From b8705de44a18509efbaae14810f43cd9d2b18917 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Fri, 1 Apr 2022 12:14:12 -0400 Subject: [PATCH 01/25] WIP: test automatically prevent future merges when a backport fails --- .github/workflows/backport-status-check.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/backport-status-check.yml diff --git a/.github/workflows/backport-status-check.yml b/.github/workflows/backport-status-check.yml new file mode 100644 index 00000000000..693eef0c7e2 --- /dev/null +++ b/.github/workflows/backport-status-check.yml @@ -0,0 +1,17 @@ +name: status-check +on: + workflow_dispatch: + # TODO: Update to occur on push or pull_requests + +jobs: + wait-for-backport-status-check: + runs-on: ubuntu-latest + steps: + + - name: Wait on PR backporting + uses: lewagon/wait-on-check-action@v1.1.1 + with: + ref: ${{ github.ref }} + repo-token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }} + running-workflow-name: backport + From 0364c4d952e74b1f168969b13a36f55616b43694 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Tue, 19 Apr 2022 12:22:16 -0400 Subject: [PATCH 02/25] dont wait for workflows status (increases billable hours) --- .github/workflows/backport-status-check.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/workflows/backport-status-check.yml diff --git a/.github/workflows/backport-status-check.yml b/.github/workflows/backport-status-check.yml deleted file mode 100644 index 693eef0c7e2..00000000000 --- a/.github/workflows/backport-status-check.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: status-check -on: - workflow_dispatch: - # TODO: Update to occur on push or pull_requests - -jobs: - wait-for-backport-status-check: - runs-on: ubuntu-latest - steps: - - - name: Wait on PR backporting - uses: lewagon/wait-on-check-action@v1.1.1 - with: - ref: ${{ github.ref }} - repo-token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }} - running-workflow-name: backport - From 837fee8fd5087d176feff5281ec71ab7362274aa Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Tue, 19 Apr 2022 12:23:38 -0400 Subject: [PATCH 03/25] fail workflow if latest backporting is in a bad state --- .github/workflows/pythonpackage.yml | 41 ++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index 1a91cb3d111..edd06eedcc4 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -31,7 +31,34 @@ jobs: - name: Python License Check run: | python -m detection_rules dev license-check - + + - name: Unit tests + run: | + python -m detection_rules test + + - name: Get Backport Status + id: get_backport_status + uses: fjogeleit/http-request-action@v1 + with: + url: "https://api.github.com/repos/elastic/detection-rules/actions/workflows/backport.yml/runs?per_page=1" + method: 'GET' + + - name: Check Backport Status + uses: actions/github-script@v6 + with: + script: | + if (${{fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].status != 'completed'}} || + ${{fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].conclusion != 'success'}}) { + core.setFailed('Recent Backport status: "${{fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].status}}", \ + conclusion: "${{fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].conclusion}}"') + } + + - name: Update navigator gist files + env: + GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}" + if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} + run: python -m detection_rules dev update-navigator-gists + - name: Build release package env: # only generate the navigator files on push events to main @@ -46,14 +73,4 @@ jobs: with: name: release-files path: | - releases - - - name: Unit tests - run: | - python -m detection_rules test - - - name: Update navigator gist files - env: - GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}" - if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - run: python -m detection_rules dev update-navigator-gists + releases \ No newline at end of file From cf3fcc25561c2d79e6c42d3ebfceebd54294b31f Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Thu, 21 Apr 2022 11:44:32 -0400 Subject: [PATCH 04/25] use variables --- .github/workflows/pythonpackage.