action.yml

name: "Generate App Build, App Inspect Check and Splunk App Utilities"
description: "Automatically generate Splunk App/Add-on builds, and run app-inspect checks. Optionally add common Splunk App utilities."

branding:
  color: "purple"
  icon: "play"

inputs:
  app_dir:
    description: "Provide app directory inside your repository. Do not provide the value if the repo's root directory itself if app directory."
    required: false
    default: "."

  to_make_permission_changes:
    description: "Whether to apply file and folder permission changes according to Splunk App Inspect expectation before generating the build."
    required: false
    default: false

  use_ucc_gen:
    description: "Use ucc-gen command to generate the build for Add-on. The 'app_dir' folder must have a sub-folder named 'package', and a file named 'globalConfig.json' for this to work."
    required: false
    default: false

  is_app_inspect_check:
    description: "Whether to perform the Splunk app-inspect checks or not. This would include cloud-inspect checks as well."
    required: false
    default: true

  splunkbase_username:
    description: "Username required to call the Splunkbase API for App-Inspect. Required when is_app_inspect_check is set to true."
    required: false

  splunkbase_password:
    description: "Password required to call the Splunkbase API for App-Inspect. Required when is_app_inspect_check is set to true. Strongly recommend to use via GitHub secrets only and specify like `{{secrets.MY_SPLUNK_PASSWORD}}`."
    required: false

  app_utilities:
    description: "Add comma separated list of utilities to use. You need to enable read and write permission for workflow to create Pull Requests. Valid options: whats_in_the_app, logger, splunk_python_sdk, common_js_utilities, ucc_additional_packaging"
    required: false
    default: ""

  my_github_token:
    description: "GitHub Secret Token to automatically create Pull request. (Make sure to put it in the Repo secret on GitHub as `MY_GITHUB_TOKEN` and then use it like `{{ secrets.MY_GITHUB_TOKEN }}`. Do not write it in plain text.) Only required if app_utilities is being used."
    required: false
    default: "NONE"

  logger_log_files_prefix:
    description: "Log files prefix. Only required for logger utility."
    required: false
    default: "NONE"

  logger_sourcetype:
    description: "Sourcetype for the internal app logs. Required only for logger utility."
    required: false
    default: "NONE"

  splunk_python_sdk_install_path:
    description: "Path where you would like to install splunk-python-sdk (splunklib). Path is relative to App's root folder."
    required: false
    default: "bin"

  is_remove_pyc_from_splunklib_dir:
    description: "Remove `.pyc` files and `__pycache__` directory from splunk-python-sdk (splunklib) installation path before generating Pull Request. Do not turn this off unless you are facing any issues explicitly."
    required: false
    default: true


outputs:
  stdout:
    description: "Program stdout"
  stderr:
    description: "Program stderr"
  error:
    description: "A string of 'true' or 'false' that tells if there were errors."

runs:
  using: "composite"
  steps:
    - name: "Extracting the current branch name"
      shell: bash
      run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
      id: extract_branch

    - name: "Clone the Repository"
      uses: actions/checkout@v4
      with:
        ref: ${{ steps.extract_branch.outputs.branch }}
        path: repodir

    - name: "Pre-tasks"
      shell: bash
      run: |
        pwd
        echo "=== Inputs ==="
        echo "app_dir -> ${{inputs.app_dir}}"
        echo "use_ucc_gen -> ${{inputs.use_ucc_gen}}"
        echo "to_make_permission_changes -> ${{inputs.to_make_permission_changes}}"
        echo "is_app_inspect_check -> ${{inputs.is_app_inspect_check}}"
        echo "splunkbase_username -> ${{inputs.splunkbase_username}} (If using Github secret the value will be ***)"
        echo "splunkbase_password -> ${{inputs.splunkbase_password}} (If using Github secret the value will be ***)"
        echo "app_utilities -> ${{inputs.app_utilities}}"
        echo "my_github_token -> ${{inputs.my_github_token}} (If using Github secret the value will be ***)"
        echo "current_branch_name -> ${{steps.extract_branch.outputs.branch}}"
        echo "logger_log_files_prefix -> ${{inputs.logger_log_files_prefix}}"
        echo "logger_sourcetype -> ${{inputs.logger_sourcetype}}"
        echo "splunk_python_sdk_install_path -> ${{inputs.splunk_python_sdk_install_path}}"
        echo "is_remove_pyc_from_splunklib_dir -> ${{inputs.is_remove_pyc_from_splunklib_dir}}"

    - name: "Install Python"
      uses: actions/setup-python@v5
      with:
        python-version: '3.11'

    - name: "Install required packages"
      shell: bash
      run: |
        pip install requests
        pip install splunk-add-on-ucc-framework

    - name: "Running the Splunk App actions"
      shell: bash
      env:
        SPLUNK_app_dir: ${{inputs.app_dir}}
        SPLUNK_use_ucc_gen: ${{inputs.use_ucc_gen}}
        SPLUNK_to_make_permission_changes: ${{inputs.to_make_permission_changes}}
        SPLUNK_is_app_inspect_check: ${{inputs.is_app_inspect_check}}
        SPLUNK_splunkbase_username: ${{inputs.splunkbase_username}}
        SPLUNK_splunkbase_password: ${{inputs.splunkbase_password}}
        SPLUNK_app_utilities: ${{inputs.app_utilities}}
        GITHUB_TOKEN: ${{inputs.my_github_token}}
        SPLUNK_current_branch_name: ${{steps.extract_branch.outputs.branch}}
        SPLUNK_logger_log_files_prefix: ${{inputs.logger_log_files_prefix}}
        SPLUNK_logger_sourcetype: ${{inputs.logger_sourcetype}}
        SPLUNK_splunk_python_sdk_install_path: ${{inputs.splunk_python_sdk_install_path}}
        SPLUNK_is_remove_pyc_from_splunklib_dir: ${{inputs.is_remove_pyc_from_splunklib_dir}}
      run: |
        python -u ${{ github.action_path }}/src/main.py

    - name: "Upload the app build as artifact"
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: "App-Build-${{env.app_package_id}}_${{env.app_version_encoded}}_${{env.app_build_number_encoded}}"
        path: ${{env.app_package_id}}_${{env.app_version_encoded}}_${{env.app_build_number_encoded}}.tgz

    - name: "Upload the app-inspect reports as artifact"
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: "App-Inspect-Reports-${{env.app_package_id}}_${{env.app_version_encoded}}_${{env.app_build_number_encoded}}"
        path: ${{env.app_package_id}}_${{env.app_version_encoded}}_${{env.app_build_number_encoded}}_reports