3939 required : false
4040 description : " branch for k8s manifests to run the tests on"
4141 type : string
42- default : " v3.2.0 "
42+ default : " v3.3.2 "
4343 scripted-inputs-os-list :
4444 required : false
4545 description : " list of OS used for scripted input tests"
@@ -381,7 +381,7 @@ jobs:
381381 - setup-workflow
382382 - setup
383383
384- runs-on : ubuntu-latest
384+ runs-on : large- ubuntu-22.04-32core
385385 strategy :
386386 fail-fast : false
387387 matrix :
@@ -403,7 +403,7 @@ jobs:
403403 - name : Install Python Dependencies and ContentCTL
404404 run : |
405405 python -m pip install --upgrade pip
406- pip install contentctl==5.0.0
406+ pip install contentctl
407407 git clone https://github.com/splunk/security_content.git
408408
409409
@@ -426,6 +426,26 @@ jobs:
426426 import yaml
427427 import os
428428 import configparser
429+ import re
430+
431+ GITHUB_REPOSITORY = os.environ.get("GITHUB_REPOSITORY", "")
432+
433+ # Parse app.conf get the appid of the TA.
434+ config = configparser.ConfigParser(strict=False)
435+ config.read("package/default/app.conf")
436+ APP_ID = config.get("id", "name")
437+ APP_LABEL = config.get("ui", "label")
438+
439+ # Read the file and remove trailing backslashes
440+ with open("package/default/props.conf", "r") as f:
441+ content = f.read()
442+
443+ # Remove trailing backslashes followed by a newline
444+ updated_content = re.sub(r"\\\n", "", content)
445+
446+ # Write the cleaned content to a new file
447+ with open("package/default/props.conf", "w") as f:
448+ f.write(updated_content)
429449
430450 # Parse props.conf and collect all the sourcetypes in a list.
431451 config = configparser.ConfigParser(strict=False)
@@ -436,7 +456,12 @@ jobs:
436456 with open("security_content/contentctl.yml", "r") as file:
437457 data = yaml.safe_load(file)
438458
439- data["apps"] = [{'uid': 1621, 'title': "Splunk Common Information Model (CIM)", 'version': "6.0.1", 'appid': "Splunk_SA_CIM", 'hardcoded_path': "https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/splunk-common-information-model-cim_601.tgz"}, {'title': ${{ needs.setup.outputs.addon-name }}, 'version': "default", 'appid': ${{ needs.setup.outputs.addon-name }}, 'hardcoded_path': "${{ env.TA_BUILD_PATH }}"}]
459+ for app in data["apps"]:
460+ if app['appid'] == APP_ID or GITHUB_REPOSITORY in app['hardcoded_path'] or app["title"] == APP_LABEL:
461+ app['hardcoded_path'] = "${{ env.TA_BUILD_PATH }}"
462+ elif app['appid'] == "PALO_ALTO_NETWORKS_ADD_ON_FOR_SPLUNK" and APP_ID == "Splunk_TA_paloalto_networks":
463+ app['hardcoded_path'] = "${{ env.TA_BUILD_PATH }}"
464+
440465
441466 # Write the modified data to the contentctl.yml file
442467 with open("security_content/contentctl.yml", "w") as file:
@@ -473,10 +498,18 @@ jobs:
473498 echo "Content of contentctl.yml file"
474499 cat contentctl.yml
475500
476- echo "contentctl test --post-test-behavior never_pause --verbose --container-settings.no-leave-running mode:selected --mode.files ${{ steps.filter-detection-files.outputs.DETECTION_FILES }}"
477-
478- contentctl test --post-test-behavior never_pause --verbose --container-settings.no-leave-running mode:selected --mode.files ${{ steps.filter-detection-files.outputs.DETECTION_FILES }}
501+ echo "contentctl test --container-settings.num-containers 12 --post-test-behavior never_pause --container-settings.no-leave-running mode:selected --mode.files ${{ steps.filter-detection-files.outputs.DETECTION_FILES }}"
479502
503+ contentctl test --container-settings.num-containers 12 --post-test-behavior never_pause --container-settings.no-leave-running mode:selected --mode.files ${{ steps.filter-detection-files.outputs.DETECTION_FILES }}
504+
505+ - uses : actions/upload-artifact@v4
506+ with :
507+ name : escu_test_summary_results
508+ path : |
509+ security_content/test_results/summary.yml
510+ security_content/dist/DA-ESS-ContentUpdate-latest.tar.gz
511+ continue-on-error : true
512+
480513 run-unit-tests :
481514 name : test-unit-python3-${{ matrix.python-version }}
482515 if : ${{ needs.test-inventory.outputs.unit == 'true' }}
0 commit comments