Skip to content

Merge pull request #428 from elastic/renovate/docker.elastic.co-appex… #2474

Merge pull request #428 from elastic/renovate/docker.elastic.co-appex…

Merge pull request #428 from elastic/renovate/docker.elastic.co-appex… #2474

Workflow file for this run

name: Main
on:
push:
tags: "v[0-9]+.[0-9]+.[0-9]+"
branches: "main"
pull_request:
branches: "*"
schedule:
# every Monday at 3:30 AM
- cron: "30 3 * * 1"
env:
TEST_VERBOSITY: 2
jobs:
license-check:
name: License check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: License check
run: make license-check
lint-check:
name: Code lint check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: Setup Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: "3.13"
- name: Install dependencies
run: make prereq
- name: Lint
run: make lint
unit-tests:
name: Unit tests (${{ matrix.os }}/py-${{ matrix.python-version }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
stack-version: ["8.2.0"]
schema-uri: ["./etc/ecs-v8.2.1.tar.gz"]
python-version: ["3.8", "3.13"]
os: ["ubuntu-latest", "macos-latest"]
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: Setup Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: make prereq
- name: Run unit tests
env:
TEST_STACK_VERSION: ${{ matrix.stack-version }}
TEST_SCHEMA_URI: ${{ matrix.schema-uri }}
TEST_DETECTION_RULES_URI: "https://epr.elastic.co/search?package=security_detection_engine&kibana.version=${{ matrix.stack-version }}"
run: make tests
online-tests:
name: Online tests (${{ matrix.stack-version }})
runs-on: "ubuntu-latest"
needs:
- unit-tests
strategy:
fail-fast: false
matrix:
include:
- stack-version: 8.17.0
schema-uri: "./etc/ecs-v8.16.0.tar.gz"
- stack-version: 8.16.0
schema-uri: "./etc/ecs-v8.16.0.tar.gz"
- stack-version: 8.15.0
schema-uri: "./etc/ecs-v8.11.0.tar.gz"
- stack-version: 8.14.0
schema-uri: "./etc/ecs-v8.11.0.tar.gz"
- stack-version: 8.13.0
schema-uri: "./etc/ecs-v8.11.0.tar.gz"
- stack-version: 8.12.0
schema-uri: "./etc/ecs-v8.11.0.tar.gz"
- stack-version: 8.11.0
schema-uri: "./etc/ecs-v8.11.0.tar.gz"
- stack-version: 8.10.1
schema-uri: "./etc/ecs-v8.10.0.tar.gz"
- stack-version: 8.9.0
schema-uri: "./etc/ecs-v8.9.0.tar.gz"
- stack-version: 8.8.0
schema-uri: "./etc/ecs-v8.8.0.tar.gz"
- stack-version: 8.7.0
schema-uri: "./etc/ecs-v8.7.0.tar.gz"
- stack-version: 8.6.0
schema-uri: "./etc/ecs-v8.6.1.tar.gz"
- stack-version: 8.5.0
schema-uri: "./etc/ecs-v8.5.2.tar.gz"
- stack-version: 8.4.0
schema-uri: "./etc/ecs-v8.4.0.tar.gz"
- stack-version: 8.3.0
schema-uri: "./etc/ecs-v8.3.1.tar.gz"
- stack-version: 8.2.0
schema-uri: "./etc/ecs-v8.2.1.tar.gz"
env:
TEST_ELASTICSEARCH_URL: "http://elastic:changeme@localhost:29650"
TEST_KIBANA_URL: "http://elastic:changeme@localhost:65290"
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: Setup Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: "3.8"
- name: Install dependencies
run: make prereq
- name: Setup cache
id: elastic-stack-cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
with:
key: elastic-stack-cache-${{ matrix.stack-version }}
path: ~/elastic-stack-cache
- name: Reuse Elastic Stack ${{ matrix.stack-version }} Docker images
if: steps.elastic-stack-cache.outputs.cache-hit == 'true'
run: |
docker load -i ~/elastic-stack-cache/elasticsearch-${{ matrix.stack-version }}.tar
docker load -i ~/elastic-stack-cache/kibana-${{ matrix.stack-version }}.tar
- name: Pull Elastic Stack ${{ matrix.stack-version }} Docker images
if: steps.elastic-stack-cache.outputs.cache-hit != 'true'
env:
