From 6653acb21ceedecf7784f822e4f496b7db9966c6 Mon Sep 17 00:00:00 2001 From: Justin Ibarra Date: Fri, 4 Mar 2022 09:55:11 -0900 Subject: [PATCH] [Github Workflows] Only generate navigator files on push to main (#1814) * [Github Workflows] Only generate navigator files on push to main * fix workflow logic syntax --- .github/workflows/pythonpackage.yml | 5 ++++- Makefile | 2 +- detection_rules/devtools.py | 8 ++++++-- detection_rules/packaging.py | 7 +++++-- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index eaeb3d5f0..1a91cb3d1 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -33,8 +33,11 @@ jobs: python -m detection_rules dev license-check - name: Build release package + env: + # only generate the navigator files on push events to main + GENERATE_NAVIGATOR_FILES: "${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && '--generate-navigator' || ' ' }}" run: | - python -m detection_rules dev build-release + python -m detection_rules dev build-release $GENERATE_NAVIGATOR_FILES - name: Archive production artifacts for branch builds uses: actions/upload-artifact@v2 diff --git a/Makefile b/Makefile index b5be17b34..426b7038e 100644 --- a/Makefile +++ b/Makefile @@ -48,7 +48,7 @@ test: $(VENV) lint pytest .PHONY: release release: deps @echo "RELEASE: $(app_name)" - $(PYTHON) -m detection_rules dev build-release + $(PYTHON) -m detection_rules dev build-release --generate-navigator rm -rf dist mkdir dist cp -r releases/*/*.zip dist/ diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py index 340fda3c3..1b59de755 100644 --- a/detection_rules/devtools.py +++ b/detection_rules/devtools.py @@ -67,14 +67,18 @@ def dev_group(): @click.argument('config-file', type=click.Path(exists=True, dir_okay=False), required=False, default=PACKAGE_FILE) @click.option('--update-version-lock', '-u', is_flag=True, help='Save version.lock.json file with updated rule versions in the package') -def build_release(config_file, update_version_lock, release=None, verbose=True): +@click.option('--generate-navigator', is_flag=True, help='Generate ATT&CK navigator files') +def build_release(config_file, update_version_lock: bool, generate_navigator: bool, release=None, verbose=True): """Assemble all the rules into Kibana-ready release files.""" config = load_dump(config_file)['package'] + if generate_navigator: + config['generate_navigator'] = True + if release is not None: config['release'] = release if verbose: - click.echo('[+] Building package {}'.format(config.get('name'))) + click.echo(f'[+] Building package {config.get("name")}') package = Package.from_config(config, verbose=verbose) diff --git a/detection_rules/packaging.py b/detection_rules/packaging.py index 0a9eaad13..790070256 100644 --- a/detection_rules/packaging.py +++ b/detection_rules/packaging.py @@ -82,13 +82,15 @@ class Package(object): def __init__(self, rules: RuleCollection, name: str, release: Optional[bool] = False, min_version: Optional[int] = None, max_version: Optional[int] = None, - registry_data: Optional[dict] = None, verbose: Optional[bool] = True): + registry_data: Optional[dict] = None, verbose: Optional[bool] = True, + generate_navigator: bool = False): """Initialize a package.""" self.name = name self.rules = rules self.deprecated_rules: DeprecatedCollection = rules.deprecated self.release = release self.registry_data = registry_data or {} + self.generate_navigator = generate_navigator if min_version is not None: self.rules = self.rules.filter(lambda r: min_version <= r.contents.latest_version) @@ -150,7 +152,8 @@ class Package(object): with open(os.path.join(directory, f'{self.name}-changelog-entry.md'), 'w') as f: f.write(changelog) - self.generate_attack_navigator(Path(directory)) + if self.generate_navigator: + self.generate_attack_navigator(Path(directory)) consolidated = json.loads(self.get_consolidated()) with open(os.path.join(directory, f'{self.name}-consolidated-rules.json'), 'w') as f: