Eric Forte
639d748ec2
* Add check-version-lock dev command * Bump the version * Add Check Double Bumps to lock-versions workflow * Replace return with ctx aware exit * Bump Version * Update Double Bump Modulo calculation * Update if formatting * Undo formatting typo * Add logic to process the local file * Update for descriptiveness * Allow double bump branch for testing * Pass github token * Re-restrict to main * Patch version bump * Add comment if no double bumps found * Bump Version
89 lines
2.7 KiB
YAML
89 lines
2.7 KiB
YAML
name: lock-versions
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
branches:
|
|
description: 'List of branches to lock versions (ordered, comma separated)'
|
|
required: true
|
|
# 7.17 was intentionally skipped because it was added late and was bug fix only
|
|
default: '8.14,8.15,8.16,8.17,8.18,9.0'
|
|
|
|
jobs:
|
|
pr:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Validate the source branch
|
|
uses: actions/github-script@v3
|
|
with:
|
|
script: |
|
|
if ('refs/heads/main' !== '${{github.event.ref}}') {
|
|
core.setFailed('Forbidden branch, expected "main"')
|
|
}
|
|
|
|
- name: Checkout detection-rules
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Python 3.12
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: '3.12'
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip cache purge
|
|
pip install .[dev]
|
|
|
|
- name: Build release package
|
|
run: |
|
|
python -m detection_rules dev build-release
|
|
|
|
- name: Set github config
|
|
run: |
|
|
git config --global user.email "72879786+protectionsmachine@users.noreply.github.com"
|
|
git config --global user.name "protectionsmachine"
|
|
|
|
- name: Lock the versions
|
|
env:
|
|
BRANCHES: "${{github.event.inputs.branches}}"
|
|
run: |
|
|
./detection_rules/etc/lock-multiple.sh $BRANCHES
|
|
git add detection_rules/etc/version.lock.json
|
|
|
|
- name: Create Pull Request
|
|
id: cpr
|
|
uses: peter-evans/create-pull-request@v3
|
|
with:
|
|
assignees: '${{github.actor}}'
|
|
delete-branch: true
|
|
branch: "version-lock"
|
|
commit-message: "Locked versions for releases: ${{github.event.inputs.branches}}"
|
|
branch-suffix: "short-commit-hash"
|
|
title: 'Lock versions for releases: ${{github.event.inputs.branches}}'
|
|
body: |
|
|
Lock versions for releases: ${{github.event.inputs.branches}}.
|
|
|
|
- Autogenerated from job `lock-versions: pr`.
|
|
labels: "backport: auto"
|
|
|
|
- name: Archive production artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: release-files
|
|
path: |
|
|
releases
|
|
|
|
- name: Check Double Bumps
|
|
id: check_double_bumps
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
python -m detection_rules dev check-version-lock --pr-number ${{ steps.cpr.outputs.pull-request-number }} --comment
|
|
if [[ $? -ne 0 ]]; then
|
|
echo "Double bumps detected, failing the job"
|
|
exit 1
|
|
fi
|