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index edd06eedcc4..b87f004f0c8 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -47,10 +47,10 @@ jobs: uses: actions/github-script@v6 with: script: | - if (${{fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].status != 'completed'}} || - ${{fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].conclusion != 'success'}}) { - core.setFailed('Recent Backport status: "${{fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].status}}", \ - conclusion: "${{fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].conclusion}}"') + const workflow_status = ${{ toJSON(fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].status) }} + const workflow_conclusion = ${{ toJSON(fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].conclusion) }} + if (workflow_status != 'completed' || workflow_conclusion != 'success') { + core.setFailed('Recent Backport status: ' + workflow_status + ', conclusion: ' + workflow_conclusion) } - name: Update navigator gist files From 6498be62f97cfc0297a6a630f6ebebe79e9c4fd7 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 25 Apr 2022 13:57:28 -0400 Subject: [PATCH 05/25] check unit tests status for all supported branch versions --- .github/workflows/branch-status-checkes.yml | 50 +++++++++++++++++++++ .github/workflows/pythonpackage.yml | 17 ------- etc/target_branches.yml | 1 + 3 files changed, 51 insertions(+), 17 deletions(-) create mode 100644 .github/workflows/branch-status-checkes.yml create mode 100644 etc/target_branches.yml diff --git a/.github/workflows/branch-status-checkes.yml b/.github/workflows/branch-status-checkes.yml new file mode 100644 index 00000000000..bb23ca36b85 --- /dev/null +++ b/.github/workflows/branch-status-checkes.yml @@ -0,0 +1,50 @@ +name: Branch Version Status Checks + +on: + push: + branches: [ "main", "7.*", "8.*" ] + pull_request: + branches: [ "*" ] + +jobs: + list-target-branches: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.get-branch-list.outputs.matrix }} + steps: + - uses: actions/checkout@v2 + - id: get-branch-list + run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./etc/target_branches.yml)" + + branch-status-checks: + needs: list-target-branches + runs-on: ubuntu-latest + strategy: + matrix: + target_branch: ${{ fromJSON(needs.list-target-branches.outputs.matrix) }} + + steps: + - uses: actions/checkout@v2 + + - name: Set up Python 3.8 + uses: actions/setup-python@v2 + with: + python-version: 3.8 + + - name: Get Backport Status + id: get_backport_status + uses: fjogeleit/http-request-action@v1 + with: + url: "https://api.github.com/repos/elastic/detection-rules/actions/workflows/pythonpackage.yml/runs?per_page=1&branch=${{matrix.target_branch}}" + method: 'GET' + + - name: Check Backport Status + uses: actions/github-script@v6 + with: + script: | + const workflow_status = ${{ toJSON(fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].status) }} + const workflow_conclusion = ${{ toJSON(fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].conclusion) }} + if (workflow_status != 'completed' || + workflow_conclusion != 'success') { + core.setFailed('Recent Backport status: ' + workflow_status + ', conclusion: ' + workflow_conclusion) + } diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index b87f004f0c8..58bf67a9265 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -36,23 +36,6 @@ jobs: run: | python -m detection_rules test - - name: Get Backport Status - id: get_backport_status - uses: fjogeleit/http-request-action@v1 - with: - url: "https://api.github.com/repos/elastic/detection-rules/actions/workflows/backport.yml/runs?per_page=1" - method: 'GET' - - - name: Check Backport Status - uses: actions/github-script@v6 - with: - script: | - const workflow_status = ${{ toJSON(fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].status) }} - const workflow_conclusion = ${{ toJSON(fromJSON(steps.get_backport_status.outputs.response).workflow_runs[0].conclusion) }} - if (workflow_status != 'completed' || workflow_conclusion != 'success') { - core.setFailed('Recent Backport status: ' + workflow_status + ', conclusion: ' + workflow_conclusion) - } - - name: Update navigator gist files env: GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}" diff --git a/etc/target_branches.yml b/etc/target_branches.yml new file mode 100644 index 00000000000..744cd69ebd5 --- /dev/null +++ b/etc/target_branches.yml @@ -0,0 +1 @@ +"target_branch_list": [7.13, 7.14, 7.15, 7.16, '8.0', 8.1, 8.2] From e82be88da92d2e6a616ec270c12b73fb4c8e4675 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 25 Apr 2022 14:04:24 -0400 Subject: [PATCH 06/25] branch version list from file --- .github/workflows/backport.