From bef577d0e7b0ccf96e395cab33491fcdef212689 Mon Sep 17 00:00:00 2001
From: ljstella <lstella@splunk.com>
Date: Tue, 9 Sep 2025 12:40:30 -0400
Subject: [PATCH 1/3] First attempt at porting to GHA

---
 .circleci/config.yml        | 107 ------------------------------------
 .github/workflows/build.yml |  68 +++++++++++++++++++++++
 2 files changed, 68 insertions(+), 107 deletions(-)
 delete mode 100644 .circleci/config.yml
 create mode 100644 .github/workflows/build.yml

diff --git a/.circleci/config.yml b/.circleci/config.yml
deleted file mode 100644
index aa8a0f2..0000000
--- a/.circleci/config.yml
+++ /dev/null
@@ -1,107 +0,0 @@
-# Python CircleCI 2.0 configuration file
-#
-# Check https://circleci.com/docs/2.0/language-python/ for more details
-#
-
-dependencies:
-  cache_directories:
-    - "~/.apt-cache"
-  pre:
-    - sudo rm -rf /var/cache/apt/archives && sudo ln -s ~/.apt-cache /var/cache/apt/archives && mkdir -p ~/.apt-cache/partial
-
-apt-run: &apt-install
-  name: install system packages
-  command: |
-    sudo apt update -qq
-    sudo apt install -y python-pip
-
-version: 2.1
-
-executors:
-  content-executor:
-    docker:
-      - image: circleci/python:latest
-    working_directory: ~/repo
-
-jobs:
-  validate-content:
-    executor: content-executor
-    steps:
-      - run:
-          name: checkout repo
-          command: |
-            if [ "${CIRCLE_BRANCH}" == "" ]; then
-                git clone https://${GITHUB_TOKEN}@github.com/splunk/TA-osquery.git
-            else
-                git clone --branch ${CIRCLE_BRANCH} https://${GITHUB_TOKEN}@github.com/splunk/TA-osquery.git
-            fi
-      - restore_cache:
-          key: deps1-{{ .Branch }}-{{ checksum "TA-osquery/default/app.conf" }}
-      - run: *apt-install
-      - run:
-          name: grab appinspect
-          command: |
-            curl -Ls https://download.splunk.com/misc/appinspect/splunk-appinspect-2.0.0.tar.gz -o appinspect-lastest.tar.gz
-            mkdir appinspect-latest
-            tar -zxvf appinspect-lastest.tar.gz -C appinspect-latest --strip-components=1
-      - run:
-          name: install appinspect
-          command: |
-            cd appinspect-latest
-            rm -rf venv
-            sudo pip install --upgrade pip setuptools
-            sudo pip install virtualenv
-            virtualenv --python=/usr/bin/python2.7 --clear venv
-            source venv/bin/activate
-            pip install .
-      - run:
-          name: run appinspect
-          command: |
-            rm -rf TA-osquery/.git
-            rm -rf TA-osquery/.circleci
-            rm -rf TA-osquery/.gitignore
-            tar -zcvf TA-osquery.tar.gz TA-osquery
-            mkdir dist
-            cp TA-osquery.tar.gz dist/
-            cd appinspect-latest
-            source venv/bin/activate
-            splunk-appinspect inspect ../TA-osquery.tar.gz --included-tags=cloud 
-      - save_cache:
-          key: deps1-{{ .Branch }}-{{ checksum "TA-osquery/default/app.conf" }}
-          paths:
-            - "venv"
-      - store_artifacts:
-          path: TA-osquery.tar.gz
-          destination: TA-osquery-latest.tar.gz
-      - persist_to_workspace:
-          root: dist/
-          paths:
-              - TA-osquery.tar.gz
-  publish-github-release:
-    docker:
-      - image: cibuilds/github:0.10
-    steps:
-      - attach_workspace:
-          at: ~/dist/TA-osquery.tar.gz
-      - run:
-          name: publish release on github
-          command: |
-            ghr -t ${GITHUB_TOKEN} -u ${CIRCLE_PROJECT_USERNAME} -r ${CIRCLE_PROJECT_REPONAME} -c ${CIRCLE_SHA1} -delete ${CIRCLE_TAG} ~/dist/TA-osquery.tar.gz
-workflows:
-  version: 2.1
-  validate-and-build:
-    jobs:
-      - validate-content:
-          filters:
-            tags:
-              only: /.*/
-      - publish-github-release:
-          requires:
-            - validate-content
-          filters:
-            tags:
-              only: /^v.*/
-            branches:
-              ignore: /.*/
-
-            
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..4f535ef
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,68 @@
+name: Build and Release
+
+on:
+  push:
+    branches: [main, master]
+    tags: ['v*']
+  pull_request:
+    branches: [main, master]
+
+jobs:
+  validate-content:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v5
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.9'
+
+      - name: Install Splunk AppInspect CLI
+        run: |
+          pip install splunk-appinspect
+
+      - name: Run appinspect
+        run: |
+          rm -rf TA-osquery/.git
+          rm -rf TA-osquery/.circleci
+          rm -rf TA-osquery/.gitignore
+          rm -rf TA-osquery/.github
+          tar -zcvf TA-osquery.tar.gz TA-osquery
+          mkdir dist
+          cp TA-osquery.tar.gz dist/
+          splunk-appinspect inspect ../TA-osquery.tar.gz --included-tags=cloud --included-tags=future
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: TA-osquery-latest
+          path: TA-osquery.tar.gz
+
+      - name: Upload to workspace
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-artifact
+          path: dist/TA-osquery.tar.gz
+
+  publish-github-release:
+    needs: validate-content
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v5
+        with:
+          name: release-artifact
+          path: ~/dist/
+
+      - name: Publish release on GitHub
+        uses: softprops/action-gh-release@v2
+        with:
+          files: ~/dist/TA-osquery.tar.gz
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag_name: ${{ github.ref_name }}
+          generate_release_notes: true

From 1fbe6b93703a79680f3db4cc0277d9c3aa7988a0 Mon Sep 17 00:00:00 2001
From: ljstella <lstella@splunk.com>
Date: Tue, 9 Sep 2025 12:54:22 -0400
Subject: [PATCH 2/3] Tweak triggers

---
 .github/workflows/build.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4f535ef..40a1353 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,10 +2,9 @@ name: Build and Release
 
 on:
   push:
-    branches: [main, master]
     tags: ['v*']
   pull_request:
-    branches: [main, master]
+    types: [opened, reopened, synchronize]
 
 jobs:
   validate-content:

From 5ad31f9620e5ee9d23165c5bed64a1a314bc288e Mon Sep 17 00:00:00 2001
From: ljstella <lstella@splunk.com>
Date: Tue, 9 Sep 2025 12:55:58 -0400
Subject: [PATCH 3/3] Update python action

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 40a1353..38d9001 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.9'