diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index e9d1f1cf9..7bf52cbb1 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -43,7 +43,6 @@ jobs: name: 'backport: auto' }) - commit: if: | github.event.pull_request.merged == true diff --git a/.github/workflows/release-kibana.yml b/.github/workflows/release-kibana.yml new file mode 100644 index 000000000..9e23036cd --- /dev/null +++ b/.github/workflows/release-kibana.yml @@ -0,0 +1,66 @@ +name: release-kibana +on: + workflow_dispatch: + inputs: + kibana_branch: + description: 'Target branch for a Kibana PR' + required: true + default: 'master' + labels: + description: 'Labels to assign to the PR (comma-separated)' + required: true + default: 'release_note:skip,release_note:enhancement,auto-backport' + draft: + description: 'Create a PR as draft (y/n)' + required: false + +jobs: + kibana-pr: + runs-on: ubuntu-latest + + steps: + - name: Checkout detection-rules + uses: actions/checkout@v2 + with: + path: detection-rules + + - name: Checkout Kibana + uses: actions/checkout@v2 + with: + token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }} + ref: ${{github.event.inputs.kibana_branch}} + repository: elastic/kibana + path: kibana + + - name: Install dependencies + run: | + cd detection-rules + python -m pip install --upgrade pip + pip install -r requirements.txt -r requirements-dev.txt + + - name: Build release package + run: | + cd detection-rules + python -m detection_rules dev build-release + + - name: Set github config + run: | + git config --global user.email "72879786+protectionsmachine@users.noreply.github.com" + git config --global user.name "protectionsmachine" + + - name: Create the PR to Kibana + env: + DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}" + LABEL_ARGS: "--label ${{github.event.inputs.labels}}" + BRANCH_ARGS: "--base-branch ${{github.event.inputs.kibana_branch}}" + GITHUB_TOKEN: "${{ secrets.PROTECTIONS_MACHINE_TOKEN }}" + run: | + cd detection-rules + python -m detection_rules dev kibana-pr --assign ${{github.actor}} $LABEL_ARGS $DRAFT_ARGS $BRANCH_ARGS + + - name: Archive production artifacts for branch builds + uses: actions/upload-artifact@v2 + with: + name: release-files + path: | + detection-rules/releases \ No newline at end of file diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py index 738933208..8026348f4 100644 --- a/detection_rules/devtools.py +++ b/detection_rules/devtools.py @@ -272,21 +272,19 @@ def kibana_commit(ctx, local_repo: str, github_repo: str, ssh: bool, kibana_dire short_commit_hash = subprocess.check_output([git_exe, "rev-parse", "--short", "HEAD"], encoding="utf-8").strip() try: - if not os.path.exists(local_repo): - if not click.confirm(f"Kibana repository doesn't exist at {local_repo}. Clone?"): - ctx.exit(1) - - url = f"git@github.com:{github_repo}.git" if ssh else f"https://github.com/{github_repo}.git" - subprocess.check_call([git_exe, "clone", url, local_repo, "--depth", 1]) - def git(*args, show_output=False): method = subprocess.call if show_output else subprocess.check_output return method([git_exe, "-C", local_repo] + list(args), encoding="utf-8") + if not os.path.exists(local_repo): + click.echo(f"Kibana repository doesn't exist at {local_repo}. Cloning...") + url = f"git@github.com:{github_repo}.git" if ssh else f"https://github.com/{github_repo}.git" + subprocess.check_call([git_exe, "clone", url, local_repo, "--depth", "1"]) + else: + git("checkout", base_branch) + branch_name = branch_name or f"detection-rules/{package_name}-{short_commit_hash}" - git("checkout", base_branch) - git("pull") git("checkout", "-b", branch_name, show_output=True) git("rm", "-r", kibana_directory) @@ -302,7 +300,6 @@ def kibana_commit(ctx, local_repo: str, github_repo: str, ssh: bool, kibana_dire shutil.copyfile(path, os.path.join(target_dir, name)) git("add", kibana_directory) - git("commit", "--no-verify", "-m", message) git("status", show_output=True) @@ -319,13 +316,13 @@ def kibana_commit(ctx, local_repo: str, github_repo: str, ssh: bool, kibana_dire @dev_group.command("kibana-pr") -@click.option("--token", required=True, prompt=True, default=get_github_token(), +@click.option("--token", required=True, prompt=get_github_token() is None, default=get_github_token(), help="GitHub token to use for the PR", hide_input=True) @click.option("--assign", multiple=True, help="GitHub users to assign the PR") @click.option("--label", multiple=True, help="GitHub labels to add to the PR") +@click.option("--draft", is_flag=True, help="Open the PR as a draft") # Pending an official GitHub API # @click.option("--automerge", is_flag=True, help="Enable auto-merge on the PR") -@click.option("--draft", is_flag=True, help="Open the PR as a draft") @add_git_args @click.pass_context def kibana_pr(ctx: click.Context, label: Tuple[str, ...], assign: Tuple[str, ...], draft: bool, token: str, **kwargs): @@ -349,7 +346,9 @@ def kibana_pr(ctx: click.Context, label: Tuple[str, ...], assign: Tuple[str, ... """).strip() # noqa: E501 pr = repo.create_pull(title, body, kwargs["base_branch"], branch_name, draft=draft) - label = set(label) + # labels could also be comma separated + label = {lbl for cs_labels in label for lbl in cs_labels.split(",") if lbl} + if label: pr.add_to_labels(*sorted(label))