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 9560d793866..42399ef8215 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -43,6 +43,15 @@ jobs: name: 'backport: auto' }) + list-target-branches: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.get-branch-list.outputs.matrix }} + steps: + - uses: actions/checkout@v2 + - id: get-branch-list + run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./etc/target_branches.yml)" + commit: if: | github.event.pull_request.merged == true @@ -51,12 +60,13 @@ jobs: (github.event.action == 'labeled' && github.event.label.name == 'backport: auto') || (github.event.action == 'closed') ) + needs: list-target-branches runs-on: ubuntu-latest strategy: max-parallel: 1 matrix: # 7.17 was intentionally skipped because it was added late and was bug fix only - target_branch: [7.13, 7.14, 7.15, 7.16, '8.0', 8.1, 8.2] + target_branch: ${{ fromJSON(needs.list-target-branches.outputs.matrix) }} steps: - name: Checkout repo From b32e1feeb01b3551e02b79d05cf7dff42a37358f Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 6 Jun 2022 16:37:22 -0400 Subject: [PATCH 07/25] use stack-schema-map file to get target branch list --- etc/target_branches.yml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 etc/target_branches.yml diff --git a/etc/target_branches.yml b/etc/target_branches.yml deleted file mode 100644 index 744cd69ebd5..00000000000 --- a/etc/target_branches.yml +++ /dev/null @@ -1 +0,0 @@ -"target_branch_list": [7.13, 7.14, 7.15, 7.16, '8.0', 8.1, 8.2] From 067fb40be674bba7729b15e476cfcbb17b4e4a7c Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 6 Jun 2022 16:40:51 -0400 Subject: [PATCH 08/25] test new list-target-branches --- .github/workflows/backport.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 42399ef8215..5a846be89a5 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -50,7 +50,7 @@ jobs: steps: - uses: actions/checkout@v2 - id: get-branch-list - run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./etc/target_branches.yml)" + run: echo "::set-output name=matrix::[$(yq eval '... comments=""|keys| del(.[length - 1])|.[] |= sub("(.0)$", "") | join(", ")' detection_rules/etc/stack-schema-map.yaml)]" commit: if: | From e7b44eafa99256ae45e718682827160f8394756d Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 6 Jun 2022 16:45:17 -0400 Subject: [PATCH 09/25] wip: test branch status check --- .github/workflows/branch-status-checkes.yml | 2 +- .github/workflows/pythonpackage.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/branch-status-checkes.yml b/.github/workflows/branch-status-checkes.yml index bb23ca36b85..76eca17eea6 100644 --- a/.github/workflows/branch-status-checkes.yml +++ b/.github/workflows/branch-status-checkes.yml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/checkout@v2 - id: get-branch-list - run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./etc/target_branches.yml)" + run: echo "::set-output name=matrix::[$(yq eval '... comments=""|keys| del(.[length - 1])|.[] |= sub("(.0)$", "") | join(", ")' detection_rules/etc/stack-schema-map.yaml)]" branch-status-checks: needs: list-target-branches diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index 58bf67a9265..56b822c5ea9 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -56,4 +56,4 @@ jobs: with: name: release-files path: | - releases \ No newline at end of file + releases From d44893f892542e64f6e746ebe40a8daba11f470a Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 6 Jun 2022 17:23:03 -0400 Subject: [PATCH 10/25] WIP test parsing stack-schema --- .github/workflows/branch-status-checkes.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/branch-status-checkes.yml b/.github/workflows/branch-status-checkes.yml index 76eca17eea6..d52a57039b8 100644 --- a/.github/workflows/branch-status-checkes.yml +++ b/.github/workflows/branch-status-checkes.yml @@ -14,7 +14,10 @@ jobs: steps: - uses: actions/checkout@v2 - id: get-branch-list - run: echo "::set-output name=matrix::[$(yq eval '... comments=""|keys| del(.[length - 1])|.[] |= sub("(.0)$", "") | join(", ")' detection_rules/etc/stack-schema-map.yaml)]" + run: | + var_list=$(yq eval '... comments=""|keys|.. style="single"| del(.[length - 1])|.[] |= sub("(.0)$", "") | join (" ")' detection_rules/etc/stack-schema-map.yaml) + quoted_list="'${var_list//[[:space:]]/', '}'" + echo "::set-output name=matrix::[$quoted_list]" branch-status-checks: needs: list-target-branches From a711adf5ab7e80b3702d82d2a46dfc9d35414389 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 6 Jun 2022 17:31:11 -0400 Subject: [PATCH 11/25] wip: cleanup parsing --- .github/workflows/branch-status-checkes.