Closed edthedev closed 10 months ago
Takeaways from discussion this afternoon:
I sent our question about deploying without enabling immediately to our colleague at Splunk, and I posted it to the Splunk soar_app_dev
Slack channel.
Per discussion this morning:
Plan
Update: We updated our SOAR midpoint app with the new pattern.
Here's the deployments:
Does not deploy:
Does deploy:
Here's the CI/CD snippet:
- name: Build Package (Prod)
if: github.event_name == 'release'
run: |
make build
- name: Build Package (Test)
if: github.event_name == 'pull_request'
run: |
make build-test
- name: Store build as an artifact
uses: actions/upload-artifact@v3
with:
name: deployed tar file
path: app.tar
retention-days: 7
- name: Post to Splunk SOAR API
if: github.event_name == 'release' || github.event_name == 'pull_request'
run: |
make deploy
env:
SOAR_TOKEN: ${{ secrets.SOAR_TOKEN }}
SOAR_HOSTNAME: ${{ secrets.SOAR_HOSTNAME }}
Context
Our preference is to have an audit log of each release, and to allow members of incident response and engineering to trigger those releases directly. Now that the technical nuts and bolts of our release process are ironed out, I would like us to revisit the actual mechanism for triggering a release.
I'm very okay with just porting the process we used on the command line automation; and I am also open to other ideas.
Key outcomes are:
Tasks