From 0690f5fa9795d38d5338239bcfc091c92f48eecc Mon Sep 17 00:00:00 2001 From: ljstella Date: Tue, 7 Oct 2025 11:33:10 -0400 Subject: [PATCH 1/6] Adding new version temporarily for testing --- .github/workflows/testEndToEnd.yml | 19 ++++++++----------- .github/workflows/test_against_escu.yml | 25 ++++++++++--------------- 2 files changed, 18 insertions(+), 26 deletions(-) diff --git a/.github/workflows/testEndToEnd.yml b/.github/workflows/testEndToEnd.yml index 4d6dd1b0..9552672f 100644 --- a/.github/workflows/testEndToEnd.yml +++ b/.github/workflows/testEndToEnd.yml @@ -3,18 +3,17 @@ on: pull_request: types: [opened, reopened, synchronize] schedule: - - cron: "44 4 * * *" + - cron: '44 4 * * *' jobs: testEverything: strategy: fail-fast: false matrix: - python_version: ["3.11", "3.12", "3.13"] - operating_system: ["ubuntu-24.04", "macos-15", "windows-2022"] + python_version: ['3.12', '3.13', '3.14'] + operating_system: ['ubuntu-24.04', 'macos-15', 'windows-2022'] #operating_system: ["ubuntu-20.04", "ubuntu-22.04", "macos-latest"] - runs-on: ${{ matrix.operating_system }} steps: #- name: Install Docker for macOS @@ -36,11 +35,10 @@ jobs: uses: actions/setup-python@v5 with: python-version: ${{ matrix.python_version }} - architecture: "x64" - + architecture: 'x64' + - name: Install Poetry - run: - python -m pip install poetry + run: python -m pip install poetry - name: Install contentctl and activate the shell run: | @@ -50,7 +48,7 @@ jobs: - name: Run contentctl init run: | cd my_splunk_content_pack - poetry run contentctl init + poetry run contentctl init - name: Clone the AtomicRedTeam Repo run: | @@ -73,11 +71,10 @@ jobs: run: | cd my_splunk_content_pack poetry run contentctl test --disable-tqdm --post-test-behavior never_pause - + - uses: actions/upload-artifact@v4 with: name: content_pack_${{ matrix.python_version }}_${{ matrix.operating_system }} path: | my_splunk_content_pack/dist/my_splunk_content_pack.tar.gz my_splunk_content_pack/test_results/summary.yml - diff --git a/.github/workflows/test_against_escu.yml b/.github/workflows/test_against_escu.yml index 25cae4c8..8f2088a9 100644 --- a/.github/workflows/test_against_escu.yml +++ b/.github/workflows/test_against_escu.yml @@ -9,20 +9,19 @@ on: pull_request: types: [opened, reopened, synchronize] schedule: - - cron: "44 4 * * *" + - cron: '44 4 * * *' jobs: smoketest_escu: strategy: fail-fast: false matrix: - python_version: ["3.11", "3.12", "3.13"] - - operating_system: ["ubuntu-24.04", "macos-15"] + python_version: ['3.12', '3.13', '3.14'] + + operating_system: ['ubuntu-24.04', 'macos-15'] # Do not test against ESCU until known character encoding issue is resolved # operating_system: ["ubuntu-20.04", "ubuntu-22.04", "macos-latest", "macos-14", "windows-2022"] - runs-on: ${{ matrix.operating_system }} steps: # Checkout the current branch of contentctl repo @@ -32,7 +31,7 @@ jobs: # Checkout the develop (default) branch of security_content - name: Checkout repo uses: actions/checkout@v5 - with: + with: path: security_content repository: splunk/security_content @@ -41,25 +40,22 @@ jobs: uses: actions/setup-python@v5 with: python-version: ${{ matrix.python_version }} - architecture: "x64" - + architecture: 'x64' + - name: Install Poetry - run: - python -m pip install poetry + run: python -m pip install poetry - name: Install contentctl and activate the shell run: | poetry install --no-interaction - - - name: Clone the AtomicRedTeam Repo and the Mitre/CTI repos for testing enrichments + - name: Clone the AtomicRedTeam Repo and the Mitre/CTI repos for testing enrichments run: | cd security_content git clone --single-branch https://github.com/redcanaryco/atomic-red-team external_repos/atomic-red-team git clone --single-branch https://github.com/mitre/cti external_repos/cti - - # We do not separately run validate and build + # We do