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/branch-status-checkes.yml b/.github/workflows/branch-status-checkes.yml index d52a57039b8..05a9ff67030 100644 --- a/.github/workflows/branch-status-checkes.yml +++ b/.github/workflows/branch-status-checkes.yml @@ -15,9 +15,10 @@ jobs: - uses: actions/checkout@v2 - id: get-branch-list run: | - var_list=$(yq eval '... comments=""|keys|.. style="single"| del(.[length - 1])|.[] |= sub("(.0)$", "") | join (" ")' detection_rules/etc/stack-schema-map.yaml) - quoted_list="'${var_list//[[:space:]]/', '}'" - echo "::set-output name=matrix::[$quoted_list]" + set -x + + var_list=$(yq eval '... comments=""|keys | del(.[length - 1])|.[] |= sub("(.0)$", "") | join (" ")' detection_rules/etc/stack-schema-map.yaml) + echo "::set-output name=matrix::['${var_list//[[:space:]]/', '}']" branch-status-checks: needs: list-target-branches From 52f9405c3e9cb842b4b3147cd3772a0b866c877c Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 6 Jun 2022 17:47:46 -0400 Subject: [PATCH 12/25] readd target list file --- .github/workflows/backport.yml | 2 +- .../{branch-status-checkes.yml => branch-status-checks.yml} | 6 +----- detection_rules/etc/target-branches.yml | 1 + 3 files changed, 3 insertions(+), 6 deletions(-) rename .github/workflows/{branch-status-checkes.yml => branch-status-checks.yml} (85%) create mode 100644 detection_rules/etc/target-branches.yml diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 5a846be89a5..07f1c6bc840 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -50,7 +50,7 @@ jobs: steps: - uses: actions/checkout@v2 - id: get-branch-list - run: echo "::set-output name=matrix::[$(yq eval '... comments=""|keys| del(.[length - 1])|.[] |= sub("(.0)$", "") | join(", ")' detection_rules/etc/stack-schema-map.yaml)]" + run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target_branches.yml)" commit: if: | diff --git a/.github/workflows/branch-status-checkes.yml b/.github/workflows/branch-status-checks.yml similarity index 85% rename from .github/workflows/branch-status-checkes.yml rename to .github/workflows/branch-status-checks.yml index 05a9ff67030..947e4440458 100644 --- a/.github/workflows/branch-status-checkes.yml +++ b/.github/workflows/branch-status-checks.yml @@ -14,11 +14,7 @@ jobs: steps: - uses: actions/checkout@v2 - id: get-branch-list - run: | - set -x - - var_list=$(yq eval '... comments=""|keys | del(.[length - 1])|.[] |= sub("(.0)$", "") | join (" ")' detection_rules/etc/stack-schema-map.yaml) - echo "::set-output name=matrix::['${var_list//[[:space:]]/', '}']" + run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target_branches.yml)" branch-status-checks: needs: list-target-branches diff --git a/detection_rules/etc/target-branches.yml b/detection_rules/etc/target-branches.yml new file mode 100644 index 00000000000..2cd428ba7eb --- /dev/null +++ b/detection_rules/etc/target-branches.yml @@ -0,0 +1 @@ +"target_branch_list": [7.13, 7.14, 7.15, 7.16, '8.0', 8.1, 8.2] \ No newline at end of file From 820ee8f9ce9cc3844b5c65a95292648213fc4555 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 6 Jun 2022 17:52:19 -0400 Subject: [PATCH 13/25] fix target-branches file name --- .github/workflows/backport.yml | 2 +- .github/workflows/branch-status-checks.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 07f1c6bc840..11eddb3c435 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -50,7 +50,7 @@ jobs: steps: - uses: actions/checkout@v2 - id: get-branch-list - run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target_branches.yml)" + run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target-branches.yml)" commit: if: | diff --git a/.github/workflows/branch-status-checks.yml b/.github/workflows/branch-status-checks.yml index 947e4440458..176f5ea0eb6 100644 --- a/.github/workflows/branch-status-checks.yml +++ b/.github/workflows/branch-status-checks.yml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/checkout@v2 - id: get-branch-list - run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target_branches.yml)" + run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target-branches.yml)" branch-status-checks: needs: list-target-branches From 2daff61d6cd57b1d4939b4d52428f3cfb8fcd184 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Mon, 6 Jun 2022 17:53:44 -0400 Subject: [PATCH 14/25] update target list --- detection_rules/etc/target-branches.