Terrance DeJesus
190 lines
5.7 KiB
YAML
190 lines
5.7 KiB
YAML
name: release-fleet
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
target_repo:
|
|
description: 'Target repository to build a PR against'
|
|
required: true
|
|
default: 'elastic/integrations'
|
|
target_branch:
|
|
description: 'Target branch for PR base'
|
|
required: true
|
|
default: 'main'
|
|
draft:
|
|
type: choice
|
|
description: 'Create a PR as draft'
|
|
required: false
|
|
options:
|
|
- "yes"
|
|
- "no"
|
|
package_maturity:
|
|
type: choice
|
|
description: 'Package Maturity'
|
|
required: true
|
|
options:
|
|
- "ga"
|
|
- "beta"
|
|
new_package:
|
|
type: choice
|
|
description: 'New Package'
|
|
required: true
|
|
options:
|
|
- "true"
|
|
- "false"
|
|
add_historical:
|
|
type: choice
|
|
description: 'Add Historical Rules'
|
|
required: true
|
|
options:
|
|
- "yes"
|
|
- "no"
|
|
commit_hash:
|
|
description: 'Commit hash'
|
|
required: true
|
|
|
|
jobs:
|
|
check-commit:
|
|
name: Check Commit Hash
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
is_locked_commit: ${{ steps.check_commit.outputs.check_message }}
|
|
steps:
|
|
- name: Checkout detection-rules
|
|
uses: actions/checkout@v3
|
|
with:
|
|
path: detection-rules
|
|
fetch-depth: 0
|
|
|
|
- name: Check commit message
|
|
id: check_commit
|
|
env:
|
|
COMMIT_HASH: "${{github.event.inputs.commit_hash}}"
|
|
run: |
|
|
cd detection-rules
|
|
COMMIT_MESSAGE=$(git show -s --format=%B $COMMIT_HASH | grep "Lock versions for releases" || true)
|
|
if [ -z "$COMMIT_MESSAGE" ]; then
|
|
echo "::set-output name=check_message::false"
|
|
else
|
|
echo "::set-output name=check_message::true"
|
|
fi
|
|
shell: bash
|
|
|
|
fleet-pr:
|
|
name: Fleet PR
|
|
needs: check-commit
|
|
if: needs.check-commit.outputs.is_locked_commit == 'true'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Validate the source branch
|
|
uses: actions/github-script@v3
|
|
with:
|
|
script: |
|
|
if ('refs/heads/main' === '${{github.ref}}') {
|
|
core.setFailed('Forbidden branch')
|
|
}
|
|
|
|
- name: Checkout detection-rules
|
|
uses: actions/checkout@v3
|
|
with:
|
|
path: detection-rules
|
|
fetch-depth: 0
|
|
|
|
- name: Checkout elastic/integrations
|
|
uses: actions/checkout@v3
|
|
with:
|
|
token: ${{ secrets.READ_WRITE_RELEASE_FLEET }}
|
|
repository: ${{github.event.inputs.target_repo}}
|
|
path: integrations
|
|
|
|
- name: Set up Python 3.8
|
|
uses: actions/setup-python@v2
|
|
with:
|
|
python-version: 3.8
|
|
|
|
- name: Install Python dependencies
|
|
run: |
|
|
cd detection-rules
|
|
python -m pip install --upgrade pip
|
|
pip cache purge
|
|
pip install .[dev]
|
|
|
|
- name: Checkout commit hash
|
|
env:
|
|
COMMIT_HASH: ${{github.event.inputs.commit_hash}}
|
|
run: |
|
|
cd detection-rules
|
|
git checkout $COMMIT_HASH
|
|
|
|
- name: Bump prebuilt rules package version
|
|
env:
|
|
PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}"
|
|
NEW_PACKAGE: "${{github.event.inputs.new_package}}"
|
|
run: |
|
|
cd detection-rules
|
|
python -m detection_rules dev bump-pkg-versions \
|
|
--patch-release \
|
|
--new-package $NEW_PACKAGE \
|
|
--maturity $PACKAGE_MATURITY
|
|
|
|
- name: Store release tag
|
|
if: ${{github.event.inputs.package_maturity}} == "ga"
|
|
id: packages-version
|
|
run: |
|
|
cd detection-rules
|
|
output=$(cat detection_rules/etc/packages.yml | grep -oP '(?<=\sversion: )\S+')
|
|
echo "::set-output name=pkg_version::$output"
|
|
|
|
- name: Create release tag
|
|
if: ${{github.event.inputs.package_maturity}} == "ga"
|
|
env:
|
|
RELEASE_TAG: "integration-v${{ steps.packages-version.outputs.pkg_version }}"
|
|
run: |
|
|
cd detection-rules
|
|
git tag $RELEASE_TAG
|
|
git push origin $RELEASE_TAG
|
|
|
|
- name: Build release package
|
|
env:
|
|
HISTORICAL: "${{github.event.inputs.add_historical}}"
|
|
run: |
|
|
cd detection-rules
|
|
python -m detection_rules dev build-release --add-historical $HISTORICAL
|
|
|
|
- name: Set github config
|
|
run: |
|
|
git config --global user.email "72879786+protectionsmachine@users.noreply.github.com"
|
|
git config --global user.name "protectionsmachine"
|
|
|
|
- name: Setup go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: '^1.20.1'
|
|
check-latest: true
|
|
|
|
- name: Build elastic-package
|
|
run: |
|
|
go install github.com/elastic/elastic-package@latest
|
|
|
|
- name: Create the PR to Integrations
|
|
env:
|
|
DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}"
|
|
TARGET_REPO: "${{github.event.inputs.target_repo}}"
|
|
TARGET_BRANCH: "${{github.event.inputs.target_branch}}"
|
|
LOCAL_REPO: "../integrations"
|
|
GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}"
|
|
run: |
|
|
cd detection-rules
|
|
python -m detection_rules dev integrations-pr \
|
|
$LOCAL_REPO \
|
|
--github-repo $TARGET_REPO \
|
|
--base-branch $TARGET_BRANCH \
|
|
--assign ${{github.actor}} \
|
|
$DRAFT_ARGS
|
|
|
|
- name: Archive production artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: release-files
|
|
path: |
|
|
detection-rules/releases
|