-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
MQL Mimic: Change to PR CI, detect changes (#828)
- Loading branch information
1 parent
cd5a99e
commit d33fb37
Showing
2 changed files
with
51 additions
and
40 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -30,6 +30,7 @@ jobs: | |
| with: | ||
| ref: ${{ github.head_ref }} | ||
| repository: ${{ github.event.pull_request.head.repo.full_name }} | ||
| depth: 0 | ||
|
|
||
| - uses: actions/setup-python@v4 | ||
| with: | ||
|
|
@@ -92,6 +93,45 @@ jobs: | |
| id: get_head | ||
| run: echo "##[set-output name=HEAD;]$(git rev-parse HEAD)" | ||
|
|
||
| - name: Get changed detection-rules | ||
| id: changed-files | ||
| uses: tj-actions/changed-files@v39 | ||
| with: | ||
| files: "detection-rules/**" | ||
| recover_deleted_files: true | ||
|
|
||
| - name: "Find updated rule IDs" | ||
| id: find_ids | ||
| run: | | ||
| for file in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}; do | ||
| echo "$file was changed" | ||
| rule_id=$(yq '.id' $file) | ||
| echo "$file has rule ID $rule_id" | ||
| altered_rule_ids=$(echo "$rule_id"" ""$altered_rule_ids") | ||
| done | ||
| echo "Altered Ruled IDs: [$altered_rule_ids]" | ||
| echo "##[set-output name=rule_ids;]$(echo $altered_rule_ids)" | ||
| # TODO: This doesn't solve for a modified rule_id. We could merge with any files known on 'main', but changing | ||
| # a rule ID is a separate problem. | ||
| - name: "Trigger MQL Mimic Tests" | ||
| env: | ||
| trigger_url: '${{ secrets.MQL_MOCK_TRIGGER }}' | ||
| branch: ${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }} | ||
| repo: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name || github.repository }} | ||
| token: '${{ secrets.GITHUB_TOKEN }}' | ||
| sha: '${{ steps.get_head.outputs.HEAD }}' | ||
| only_rule_ids: '${{ steps.find_ids.outputs.rule_ids }}' | ||
| run: | | ||
| body='{"branch":"'$branch'","repo":"'$repo'","token":"'$token'","sha":"'$sha'","only_rule_ids":"'$only_rule_ids'"}' | ||
| echo $body | ||
| curl -X POST $trigger_url \ | ||
| -H 'Content-Type: application/json' \ | ||
| -d "$body" | ||
| # When we add a commit, GitHub won't trigger actions on the auto commit, so we're missing a required check on the | ||
| # HEAD commit. | ||
| # Various alternatives were explored, but all run into issues when dealing with forks. This sets a "Check" for | ||
|
|
@@ -126,3 +166,14 @@ jobs: | |
| text: "Rule Tests and ID Updated", | ||
| }, | ||
| }); | ||
| - name: Wait for MQL Mimic check to be completed | ||
| uses: fountainhead/[email protected] | ||
| id: wait-for-build | ||
| # Wait for results so that the token remains valid while the test suite is executing and posting a check here. | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| checkName: "MQL Mimic Tests" | ||
| ref: ${{ steps.get_head.outputs.HEAD }} | ||
| timeoutSeconds: 3600 | ||
|
|
||