feat: Add Appinspect API action (#168)

* ci: always upload artifact

* ci: add secrets

* ci: rename appinspect stage

* docs: update readme

* ci: appinpsect api now runs only on push and PR to main

Author: mbruzda-splunk

.github/workflows/reusable-build-test-release.yml

@@ -45,6 +45,12 @@ on:
       SA_GPG_PASSPHRASE:
         description: GPG signature passphrase
         required: true
+      SPL_COM_USER:
+        description: username to splunk.com
+        required: true
+      SPL_COM_PASSWORD:
+        description: password to splunk.com
+        required: true
 permissions:
   contents: read
   packages: read
@@ -793,6 +799,40 @@ jobs:
           path: |
             *_markdown.txt
 
+  appinspect-api:
+    name: appinspect api ${{ matrix.tags }}
+    needs: build
+    if: |
+      !cancelled() &&
+      needs.build.result == 'success' &&
+      ( github.base_ref == 'main' || github.ref_name == 'main' )
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        tags:
+          - "cloud"
+          - "self-service"
+          - ""
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/download-artifact@v3
+        with:
+          name: package-splunkbase
+          path: build/package
+      - name: AppInspect API
+        uses: splunk/[email protected]
+        with:
+          username: ${{ secrets.SPL_COM_USER }}
+          password: ${{ secrets.SPL_COM_PASSWORD }}
+          app_path: build/package/
+          included_tags: ${{ matrix.tags }}
+      - uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: appinspect-api-html-report-${{ matrix.tags }}
+          path: AppInspect_response.html
+
   artifact-registry:
     runs-on: ubuntu-latest
     needs:

README.md

@@ -41,6 +41,8 @@ jobs:
       SA_GH_USER_EMAIL: ${{ secrets.SA_GH_USER_EMAIL }}
       SA_GPG_PRIVATE_KEY: ${{ secrets.SA_GPG_PRIVATE_KEY }}
       SA_GPG_PASSPHRASE: ${{ secrets.SA_GPG_PASSPHRASE }}
+      SPL_COM_USER: ${{ secrets.SPL_COM_USER }}
+      SPL_COM_PASSWORD: ${{ secrets.SPL_COM_PASSWORD }}
 ```
 
 ***
@@ -403,6 +405,53 @@ appinspect_self-service_checks.json
 appinspect_splunk_appinspect_checks.json
 ```
 
+
+AppInspect API
+=======================
+
+**Description**
+
+- Splunk AppInspect performs validation checks on your Splunk app package against a set of standardized criteria to evaluate the app structure, features, security, and adherence to Splunk Cloud Platform requirements. Unlike previous job that uses AppInspect CLI, this one uses AppInspect API
+
+- [https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/](https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/useappinspectapi/)
+
+- Respective Appinspect tags used in stage:
+
+- https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/#Validate-an-app-using-tags
+
+```
+"cloud"
+"self-service"
+"" (no tags)
+```
+**Action used:** https://github.com/splunk/appinspect-api-action
+
+**Pass/fail behaviour:**
+
+- Splunk AppInspect API generates HTML report that details the successes, warnings, and failures flagged by the checks.
+
+- By using the results of the report, user can fix any issues in your app before you submit it for cloud vetting or for publication to Splunkbase.
+
+**Exception file:** 
+
+- `.appinspect_api.expect.yaml` We can use this file to add false positives with appropriate comments.
+
+- ref: https://github.com/splunk/splunk-add-on-for-cisco-meraki/blob/main/.app-vetting.yaml - Connect to preview  
+
+**Troubleshooting steps for failures if any:**
+
+- User can refer to this for failures https://dev.splunk.com/enterprise/docs/developapps/testvalidate/appinspect/#Common-issues-reported-by-Splunk-AppInspect
+
+
+**Artifacts:**
+
+```
+appinspect-api-html-report
+appinspect-api-html-report-cloud
+appinspect-api-html-report-self-service
+```
+
+
 # setup
 
 **Description:**