Merge remote-tracking branch 'origin/develop' into spike/ingestor-initial-config

Author: vivekr-splunk

.env

@@ -1,11 +1,11 @@
 OPERATOR_SDK_VERSION=v1.42.0
 REVIEWERS=vivekr-splunk,rlieberman-splunk,patrykw-splunk,Igor-splunk,kasiakoziol,kubabuczak,gabrielm-splunk,minjieqiu,qingw-splunk
-GO_VERSION=1.25.7
+GO_VERSION=1.25.8
 AWSCLI_URL=https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.8.6.zip
 KUBECTL_VERSION=v1.29.1
 AZ_CLI_VERSION=2.79.0
 EKSCTL_VERSION=v0.215.0
 EKS_CLUSTER_K8_VERSION=1.34
 EKS_INSTANCE_TYPE=m5.2xlarge
 EKS_INSTANCE_TYPE_ARM64=c6g.4xlarge
-SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:10.0.0
+SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:10.2.0

.gitattributes

@@ -0,0 +1,16 @@
+# Generated by kubebuilder/operator-sdk (scaffolding)
+PROJECT linguist-generated=true
+
+# Generated by controller-gen (make generate)
+api/**/zz_generated.deepcopy.go linguist-generated=true
+
+# Generated by controller-gen (make manifests)
+config/crd/bases/*.yaml linguist-generated=true
+config/rbac/role.yaml linguist-generated=true
+config/rbac/role_binding.yaml linguist-generated=true
+config/webhook/manifests.yaml linguist-generated=true
+
+# Generated by operator-sdk (make bundle)
+config/manifests/bases/splunk-operator.clusterserviceversion.yaml linguist-generated=true
+bundle/manifests/*.yaml linguist-generated=true
+bundle/metadata/annotations.yaml linguist-generated=true

.github/pull_request_template.md

@@ -19,5 +19,6 @@ _Jira tickets, GitHub issues, Support tickets..._
 - [ ] Code changes adhere to the project's coding standards.
 - [ ] Relevant unit and integration tests are included.
 - [ ] Documentation has been updated accordingly.
+- [ ] If test framework files were changed (`test/testenv/`, `test/run-tests.sh`, `test/env.sh`), `docs/IntegrationTesting.md` has been updated
 - [ ] All tests pass locally.
 - [ ] The PR description follows the project's guidelines.

.github/workflows/arm-AL2023-build-test-push-workflow-AL2023.yml

@@ -51,7 +51,6 @@ jobs:
        run: make test
      - name: Run Code Coverage
        run: goveralls -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }}
-       continue-on-error: true
      - name: Upload Coverage artifacts
        uses: actions/upload-artifact@v6
        with:
@@ -137,6 +136,7 @@ jobs:
                 managersecret,
                 managermc,
                 indingsep,
+                licensemanager,
                ]
     runs-on: ubuntu-latest
     env:

.github/workflows/arm-Ubuntu-build-test-push-workflow.yml

@@ -51,7 +51,6 @@ jobs:
        run: make test
      - name: Run Code Coverage
        run: goveralls -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }}
-       continue-on-error: true
      - name: Upload Coverage artifacts
        uses: actions/upload-artifact@v6
        with:
@@ -137,6 +136,7 @@ jobs:
                 managersecret,
                 managermc,
                 indingsep,
+                licensemanager,
               ]
     runs-on: ubuntu-latest
     env:

.github/workflows/automated-release-workflow.yml

@@ -22,6 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      id-token: write
       pull-requests: write
     if: github.ref == 'refs/heads/main'
     env:
@@ -111,31 +112,35 @@ jobs:
 
     - name: Sign Splunk Operator image with a key
       run: |
-        cosign sign --yes --key env://COSIGN_PRIVATE_KEY  splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}
+        cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY  splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}
       env:
         COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
         COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+        COSIGN_DOCKER_MEDIA_TYPES: "1"
 
