
else | |
start=${{ github.event.before }} | |
end=${{ github.event.after }} | |
fi | |
echo "matrix=$(comm -12 <(cut -d "/" -f1 <<< "$(git diff --name-only -r $start $end)" | sort | uniq) <(cut -d "/" -f1 <<< "$(ls -a */manifest.json)") | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT | |
test: | |
name: Test module ${{ matrix.module }} | |
runs-on: ubuntu-latest | |
needs: find-modules | |
if: needs.find-modules.outputs.matrix != '[]' | |
strategy: | |
matrix: | |
module: ${{fromJSON(needs.find-modules.outputs.matrix)}} | |
fail-fast: false | |
steps: | |
- name: Check-out the repo under $GITHUB_WORKSPACE | |
uses: actions/checkout@v3 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v4 | |
id: setup-python | |
with: | |
python-version: '3.11' | |
- name: Install Poetry | |
run: | | |
pip install poetry | |
poetry config virtualenvs.in-project true | |
poetry config installer.modern-installation false | |
- name: Install Dependencies | |
id: install-dependencies | |
run: | | |
poetry install | |
working-directory: ${{ matrix.module }} | |
- name: Execute Black | |
uses: psf/black@stable | |
with: | |
options: "--check --verbose" | |
src: ./"${{ matrix.module }}" | |
- name: Execute Mypy | |
run: | | |
poetry run pip install mypy | |
mkdir -p .mypy_cache | |
poetry run mypy --install-types --non-interactive --ignore-missing-imports --show-column-numbers --hide-error-context . | |
working-directory: "${{ matrix.module }}" | |
- name: Execute Python tests | |
id: execute-tests | |
run: | | |
poetry run python -m pytest --junit-xml=junit.xml --cov-report term --cov-report xml:coverage.xml --cov . --cov-config pyproject.toml | |
working-directory: "${{ matrix.module }}" | |
- name: Upload Event | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Event File | |
path: ${{ github.event_path }} | |
- name: Upload Test Results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Unit Test Results (${{ matrix.module }}) | |
path: "${{ matrix.module }}/junit.xml" | |
- name: Code Coverage Flag | |
run: | | |
FLAG="${{ matrix.module }}" | |
FLAG=${FLAG// } # replace spaces | |
echo FLAG=${FLAG} >> $GITHUB_ENV # update GitHub ENV vars | |
- name: Code Coverage | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ${{ matrix.module }}/coverage.xml | |
flags: ${{ env.FLAG }} | |
fail_ci_if_error: true | |
build-docker: | |
name: Build ${{ matrix.module }} docker image | |
runs-on: ubuntu-latest | |
needs: find-modules | |
if: needs.find-modules.outputs.matrix != '[]' | |
strategy: | |
matrix: | |
module: ${{fromJSON(needs.find-modules.outputs.matrix)}} | |
fail-fast: false | |
steps: | |
- name: Check-out the repo under $GITHUB_WORKSPACE | |
uses: actions/checkout@v3 | |
- name: Read Module Manifest | |
id: read-module-manifest | |
run: | | |
content=`cat "${{ matrix.module }}/manifest.json"` | |
# the following lines are only required for multi line json | |
content="${content//$'\n'/''}" | |
content="${content//$'\r'/''}" | |
# end of optional handling for multi line json | |
echo $content | |
echo "$content" | |
echo "manifest=$content" >> $GITHUB_OUTPUT | |
- name: Log in to the Container registry | |
if: ${{ github.event_name == 'push' }} | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the secondary Container registry | |
if: ${{ github.event_name == 'push' }} | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ${{ env.SECONDARY_REGISTRY }} | |
username: ${{ secrets.SECONDARY_REGISTRY_USERNAME }} | |
password: ${{ secrets.SECONDARY_REGISTRY_PASSWORD }} | |
- name: Extract metadata (tags, labels) for Docker | |
if: ${{ github.event_name == 'push' }} | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: | | |
${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX_NAME }}/automation-module-${{fromJson(steps.read-module-manifest.outputs.manifest).slug}} | |
${{ env.SECONDARY_REGISTRY }}/${{ env.IMAGE_PREFIX_NAME }}/automation-module-${{fromJson(steps.read-module-manifest.outputs.manifest).slug}} | |
flavor: | | |
latest=auto | |
prefix= | |
suffix= | |
tags: | | |
type=pep440,pattern={{version}},value=${{fromJson(steps.read-module-manifest.outputs.manifest).version}} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v4 | |
with: | |
push: ${{ github.event_name == 'push' }} | |
context: ${{ matrix.Module }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
test-gate: | |
name: Build & Test Gate | |
runs-on: ubuntu-latest | |
needs: [find-modules, test, build-docker] | |
if: always() | |
steps: | |
- name: Success | |
if: ${{ !(contains(needs.*.result, 'failure')) || needs.find-modules.outputs.matrix == '[]' }} | |
run: exit 0 | |
- name: Failure | |
if: ${{ contains(needs.*.result, 'failure') && needs.find-modules.outputs.matrix != '[]' }} | |
run: | | |
exit 1 | |
deploy-module: | |
name: Deploy modules | |
runs-on: ubuntu-latest | |
needs: [find-modules, build-docker] | |
if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && needs.find-modules.outputs.matrix != '[]' }} | |
strategy: | |
matrix: | |
module: ${{fromJSON(needs.find-modules.outputs.matrix)}} | |
steps: | |
- name: my-app-install token | |
id: my-app | |
uses: getsentry/action-github-app-token@v1 | |
with: | |
app_id: ${{ secrets.APP_ID }} | |
private_key: ${{ secrets.APP_PRIVATE_KEY }} | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@v1 | |
with: | |
token: ${{ steps.my-app.outputs.token }} | |
event-type: publish-automation-modules | |
repository: SekoiaLab/platform | |
client-payload: '{"module": "${{ matrix.module }}"}' |