[Bug] Fix release-* Github Workflows and Review integrations-pr command (#2605)

* testing order of operations in workflow

* reverted testing order; adjusting secrets token

* adjusting secrets token

* changing checkout to v3

* removed token for testing workflow

* changed repo reference

* changing secret token

* reverting token changes

* removing master reference

* adjusted elastic-package installation

* changed path of integrations during install

* added integrations fetch run commands

* changed target branch to main, setup latest go

* changed token back to protections machine

* trying different secret for integrations PR creation

* created testing token for permission errors

* adjusted 'bump-pkg-versions' so minors are bumped if no previous pkg

* added bumping package versions as a step

* updated actions/upload-artifact to v3

* removed inaccurate comments; removed release-kibana workflow

* adjusted sequence of steps to bump packge version before build

* added a bump to major if it does not match packages.yml

.github/workflows/release-fleet.yml

@@ -9,10 +9,13 @@ on:
       target_branch:
         description: 'Target branch for PR base'
         required: true
-        default: 'master'
+        default: 'main'
       draft:
         description: 'Create a PR as draft (y/n)'
         required: false
+      package_maturity:
+        description: 'Package Maturity (ga/beta)'
+        required: true
 
 jobs:
   fleet-pr:
@@ -28,15 +31,14 @@ jobs:
             }
 
       - name: Checkout detection-rules
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           path: detection-rules
 
       - name: Checkout elastic/integrations
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
-          token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }}
-          ref: ${{github.event.inputs.target_branch}}
+          token: ${{ secrets.READ_WRITE_RELEASE_FLEET }}
           repository: ${{github.event.inputs.target_repo}}
           path: integrations
 
@@ -51,6 +53,15 @@ jobs:
           python -m pip install --upgrade pip
           pip install .[dev]
 
+      - name: Bump prebuilt rules package version
+        env:
+          PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}"
+        run: |
+          cd detection-rules
+          python -m detection_rules dev bump-pkg-versions \
+            --patch-release                               \
+            --maturity $PACKAGE_MATURITY
+
       - name: Build release package
         run: |
           cd detection-rules
@@ -62,13 +73,14 @@ jobs:
           git config --global user.name "protectionsmachine"
 
       - name: Setup go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
-          go-version: '^1.16.0'
+          go-version: '^1.20.1'
+          check-latest: true
 
       - name: Build elastic-package
         run: |
-          go get github.com/elastic/elastic-package
+          go install github.com/elastic/elastic-package@latest
 
       - name: Create the PR to Integrations
         env:
@@ -76,7 +88,7 @@ jobs:
           TARGET_REPO: "${{github.event.inputs.target_repo}}"
           TARGET_BRANCH: "${{github.event.inputs.target_branch}}"
           LOCAL_REPO: "../integrations"
-          GITHUB_TOKEN: "${{ secrets.PROTECTIONS_MACHINE_TOKEN }}"
+          GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}"
         run: |
           cd detection-rules
           python -m detection_rules dev integrations-pr \
@@ -87,7 +99,7 @@ jobs:
             $DRAFT_ARGS
 
       - name: Archive production artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: release-files
           path: |

.github/workflows/release-kibana.yml

@@ -1,71 +0,0 @@
-name: release-kibana
-on:
-  workflow_dispatch:
-    inputs:
-      kibana_branch:
-        description: 'Target branch for a Kibana PR'
-        required: true
-        default: 'master'
-      labels:
-        description: 'Labels to assign to the PR (comma-separated)'
-        required: true
-        default: 'release_note:skip,release_note:enhancement,auto-backport'
-      draft:
-        description: 'Create a PR as draft (y/n)'
-        required: false
-
-jobs:
-  kibana-pr:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout detection-rules
-        uses: actions/checkout@v2
-        with:
-          path: detection-rules
-
-      - name: Checkout Kibana
-        uses: actions/checkout@v2
-        with:
-          token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }}
-          ref: ${{github.event.inputs.kibana_branch}}
-          repository: elastic/kibana
-          path: kibana
-
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v2
-        with:
-          python-version: 3.8
-
-      - name: Install dependencies
-        run: |
-          cd detection-rules
-          python -m pip install --upgrade pip
-          pip install .[dev]
-
-      - name: Build release package
-        run: |
-          cd detection-rules
-          python -m detection_rules dev build-release
-
-      - name: Set github config
-        run: |
-          git config --global user.email "72879786+protectionsmachine@users.noreply.github.com"
-          git config --global user.name "protectionsmachine"
-
-      - name: Create the PR to Kibana
-        env:
-          DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}"
-          LABEL_ARGS: "--label ${{github.event.inputs.labels}}"
-          BRANCH_ARGS: "--base-branch ${{github.event.inputs.kibana_branch}}"
-          GITHUB_TOKEN: "${{ secrets.PROTECTIONS_MACHINE_TOKEN }}"
-        run: |
-          cd detection-rules
-          python -m detection_rules dev kibana-pr --assign ${{github.actor}} $LABEL_ARGS $DRAFT_ARGS $BRANCH_ARGS
-
-      - name: Archive production artifacts for branch builds
-        uses: actions/upload-artifact@v2
-        with:
-          name: release-files
-          path: |
-            detection-rules/releases