lock-versions #122
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: lock-versions | |
on: | |
workflow_dispatch: | |
inputs: | |
branches: | |
description: 'List of branches to lock versions (ordered, comma separated)' | |
required: true | |
# 7.17 was intentionally skipped because it was added late and was bug fix only | |
default: '8.11,8.12,8.13,8.14,8.15,8.16' | |
jobs: | |
pr: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Validate the source branch | |
uses: actions/github-script@v3 | |
with: | |
script: | | |
if ('refs/heads/main' !== '${{github.event.ref}}') { | |
core.setFailed('Forbidden branch, expected "main"') | |
} | |
- name: Checkout detection-rules | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip cache purge | |
pip install .[dev] | |
- name: Build release package | |
run: | | |
python -m detection_rules dev build-release | |
- name: Set github config | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "protectionsmachine" | |
- name: Lock the versions | |
env: | |
BRANCHES: "${{github.event.inputs.branches}}" | |
run: | | |
./detection_rules/etc/lock-multiple.sh $BRANCHES | |
git add detection_rules/etc/version.lock.json | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v3 | |
with: | |
assignees: '${{github.actor}}' | |
delete-branch: true | |
branch: "version-lock" | |
commit-message: "Locked versions for releases: ${{github.event.inputs.branches}}" | |
branch-suffix: "short-commit-hash" | |
title: 'Lock versions for releases: ${{github.event.inputs.branches}}' | |
body: | | |
Lock versions for releases: ${{github.event.inputs.branches}}. | |
- Autogenerated from job `lock-versions: pr`. | |
labels: "backport: auto" | |
- name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-files | |
path: | | |
releases |