name: release-fleet on: workflow_dispatch: inputs: target_repo: description: 'Target repository to build a PR against' required: true default: 'elastic/integrations' target_branch: description: 'Target branch for PR base' required: true default: 'main' draft: type: choice description: 'Create a PR as draft' required: false options: - "yes" - "no" package_maturity: type: choice description: 'Package Maturity' required: true options: - "ga" - "beta" new_package: type: choice description: 'New Package' required: true default: "true" options: - "true" - "false" jobs: fleet-pr: name: Build package and create PR to integrations runs-on: ubuntu-latest steps: - name: Validate the source branch uses: actions/github-script@v3 with: script: | if ('refs/heads/main' === '${{github.ref}}') { core.setFailed('Forbidden branch') } - name: Checkout detection-rules uses: actions/checkout@v3 with: path: detection-rules fetch-depth: 0 - name: Extract version lock commit hash run: | cd detection-rules COMMIT_HASH=$(git log --grep='Lock versions for releases' -1 --format='%H') echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV echo "Extracted commit hash: $COMMIT_HASH" - name: Checkout commit hash run: | cd detection-rules echo "Current branch is $GITHUB_REF" echo "Checking out commit hash $COMMIT_HASH" git checkout $COMMIT_HASH - name: Checkout elastic/integrations uses: actions/checkout@v3 with: token: ${{ secrets.READ_WRITE_RELEASE_FLEET }} repository: ${{github.event.inputs.target_repo}} path: integrations - name: Set up Python 3.8 uses: actions/setup-python@v2 with: python-version: 3.8 - name: Install Python dependencies run: | cd detection-rules python -m pip install --upgrade pip pip cache purge pip install .[dev] - name: Bump prebuilt rules package version env: PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}" NEW_PACKAGE: "${{github.event.inputs.new_package}}" run: | cd detection-rules python -m detection_rules dev bump-pkg-versions \ --patch-release \ --new-package $NEW_PACKAGE \ --maturity $PACKAGE_MATURITY - name: Store release tag if: github.event.inputs.package_maturity == 'ga' run: | cd detection-rules output=$(cat detection_rules/etc/packages.yml | grep -oP '(?<=\sversion: )\S+') echo "pkg_version=$output" >> $GITHUB_ENV - name: Create release tag if: github.event.inputs.package_maturity == 'ga' run: | cd detection-rules RELEASE_TAG="integration-v${{ env.pkg_version }}" echo "Creating release tag: $RELEASE_TAG" git tag $RELEASE_TAG git push origin $RELEASE_TAG - name: Build release package run: | cd detection-rules python -m detection_rules dev build-release - name: Set github config run: | git config --global user.email "72879786+protectionsmachine@users.noreply.github.com" git config --global user.name "protectionsmachine" - name: Setup go uses: actions/setup-go@v3 with: go-version: '^1.20.1' check-latest: true - name: Build elastic-package run: | go install github.com/elastic/elastic-package@latest - name: Create the PR to Integrations env: DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}" TARGET_REPO: "${{github.event.inputs.target_repo}}" TARGET_BRANCH: "${{github.event.inputs.target_branch}}" LOCAL_REPO: "../integrations" GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}" run: | cd detection-rules python -m detection_rules dev integrations-pr \ $LOCAL_REPO \ --github-repo $TARGET_REPO \ --base-branch $TARGET_BRANCH \ --assign ${{github.actor}} \ $DRAFT_ARGS - name: Archive production artifacts uses: actions/upload-artifact@v3 with: name: release-files path: | detection-rules/releases