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detection_rules/etc/target-branches.yml b/detection_rules/etc/target-branches.yml index 2cd428ba7eb..d254bb27cf5 100644 --- a/detection_rules/etc/target-branches.yml +++ b/detection_rules/etc/target-branches.yml @@ -1 +1 @@ -"target_branch_list": [7.13, 7.14, 7.15, 7.16, '8.0', 8.1, 8.2] \ No newline at end of file +"target_branch_list": [7.16, '8.0', 8.1, 8.2, 8.3] \ No newline at end of file From fd5797bf9106cd6c8ed89b9a39e3a190788c261d Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Wed, 15 Jun 2022 17:28:31 -0400 Subject: [PATCH 15/25] add newline --- detection_rules/etc/target-branches.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detection_rules/etc/target-branches.yml b/detection_rules/etc/target-branches.yml index d254bb27cf5..9cd86156d49 100644 --- a/detection_rules/etc/target-branches.yml +++ b/detection_rules/etc/target-branches.yml @@ -1 +1 @@ -"target_branch_list": [7.16, '8.0', 8.1, 8.2, 8.3] \ No newline at end of file +"target_branch_list": [7.16, '8.0', 8.1, 8.2, 8.3] From d54be26206e8204d953a432f34408dad0662c03b Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Thu, 16 Jun 2022 13:17:25 -0400 Subject: [PATCH 16/25] WIP: reuse workflow --- .github/workflows/backport.yml | 16 +++++----------- .github/workflows/branch-status-checks.yml | 6 ++++++ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 11eddb3c435..9f8cc3619c5 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -11,6 +11,9 @@ on: - closed jobs: + get-branches: + uses: elastic/detection-rules/.github/workflows/backport-status-check.yml + label: runs-on: ubuntu-latest if: | @@ -43,15 +46,6 @@ jobs: name: 'backport: auto' }) - list-target-branches: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.get-branch-list.outputs.matrix }} - steps: - - uses: actions/checkout@v2 - - id: get-branch-list - run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target-branches.yml)" - commit: if: | github.event.pull_request.merged == true @@ -60,13 +54,13 @@ jobs: (github.event.action == 'labeled' && github.event.label.name == 'backport: auto') || (github.event.action == 'closed') ) - needs: list-target-branches + needs: get-branches runs-on: ubuntu-latest strategy: max-parallel: 1 matrix: # 7.17 was intentionally skipped because it was added late and was bug fix only - target_branch: ${{ fromJSON(needs.list-target-branches.outputs.matrix) }} + target_branch: ${{ fromJSON(needs.get-branches.outputs.branches) }} steps: - name: Checkout repo diff --git a/.github/workflows/branch-status-checks.yml b/.github/workflows/branch-status-checks.yml index 176f5ea0eb6..a6f56bde0ae 100644 --- a/.github/workflows/branch-status-checks.yml +++ b/.github/workflows/branch-status-checks.yml @@ -5,6 +5,12 @@ on: branches: [ "main", "7.*", "8.*" ] pull_request: branches: [ "*" ] + workflow_call: + # Map the workflow outputs to job outputs + outputs: + branches: + description: "List of target branches" + value: ${{ jobs.list-target-branches.outputs.matrix }} jobs: list-target-branches: From f11580ea87be61e9bcf55b22265ed3181e3f6ef2 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Thu, 16 Jun 2022 13:18:52 -0400 Subject: [PATCH 17/25] fix workflow name typo --- .github/workflows/backport.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 9f8cc3619c5..59984341bf7 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -12,7 +12,7 @@ on: jobs: get-branches: - uses: elastic/detection-rules/.github/workflows/backport-status-check.yml + uses: elastic/detection-rules/.github/workflows/branch-status-checks.yml label: runs-on: ubuntu-latest From a969982d371ba96af829235439ff3333db8eb495 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Thu, 16 Jun 2022 13:21:27 -0400 Subject: [PATCH 18/25] wip: test local reference --- .github/workflows/backport.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 59984341bf7..864aa4331e9 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -12,7 +12,7 @@ on: jobs: get-branches: - uses: elastic/detection-rules/.github/workflows/branch-status-checks.yml + uses: ./.github/workflows/branch-status-checks.yml label: runs-on: ubuntu-latest From 0cf92bc2c77804d2c3af74ca8f93a249ccb3ba0a Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Wed, 22 Jun 2022 10:45:24 -0400 Subject: [PATCH 19/25] Ensure navigator update occurs after build --- .github/workflows/pythonpackage.