From c6f1c90c2f2c1208cdf300c201d0a681c128a8a6 Mon Sep 17 00:00:00 2001 From: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com> Date: Mon, 27 Oct 2025 21:05:16 +0530 Subject: [PATCH] Update Release Fleet and Lock versions to use ESQL Remote Validation (#5245) --- .github/workflows/lock-versions.yml | 56 +++++++++++++++++++++++++++++ .github/workflows/release-fleet.yml | 50 ++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) diff --git a/.github/workflows/lock-versions.yml b/.github/workflows/lock-versions.yml index d470b3886..a0b673644 100644 --- a/.github/workflows/lock-versions.yml +++ b/.github/workflows/lock-versions.yml @@ -37,7 +37,57 @@ jobs: pip cache purge pip install .[dev] + - name: Check out container repository + env: + DR_CLOUD_ID: ${{ secrets.dr_cloud_id }} + DR_API_KEY: ${{ secrets.dr_api_key }} + if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }} + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + with: + path: elastic-container + repository: peasead/elastic-container + + - name: Build and run containers + env: + DR_CLOUD_ID: ${{ secrets.dr_cloud_id }} + DR_API_KEY: ${{ secrets.dr_api_key }} + if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }} + run: | + cd elastic-container + GENERATED_PASSWORD=$(openssl rand -base64 16) + sed -i "s|changeme|$GENERATED_PASSWORD|" .env + echo "::add-mask::$GENERATED_PASSWORD" + echo "GENERATED_PASSWORD=$GENERATED_PASSWORD" >> $GITHUB_ENV + set -x + bash elastic-container.sh start + + - name: Get API Key and setup auth + env: + DR_CLOUD_ID: ${{ secrets.dr_cloud_id }} + DR_API_KEY: ${{ secrets.dr_api_key }} + DR_ELASTICSEARCH_URL: "https://localhost:9200" + ES_USER: "elastic" + ES_PASSWORD: ${{ env.GENERATED_PASSWORD }} + if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }} + run: | + cd detection-rules + response=$(curl -k -X POST -u "$ES_USER:$ES_PASSWORD" -H "Content-Type: application/json" -d '{ + "name": "tmp-api-key", + "expiration": "1d" + }' "$DR_ELASTICSEARCH_URL/_security/api_key") + + DR_API_KEY=$(echo "$response" | jq -r '.encoded') + echo "::add-mask::$DR_API_KEY" + echo "DR_API_KEY=$DR_API_KEY" >> $GITHUB_ENV + - name: Build release package with navigator files + env: + DR_REMOTE_ESQL_VALIDATION: "true" + DR_CLOUD_ID: ${{ secrets.dr_cloud_id || '' }} + DR_KIBANA_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:5601' || '' }} + DR_ELASTICSEARCH_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:9200' || '' }} + DR_API_KEY: ${{ secrets.dr_api_key || env.DR_API_KEY }} + DR_IGNORE_SSL_ERRORS: ${{ secrets.dr_cloud_id == '' && 'true' || '' }} run: | python -m detection_rules dev build-release --generate-navigator @@ -56,6 +106,12 @@ jobs: - name: Lock the versions env: BRANCHES: "${{github.event.inputs.branches}}" + DR_REMOTE_ESQL_VALIDATION: "true" + DR_CLOUD_ID: ${{ secrets.dr_cloud_id || '' }} + DR_KIBANA_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:5601' || '' }} + DR_ELASTICSEARCH_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:9200' || '' }} + DR_API_KEY: ${{ secrets.dr_api_key || env.DR_API_KEY }} + DR_IGNORE_SSL_ERRORS: ${{ secrets.dr_cloud_id == '' && 'true' || '' }} run: | ./detection_rules/etc/lock-multiple.sh $BRANCHES git add detection_rules/etc/version.lock.json diff --git a/.github/workflows/release-fleet.yml b/.github/workflows/release-fleet.yml index 48f5ba21b..3e29afcb1 100644 --- a/.github/workflows/release-fleet.yml +++ b/.github/workflows/release-fleet.yml @@ -112,7 +112,57 @@ jobs: git tag $RELEASE_TAG git push origin $RELEASE_TAG + - name: Check out container repository + env: + DR_CLOUD_ID: ${{ secrets.dr_cloud_id }} + DR_API_KEY: ${{ secrets.dr_api_key }} + if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }} + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + with: + path: elastic-container + repository: peasead/elastic-container + + - name: Build and run containers + env: + DR_CLOUD_ID: ${{ secrets.dr_cloud_id }} + DR_API_KEY: ${{ secrets.dr_api_key }} + if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }} + run: | + cd elastic-container + GENERATED_PASSWORD=$(openssl rand -base64 16) + sed -i "s|changeme|$GENERATED_PASSWORD|" .env + echo "::add-mask::$GENERATED_PASSWORD" + echo "GENERATED_PASSWORD=$GENERATED_PASSWORD" >> $GITHUB_ENV + set -x + bash elastic-container.sh start + + - name: Get API Key and setup auth + env: + DR_CLOUD_ID: ${{ secrets.dr_cloud_id }} + DR_API_KEY: ${{ secrets.dr_api_key }} + DR_ELASTICSEARCH_URL: "https://localhost:9200" + ES_USER: "elastic" + ES_PASSWORD: ${{ env.GENERATED_PASSWORD }} + if: ${{ !env.DR_CLOUD_ID && !env.DR_API_KEY }} + run: | + cd detection-rules + response=$(curl -k -X POST -u "$ES_USER:$ES_PASSWORD" -H "Content-Type: application/json" -d '{ + "name": "tmp-api-key", + "expiration": "1d" + }' "$DR_ELASTICSEARCH_URL/_security/api_key") + + DR_API_KEY=$(echo "$response" | jq -r '.encoded') + echo "::add-mask::$DR_API_KEY" + echo "DR_API_KEY=$DR_API_KEY" >> $GITHUB_ENV + - name: Build release package + env: + DR_REMOTE_ESQL_VALIDATION: "true" + DR_CLOUD_ID: ${{ secrets.dr_cloud_id || '' }} + DR_KIBANA_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:5601' || '' }} + DR_ELASTICSEARCH_URL: ${{ secrets.dr_cloud_id == '' && 'https://localhost:9200' || '' }} + DR_API_KEY: ${{ secrets.dr_api_key || env.DR_API_KEY }} + DR_IGNORE_SSL_ERRORS: ${{ secrets.dr_cloud_id == '' && 'true' || '' }} run: | cd detection-rules python -m detection_rules dev build-release