not separately run validate and build # since a build ALSO performs a validate - name: Run contentctl build run: | @@ -68,4 +64,3 @@ jobs: # Do not run a test - it will take far too long! # Do not upload any artifacts - From f364b5ba97c2232023edb07f154662781e8becd5 Mon Sep 17 00:00:00 2001 From: ljstella Date: Wed, 8 Oct 2025 09:50:22 -0400 Subject: [PATCH 2/6] actually use 3.14 --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 2d60a987..64af030c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -13,7 +13,7 @@ contentctl = 'contentctl.contentctl:main' [tool.poetry.dependencies] -python = "^3.11,<3.14" +python = "^3.11,<3.15" pydantic = "~2.9.2" PyYAML = "^6.0.2" requests = ">=2.32.4" From 6359a8f8807f74388c7ff82fc1b0d0278773735b Mon Sep 17 00:00:00 2001 From: ljstella Date: Thu, 9 Oct 2025 09:00:04 -0400 Subject: [PATCH 3/6] bump pydantic for 3.14 support --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 64af030c..69936421 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -14,7 +14,7 @@ contentctl = 'contentctl.contentctl:main' [tool.poetry.dependencies] python = "^3.11,<3.15" -pydantic = "~2.9.2" +pydantic = ">=2.9.2,<2.13.0" PyYAML = "^6.0.2" requests = ">=2.32.4" pycvesearch = "^1.2" From bafece473cdf4d2c682c1cd09c3998cea0a6397c Mon Sep 17 00:00:00 2001 From: ljstella Date: Fri, 17 Oct 2025 15:15:06 -0400 Subject: [PATCH 4/6] Add freethreaded python 3.14 to matrix to test --- .github/workflows/testEndToEnd.yml | 2 +- .github/workflows/test_against_escu.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testEndToEnd.yml b/.github/workflows/testEndToEnd.yml index 9552672f..d1c1a8d7 100644 --- a/.github/workflows/testEndToEnd.yml +++ b/.github/workflows/testEndToEnd.yml @@ -10,7 +10,7 @@ jobs: strategy: fail-fast: false matrix: - python_version: ['3.12', '3.13', '3.14'] + python_version: ['3.12', '3.13', '3.14', '3.14t'] operating_system: ['ubuntu-24.04', 'macos-15', 'windows-2022'] #operating_system: ["ubuntu-20.04", "ubuntu-22.04", "macos-latest"] diff --git a/.github/workflows/test_against_escu.yml b/.github/workflows/test_against_escu.yml index 8f2088a9..5648094e 100644 --- a/.github/workflows/test_against_escu.yml +++ b/.github/workflows/test_against_escu.yml @@ -16,7 +16,7 @@ jobs: strategy: fail-fast: false matrix: - python_version: ['3.12', '3.13', '3.14'] + python_version: ['3.12', '3.13', '3.14', '3.14t'] operating_system: ['ubuntu-24.04', 'macos-15'] # Do not test against ESCU until known character encoding issue is resolved From 8e63de747ef012a2f4a3e590e424c1e1499d1509 Mon Sep 17 00:00:00 2001 From: ljstella Date: Fri, 17 Oct 2025 15:17:10 -0400 Subject: [PATCH 5/6] Revert pydantic bump --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 69936421..64af030c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -14,7 +14,7 @@ contentctl = 'contentctl.contentctl:main' [tool.poetry.dependencies] python = "^3.11,<3.15" -pydantic = ">=2.9.2,<2.13.0" +pydantic = "~2.9.2" PyYAML = "^6.0.2" requests = ">=2.32.4" pycvesearch = "^1.2" From d3c9c9559117e76eb6050661b5217f9a84394188 Mon Sep 17 00:00:00 2001 From: ljstella Date: Fri, 7 Nov 2025 12:54:08 -0500 Subject: [PATCH 6/6] bump versions? --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 02790b88..5d5857b9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -14,7 +14,7 @@ contentctl = 'contentctl.contentctl:main' [tool.poetry.dependencies] python = "^3.11,<3.15" -pydantic = "~2.9.2" +pydantic = "~2.12.4" PyYAML = "^6.0.2" requests = ">=2.32.4" pycvesearch = "^1.2" @@ -27,7 +27,7 @@ splunk-sdk = "^2.0.2" semantic-version = "^2.10.0" bottle = ">=0.12.25,<0.14.0" tqdm = "^4.66.5" -pygit2 = "^1.15.1" +pygit2 = "^1.19.0" #We are pinned to this version of tyro because 0.9.23 and above #have an issue when parsing an extremely large number of files #(in our testing great than 130) when using the mode:selected