[CI] Add GitHub actions workflow to lock versions across branches (#1456)

* Start job to lock versions * Update lock-versions workflow * Call lock-multiple script * Fix script * Add the lock file to staging * pass branches to the job * Fetch all branches and tags * Push the branch first * Push with upstream * Change PR params * Remove protections machine token * Add 7.14.0 to the lock for min_stack_version=7.14.0 * Fix branch prefix * Add trailing newline * Trailing newline * Restrict to main branch
2021-08-26 14:17:34 -06:00
parent 675e870a30
commit 4adad703fc
5 changed files with 103 additions and 3 deletions
@@ -0,0 +1,73 @@
+name: lock-versions
+on:
+  workflow_dispatch:
+      inputs:
+        branches:
+          description: 'List of branches to lock versions (ordered, comma separated)'
+          required: true
+          default: '7.13,7.14,7.15'
+
+jobs:
+  pr:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Validate the source branch
+        uses: actions/github-script@v3
+        with:
+          script: |
+            if ('refs/heads/main' !== '${{github.event.ref}}') {
+              core.setFailed('Forbidden branch, expected "main"')
+            }
+
+      - name: Checkout detection-rules
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python 3.8
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.8
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt -r requirements-dev.txt
+
+      - name: Build release package
+        run: |
+          python -m detection_rules dev build-release
+
+      - name: Set github config
+        run: |
+          git config --global user.email "72879786+protectionsmachine@users.noreply.github.com"
+          git config --global user.name "protectionsmachine"
+
+      - name: Lock the versions
+        env:
+          BRANCHES: "${{github.event.inputs.branches}}"
+        run: |
+          ./etc/lock-multiple.sh $BRANCHES
+          git add etc/version.lock.json
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          assignees: '${{github.actor}}'
+          delete-branch: true
+          branch: "version-lock-"
+          commit-message: "Locked versions for releases: ${{github.event.inputs.branches}}"
+          branch-suffix: "short-commit-hash"
+          title: 'Lock versions for releases: ${{github.event.inputs.branches}}'
+          body: |
+            Lock versions for releases: ${{github.event.inputs.branches}}.
+
+            - Autogenerated from job `lock-versions: pr`.
+
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-files
+          path: |
+            releases