feat: Splunk AppInspect API major version (#9)

* feat: action redesign

BREAKING CHANGE: action redesign

* ci: add ci

* ci: add ci

* test: Build dockerfile

* fix: change bash to sh

* test: echo variables

* test: bash > sh

* test: quotes around parameters

* ci: results print format

* ci: enable main

* fix: download results when failing

* test: minor fixes for tests

* ci: run pytests in ci

* feat: requests handling

* refactor: download_reports, parse results

* fix: handle exceptions in a better way (#8)

* feat: handling for appinspect exceptions

* remove some logging to make output cleaner

* chore: typo in pip install filename

* chore: fix pre-commit

* chore: change permissions

* chore: fix pyton typo

* chore: update readme

* chore: added license

* chore: file not found error handling

* chore: change name in releaserc

* chore: refactor for compare results

* chore: rename repo

---------

Co-authored-by: mbruzda <[email protected]>
Co-authored-by: Marcin Bruzda <[email protected]>

.coveragerc

@@ -0,0 +1,2 @@
+[run]
+plugins = covdefaults

.flake8

@@ -0,0 +1,2 @@
+[flake8]
+max-line-length = 120

.github/workflows/build-test-release.yaml

@@ -0,0 +1,99 @@
+on:
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  packages: write
+  pull-requests: read
+  statuses: write
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.7"
+      - uses: pre-commit/[email protected]
+
+  run_tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install -r requirements-dev.txt
+      - name: Test
+        run: |
+          python -m pytest -v test/unit
+
+  build_action:
+    runs-on: ubuntu-latest
+    needs: run_tests
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+      - run: sudo snap install yq
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@v2
+      - uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - id: docker_action_meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/splunk/appinspect-api-action/appinspect-api-action
+          tags: |
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
+            type=semver,pattern=v{{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=semver,pattern={{version}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+            type=sha,format=long
+      - id: docker_action_build
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.docker_action_meta.outputs.tags }}
+          labels: ${{ steps.docker_action_meta.outputs.labels }}
+          cache-to: type=inline
+      - id: semantic_release
+        uses: splunk/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
+        with:
+          git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
+          git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
+          gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.SA_GPG_PASSPHRASE }}
+  update-semver:
+    if: startsWith(github.ref, 'refs/tags/v')
+    needs: build_action
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: haya14busa/action-update-semver@v1

.pre-commit-config.yaml

@@ -0,0 +1,25 @@
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+    -   id: check-merge-conflict
+    -   id: debug-statements
+-   repo: https://github.com/asottile/pyupgrade
+    rev: v3.3.1
+    hooks:
+    -   id: pyupgrade
+        args:
+        - --py37-plus
+-   repo: https://github.com/psf/black
+    rev: 23.3.0
+    hooks:
+    -   id: black
+-   repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.2.0
+    hooks:
+    -   id: mypy
+        additional_dependencies: ['types-requests', "types-PyYAML"]
+-   repo: https://github.com/PyCQA/flake8
+    rev: 4.0.1
+    hooks:
+    -   id: flake8

.releaserc

@@ -0,0 +1,26 @@
+{
+    "branches": [
+        '+([0-9])?(.{+([0-9]),x}).x',
+        'main',
+        'next',
+        'next-major',
+        {
+        name: 'develop',
+        prerelease: true
+        }
+    ],
+    plugins: [
+        "@semantic-release/commit-analyzer",
+        "@semantic-release/release-notes-generator",
+        ["@semantic-release/exec", {
+            "prepareCmd": 'yq -i eval ".runs.image = \"docker://ghcr.io/splunk/appinspect-api-action/appinspect-api-action:v${nextRelease.version}\"" action.yml',
+            "verifyReleaseCmd": "echo \"version=${nextRelease.version}\" >> $GITHUB_OUTPUT",
+            "successCmd": "echo \"new_release_published=${'true'}\" >> $GITHUB_OUTPUT"
+        }],
+        ["@semantic-release/git", {
+            "assets": ["action.yml"],
+            "message": "chore(release): ${nextRelease.version}\n\n${nextRelease.notes}"
+        }],
+        "@semantic-release/github"
+  ]
+}

Dockerfile

@@ -0,0 +1,12 @@
+# Container image that runs the action
+FROM python:alpine
+
+COPY . .
+RUN pip install -r requirements.txt
+
+COPY main.py /
+COPY entrypoint.sh /
+
+
+WORKDIR /github/workspace
+ENTRYPOINT ["sh", "/entrypoint.sh"]

LICENSE

@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

README.md

@@ -1,41 +1,57 @@
-# App Inspect API GitHub Action
+# Simple App Inspect API GitHub Action
 
-Simple GitHub action to validation a Splunk app package using AppInspect. This action uses the [Splunkbase AppInspect API](https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/runappinspectrequestsapi).
+Simple GitHub action to validation a Splunk app package using AppInspect API. This action uses the [Splunkbase AppInspect API](https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/runappinspectrequestsapi).
 
-There is also an [alternative GitHub action using the AppInspect CLI](https://github.com/splunk/appinspect-cli-action).
+There is also an [GitHub action using the AppInspect CLI](https://github.com/splunk/appinspect-cli-action).
 
