chore: update everything according to the latest standards (#791)

* chore: update everything according to the latest standards

* chore: forgot about .addonmatrix

* ci: remove codecov integration

* chore: wait for Splunk's KVStore to be ready

* chore: attach credentials when making request to KVStore API

* style: pre-commit run --all-files

* chore: actually use response.json() instead of response

* chore: update list of internal errors to ignore error from splunk_secure_gateway app

* chore: remove KVStore additional verification

Author: artemrys

.addonmatrix

@@ -0,0 +1 @@
+--splunkfeatures METRICS_MULTI,PYTHON3

.github/workflows/build-test-release.yml

@@ -1,5 +1,3 @@
-name: Build Test Release
-
 on:
   push:
     branches:
@@ -16,6 +14,15 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  meta:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix_supportedSplunk: ${{ steps.matrix.outputs.supportedSplunk }}
+    steps:
+      - uses: actions/checkout@v3
+      - id: matrix
+        uses: splunk/addonfactory-test-matrix-action@v1
+
   fossa-scan:
     continue-on-error: true
     runs-on: ubuntu-latest
@@ -40,13 +47,10 @@ jobs:
           FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
 
   compliance-copyrights:
-    name: Compliance Copyright Headers
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Check License Header
-        uses: apache/skywalking-eyes@v0.3.0
+      - uses: actions/checkout@v3
+      - uses: apache/skywalking-eyes@v0.4.0
 
   pre-commit:
     runs-on: ubuntu-latest
@@ -63,8 +67,7 @@ jobs:
     if: github.actor != 'dependabot[bot]'
     steps:
       - uses: actions/checkout@v3
-      - name: Semgrep
-        id: semgrep
+      - id: semgrep
         uses: returntocorp/semgrep-action@v1
         with:
           publishToken: ${{ secrets.SEMGREP_PUBLISH_TOKEN }}
@@ -84,27 +87,16 @@ jobs:
           scanArguments: "--max_dept 50 -x .github/workflows/exclude-patterns.txt"
 
   test-splunk-unit:
-    name: Unit tests
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
         with:
           submodules: true
       - name: Install dependencies
         run: |
-          curl -sSL https://install.python-poetry.org | python3 -
+          curl -sSL https://install.python-poetry.org | python3 - --version 1.4.2
           poetry install
-          poetry run coverage run --source=./pytest_splunk_addon/standard_lib -m pytest -v tests/unit
-          poetry run coverage xml
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          files: ./coverage.xml
-          directory: ./coverage/reports/
-          env_vars: OS,PYTHON
-          fail_ci_if_error: true
-          verbose: true
+          poetry run pytest -v tests/unit
 
   test-splunk-doc:
     name: Test Docs
@@ -118,14 +110,14 @@ jobs:
           python-version: 3.7
       - name: Install and run tests
         run: |
-          curl -sSL https://install.python-poetry.org | python3 -
+          curl -sSL https://install.python-poetry.org | python3 - --version 1.4.2
           poetry install --with docs -E docker
           poetry run pytest -v -m doc tests/e2e
 
   test-splunk-external:
     runs-on: ubuntu-latest
-    name: Test splunk external
     needs:
+      - meta
       - pre-commit
       - fossa-scan
       - compliance-copyrights
@@ -135,22 +127,21 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        splunk-version: ["8.1", "8.2", "9.0"]
+        splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
     steps:
       - uses: actions/checkout@v3
         with:
           submodules: true
       - name: Setup for testing
         run: |
           pip install git+https://github.com/pixelb/crudini
-          mkdir test-results-${{ matrix.splunk-version }}
+          mkdir test-results-${{ matrix.splunk.version }}
       - name: Splunk Up
         run: |
           export SPLUNK_APP_PACKAGE=./tests/e2e/addons/TA_fiction
           export SPLUNK_ADDON=TA_fiction
           export SPLUNK_APP_ID=TA_fiction
-          ls -l deps/build/addonfactory_test_matrix_splunk/splunk_matrix.conf
-          export SPLUNK_VERSION=$(crudini --get deps/build/addonfactory_test_matrix_splunk/splunk_matrix.conf ${{ matrix.splunk-version }} VERSION)
+          export SPLUNK_VERSION=${{ matrix.splunk.version }}
           echo $SPLUNK_VERSION
           docker-compose -f "docker-compose-ci.yml" build
           SPLUNK_PASSWORD=Chang3d! docker-compose -f docker-compose-ci.yml up -d splunk
@@ -174,8 +165,8 @@ jobs:
             test-results-${{ matrix.splunk-version }}
 
