Splunk TA Update #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Splunk TA Update | |
| on: | |
| workflow_dispatch: # Manually trigger the workflow | |
| schedule: | |
| - cron: '55 06 * * *' # Runs daily at midnight | |
| jobs: | |
| modify-code: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: 'develop' | |
| token: ${{ secrets.GH_PAT }} # Add this line to use the PAT for checkout | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' # or the version your script requires | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-central-1 | |
| - name: Install Dependencies using Poetry | |
| run: | | |
| pip3 install poetry | |
| poetry install | |
| pip3 install GitPython | |
| - name: Run Python Splunk TA checker | |
| env: | |
| SPLUNK_BASE_USERNAME: ${{ secrets.SPLUNK_BASE_USERNAME }} | |
| SPLUNK_BASE_PASSWORD: ${{ secrets.SPLUNK_BASE_PASSWORD }} | |
| run: | | |
| poetry run python scripts/attack_range_ta_update.py | |
| - name: Check for changes | |
| id: changes | |
| run: | | |
| # Check if configs/attack_range_default.yml has changed | |
| if git diff --exit-code configs/attack_range_default.yml; then | |
| echo "No changes detected in configs/attack_range_default.yml" | |
| echo "changes_detected=false" >> $GITHUB_ENV | |
| else | |
| echo "Changes detected in configs/attack_range_default.yml" | |
| echo "changes_detected=true" >> $GITHUB_ENV | |
| fi | |
| - name: Commit and push changes if any | |
| if: env.changes_detected == 'true' | |
| env: | |
| GH_PAT: ${{ secrets.GH_PAT }} | |
| run: | | |
| git config user.name 'Splunk TA Updater [bot]' | |
| git config user.email '[email protected]' | |
| git checkout -b auto-ta-update-${{ github.run_number }} | |
| git add . | |
| git commit -m "Automated Splunk TA Update" | |
| git push origin auto-ta-update-${{ github.run_number }} | |
| - name: Create Pull Request | |
| if: env.changes_detected == 'true' | |
| uses: peter-evans/create-pull-request@v5 | |
| with: | |
| token: ${{ secrets.GH_PAT }} | |
| commit-message: "Automated Splunk TA Update" | |
| branch: auto-ta-update-${{ github.run_number }} | |
| base: develop | |
| title: "Automated Splunk TA Update" | |
| body: "This PR contains updates to Splunk TAs made by the GitHub Actions workflow." |