[CI/CD] Create on-demand job to release from Kibana (#1334)

* Add on-demand job to release to Kibana
* Update the inputs structure
* Archive the artifacts

.github/workflows/backport.yml

@@ -43,7 +43,6 @@ jobs:
               name: 'backport: auto'
             })
 
-
   commit:
     if: |
       github.event.pull_request.merged == true

.github/workflows/release-kibana.yml

@@ -0,0 +1,66 @@
+name: release-kibana
+on:
+  workflow_dispatch:
+    inputs:
+      kibana_branch:
+        description: 'Target branch for a Kibana PR'
+        required: true
+        default: 'master'
+      labels:
+        description: 'Labels to assign to the PR (comma-separated)'
+        required: true
+        default: 'release_note:skip,release_note:enhancement,auto-backport'
+      draft:
+        description: 'Create a PR as draft (y/n)'
+        required: false
+
+jobs:
+  kibana-pr:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout detection-rules
+        uses: actions/checkout@v2
+        with:
+          path: detection-rules
+
+      - name: Checkout Kibana
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }}
+          ref: ${{github.event.inputs.kibana_branch}}
+          repository: elastic/kibana
+          path: kibana
+
+      - name: Install dependencies
+        run: |
+          cd detection-rules
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt -r requirements-dev.txt
+
+      - name: Build release package
+        run: |
+          cd detection-rules
+          python -m detection_rules dev build-release
+
+      - name: Set github config
+        run: |
+          git config --global user.email "72879786+protectionsmachine@users.noreply.github.com"
+          git config --global user.name "protectionsmachine"
+
+      - name: Create the PR to Kibana
+        env:
+          DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}"
+          LABEL_ARGS: "--label ${{github.event.inputs.labels}}"
+          BRANCH_ARGS: "--base-branch ${{github.event.inputs.kibana_branch}}"
+          GITHUB_TOKEN: "${{ secrets.PROTECTIONS_MACHINE_TOKEN }}"
+        run: |
+          cd detection-rules
+          python -m detection_rules dev kibana-pr --assign ${{github.actor}} $LABEL_ARGS $DRAFT_ARGS $BRANCH_ARGS
+
+    - name: Archive production artifacts for branch builds
+      uses: actions/upload-artifact@v2
+      with:
+        name: release-files
+        path: |
+          detection-rules/releases

detection_rules/devtools.py

@@ -272,21 +272,19 @@ def kibana_commit(ctx, local_repo: str, github_repo: str, ssh: bool, kibana_dire
     short_commit_hash = subprocess.check_output([git_exe, "rev-parse", "--short", "HEAD"], encoding="utf-8").strip()
 
     try:
-        if not os.path.exists(local_repo):
-            if not click.confirm(f"Kibana repository doesn't exist at {local_repo}. Clone?"):
-                ctx.exit(1)
-
-            url = f"git@github.com:{github_repo}.git" if ssh else f"https://github.com/{github_repo}.git"
-            subprocess.check_call([git_exe, "clone", url, local_repo, "--depth", 1])
-
         def git(*args, show_output=False):
             method = subprocess.call if show_output else subprocess.check_output
             return method([git_exe, "-C", local_repo] + list(args), encoding="utf-8")
 
+        if not os.path.exists(local_repo):
+            click.echo(f"Kibana repository doesn't exist at {local_repo}. Cloning...")
+            url = f"git@github.com:{github_repo}.git" if ssh else f"https://github.com/{github_repo}.git"
+            subprocess.check_call([git_exe, "clone", url, local_repo, "--depth", "1"])
+        else:
+            git("checkout", base_branch)
+
         branch_name = branch_name or f"detection-rules/{package_name}-{short_commit_hash}"
 
-        git("checkout", base_branch)
-        git("pull")
         git("checkout", "-b", branch_name, show_output=True)
         git("rm", "-r", kibana_directory)
 
@@ -302,7 +300,6 @@ def kibana_commit(ctx, local_repo: str, github_repo: str, ssh: bool, kibana_dire
                 shutil.copyfile(path, os.path.join(target_dir, name))
 
         git("add", kibana_directory)
-
         git("commit", "--no-verify", "-m", message)
         git("status", show_output=True)
 
@@ -319,13 +316,13 @@ def kibana_commit(ctx, local_repo: str, github_repo: str, ssh: bool, kibana_dire
 
 
 @dev_group.command("kibana-pr")
-@click.option("--token", required=True, prompt=True, default=get_github_token(),
+@click.option("--token", required=True, prompt=get_github_token() is None, default=get_github_token(),
               help="GitHub token to use for the PR", hide_input=True)
 @click.option("--assign", multiple=True, help="GitHub users to assign the PR")
 @click.option("--label", multiple=True, help="GitHub labels to add to the PR")
+@click.option("--draft", is_flag=True, help="Open the PR as a draft")
 # Pending an official GitHub API
 # @click.option("--automerge", is_flag=True, help="Enable auto-merge on the PR")
-@click.option("--draft", is_flag=True, help="Open the PR as a draft")
 @add_git_args
 @click.pass_context
 def kibana_pr(ctx: click.Context, label: Tuple[str, ...], assign: Tuple[str, ...], draft: bool, token: str, **kwargs):
@@ -349,7 +346,9 @@ def kibana_pr(ctx: click.Context, label: Tuple[str, ...], assign: Tuple[str, ...
     """).strip()  # noqa: E501
     pr = repo.create_pull(title, body, kwargs["base_branch"], branch_name, draft=draft)
 
-    label = set(label)
+    # labels could also be comma separated
+    label = {lbl for cs_labels in label for lbl in cs_labels.split(",") if lbl}
+
     if label:
         pr.add_to_labels(*sorted(label))