Release Fleet #151
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-fleet | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| target_repo: | |
| description: 'Target repository to build a PR against' | |
| required: true | |
| default: 'elastic/integrations' | |
| target_branch: | |
| description: 'Target branch for PR base' | |
| required: true | |
| default: 'main' | |
| draft: | |
| type: choice | |
| description: 'Create a PR as draft' | |
| required: false | |
| options: | |
| - "yes" | |
| - "no" | |
| package_maturity: | |
| type: choice | |
| description: 'Package Maturity' | |
| required: true | |
| options: | |
| - "ga" | |
| - "beta" | |
| new_package: | |
| type: choice | |
| description: 'New Package' | |
| required: true | |
| default: "true" | |
| options: | |
| - "true" | |
| - "false" | |
| jobs: | |
| extract-commit-hash: | |
| name: Extract Commit Hash | |
| runs-on: ubuntu-latest | |
| outputs: | |
| commit_hash: ${{ steps.extract_commit_hash.outputs.commit_hash }} | |
| steps: | |
| - name: Checkout detection-rules | |
| uses: actions/checkout@v3 | |
| with: | |
| path: detection-rules | |
| fetch-depth: 0 | |
| - name: Extract commit hash | |
| id: extract_commit_hash | |
| run: | | |
| cd detection-rules | |
| COMMIT_HASH=$(git log --grep="Lock versions for releases" -1 --format="%H") | |
| echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV | |
| shell: bash | |
| fleet-pr: | |
| name: Fleet PR | |
| needs: extract-commit-hash | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Validate the source branch | |
| uses: actions/github-script@v3 | |
| with: | |
| script: | | |
| if ('refs/heads/main' === '${{github.ref}}') { | |
| core.setFailed('Forbidden branch') | |
| } | |
| - name: Checkout detection-rules | |
| uses: actions/checkout@v3 | |
| with: | |
| path: detection-rules | |
| fetch-depth: 0 | |
| - name: Checkout elastic/integrations | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.READ_WRITE_RELEASE_FLEET }} | |
| repository: ${{github.event.inputs.target_repo}} | |
| path: integrations | |
| - name: Set up Python 3.8 | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: 3.8 | |
| - name: Install Python dependencies | |
| run: | | |
| cd detection-rules | |
| python -m pip install --upgrade pip | |
| pip cache purge | |
| pip install .[dev] | |
| - name: Checkout commit hash | |
| env: | |
| COMMIT_HASH: ${{ needs.extract-commit-hash.outputs.commit_hash }} | |
| run: | | |
| cd detection-rules | |
| git checkout ${{ env.COMMIT_HASH }} | |
| - name: Bump prebuilt rules package version | |
| env: | |
| PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}" | |
| NEW_PACKAGE: "${{github.event.inputs.new_package}}" | |
| run: | | |
| cd detection-rules | |
| python -m detection_rules dev bump-pkg-versions \ | |
| --patch-release \ | |
| --new-package $NEW_PACKAGE \ | |
| --maturity $PACKAGE_MATURITY | |
| - name: Store release tag | |
| if: ${{github.event.inputs.package_maturity}} == "ga" | |
| id: packages-version | |
| run: | | |
| cd detection-rules | |
| output=$(cat detection_rules/etc/packages.yml | grep -oP '(?<=\sversion: )\S+') | |
| echo "::set-output name=pkg_version::$output" | |
| - name: Create release tag | |
| if: ${{github.event.inputs.package_maturity}} == "ga" | |
| env: | |
| RELEASE_TAG: "integration-v${{ steps.packages-version.outputs.pkg_version }}" | |
| run: | | |
| cd detection-rules | |
| git tag $RELEASE_TAG | |
| git push origin $RELEASE_TAG | |
| - name: Build release package | |
| run: | | |
| cd detection-rules | |
| python -m detection_rules dev build-release | |
| - name: Set github config | |
| run: | | |
| git config --global user.email "72879786+protectionsmachine@users.noreply.github.com" | |
| git config --global user.name "protectionsmachine" | |
| - name: Setup go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: '^1.20.1' | |
| check-latest: true | |
| - name: Build elastic-package | |
| run: | | |
| go install github.com/elastic/elastic-package@latest | |
| - name: Create the PR to Integrations | |
| env: | |
| DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}" | |
| TARGET_REPO: "${{github.event.inputs.target_repo}}" | |
| TARGET_BRANCH: "${{github.event.inputs.target_branch}}" | |
| LOCAL_REPO: "../integrations" | |
| GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}" | |
| run: | | |
| cd detection-rules | |
| python -m detection_rules dev integrations-pr \ | |
| $LOCAL_REPO \ | |
| --github-repo $TARGET_REPO \ | |
| --base-branch $TARGET_BRANCH \ | |
| --assign ${{github.actor}} \ | |
| $DRAFT_ARGS | |
| - name: Archive production artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: release-files | |
| path: | | |
| detection-rules/releases |