Limit backports to 8.3+ (#2450)

terrancedejesus · github-actions[bot] · commit cd5d12e2ba48 · 2023-06-12T16:54:11.000Z
* Drop Rule Support for Outdated Stack Versions Less Than 8.3 * changed version lock key assignment logic and updated version lock file * added comment to stack-schema-map file * changed version lock key assignment logic to use custom Version method) * Update detection_rules/devtools.py Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * reverting version lock file to original * updated version lock from adjusted comparison logic of stack versions * updated logic in devtools; removed < 8.3.0 in version lock file * trimmed lock version before merge --------- Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> (cherry picked from commit 8db42da)
diff --git a/.github/workflows/lock-versions.yml b/.github/workflows/lock-versions.yml
@@ -6,7 +6,7 @@ on:
           description: 'List of branches to lock versions (ordered, comma separated)'
           required: true
           # 7.17 was intentionally skipped because it was added late and was bug fix only
-          default: '7.16,8.0,8.1,8.2,8.3,8.4,8.5,8.6,8.7,8.8'
+          default: '8.3,8.4,8.5,8.6,8.7,8.8'
 
 jobs:
   pr:
diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py
@@ -930,44 +930,44 @@ def raw_permalink(raw_link):
 
 
 @dev_group.command('trim-version-lock')
-@click.argument('min_version')
+@click.argument('stack_version')
 @click.option('--dry-run', is_flag=True, help='Print the changes rather than saving the file')
-def trim_version_lock(min_version: str, dry_run: bool):
+def trim_version_lock(stack_version: str, dry_run: bool):
     """Trim all previous entries within the version lock file which are lower than the min_version."""
     stack_versions = get_stack_versions()
-    assert min_version in stack_versions, f'Unknown min_version ({min_version}), expected: {", ".join(stack_versions)}'
+    assert stack_version in stack_versions, \
+        f'Unknown min_version ({stack_version}), expected: {", ".join(stack_versions)}'
 
-    min_version = Version.parse(min_version)
+    min_version = Version.parse(stack_version)
     version_lock_dict = default_version_lock.version_lock.to_dict()
     removed = {}
 
     for rule_id, lock in version_lock_dict.items():
         if 'previous' in lock:
             prev_vers = [Version.parse(v, optional_minor_and_patch=True) for v in list(lock['previous'])]
-            outdated_vers = [v for v in prev_vers if v <= min_version]
+            outdated_vers = [f"{v.major}.{v.minor}" for v in prev_vers if v < min_version]
 
             if not outdated_vers:
                 continue
 
-            # we want to remove all "old" versions, but save the latest that is <= the min version as the new
-            # min_version. Essentially collapsing the entries and bumping it to a new "true" min
-            latest_version = max(outdated_vers)
+            # we want to remove all "old" versions, but save the latest that is >= the min version supplied as the new
+            # stack_version.
 
             if dry_run:
-                outdated_minus_current = [str(v) for v in outdated_vers if v != min_version]
+                outdated_minus_current = [str(v) for v in outdated_vers if v < stack_version]
                 if outdated_minus_current:
                     removed[rule_id] = outdated_minus_current
             for outdated in outdated_vers:
                 popped = lock['previous'].pop(str(outdated))
-                if outdated == latest_version:
-                    lock['previous'][str(min_version)] = popped
+                if outdated >= stack_version:
+                    lock['previous'][str(Version(stack_version[:2]))] = popped
 
             # remove the whole previous entry if it is now blank
             if not lock['previous']:
                 lock.pop('previous')
 
     if dry_run:
-        click.echo(f'The following versions would be collapsed to {min_version}:' if removed else 'No changes')
+        click.echo(f'The following versions would be collapsed to {stack_version}:' if removed else 'No changes')
         click.echo('\n'.join(f'{k}: {", ".join(v)}' for k, v in removed.items()))
     else:
         new_lock = VersionLockFile.from_dict(dict(data=version_lock_dict))
diff --git a/detection_rules/etc/stack-schema-map.yaml b/detection_rules/etc/stack-schema-map.yaml
@@ -7,6 +7,7 @@
 ## Updates:
 ## 7.17 was intentionally skipped because it was added late and was bug fix only
 ## 06/2022 - dropped backport support for 7.13.0, 7.14.0, 7.15.0 as of 8.4 branch creation
+## 01/2023 - dropped backport support for 7.16.0, 8.0.0, 8.1.0, 8.2.0 - https://github.com/elastic/detection-rules/pull/2450
 
 ## Unsupported
 #"7.13.0":
@@ -22,27 +23,27 @@
 #  beats: "7.15.1"
 #  ecs: "1.11.0"
 
-## Supported
+# "7.16.0":
+#   beats: "7.16.2"
+#   ecs: "1.12.2"
+#   endgame: "1.9.0"
 
-"7.16.0":
-  beats: "7.16.2"
-  ecs: "1.12.2"
-  endgame: "1.9.0"
+# "8.0.0":
+#   beats: "8.0.1"
+#   ecs: "8.0.1"
+#   endgame: "1.9.0"
 
-"8.0.0":
-  beats: "8.0.1"
-  ecs: "8.0.1"
-  endgame: "1.9.0"
+# "8.1.0":
+#   beats: "8.1.2"
+#   ecs: "8.1.0"
+#   endgame: "1.9.0"
 
-"8.1.0":
-  beats: "8.1.2"
-  ecs: "8.1.0"
-  endgame: "1.9.0"
+# "8.2.0":
+#   beats: "8.2.1"
+#   ecs: "8.2.1"
+#   endgame: "1.9.0"
 
-"8.2.0":
-  beats: "8.2.1"
-  ecs: "8.2.1"
-  endgame: "1.9.0"
+## Supported
 
 "8.3.0":
   beats: "8.3.3"
diff --git a/detection_rules/etc/version.lock.json b/detection_rules/etc/version.lock.json