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml index 56b822c5ea9..cd63fab0614 100644 --- a/.github/workflows/pythonpackage.yml +++ b/.github/workflows/pythonpackage.yml @@ -36,12 +36,6 @@ jobs: run: | python -m detection_rules test - - name: Update navigator gist files - env: - GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}" - if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - run: python -m detection_rules dev update-navigator-gists - - name: Build release package env: # only generate the navigator files on push events to main @@ -57,3 +51,9 @@ jobs: name: release-files path: | releases + + - name: Update navigator gist files + env: + GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}" + if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} + run: python -m detection_rules dev update-navigator-gists From 7d611534f9f9d85e186c5e2bbc692e2f041c6b95 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Wed, 22 Jun 2022 17:16:32 -0400 Subject: [PATCH 20/25] migrate list-target-branches job to independent workflow --- .github/workflows/backport.yml | 2 +- .github/workflows/branch-status-checks.yml | 20 +++----------- .github/workflows/get-target-branches.yml | 32 ++++++++++++++++++++++ detection_rules/devtools.py | 15 +++++++++- 4 files changed, 51 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/get-target-branches.yml diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 864aa4331e9..09802e901db 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -12,7 +12,7 @@ on: jobs: get-branches: - uses: ./.github/workflows/branch-status-checks.yml + uses: ./.github/workflows/get-target-branches.yml label: runs-on: ubuntu-latest diff --git a/.github/workflows/branch-status-checks.yml b/.github/workflows/branch-status-checks.yml index a6f56bde0ae..074ddf51af7 100644 --- a/.github/workflows/branch-status-checks.yml +++ b/.github/workflows/branch-status-checks.yml @@ -5,29 +5,17 @@ on: branches: [ "main", "7.*", "8.*" ] pull_request: branches: [ "*" ] - workflow_call: - # Map the workflow outputs to job outputs - outputs: - branches: - description: "List of target branches" - value: ${{ jobs.list-target-branches.outputs.matrix }} jobs: - list-target-branches: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.get-branch-list.outputs.matrix }} - steps: - - uses: actions/checkout@v2 - - id: get-branch-list - run: echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target-branches.yml)" + get-branches: + uses: ./.github/workflows/get-target-branches.yml branch-status-checks: - needs: list-target-branches + needs: get-branches runs-on: ubuntu-latest strategy: matrix: - target_branch: ${{ fromJSON(needs.list-target-branches.outputs.matrix) }} + target_branch: ${{ fromJSON(needs.get-branches.outputs.branches) }} steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/get-target-branches.yml b/.github/workflows/get-target-branches.yml new file mode 100644 index 00000000000..b6eb8a6d54a --- /dev/null +++ b/.github/workflows/get-target-branches.yml @@ -0,0 +1,32 @@ +name: List Target Branches + +on: + workflow_call: + # Map the workflow outputs to job outputs + outputs: + branches: + description: "List of target branches" + value: ${{ jobs.list-target-branches.outputs.matrix }} + +jobs: + list-target-branches: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.get-branch-list.outputs.matrix }} + steps: + - uses: actions/checkout@v2 + + - name: Set up Python 3.8 + uses: actions/setup-python@v2 + with: + python-version: 3.8 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - id: get-branch-list + run: | + python -m detection_rules dev utils get-branches + echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target-branches.yml)" diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py index 5bd3912f5d8..00a7cb6b79a 100644 --- a/detection_rules/devtools.py +++ b/detection_rules/devtools.py @@ -39,7 +39,7 @@ from .rule_loader import RuleCollection, production_filter from .schemas import definitions, get_stack_versions from .semver import Version -from .utils import dict_hash, get_path, load_dump +from .utils import dict_hash, get_path, get_etc_path, load_dump RULES_DIR = get_path('rules') GH_CONFIG = Path.home() / ".config" / "gh" / "hosts.yml" @@ -1075,3 +1075,16 @@ def rule_survey(ctx: click.Context, query, date_range, dump_file, hide_zero_coun json.dump(details, f, indent=2, sort_keys=True) return survey_results + + +@dev_group.group('utils') +def utils_group(): + """Commands for dev utilitity methods.""" + + +@utils_group.command('get-branches') +def get_branches(): + branches = get_stack_versions(drop_patch=True) + del branches[-1] + click.echo(json.dumps(branches)) + Path(get_etc_path("target-branches.yml")).write_text(json.dumps(branches)) From b57f9fc7bf0bd6e5aea4804188d43e4c3eea116e Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Wed, 22 Jun 2022 17:29:35 -0400 Subject: [PATCH 21/25] add target_branch_list key --- detection_rules/devtools.