TEST_STACK_VERSION: ${{ matrix.stack-version }}
run: |
mkdir ~/elastic-stack-cache
docker compose pull -q
docker save -o ~/elastic-stack-cache/elasticsearch-${{ matrix.stack-version }}.tar \
docker.elastic.co/elasticsearch/elasticsearch:${{ matrix.stack-version }}
docker save -o ~/elastic-stack-cache/kibana-${{ matrix.stack-version }}.tar \
docker.elastic.co/kibana/kibana:${{ matrix.stack-version }}
- name: Start Elastic Stack ${{ matrix.stack-version }}
env:
TEST_STACK_VERSION: ${{ matrix.stack-version }}
run: make up
- name: Run online tests
env:
TEST_STACK_VERSION: ${{ matrix.stack-version }}
TEST_SCHEMA_URI: ${{ matrix.schema-uri }}
TEST_SIGNALS_QUERIES: 1
TEST_SIGNALS_RULES: 1
run: make online-tests
- name: Explain shards allocation
if: always()
run: curl -s $TEST_ELASTICSEARCH_URL/_cat/shards?v
- name: Print Stack logs
if: always()
run: docker compose logs
- name: Stop Elastic Stack ${{ matrix.stack-version }}
if: always()
run: |
docker logs geneve-test-es-1 >es-${{ matrix.stack-version }}.log
docker logs geneve-test-kbn-1 >kbn-${{ matrix.stack-version }}.log
make down
- name: Upload logs
if: always()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
with:
name: logs-${{ matrix.stack-version }}
path: |
es-*.log
kbn-*.log
- name: Upload reports
if: always()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
with:
name: test-reports-${{ matrix.stack-version }}
path: tests/reports/*.new.md
package-build:
name: Package build (${{ matrix.os }}/py-${{ matrix.python-version }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
python-version: ["3.8", "3.13"]
os: ["ubuntu-latest", "macos-latest"]
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: Setup Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: make prereq
- name: Check versions
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
run: "set -x; [ \"${{ github.ref }}\" = \"refs/tags/v$(python3 -c 'import geneve; print(geneve.version)')\" ]"
- name: Build package
run: make package
- name: Upload artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
with:
name: python-package-${{ matrix.python-version }}-${{ matrix.os }}
path: dist/*
package-tests:
name: Package tests (${{ matrix.os }}/py-${{ matrix.python-version }})
runs-on: ${{ matrix.os }}
needs: package-build
strategy:
fail-fast: false
matrix:
python-version: ["3.8", "3.13"]
os: ["ubuntu-latest", "macos-latest"]
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
path: code
- name: Setup Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: ${{ matrix.python-version }}
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: python-package-${{ matrix.python-version }}-${{ matrix.os }}
path: dist
- name: Install package
run: make -f code/Makefile pkg-install
publish:
name: Publish
runs-on: ubuntu-latest
needs:
- license-check
- lint-check
- unit-tests
- online-tests
- package-tests
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
steps:
- name: Setup Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: "3.8"
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4
with:
name: python-package-3.8-ubuntu-latest
path: dist
- name: Publish to TestPyPI
uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
if: github.repository != 'elastic/geneve'
with:
password: ${{ secrets.TEST_PYPI_API_TOKEN }}
print_hash: true
repository_url: https://test.pypi.org/legacy/
skip_existing: true
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
if: github.repository == 'elastic/geneve'
with:
password: ${{ secrets.PYPI_API_TOKEN }}
print_hash: true