Terrance DeJesus
35b1a69ff5
* prepping for 8.4 branch * adjusted schemas init file * adjusted target matrix to only backport to 7.16, updated api schemas * adjusted the lock-versions workflow to account for 7.16 and up support only * Add test for version lock to schema map correlation * decouple from static 7.13 references * keep patch version for lock * Update detection_rules/etc/packages.yml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com> Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
76 lines
2.3 KiB
YAML
76 lines
2.3 KiB
YAML
name: lock-versions
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
branches:
|
|
description: 'List of branches to lock versions (ordered, comma separated)'
|
|
required: true
|
|
# 7.17 was intentionally skipped because it was added late and was bug fix only
|
|
default: '7.16,8.0,8.1,8.2,8.3'
|
|
|
|
jobs:
|
|
pr:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Validate the source branch
|
|
uses: actions/github-script@v3
|
|
with:
|
|
script: |
|
|
if ('refs/heads/main' !== '${{github.event.ref}}') {
|
|
core.setFailed('Forbidden branch, expected "main"')
|
|
}
|
|
|
|
- name: Checkout detection-rules
|
|
uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Python 3.8
|
|
uses: actions/setup-python@v2
|
|
with:
|
|
python-version: 3.8
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -r requirements.txt -r requirements-dev.txt
|
|
|
|
- name: Build release package
|
|
run: |
|
|
python -m detection_rules dev build-release
|
|
|
|
- name: Set github config
|
|
run: |
|
|
git config --global user.email "72879786+protectionsmachine@users.noreply.github.com"
|
|
git config --global user.name "protectionsmachine"
|
|
|
|
- name: Lock the versions
|
|
env:
|
|
BRANCHES: "${{github.event.inputs.branches}}"
|
|
run: |
|
|
./detection_rules/etc/lock-multiple.sh $BRANCHES
|
|
git add detection_rules/etc/version.lock.json
|
|
|
|
- name: Create Pull Request
|
|
uses: peter-evans/create-pull-request@v3
|
|
with:
|
|
assignees: '${{github.actor}}'
|
|
delete-branch: true
|
|
branch: "version-lock"
|
|
commit-message: "Locked versions for releases: ${{github.event.inputs.branches}}"
|
|
branch-suffix: "short-commit-hash"
|
|
title: 'Lock versions for releases: ${{github.event.inputs.branches}}'
|
|
body: |
|
|
Lock versions for releases: ${{github.event.inputs.branches}}.
|
|
|
|
- Autogenerated from job `lock-versions: pr`.
|
|
labels: "backport: auto"
|
|
|
|
- name: Archive production artifacts
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: release-files
|
|
path: |
|
|
releases
|