MQL Mimic: Change to PR CI, detect changes #316
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: MQL Mimic Tests | |
on: | |
pull_request: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
trigger-via-zapier: | |
name: Trigger Test Run | |
runs-on: ubuntu-20.04 | |
permissions: | |
checks: write | |
pull-requests: read | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Get changed detection-rules | |
id: changed-files | |
uses: tj-actions/changed-files@v39 | |
with: | |
files: "detection-rules/**" | |
recover_deleted_files: true | |
- name: "Find updated rule IDs" | |
id: find_ids | |
run: | | |
altered_rule_ids="" | |
for file in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}; do | |
echo "$file was changed" | |
rule_id=$(yq '.id' $file) | |
# This means we won't see new flags. PR CI won't run on the auto commit that adds the rule ID, so we'd need | |
# to move this into rules_validate.yml. | |
[[ "$rule_id" = "null" ]] && echo "$file has no id yet" && continue | |
echo "$file has rule ID $rule_id" | |
altered_rule_ids=$(echo "altered_rule_ids"",""$rule_id") | |
done | |
echo "Altered Ruled IDs: $altered_rule_ids" | |
echo "##[set-output name=rule_ids;]$(echo $altered_rule_ids)" | |
# TODO: This doesn't solve for a modified rule_id. We could merge with any files known on 'main', but changing | |
# a rule ID is a separate problem. | |
- name: "Trigger MQL Mimic Tests" | |
env: | |
trigger_url: '${{ secrets.MQL_MOCK_TRIGGER }}' | |
branch: '${{ github.ref_name }}' | |
repo: '${{ github.repository }}' | |
token: '${{ secrets.GITHUB_TOKEN }}' | |
sha: '${{ github.sha }}' | |
only_rule_ids: '${{ steps.find_ids.outputs.rule_ids }}' | |
run: | | |
curl -X POST $trigger_url \ | |
-H 'Content-Type: application/json' \ | |
-d '{"branch":"'$branch'","repo":"'$repo'","token":"'$token'","sha":"'$sha'"}' | |
- name: Wait for check to be completed | |
uses: fountainhead/[email protected] | |
id: wait-for-build | |
# Wait for results so that the token remains valid while the test suite is executing and posting a check here. | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
checkName: "MQL Mimic Tests" | |
ref: ${{ github.sha }} | |
timeoutSeconds: 3600 |