security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Release Fleet and Lock versions to use ESQL Remote Validation (#5245)

Browse Source
This commit is contained in:
shashank-elastic
2025-10-27 21:05:16 +05:30
committed by GitHub
parent 7604c20d9e
commit c6f1c90c2f
2 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/lock-versions.yml
+56
View File
@@ -37,7 +37,57 @@ jobs:
pip cache purge
pip install .[dev]
- name: Check out container repository
env:
DR_CLOUD_ID: ${{ secrets.dr_cloud_id }}
DR_API_KEY: ${{ secrets.dr_api_key }}
if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
with:
path: elastic-container
repository: peasead/elastic-container
- name: Build and run containers
env:
DR_CLOUD_ID: ${{ secrets.dr_cloud_id }}
DR_API_KEY: ${{ secrets.dr_api_key }}
if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }}
run: |
cd elastic-container
GENERATED_PASSWORD=$(openssl rand -base64 16)
sed -i "s|changeme|$GENERATED_PASSWORD|" .env
echo "::add-mask::$GENERATED_PASSWORD"
echo "GENERATED_PASSWORD=$GENERATED_PASSWORD" >> $GITHUB_ENV
set -x
bash elastic-container.sh start
- name: Get API Key and setup auth
env:
DR_CLOUD_ID: ${{ secrets.dr_cloud_id }}
DR_API_KEY: ${{ secrets.dr_api_key }}
DR_ELASTICSEARCH_URL: "https://localhost:9200"
ES_USER: "elastic"
ES_PASSWORD: ${{ env.GENERATED_PASSWORD }}
if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }}
run: |
cd detection-rules
response=$(curl -k -X POST -u "$ES_USER:$ES_PASSWORD" -H "Content-Type: application/json" -d '{
"name": "tmp-api-key",
"expiration": "1d"
}' "$DR_ELASTICSEARCH_URL/_security/api_key")
DR_API_KEY=$(echo "$response" | jq -r '.encoded')
echo "::add-mask::$DR_API_KEY"
echo "DR_API_KEY=$DR_API_KEY" >> $GITHUB_ENV
- name: Build release package with navigator files
env:
DR_REMOTE_ESQL_VALIDATION: "true"
DR_CLOUD_ID: ${{ secrets.dr_cloud_id || '' }}
DR_KIBANA_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:5601' || '' }}
DR_ELASTICSEARCH_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:9200' || '' }}
DR_API_KEY: ${{ secrets.dr_api_key || env.DR_API_KEY }}
DR_IGNORE_SSL_ERRORS: ${{ secrets.dr_cloud_id == '' && 'true' || '' }}
run: |
python -m detection_rules dev build-release --generate-navigator
@@ -56,6 +106,12 @@ jobs:
- name: Lock the versions
env:
BRANCHES: "${{github.event.inputs.branches}}"
DR_REMOTE_ESQL_VALIDATION: "true"
DR_CLOUD_ID: ${{ secrets.dr_cloud_id || '' }}
DR_KIBANA_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:5601' || '' }}
DR_ELASTICSEARCH_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:9200' || '' }}
DR_API_KEY: ${{ secrets.dr_api_key || env.DR_API_KEY }}
DR_IGNORE_SSL_ERRORS: ${{ secrets.dr_cloud_id == '' && 'true' || '' }}
run: |
./detection_rules/etc/lock-multiple.sh $BRANCHES
git add detection_rules/etc/version.lock.json
.github/workflows/release-fleet.yml
+50
View File
@@ -112,7 +112,57 @@ jobs:
git tag $RELEASE_TAG
git push origin $RELEASE_TAG
- name: Check out container repository
env:
DR_CLOUD_ID: ${{ secrets.dr_cloud_id }}
DR_API_KEY: ${{ secrets.dr_api_key }}
if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
with:
path: elastic-container
repository: peasead/elastic-container
- name: Build and run containers
env:
DR_CLOUD_ID: ${{ secrets.dr_cloud_id }}
DR_API_KEY: ${{ secrets.dr_api_key }}
if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }}
run: |
cd elastic-container
GENERATED_PASSWORD=$(openssl rand -base64 16)
sed -i "s|changeme|$GENERATED_PASSWORD|" .env
echo "::add-mask::$GENERATED_PASSWORD"
echo "GENERATED_PASSWORD=$GENERATED_PASSWORD" >> $GITHUB_ENV
set -x
bash elastic-container.sh start
- name: Get API Key and setup auth
env:
DR_CLOUD_ID: ${{ secrets.dr_cloud_id }}
DR_API_KEY: ${{ secrets.dr_api_key }}
DR_ELASTICSEARCH_URL: "https://localhost:9200"
ES_USER: "elastic"
ES_PASSWORD: ${{ env.GENERATED_PASSWORD }}
if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }}
run: |
cd detection-rules
response=$(curl -k -X POST -u "$ES_USER:$ES_PASSWORD" -H "Content-Type: application/json" -d '{
"name": "tmp-api-key",
"expiration": "1d"
}' "$DR_ELASTICSEARCH_URL/_security/api_key")
DR_API_KEY=$(echo "$response" | jq -r '.encoded')
echo "::add-mask::$DR_API_KEY"
echo "DR_API_KEY=$DR_API_KEY" >> $GITHUB_ENV
- name: Build release package
env:
DR_REMOTE_ESQL_VALIDATION: "true"
DR_CLOUD_ID: ${{ secrets.dr_cloud_id || '' }}
DR_KIBANA_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:5601' || '' }}
DR_ELASTICSEARCH_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:9200' || '' }}
DR_API_KEY: ${{ secrets.dr_api_key || env.DR_API_KEY }}
DR_IGNORE_SSL_ERRORS: ${{ secrets.dr_cloud_id == '' && 'true' || '' }}
run: |
cd detection-rules
python -m detection_rules dev build-release