Release v5.6.0#514
Open
mkolasinski-splunk wants to merge 5 commits into
Open
Conversation
## Summary - Fast-forwards `develop` to match `main` (tip: `36d2c0f`) - Brings in 20 commits that landed on `main` since last sync (#492), including fixes for PAT/GitHub App auth, spl2 tests, ubuntu 16.04 EOL drop, and manifests pin - No unique commits on `develop` that are missing from `main` 🤖 Generated with [Claude Code](https://claude.com/claude-code)
## What Bumps all GitHub Actions still bundling the deprecated Node 20 runtime to their first major version that targets Node 24, resolving the `Node.js 20 is deprecated` warnings across all jobs in this workflow family. | Action | Before | After | |---|---|---| | `actions/checkout` | v4 | v5 | | `actions/setup-python` | v5 | v6 | | `actions/download-artifact` | v4 | v7 | | `actions/upload-artifact` | v4 | v6 | | `actions/cache` | v4 | v5 | | `amannn/action-semantic-pull-request` | v5.5.3 | v6.1.1 | | `aws-actions/configure-aws-credentials` | v4 | v6 | | `dorny/test-reporter` | v1.9.1 | v3.0.0 | | `geekyeggo/delete-artifact` | v5 | v6 | | `softprops/action-gh-release` | v2 | v3 | Applied consistently across all four workflow files: - `reusable-build-test-release.yml` - `build-test-release.yaml` - `reusable-publish-to-splunkbase.yml` - `reusable-validate-deploy-docs.yml` ### Left unchanged (already Node 24, or docker/composite) `setup-java@v5`, `create-github-app-token@v3`, `amazon-ecr-login@v2`, `svenstaro/upload-release-action@v2`, and all docker/composite actions (`splunk/*`, `fsfe/reuse-action`, `pre-commit/action`, `trufflehog`, `skywalking-eyes`). ## Testing Ran the full `build-test-release` pipeline on `splunk-add-on-for-microsoft-cloud-services` pointed at this branch — **pipeline succeeded**, and the Node 20 deprecation warnings are gone from every job that consumes these actions (build, setup, meta, unit tests, all appinspect jobs, etc.). https://github.com/splunk/splunk-add-on-for-microsoft-cloud-services/actions/runs/28662878022 ### Known remaining warnings (out of scope — external sources) - `pre-commit` job → `actions/cache@v4` is hardcoded inside `pre-commit/action@v3.0.1` (latest release). - `semgrep / sast-scan` job → `checkout@v4` / `upload-artifact@v4` come from `splunk/sast-scanning/.github/workflows/sast-scan.yml@main` (separate repo; addressed here: splunk/sast-scanning#7). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
…n ADDON-88924 (#513) ## Summary - Splits the single monolithic `run-spl2-tests` box-test job into a matrix, one job per pipeline subdirectory under `package/default/data/spl2/` (discovered dynamically in `setup-workflow`), plus a `__root__` shard for any top-level `*.test.json`/`*.test.spl2` fixtures. - Each shard is scoped with `--test_dir` (using `spl2-testing-framework`'s existing directory-scoping support — no framework changes needed); `--code_dir` stays pointed at the full tree so module resolution still works for TAs that don't duplicate pipeline code per-subdirectory. - Motivated by the AWS TA SPL2 suite, where one pipeline (`aws_cloudtrail`) accounts for ~78% of all box tests and made the single job take 4+ hours; sharding lets pipelines with skewed test-count distributions run concurrently instead of serially. ## Test plan - [x] Verify against `splunk-add-on-for-amazon-web-services` (`feature/spl2-content-for-aws-ta`) via a throwaway PR pointing `build-test-release.yml`'s `uses:` at this branch — confirm shard discovery finds `aws_cloudtrail`/`aws_cloudwatch`/`aws_cloudwatchlogs_vpcflow`/`__root__`, all four run in parallel, and total test count/pass-fail matches the current single-job baseline. [link](https://github.com/splunk/splunk-add-on-for-amazon-web-services/actions/runs/28942569538/job/85878959228a) 🤖 Generated with [Claude Code](https://claude.com/claude-code)
## Summary - Add `actions/upload-artifact@v4` step to `run-spl2-tests` job so test results are preserved as downloadable artifacts after each run - Matches the artifact upload pattern already used in `run-knowledge-tests` and `run-unit-tests` - Artifact named `spl2 test results`, contains the `test-results/` directory with JUnit XML output ## Test plan - [ ] Verify CI runs `run-spl2-tests` and produces a downloadable `spl2 test results` artifact - [ ] Confirm artifact contains `test-results/report.xml` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…sable release workflow (#503) ## Summary This PR updates the reusable add-on build-test-release workflow to split FOSSA findings into separate license and vulnerability checks, improve release gating, and document the new workflow behavior. JIRA Link - []https://splunk.atlassian.net/browse/ADDON-87374 ## Changes - Extends `fossa-scan` to run `fossa test --debug` in a dedicated step (only when analyze succeeds) and upload its output as the `fossa-test-output` artifact - Adds separate lightweight FOSSA CI jobs that parse `fossa-test-output`: - `fossa-license-test` — extracts and counts issues from the `COMPLIANCE ISSUES` section - `fossa-vulnerability-test` — extracts and counts issues from the `SECURITY ISSUES` section - Exposes separate pipeline outputs for: - active license issues - active vulnerability issues - release-blocking vulnerability issues - Publishes separate job summaries for license and vulnerability findings. - Updates `pre-publish` release gating so release paths can block independently on: - unresolved vulnerability issues - Keeps merge-to-develop and other non-release workflows usable by reporting split FOSSA results without enforcing release gating there. - Updates README documentation for the new split FOSSA jobs and release gating behavior. ### Checklist - [X] `README.md` has been updated - [ ] push trigger tests - [ ] manual release test - [ ] automated releases test - [X] pull request trigger tests - [ ] schedule trigger tests - [ ] workflow errors/warnings reviewed and addressed ### Tested TA GitHub Actions run: 1. Successful FOSSA Tests for Apache web server TA - []https://github.com/splunk/splunk-add-on-for-apache-web-server/actions/runs/29075781494 2. Crowdstrike TA FOSSA tests failure - []https://github.com/splunk/splunk-add-on-for-crowdstrike-fdr/actions/runs/29077637023 3. Salesforce TA FOSSA tests failure - []https://github.com/splunk/splunk-add-on-for-salesforce/actions/runs/29077050887 --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
(PR description goes here)
Checklist
README.mdhas been updated or is not requiredTesting done
(for each selected checkbox, the corresponding test results link should be listed here)