     - name: Verify Splunk Operator image with a key
       run: |
         cosign verify --key env://COSIGN_PUBLIC_KEY  splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}
       env:
         COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
+        COSIGN_DOCKER_MEDIA_TYPES: "1"
 
     - name: Promote Distroless RC Image to Release
       run: |
         regctl image copy ${{ secrets.PUBLIC_ECR_REPOSITORY }}/${{ env.SPLUNK_OPERATOR_RC_IMAGE_NAME }}:${{ github.event.inputs.release_version }}-RC-distroless splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless
 
     - name: Sign Distroless Splunk Operator image with a key
       run: |
-        cosign sign --yes --key env://COSIGN_PRIVATE_KEY  splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless
+        cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY  splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless
       env:
         COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
         COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+        COSIGN_DOCKER_MEDIA_TYPES: "1"
 
     - name: Verify Distroless Splunk Operator image with a key
       run: |
         cosign verify --key env://COSIGN_PUBLIC_KEY  splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless
       env:
         COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
+        COSIGN_DOCKER_MEDIA_TYPES: "1"
 

.github/workflows/build-test-push-workflow.yml

@@ -68,7 +68,6 @@ jobs:
           make test
       - name: Run Code Coverage
         run: goveralls -shallow -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }}
-        continue-on-error: true
       - name: Upload Coverage artifacts
         uses: actions/upload-artifact@v6
         with:
@@ -87,9 +86,28 @@ jobs:
           report_paths: 'unit_test*.xml'
           check_name: 'Unit Test Results'
           detailed_summary: true
+  check-generated:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Dotenv Action
+      id: dotenv
+      uses: falti/dotenv-action@v1
+    - name: Setup Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ${{ steps.dotenv.outputs.GO_VERSION }}
+    - name: Run code generation
+      run: make manifests generate
+    - name: Check for uncommitted changes
+      run: |
+        if ! git diff --exit-code; then
+          echo "::error::Generated files are out of date. Run 'make manifests generate' and commit the result."
+          exit 1
+        fi
   build-operator-image:
     runs-on: ubuntu-latest
-    needs: [check-formating, unit-tests]
+    needs: [check-formating, unit-tests, check-generated]
     env:
       SPLUNK_ENTERPRISE_IMAGE: ${{ secrets.SPLUNK_ENTERPRISE_IMAGE }}
       SPLUNK_OPERATOR_IMAGE_NAME: splunk/splunk-operator
@@ -206,6 +224,7 @@ jobs:
                 managersecret,
                 managermc,
                 indingsep,
+                licensemanager,
                ]
     runs-on: ubuntu-latest
     env:

.github/workflows/cla-check.yml

@@ -51,4 +51,4 @@ jobs:
           custom-pr-sign-comment: "I have read the Code of Conduct and I hereby sign the COC"
           signed-commit-message: "$contributorName has signed the COC in #$pullRequestNo"
           custom-notsigned-prcomment: "<br/>🎉 **CLA signed — one more step to go!**<br/><br/>Please also accept our [Code of Conduct](${input.getPathToDocument()}) by posting a comment with the exact sentence copied from below. This helps us maintain a welcoming community.<br/>"
-          custom-allsigned-prcomment: "All contributors have signed required documents ✍️ ✅"
+          custom-allsigned-prcomment: "All contributors have signed required documents ✍️ ✅"

.github/workflows/distroless-build-test-push-workflow.yml

@@ -62,7 +62,6 @@ jobs:
         run: make test
       - name: Run Code Coverage
         run: goveralls -shallow -coverprofile=coverage.out -service=circle-ci -repotoken ${{ secrets.COVERALLS_TOKEN }}
-        continue-on-error: true
       - name: Upload Coverage artifacts
         uses: actions/upload-artifact@v6
         with:
@@ -201,6 +200,7 @@ jobs:
           managersecret,
           managermc,
           indingsep,
+          licensemanager,
         ]
     runs-on: ubuntu-latest
     env:

