test automatically prevent future merges when a backport fails (#1909)

Mikaayenson · github-actions[bot] · commit 1f4722b87353 · 2022-06-23T19:01:56.000Z
automatically prevent future merges when a backport fails (cherry picked from commit 4fdd978)
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -11,6 +11,9 @@ on:
       - closed
 
 jobs:
+  get-branches:
+    uses: ./.github/workflows/get-target-branches.yml
+
   label:
     runs-on: ubuntu-latest
     if: |
@@ -51,12 +54,13 @@ jobs:
         (github.event.action == 'labeled' && github.event.label.name == 'backport: auto')
         || (github.event.action == 'closed')
       )
+    needs: get-branches
     runs-on: ubuntu-latest
     strategy:
       max-parallel: 1
       matrix:
         # 7.17 was intentionally skipped because it was added late and was bug fix only
-        target_branch: [7.16, '8.0', 8.1, 8.2, 8.3]
+        target_branch: ${{ fromJSON(needs.get-branches.outputs.branches) }}
 
     steps:
       - name: Checkout repo
diff --git a/.github/workflows/branch-status-checks.yml b/.github/workflows/branch-status-checks.yml
@@ -0,0 +1,37 @@
+name: Branch Version Status Checks
+
+on:
+  push:
+    branches: [ "main", "7.*", "8.*" ]
+  pull_request:
+    branches: [ "*" ]
+
+jobs:
+  get-branches:
+    uses: ./.github/workflows/get-target-branches.yml
+
+  branch-status-checks:
+    needs: get-branches
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target_branch: ${{ fromJSON(needs.get-branches.outputs.branches) }}
+
+    steps:
+    - name: Get Backport Status
+      id: get_backport_status
+      uses: fjogeleit/http-request-action@v1
+      with:
+        url: "https://api.github.com/repos/elastic/detection-rules/actions/workflows/pythonpackage.yml/runs?per_page=1&branch=${{matrix.target_branch}}"
+        method: 'GET'
+
+    - name: Check Backport Status
+      uses: actions/github-script@v6
+      with:
+        script: |
+          const workflow_status = ${{ toJSON(fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].status) }}
+          const workflow_conclusion = ${{ toJSON(fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].conclusion) }}
+          if (workflow_status != 'completed' ||
+              workflow_conclusion != 'success') {
+            core.setFailed('Recent Backport status: ' + workflow_status + ', conclusion: ' + workflow_conclusion)
+          }
diff --git a/.github/workflows/get-target-branches.yml b/.github/workflows/get-target-branches.yml
@@ -0,0 +1,32 @@
+name: List Target Branches
+
+on:
+  workflow_call:
+    # Map the workflow outputs to job outputs
+    outputs:
+      branches:
+        description: "List of target branches"
+        value: ${{ jobs.list-target-branches.outputs.matrix }}
+
+jobs:
+  list-target-branches:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.get-branch-list.outputs.matrix }}
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Python 3.8
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.8
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - id: get-branch-list
+        run: |
+          python -m detection_rules dev utils get-branches
+          echo "::set-output name=matrix::$(cat ./detection_rules/etc/target-branches.yml)"
diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
@@ -31,7 +31,11 @@ jobs:
     - name: Python License Check
       run: |
         python -m detection_rules dev license-check
-        
+
+    - name: Unit tests
+      run: |
+        python -m detection_rules test
+
     - name: Build release package
       env:
         # only generate the navigator files on push events to main
@@ -48,10 +52,6 @@ jobs:
         path: |
           releases
 
-    - name: Unit tests
-      run: |
-        python -m detection_rules test
-
     - name: Update navigator gist files
       env:
         GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}"
diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py
@@ -39,7 +39,7 @@
 from .rule_loader import RuleCollection, production_filter
 from .schemas import definitions, get_stack_versions
 from .semver import Version
-from .utils import dict_hash, get_path, load_dump
+from .utils import dict_hash, get_path, get_etc_path, load_dump
 
 RULES_DIR = get_path('rules')
 GH_CONFIG = Path.home() / ".config" / "gh" / "hosts.yml"
@@ -1075,3 +1075,16 @@ def rule_survey(ctx: click.Context, query, date_range, dump_file, hide_zero_coun
         json.dump(details, f, indent=2, sort_keys=True)
 
     return survey_results
+
+
+@dev_group.group('utils')
+def utils_group():
+    """Commands for dev utility methods."""
+
+
+@utils_group.command('get-branches')
+@click.option('--outfile', '-o', type=Path, default=get_etc_path("target-branches.yml"), help='File to save output to')
+def get_branches(outfile: Path):
+    branch_list = get_stack_versions(drop_patch=True)
+    target_branches = json.dumps(branch_list[:-1]) + "\n"
+    outfile.write_text(target_branches)
