Skip to content

Release Fleet

Release Fleet #356

Workflow file for this run

name: Release Fleet
on:
workflow_dispatch:
inputs:
target_repo:
description: 'Target repository to build a PR against'
required: true
default: 'elastic/integrations'
target_branch:
description: 'Target branch for PR base'
required: true
default: 'main'
draft:
type: choice
description: 'Create a PR as draft'
required: false
options:
- "yes"
- "no"
package_maturity:
type: choice
description: 'Package Maturity'
required: true
options:
- "ga"
- "beta"
new_package:
type: choice
description: 'New Package'
required: true
default: "true"
options:
- "true"
- "false"
jobs:
fleet-pr:
name: Build package and create PR to integrations
runs-on: ubuntu-latest
steps:
- name: Validate the source branch
uses: actions/github-script@v3
with:
script: |
if ('refs/heads/main' === '${{github.ref}}') {
core.setFailed('Forbidden branch')
}
- name: Checkout detection-rules
uses: actions/checkout@v3
with:
path: detection-rules
fetch-depth: 0
- name: Extract version lock commit hash
run: |
cd detection-rules
COMMIT_HASH=$(git log --grep='Lock versions for releases' -1 --format='%H')
echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV
echo "Extracted commit hash: $COMMIT_HASH"
- name: Checkout commit hash
run: |
cd detection-rules
echo "Current branch is $GITHUB_REF"
echo "Checking out commit hash $COMMIT_HASH"
git checkout $COMMIT_HASH
- name: Checkout elastic/integrations
uses: actions/checkout@v3
with:
token: ${{ secrets.READ_WRITE_RELEASE_FLEET }}
repository: ${{github.event.inputs.target_repo}}
path: integrations
fetch-depth: 0
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Python dependencies
run: |
cd detection-rules
python -m pip install --upgrade pip
pip cache purge
pip install .[dev]
- name: Bump prebuilt rules package version
env:
PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}"
NEW_PACKAGE: "${{github.event.inputs.new_package}}"
run: |
cd detection-rules
python -m detection_rules dev bump-pkg-versions \
--patch-release \
--new-package $NEW_PACKAGE \
--maturity $PACKAGE_MATURITY
- name: Store release tag
if: github.event.inputs.package_maturity == 'ga'
run: |
cd detection-rules
output=$(cat detection_rules/etc/packages.yaml | grep -oP '(?<=\sversion: )\S+')
echo "pkg_version=$output" >> $GITHUB_ENV
- name: Create release tag
if: github.event.inputs.package_maturity == 'ga'
run: |
cd detection-rules
RELEASE_TAG="integration-v${{ env.pkg_version }}"
echo "Creating release tag: $RELEASE_TAG"
git tag $RELEASE_TAG
git push origin $RELEASE_TAG
- name: Build release package
run: |
cd detection-rules
python -m detection_rules dev build-release
- name: Set github config
run: |
git config --global user.email "[email protected]"
git config --global user.name "protectionsmachine"
- name: Setup go
uses: actions/setup-go@v3
with:
go-version: '^1.20.1'
check-latest: true
- name: Build elastic-package
run: |
go install github.com/elastic/elastic-package@latest
- name: Create the PR to Integrations
env:
DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}"
TARGET_REPO: "${{github.event.inputs.target_repo}}"
TARGET_BRANCH: "${{github.event.inputs.target_branch}}"
LOCAL_REPO: "../integrations"
GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}"
run: |
cd detection-rules
python -m detection_rules dev integrations-pr \
$LOCAL_REPO \
--github-repo $TARGET_REPO \
--base-branch $TARGET_BRANCH \
--assign ${{github.actor}} \
$DRAFT_ARGS
- name: Archive production artifacts
uses: actions/upload-artifact@v4
with:
name: release-files
path: |
detection-rules/releases