Skip to content

Release v5.6.0#514

Open
mkolasinski-splunk wants to merge 5 commits into
mainfrom
develop
Open

Release v5.6.0#514
mkolasinski-splunk wants to merge 5 commits into
mainfrom
develop

Conversation

@mkolasinski-splunk

Copy link
Copy Markdown
Contributor

Description

(PR description goes here)

Checklist

  • README.md has been updated or is not required
  • push trigger tests
  • manual release test
  • automated releases test
  • pull request trigger tests
  • schedule trigger tests
  • workflow errors/warnings reviewed and addressed

Testing done

(for each selected checkbox, the corresponding test results link should be listed here)

mbruzda-splunk and others added 2 commits June 15, 2026 12:52
## Summary

- Fast-forwards `develop` to match `main` (tip: `36d2c0f`)
- Brings in 20 commits that landed on `main` since last sync (#492),
including fixes for PAT/GitHub App auth, spl2 tests, ubuntu 16.04 EOL
drop, and manifests pin
- No unique commits on `develop` that are missing from `main`

🤖 Generated with [Claude Code](https://claude.com/claude-code)
## What

Bumps all GitHub Actions still bundling the deprecated Node 20 runtime
to their first major version that targets Node 24, resolving the
`Node.js 20 is deprecated` warnings across all jobs in this workflow
family.

| Action | Before | After |
|---|---|---|
| `actions/checkout` | v4 | v5 |
| `actions/setup-python` | v5 | v6 |
| `actions/download-artifact` | v4 | v7 |
| `actions/upload-artifact` | v4 | v6 |
| `actions/cache` | v4 | v5 |
| `amannn/action-semantic-pull-request` | v5.5.3 | v6.1.1 |
| `aws-actions/configure-aws-credentials` | v4 | v6 |
| `dorny/test-reporter` | v1.9.1 | v3.0.0 |
| `geekyeggo/delete-artifact` | v5 | v6 |
| `softprops/action-gh-release` | v2 | v3 |

Applied consistently across all four workflow files:
- `reusable-build-test-release.yml`
- `build-test-release.yaml`
- `reusable-publish-to-splunkbase.yml`
- `reusable-validate-deploy-docs.yml`

### Left unchanged (already Node 24, or docker/composite)
`setup-java@v5`, `create-github-app-token@v3`, `amazon-ecr-login@v2`,
`svenstaro/upload-release-action@v2`, and all docker/composite actions
(`splunk/*`, `fsfe/reuse-action`, `pre-commit/action`, `trufflehog`,
`skywalking-eyes`).

## Testing

Ran the full `build-test-release` pipeline on
`splunk-add-on-for-microsoft-cloud-services` pointed at this branch —
**pipeline succeeded**, and the Node 20 deprecation warnings are gone
from every job that consumes these actions (build, setup, meta, unit
tests, all appinspect jobs, etc.).


https://github.com/splunk/splunk-add-on-for-microsoft-cloud-services/actions/runs/28662878022

### Known remaining warnings (out of scope — external sources)
- `pre-commit` job → `actions/cache@v4` is hardcoded inside
`pre-commit/action@v3.0.1` (latest release).
- `semgrep / sast-scan` job → `checkout@v4` / `upload-artifact@v4` come
from `splunk/sast-scanning/.github/workflows/sast-scan.yml@main`
(separate repo; addressed here:
splunk/sast-scanning#7).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <noreply@anthropic.com>
@mkolasinski-splunk mkolasinski-splunk requested a review from a team as a code owner July 9, 2026 12:02
mkolasinski-splunk and others added 3 commits July 10, 2026 10:02
…n ADDON-88924 (#513)

## Summary
- Splits the single monolithic `run-spl2-tests` box-test job into a
matrix, one job per pipeline subdirectory under
`package/default/data/spl2/` (discovered dynamically in
`setup-workflow`), plus a `__root__` shard for any top-level
`*.test.json`/`*.test.spl2` fixtures.
- Each shard is scoped with `--test_dir` (using
`spl2-testing-framework`'s existing directory-scoping support — no
framework changes needed); `--code_dir` stays pointed at the full tree
so module resolution still works for TAs that don't duplicate pipeline
code per-subdirectory.
- Motivated by the AWS TA SPL2 suite, where one pipeline
(`aws_cloudtrail`) accounts for ~78% of all box tests and made the
single job take 4+ hours; sharding lets pipelines with skewed test-count
distributions run concurrently instead of serially.

## Test plan
- [x] Verify against `splunk-add-on-for-amazon-web-services`
(`feature/spl2-content-for-aws-ta`) via a throwaway PR pointing
`build-test-release.yml`'s `uses:` at this branch — confirm shard
discovery finds
`aws_cloudtrail`/`aws_cloudwatch`/`aws_cloudwatchlogs_vpcflow`/`__root__`,
all four run in parallel, and total test count/pass-fail matches the
current single-job baseline.
[link](https://github.com/splunk/splunk-add-on-for-amazon-web-services/actions/runs/28942569538/job/85878959228a)

🤖 Generated with [Claude Code](https://claude.com/claude-code)
## Summary

- Add `actions/upload-artifact@v4` step to `run-spl2-tests` job so test
results are preserved as downloadable artifacts after each run
- Matches the artifact upload pattern already used in
`run-knowledge-tests` and `run-unit-tests`
- Artifact named `spl2 test results`, contains the `test-results/`
directory with JUnit XML output

## Test plan

- [ ] Verify CI runs `run-spl2-tests` and produces a downloadable `spl2
test results` artifact
- [ ] Confirm artifact contains `test-results/report.xml`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…sable release workflow (#503)

## Summary

This PR updates the reusable add-on build-test-release workflow to split
FOSSA findings into separate license and vulnerability checks, improve
release gating, and document the new workflow behavior.
JIRA Link - []https://splunk.atlassian.net/browse/ADDON-87374

## Changes

- Extends `fossa-scan` to run `fossa test --debug` in a dedicated step
(only when analyze succeeds) and upload its output as the
`fossa-test-output` artifact
- Adds separate lightweight FOSSA CI jobs that parse
`fossa-test-output`:
- `fossa-license-test` — extracts and counts issues from the `COMPLIANCE
ISSUES` section
- `fossa-vulnerability-test` — extracts and counts issues from the
`SECURITY ISSUES` section
  - Exposes separate pipeline outputs for:
    - active license issues
    - active vulnerability issues
    - release-blocking vulnerability issues
- Publishes separate job summaries for license and vulnerability
findings.
- Updates `pre-publish` release gating so release paths can block
independently on:
    - unresolved vulnerability issues
- Keeps merge-to-develop and other non-release workflows usable by
reporting split FOSSA results without enforcing release gating there.
- Updates README documentation for the new split FOSSA jobs and release
gating behavior.

### Checklist

- [X] `README.md` has been updated
- [ ] push trigger tests
- [ ] manual release test
- [ ] automated releases test
- [X] pull request trigger tests
- [ ] schedule trigger tests
- [ ] workflow errors/warnings reviewed and addressed

### Tested TA GitHub Actions run:
1. Successful FOSSA Tests for Apache web server TA -
[]https://github.com/splunk/splunk-add-on-for-apache-web-server/actions/runs/29075781494
2. Crowdstrike TA FOSSA tests failure -
[]https://github.com/splunk/splunk-add-on-for-crowdstrike-fdr/actions/runs/29077637023
3. Salesforce TA FOSSA tests failure -
[]https://github.com/splunk/splunk-add-on-for-salesforce/actions/runs/29077050887

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants