From d1e9247bd40522f9e71014997fdd2018bd14d8d2 Mon Sep 17 00:00:00 2001
From: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Date: Mon, 9 Jun 2025 19:20:35 +0530
Subject: [PATCH] Add update ATT&CK coverage step in lock versions (#4772)

---
 .github/workflows/lock-versions.yml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/lock-versions.yml b/.github/workflows/lock-versions.yml
index 3f546f622..6547292b9 100644
--- a/.github/workflows/lock-versions.yml
+++ b/.github/workflows/lock-versions.yml
@@ -37,15 +37,22 @@ jobs:
           pip cache purge
           pip install .[dev]
 
-      - name: Build release package
+      - name: Build release package with navigator files
         run: |
-          python -m detection_rules dev build-release
+          python -m detection_rules dev build-release --generate-navigator
 
       - name: Set github config
         run: |
           git config --global user.email "72879786+protectionsmachine@users.noreply.github.com"
           git config --global user.name "protectionsmachine"
 
+      - name: Update navigator gist files and docs-dev/ATT&CK-coverage.md file.
+        env:
+          GITHUB_TOKEN: "${{ secrets.WRITE_TRADEBOT_GIST_TOKEN }}"
+        run: |
+         python -m detection_rules dev update-navigator-gists --update-coverage
+         git add docs-dev/"ATT\&CK-coverage.md"
+      
       - name: Lock the versions
         env:
           BRANCHES: "${{github.event.inputs.branches}}"
@@ -65,7 +72,8 @@ jobs:
           title: 'Lock versions for releases: ${{github.event.inputs.branches}}'
           body: |
             Lock versions for releases: ${{github.event.inputs.branches}}.
-
+            Update ATT&CK coverage URL(s) in docs-dev/ATT&CK-coverage.md
+            
             - Autogenerated from job `lock-versions: pr`.
           labels: "backport: auto"