   test-splunk-matrix:
-    name: Test Matrix
     needs:
+      - meta
       - pre-commit
       - fossa-scan
       - compliance-copyrights
@@ -186,7 +177,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        splunk-version: ["8.1", "8.2", "9.0"]
+        splunk: ${{ fromJson(needs.meta.outputs.matrix_supportedSplunk) }}
         test-marker: [
           "splunk_connection_docker",
           "splunk_app_fiction",
@@ -203,18 +194,15 @@ jobs:
       - uses: actions/checkout@v3
         with:
           submodules: true
-      - name: Set up OS=ubuntu-latest::Python=3.7::Splunk=${{ matrix.splunk-version }}
-        uses: actions/setup-python@v4
+      - uses: actions/setup-python@v4
         with:
           python-version: 3.7
-      - name: Install and run tests
-        run: |
-          curl -sSL https://install.python-poetry.org | python3 -
+      - run: |
+          curl -sSL https://install.python-poetry.org | python3 - --version 1.4.2
           poetry install -E docker
-          poetry run pytest -v --splunk-version=${{ matrix.splunk-version }} -m docker -m ${{ matrix.test-marker }} tests/e2e
+          poetry run pytest -v --splunk-version=${{ matrix.splunk.version }} -m docker -m ${{ matrix.test-marker }} tests/e2e
 
   publish:
-    name: publish
     needs:
       - test-splunk-external
       - test-splunk-matrix
@@ -226,8 +214,7 @@ jobs:
           # build if this is not set false
           submodules: false
           persist-credentials: false
-      - name: Setup python
-        uses: actions/setup-python@v4
+      - uses: actions/setup-python@v4
         with:
           python-version: "3.7"
       - uses: actions/download-artifact@v3
@@ -237,16 +224,21 @@ jobs:
         run: cp -f THIRDPARTY NOTICE
       - name: Install Poetry
         run: |
-          curl -sSL https://install.python-poetry.org | python3 -
-      - name: Semantic Release
-        uses: cycjimmy/semantic-release-action@v3.0.0
-        with:
-          semantic_version: 19.0.2
+          curl -sSL https://install.python-poetry.org | python3 - --version 1.4.2
+      - id: semantic
+        uses: splunk/semantic-release-action@v1.3
+        with:
+          git_committer_name: ${{ secrets.SA_GH_USER_NAME }}
+          git_committer_email: ${{ secrets.SA_GH_USER_EMAIL }}
+          gpg_private_key: ${{ secrets.SA_GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.SA_GPG_PASSPHRASE }}
           extra_plugins: |
-            @semantic-release/exec
-            @semantic-release/git
             @google/semantic-release-replace-plugin
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN_ADMIN }}
-          PYPI_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+      - if: ${{ steps.semantic.outputs.new_release_published == 'true' }}
+        uses: splunk/pypi-publish-action@v1.0
+        with:
+          pypi_username: ${{ secrets.PYPI_USERNAME }}
+          pypi_token: ${{ secrets.PYPI_TOKEN }}
+  

.github/workflows/sr-prepare.sh

@@ -62,9 +62,8 @@
       [
         "@semantic-release/exec",
         {
-          "prepareCmd": "./.github/workflows/sr-prepare.sh ${nextRelease.version}",
-          "publishCmd": "./.github/workflows/sr-release.sh",
-          "shell": "bash"
+          "verifyReleaseCmd": "echo \"version=${nextRelease.version}\" >> $GITHUB_OUTPUT",
+          "successCmd": "echo \"new_release_published=${'true'}\" >> $GITHUB_OUTPUT"
         },
       ],
       [