Terrance DeJesus
66a0cbb5de
* testing order of operations in workflow * reverted testing order; adjusting secrets token * adjusting secrets token * changing checkout to v3 * removed token for testing workflow * changed repo reference * changing secret token * reverting token changes * removing master reference * adjusted elastic-package installation * changed path of integrations during install * added integrations fetch run commands * changed target branch to main, setup latest go * changed token back to protections machine * trying different secret for integrations PR creation * created testing token for permission errors * adjusted 'bump-pkg-versions' so minors are bumped if no previous pkg * added bumping package versions as a step * updated actions/upload-artifact to v3 * removed inaccurate comments; removed release-kibana workflow * adjusted sequence of steps to bump packge version before build * added a bump to major if it does not match packages.yml
107 lines
3.2 KiB
YAML
107 lines
3.2 KiB
YAML
name: release-fleet
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
target_repo:
|
|
description: 'Target repository to build a PR against'
|
|
required: true
|
|
default: 'elastic/integrations'
|
|
target_branch:
|
|
description: 'Target branch for PR base'
|
|
required: true
|
|
default: 'main'
|
|
draft:
|
|
description: 'Create a PR as draft (y/n)'
|
|
required: false
|
|
package_maturity:
|
|
description: 'Package Maturity (ga/beta)'
|
|
required: true
|
|
|
|
jobs:
|
|
fleet-pr:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Validate the source branch
|
|
uses: actions/github-script@v3
|
|
with:
|
|
script: |
|
|
if ('refs/heads/main' === '${{github.ref}}') {
|
|
core.setFailed('Forbidden branch')
|
|
}
|
|
|
|
- name: Checkout detection-rules
|
|
uses: actions/checkout@v3
|
|
with:
|
|
path: detection-rules
|
|
|
|
- name: Checkout elastic/integrations
|
|
uses: actions/checkout@v3
|
|
with:
|
|
token: ${{ secrets.READ_WRITE_RELEASE_FLEET }}
|
|
repository: ${{github.event.inputs.target_repo}}
|
|
path: integrations
|
|
|
|
- name: Set up Python 3.8
|
|
uses: actions/setup-python@v2
|
|
with:
|
|
python-version: 3.8
|
|
|
|
- name: Install Python dependencies
|
|
run: |
|
|
cd detection-rules
|
|
python -m pip install --upgrade pip
|
|
pip install .[dev]
|
|
|
|
- name: Bump prebuilt rules package version
|
|
env:
|
|
PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}"
|
|
run: |
|
|
cd detection-rules
|
|
python -m detection_rules dev bump-pkg-versions \
|
|
--patch-release \
|
|
--maturity $PACKAGE_MATURITY
|
|
|
|
- name: Build release package
|
|
run: |
|
|
cd detection-rules
|
|
python -m detection_rules dev build-release
|
|
|
|
- name: Set github config
|
|
run: |
|
|
git config --global user.email "72879786+protectionsmachine@users.noreply.github.com"
|
|
git config --global user.name "protectionsmachine"
|
|
|
|
- name: Setup go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: '^1.20.1'
|
|
check-latest: true
|
|
|
|
- name: Build elastic-package
|
|
run: |
|
|
go install github.com/elastic/elastic-package@latest
|
|
|
|
- name: Create the PR to Integrations
|
|
env:
|
|
DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}"
|
|
TARGET_REPO: "${{github.event.inputs.target_repo}}"
|
|
TARGET_BRANCH: "${{github.event.inputs.target_branch}}"
|
|
LOCAL_REPO: "../integrations"
|
|
GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}"
|
|
run: |
|
|
cd detection-rules
|
|
python -m detection_rules dev integrations-pr \
|
|
$LOCAL_REPO \
|
|
--github-repo $TARGET_REPO \
|
|
--base-branch $TARGET_BRANCH \
|
|
--assign ${{github.actor}} \
|
|
$DRAFT_ARGS
|
|
|
|
- name: Archive production artifacts
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: release-files
|
|
path: |
|
|
detection-rules/releases
|