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py index 00a7cb6b79a..5eeb4b09c61 100644 --- a/detection_rules/devtools.py +++ b/detection_rules/devtools.py @@ -1084,7 +1084,7 @@ def utils_group(): @utils_group.command('get-branches') def get_branches(): - branches = get_stack_versions(drop_patch=True) - del branches[-1] - click.echo(json.dumps(branches)) - Path(get_etc_path("target-branches.yml")).write_text(json.dumps(branches)) + branch_list = get_stack_versions(drop_patch=True) + del branch_list[-1] + target_branches = json.dumps({"target_branch_list": branch_list}) + Path(get_etc_path("target-branches.yml")).write_text(target_branches) From faca523cef49c61a56fc4ccf53793cb37efb5eeb Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Wed, 22 Jun 2022 17:32:50 -0400 Subject: [PATCH 22/25] remote committed target-branch file --- detection_rules/etc/target-branches.yml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 detection_rules/etc/target-branches.yml diff --git a/detection_rules/etc/target-branches.yml b/detection_rules/etc/target-branches.yml deleted file mode 100644 index 9cd86156d49..00000000000 --- a/detection_rules/etc/target-branches.yml +++ /dev/null @@ -1 +0,0 @@ -"target_branch_list": [7.16, '8.0', 8.1, 8.2, 8.3] From 2031ad143b0eaa08fde8341e9d2a757ffb94655c Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Thu, 23 Jun 2022 08:47:33 -0400 Subject: [PATCH 23/25] output target branches as optional arg --- .github/workflows/get-target-branches.yml | 2 +- detection_rules/devtools.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/get-target-branches.yml b/.github/workflows/get-target-branches.yml index b6eb8a6d54a..9e03bba9c13 100644 --- a/.github/workflows/get-target-branches.yml +++ b/.github/workflows/get-target-branches.yml @@ -29,4 +29,4 @@ jobs: - id: get-branch-list run: | python -m detection_rules dev utils get-branches - echo "::set-output name=matrix::$(yq '.target_branch_list' ./detection_rules/etc/target-branches.yml)" + echo "::set-output name=matrix::$(cat ./detection_rules/etc/target-branches.yml)" diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py index 5eeb4b09c61..a780631e2fe 100644 --- a/detection_rules/devtools.py +++ b/detection_rules/devtools.py @@ -1079,12 +1079,12 @@ def rule_survey(ctx: click.Context, query, date_range, dump_file, hide_zero_coun @dev_group.group('utils') def utils_group(): - """Commands for dev utilitity methods.""" + """Commands for dev utility methods.""" @utils_group.command('get-branches') -def get_branches(): +@click.option('--outfile', '-o', type=Path, default=get_etc_path("target-branches.yml"), help='File to save output to') +def get_branches(outfile: Path): branch_list = get_stack_versions(drop_patch=True) - del branch_list[-1] - target_branches = json.dumps({"target_branch_list": branch_list}) - Path(get_etc_path("target-branches.yml")).write_text(target_branches) + target_branches = json.dumps(branch_list[:-1]) + "\n" + outfile.write_text(target_branches) From 244c981ac4b204405383ad921c3d5e9f909fed53 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Thu, 23 Jun 2022 08:52:53 -0400 Subject: [PATCH 24/25] remove python setup --- .github/workflows/branch-status-checks.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/branch-status-checks.yml b/.github/workflows/branch-status-checks.yml index 074ddf51af7..48f50fd6a6f 100644 --- a/.github/workflows/branch-status-checks.yml +++ b/.github/workflows/branch-status-checks.yml @@ -20,11 +20,6 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Set up Python 3.8 - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - name: Get Backport Status id: get_backport_status uses: fjogeleit/http-request-action@v1 From 1277543968c8302e60792b2c2d69f64c71b878aa Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Thu, 23 Jun 2022 14:55:35 -0400 Subject: [PATCH 25/25] remove checkout --- .github/workflows/branch-status-checks.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/branch-status-checks.yml b/.github/workflows/branch-status-checks.yml index 48f50fd6a6f..0a2037e1a88 100644 --- a/.github/workflows/branch-status-checks.yml +++ b/.github/workflows/branch-status-checks.yml @@ -18,8 +18,6 @@ jobs: target_branch: ${{ fromJSON(needs.get-branches.outputs.branches) }} steps: - - uses: actions/checkout@v2 - - name: Get Backport Status id: get_backport_status uses: fjogeleit/http-request-action@v1