 ## Example Usage
 
 ```yaml
 jobs:
-    some-job:
-        runs-on: ubuntu-latest
-        steps:
-            # ...
-            - uses: splunk/appinspect-api-action@v2
-              with:
-                  filePath: ./dist/myapp.tar.gz
-                  splunkUser: ${{ secrets.SPLUNKBASE_USER }}
-                  splunkPassword: ${{ secrets.SPLUNKBASE_PASSWORD }}
-                  includedTags: cloud
-                  failOnError: true
-                  failOnWarning: true
+  appinspect-job:
+    runs-on: ubuntu-latest
+    steps:
+      # ...
+      - uses: splunk/appinspect-api-action@v3
+        with:
+          username: ${{ secrets.SPL_COM_USER }}
+          password: ${{ secrets.SPL_COM_PASSWORD }}
+          app_path: build/package/
+          included_tags: "cloud,self-service"
+          excluded_tags: "offensive"
 ```
 
 ## Inputs
 
-| Name                   | Description                                                                                                | Notes            |
-| ---------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------- |
-| `filePath`             | Path to the app bundle file (.tar.gz or .spl)                                                              | **required**     |
-| `splunkUser`           | Splunk.com user used to login to the appinspect API                                                        | **required**     |
-| `splunkPassword`       | Splunk.com password used to login to the appinspect API                                                    | **required**     |
-| `includedTags`         | Comma separated list of [tags](#reference-docs) to include in appinspect job                               |                  |
-| `excludedTags`         | Comma separated list of [tags](#reference-docs) to exclude from appinspect job                             |                  |
-| `failOnError`          | If enabled the action will fail when errors or failures are reported by AppInspect                         | default: `true`  |
-| `failOnWarning`        | If enabled the action will fail when warnings are reported by AppInspect                                   | default: `false` |
-| `ignoredChecks`        | Comma separated list of [check names](#reference-docs) to explicitly ignore                                |                  |
-| `uploadReportArtifact` | If enabled the action will upload the HTML report from the AppInspect API as an artifact to GitHub actions | default: `true`  |
+| Name            | Description                                                                    | Notes        | Default |
+|-----------------|--------------------------------------------------------------------------------|--------------|---------|
+| `username`      | Splunk.com user used to login to the appinspect API                            | **required** |         |
+| `password`      | Splunk.com password used to login to the appinspect API                        | **required** |         |
+| `app_path`      | Path to the directory where addon is located, without filename                 | **required** |         |
+| `included_tags` | Comma separated list of [tags](#reference-docs) to include in appinspect job   |              | None    |
+| `excluded_tags` | Comma separated list of [tags](#reference-docs) to exclude from appinspect job |              | None    |
+
+You can explicitly include and exclude tags from a validation by including additional options in your request. Specifically, using the included_tags and excluded_tags options includes and excludes the tags you specify from a validation. If no tags are specified all checks will be done and no tags are excluded from the validation.
+
+Appinspect failures are handled via `.appinspect_api.expect.yaml` file. To make exceptions the file should look like that:
+
+```yaml
+name_of_the_failed_checks:
+  comment: jira-123
+```
+
+If you are a Splunker please specify jira issue in the comment where reason for exception is granted and explained
 
 ### Reference Docs
 
-For more info on check critera, tags and the API see the [Splunk AppInspect reference](https://dev.splunk.com/enterprise/reference/appinspect).
+For more info on check criteria, tags and the API see the [Splunk AppInspect reference](https://dev.splunk.com/enterprise/reference/appinspect).
+
+
+### Differences between v2 
+
+Missing parameters:
+
+- `failOnError` - hardcoded to be true
+- `failOnWarning` - hardcoded to be false
+- `ignoredChecks` - hardcoded to be None
+- `uploadReportArtifact` - by default html report will be generated as AppInspect_response.html, to upload it please use upload-artifact-v3

action.yml

@@ -1,37 +1,25 @@
-name: App Inspect
-description: Run Splunk AppInspect for a splunk app bundle
-author: Splunk
-runs:
-    using: node12
-    main: dist/index.js
+# action.yml
+name: "Splunk AppInspect"
+description: "Run Splunk App inspect API Calls on Add-on"
 inputs:
-    filePath:
-        description: Path to the app bundle file (.tar.gz or .spl)
-        required: true
-    splunkUser:
-        description: Splunk.com user used to login to the appinspect API
-        required: true
-    splunkPassword:
-        description: Splunk.com password used to login to the appinspect API
-        required: true
-    includedTags:
-        description: Comma separated list of tags to include in appinspect job
-        required: false
-    excludedTags:
-        description: Comma separated list of tags to exclude from appinspect job
-        required: false
-    failOnError:
-        description: If enabled the action will fail when errors or failures are reported by AppInspect (enabled by default)
-        required: false
-        default: 'true'
-    failOnWarning:
-        description: If enabled the action will fail when warnings are reported by AppInspect
-        required: false
-        default: 'false'
-    ignoredChecks:
-        description: Comma separated list of check names to explicitly ignore
-        required: false
-    uploadReportArtifact:
-        description: If enabled the action will upload the HTML report from the AppInspect API as an artifact to GitHub actions (enabled by default)
-        required: false
-        default: 'true'
+  username:
+    description: username for appinspect authentication
+    required: true
+  password:
+    description: password for appinspect authentication
+    required: true
+  app_path:
+    description: path to addon
+    required: true
+  included_tags:
+    description: comma seperated list of tags to run appinspect scans with
+    default: ""
+    required: false
+  excluded_tags:
+    description: comma seperated list of tags to be excluded from appinspect scans
+    default: ""
+    required: false
+runs:
+  using: "docker"
+  image: Dockerfile
+#  image: docker://ghcr.io/splunk/appinspect-api-action/appinspect-api-action:v1.0.0