.github/workflows/flaky-test-analysis-workflow.yml

@@ -0,0 +1,104 @@
+name: Flaky Test Analysis
+permissions:
+  contents: read
+  actions: read
+on:
+  workflow_dispatch:
+    inputs:
+      start_date:
+        description: 'Start date (YYYY-MM-DD). Defaults to 7 days before yesterday.'
+        required: false
+      end_date:
+        description: 'End date (YYYY-MM-DD). Defaults to yesterday.'
+        required: false
+      top_n:
+        description: 'Number of flakiest tests to report'
+        required: false
+        default: '20'
+      window_size:
+        description: 'Window size in days for flip rate calculation'
+        required: false
+        default: '1'
+      branch:
+        description: 'Only include runs from this branch (e.g. develop). All branches if empty.'
+        required: false
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: pip install flaky-tests-detection
+
+      - name: Run flaky test analysis
+        id: run
+        env:
+          GH_TOKEN: ${{ github.token }}
+          START_DATE: ${{ inputs.start_date }}
+          END_DATE: ${{ inputs.end_date }}
+          TOP_N: ${{ inputs.top_n }}
+          WINDOW_SIZE: ${{ inputs.window_size }}
+          BRANCH: ${{ inputs.branch }}
+          RESULTS_FILE: flaky-results.txt
+        run: |
+          ./tools/flaky-test-analysis.sh
+          echo "start=${START_DATE:-$(date -u -d '7 days ago' +%Y-%m-%d)}" >> "$GITHUB_OUTPUT"
+          echo "end=${END_DATE:-$(date -u -d 'yesterday' +%Y-%m-%d)}" >> "$GITHUB_OUTPUT"
+
+      - name: Generate job summary
+        if: always()
+        run: |
+          {
+            echo "## Flaky Test Analysis"
+            echo ""
+            echo "**Date range:** \`${{ steps.run.outputs.start }}\` .. \`${{ steps.run.outputs.end }}\`"
+            BRANCH_INFO="${{ inputs.branch }}"
+            if [[ -n "$BRANCH_INFO" ]]; then
+              echo "**Branch:** \`${BRANCH_INFO}\` | **Top N:** ${{ inputs.top_n || '20' }} | **Window size:** ${{ inputs.window_size || '1' }} day(s)"
+            else
+              echo "**Top N:** ${{ inputs.top_n || '20' }} | **Window size:** ${{ inputs.window_size || '1' }} day(s)"
+            fi
+            echo ""
+
+            if [[ ! -f flaky-results.txt ]]; then
+              echo "> No results produced. Check the workflow logs."
+              exit 0
+            fi
+
+            # Extract the score lines (format: suite::[It] description --- score: N)
+            flaky_lines=$(grep -E ' --- score: ' flaky-results.txt || true)
+
+            if [[ -z "$flaky_lines" ]]; then
+              echo "> No flaky tests detected in this period."
+            else
+              echo "| Score | Suite | Test |"
+              echo "|------:|-------|------|"
+              echo "$flaky_lines" | while IFS= read -r line; do
+                score=$(echo "$line" | sed -E 's/.* --- score: (.+)/\1/')
+                suite=$(echo "$line" | sed -E 's/^([^:]+)::.*/\1/')
+                test_name=$(echo "$line" | sed -E 's/^[^:]+::\[It\] (.*) --- score:.*/\1/')
+                echo "| ${score} | ${suite} | ${test_name} |"
+              done
+            fi
+
+          } >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Generate failure stats summary
+        if: always()
+        run: python3 tools/test-failure-stats.py ./junit-reports >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Upload results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: flaky-test-results-${{ steps.run.outputs.start }}-to-${{ steps.run.outputs.end }}
+          path: |
+            flaky-results.txt
+            *_flip_rate_*.png
+          if-no-files-found: ignore
+          retention-days: 30