From 66a0cbb5de86b9fb9f317f6385d2469f80cdf55e Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Wed, 1 Mar 2023 10:43:16 -0500 Subject: [PATCH] [Bug] Fix `release-*` Github Workflows and Review `integrations-pr` command (#2605) * testing order of operations in workflow * reverted testing order; adjusting secrets token * adjusting secrets token * changing checkout to v3 * removed token for testing workflow * changed repo reference * changing secret token * reverting token changes * removing master reference * adjusted elastic-package installation * changed path of integrations during install * added integrations fetch run commands * changed target branch to main, setup latest go * changed token back to protections machine * trying different secret for integrations PR creation * created testing token for permission errors * adjusted 'bump-pkg-versions' so minors are bumped if no previous pkg * added bumping package versions as a step * updated actions/upload-artifact to v3 * removed inaccurate comments; removed release-kibana workflow * adjusted sequence of steps to bump packge version before build * added a bump to major if it does not match packages.yml --- .github/workflows/release-fleet.yml | 32 +++++++++---- .github/workflows/release-kibana.yml | 71 ---------------------------- detection_rules/devtools.py | 11 ++++- 3 files changed, 31 insertions(+), 83 deletions(-) delete mode 100644 .github/workflows/release-kibana.yml diff --git a/.github/workflows/release-fleet.yml b/.github/workflows/release-fleet.yml index fbd3efb48..c48fd91b5 100644 --- a/.github/workflows/release-fleet.yml +++ b/.github/workflows/release-fleet.yml @@ -9,10 +9,13 @@ on: target_branch: description: 'Target branch for PR base' required: true - default: 'master' + default: 'main' draft: description: 'Create a PR as draft (y/n)' required: false + package_maturity: + description: 'Package Maturity (ga/beta)' + required: true jobs: fleet-pr: @@ -28,15 +31,14 @@ jobs: } - name: Checkout detection-rules - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: detection-rules - name: Checkout elastic/integrations - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: - token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }} - ref: ${{github.event.inputs.target_branch}} + token: ${{ secrets.READ_WRITE_RELEASE_FLEET }} repository: ${{github.event.inputs.target_repo}} path: integrations @@ -51,6 +53,15 @@ jobs: python -m pip install --upgrade pip pip install .[dev] + - name: Bump prebuilt rules package version + env: + PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}" + run: | + cd detection-rules + python -m detection_rules dev bump-pkg-versions \ + --patch-release \ + --maturity $PACKAGE_MATURITY + - name: Build release package run: | cd detection-rules @@ -62,13 +73,14 @@ jobs: git config --global user.name "protectionsmachine" - name: Setup go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: - go-version: '^1.16.0' + go-version: '^1.20.1' + check-latest: true - name: Build elastic-package run: | - go get github.com/elastic/elastic-package + go install github.com/elastic/elastic-package@latest - name: Create the PR to Integrations env: @@ -76,7 +88,7 @@ jobs: TARGET_REPO: "${{github.event.inputs.target_repo}}" TARGET_BRANCH: "${{github.event.inputs.target_branch}}" LOCAL_REPO: "../integrations" - GITHUB_TOKEN: "${{ secrets.PROTECTIONS_MACHINE_TOKEN }}" + GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}" run: | cd detection-rules python -m detection_rules dev integrations-pr \ @@ -87,7 +99,7 @@ jobs: $DRAFT_ARGS - name: Archive production artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: release-files path: | diff --git a/.github/workflows/release-kibana.yml b/.github/workflows/release-kibana.yml deleted file mode 100644 index 5f041ec8d..000000000 --- a/.github/workflows/release-kibana.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: release-kibana -on: - workflow_dispatch: - inputs: - kibana_branch: - description: 'Target branch for a Kibana PR' - required: true - default: 'master' - labels: - description: 'Labels to assign to the PR (comma-separated)' - required: true - default: 'release_note:skip,release_note:enhancement,auto-backport' - draft: - description: 'Create a PR as draft (y/n)' - required: false - -jobs: - kibana-pr: - runs-on: ubuntu-latest - - steps: - - name: Checkout detection-rules - uses: actions/checkout@v2 - with: - path: detection-rules - - - name: Checkout Kibana - uses: actions/checkout@v2 - with: - token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }} - ref: ${{github.event.inputs.kibana_branch}} - repository: elastic/kibana - path: kibana - - - name: Set up Python 3.8 - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - - name: Install dependencies - run: | - cd detection-rules - python -m pip install --upgrade pip - pip install .[dev] - - - name: Build release package - run: | - cd detection-rules - python -m detection_rules dev build-release - - - name: Set github config - run: | - git config --global user.email "72879786+protectionsmachine@users.noreply.github.com" - git config --global user.name "protectionsmachine" - - - name: Create the PR to Kibana - env: - DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}" - LABEL_ARGS: "--label ${{github.event.inputs.labels}}" - BRANCH_ARGS: "--base-branch ${{github.event.inputs.kibana_branch}}" - GITHUB_TOKEN: "${{ secrets.PROTECTIONS_MACHINE_TOKEN }}" - run: | - cd detection-rules - python -m detection_rules dev kibana-pr --assign ${{github.actor}} $LABEL_ARGS $DRAFT_ARGS $BRANCH_ARGS - - - name: Archive production artifacts for branch builds - uses: actions/upload-artifact@v2 - with: - name: release-files - path: | - detection-rules/releases \ No newline at end of file diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py index 2a8c524da..432c731c7 100644 --- a/detection_rules/devtools.py +++ b/detection_rules/devtools.py @@ -182,6 +182,15 @@ def bump_versions(major_release: bool, minor_release: bool, patch_release: bool, if patch_release: latest_patch_release_ver = find_latest_integration_version("security_detection_engine", maturity, pkg_data["name"]) + + # if an existing minor or major does not have a package, bump from the last + # example is 8.10.0-beta.1 is last, but on 9.0.0 major + # example is 8.10.0-beta.1 is last, but on 8.11.0 minor + if latest_patch_release_ver.minor != pkg_kibana_ver.minor: + latest_patch_release_ver = latest_patch_release_ver.bump_minor() + if latest_patch_release_ver.major != pkg_kibana_ver.major: + latest_patch_release_ver = latest_patch_release_ver.bump_major() + if maturity == "ga": pkg_data["registry_data"]["version"] = str(latest_patch_release_ver.bump_patch()) pkg_data["registry_data"]["release"] = maturity @@ -193,8 +202,6 @@ def bump_versions(major_release: bool, minor_release: bool, patch_release: bool, click.echo(f"Package Kibana version: {pkg_data['registry_data']['conditions']['kibana.version']}") click.echo(f"Package version: {pkg_data['registry_data']['version']}") - # we only save major and minor version bumps - # patch version bumps are OOB packages and thus we keep the base versioning save_etc_dump({"package": pkg_data}, "packages.yml")