name: lock-versions on: workflow_dispatch: inputs: branches: description: 'List of branches to lock versions (ordered, comma separated)' required: true # 7.17 was intentionally skipped because it was added late and was bug fix only default: '8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11,8.12' jobs: pr: runs-on: ubuntu-latest steps: - name: Validate the source branch uses: actions/github-script@v3 with: script: | if ('refs/heads/main' !== '${{github.event.ref}}') { core.setFailed('Forbidden branch, expected "main"') } - name: Checkout detection-rules uses: actions/checkout@v2 with: fetch-depth: 0 - name: Set up Python 3.8 uses: actions/setup-python@v2 with: python-version: 3.8 - name: Install dependencies run: | python -m pip install --upgrade pip pip cache purge pip install .[dev] - name: Build release package run: | python -m detection_rules dev build-release - name: Set github config run: | git config --global user.email "72879786+protectionsmachine@users.noreply.github.com" git config --global user.name "protectionsmachine" - name: Lock the versions env: BRANCHES: "${{github.event.inputs.branches}}" run: | ./detection_rules/etc/lock-multiple.sh $BRANCHES git add detection_rules/etc/version.lock.json - name: Create Pull Request uses: peter-evans/create-pull-request@v3 with: assignees: '${{github.actor}}' delete-branch: true branch: "version-lock" commit-message: "Locked versions for releases: ${{github.event.inputs.branches}}" branch-suffix: "short-commit-hash" title: 'Lock versions for releases: ${{github.event.inputs.branches}}' body: | Lock versions for releases: ${{github.event.inputs.branches}}. - Autogenerated from job `lock-versions: pr`. labels: "backport: auto" - name: Archive production artifacts uses: actions/upload-artifact@v2 with: name: release-files path: | releases