-
Notifications
You must be signed in to change notification settings - Fork 505
156 lines (141 loc) · 5.04 KB
/
release-fleet.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
name: Release Fleet
on:
workflow_dispatch:
inputs:
target_repo:
description: 'Target repository to build a PR against'
required: true
default: 'elastic/integrations'
target_branch:
description: 'Target branch for PR base'
required: true
default: 'main'
draft:
type: choice
description: 'Create a PR as draft'
required: false
options:
- "yes"
- "no"
package_maturity:
type: choice
description: 'Package Maturity'
required: true
options:
- "ga"
- "beta"
new_package:
type: choice
description: 'New Package'
required: true
default: "true"
options:
- "true"
- "false"
jobs:
fleet-pr:
name: Build package and create PR to integrations
runs-on: ubuntu-latest
steps:
- name: Validate the source branch
uses: actions/github-script@v3
with:
script: |
if ('refs/heads/main' === '${{github.ref}}') {
core.setFailed('Forbidden branch')
}
- name: Checkout detection-rules
uses: actions/checkout@v3
with:
path: detection-rules
fetch-depth: 0
- name: Extract version lock commit hash
run: |
cd detection-rules
COMMIT_HASH=$(git log --grep='Lock versions for releases' -1 --format='%H')
echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV
echo "Extracted commit hash: $COMMIT_HASH"
- name: Checkout commit hash
run: |
cd detection-rules
echo "Current branch is $GITHUB_REF"
echo "Checking out commit hash $COMMIT_HASH"
git checkout $COMMIT_HASH
- name: Checkout elastic/integrations
uses: actions/checkout@v3
with:
token: ${{ secrets.READ_WRITE_RELEASE_FLEET }}
repository: ${{github.event.inputs.target_repo}}
path: integrations
fetch-depth: 0
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install Python dependencies
run: |
cd detection-rules
python -m pip install --upgrade pip
pip cache purge
pip install .[dev]
- name: Bump prebuilt rules package version
env:
PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}"
NEW_PACKAGE: "${{github.event.inputs.new_package}}"
run: |
cd detection-rules
python -m detection_rules dev bump-pkg-versions \
--patch-release \
--new-package $NEW_PACKAGE \
--maturity $PACKAGE_MATURITY
- name: Store release tag
if: github.event.inputs.package_maturity == 'ga'
run: |
cd detection-rules
output=$(cat detection_rules/etc/packages.yaml | grep -oP '(?<=\sversion: )\S+')
echo "pkg_version=$output" >> $GITHUB_ENV
- name: Create release tag
if: github.event.inputs.package_maturity == 'ga'
run: |
cd detection-rules
RELEASE_TAG="integration-v${{ env.pkg_version }}"
echo "Creating release tag: $RELEASE_TAG"
git tag $RELEASE_TAG
git push origin $RELEASE_TAG
- name: Build release package
run: |
cd detection-rules
python -m detection_rules dev build-release
- name: Set github config
run: |
git config --global user.email "[email protected]"
git config --global user.name "protectionsmachine"
- name: Setup go
uses: actions/setup-go@v3
with:
go-version: '^1.20.1'
check-latest: true
- name: Build elastic-package
run: |
go install github.com/elastic/elastic-package@latest
- name: Create the PR to Integrations
env:
DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}"
TARGET_REPO: "${{github.event.inputs.target_repo}}"
TARGET_BRANCH: "${{github.event.inputs.target_branch}}"
LOCAL_REPO: "../integrations"
GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}"
run: |
cd detection-rules
python -m detection_rules dev integrations-pr \
$LOCAL_REPO \
--github-repo $TARGET_REPO \
--base-branch $TARGET_BRANCH \
--assign ${{github.actor}} \
$DRAFT_ARGS
- name: Archive production artifacts
uses: actions/upload-artifact@v4
with:
name: release-files
path: |
detection-rules/releases