Lock versions for releases: 8.11,8.12,8.13,8.14,8.15,8.16 #113
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Version Code Check and Draft Release | |
| on: | |
| pull_request: | |
| paths: | |
| - 'lib/**' | |
| - 'hunting/**/*.py' | |
| - 'pyproject.toml' | |
| - 'Makefile' | |
| - 'docs/**' | |
| - 'detection_rules/**' | |
| - 'tests/**' | |
| - '**/*.md' | |
| types: [opened, reopened, synchronize, labeled, closed] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| label_check: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Ensure PR has Version Bump Label | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const labels = ['major', 'minor', 'patch']; | |
| const prLabels = context.payload.pull_request.labels.map(label => label.name); | |
| const hasVersionLabel = labels.some(label => prLabels.includes(label)); | |
| if (!hasVersionLabel) { | |
| throw new Error("PR must have one of the following labels: major, minor, or patch."); | |
| } | |
| version_check: | |
| if: github.event_name == 'pull_request' | |
| needs: label_check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check if core pyproject.toml was updated | |
| run: | | |
| BASE_COMMIT="${{ github.event.pull_request.base.sha }}" | |
| if ! git diff --name-only "$BASE_COMMIT" "$GITHUB_SHA" | grep '^pyproject.toml$'; then | |
| echo "Code changes detected in core, but pyproject.toml was not updated." | |
| exit 1 | |
| fi | |
| - name: Check if lib pyproject.toml files were updated | |
| run: | | |
| BASE_COMMIT="${{ github.event.pull_request.base.sha }}" | |
| if git diff --name-only "$BASE_COMMIT" "$GITHUB_SHA" | grep -E 'lib/kql/|lib/kibana/'; then | |
| if ! git diff --name-only "$BASE_COMMIT" "$GITHUB_SHA" | grep -E 'lib/kql/pyproject.toml|lib/kibana/pyproject.toml'; then | |
| echo "Changes detected in kql or kibana library, but respective pyproject.toml was not updated." | |
| exit 1 | |
| fi | |
| fi | |
| tag_and_draft_release: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set github config | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "protectionsmachine" | |
| - name: Extract version from pyproject.toml and create tag | |
| id: extract_version | |
| run: | | |
| version=$(grep '^version = ' pyproject.toml | cut -d '"' -f2) | |
| echo "Detected version: $version" | |
| git tag -a "dev-v$version" -m "Release version $version" | |
| git push origin "dev-v$version" | |
| - name: Run Release Drafter | |
| uses: release-drafter/release-drafter@v6 | |
| with: | |
| config-name: release-drafter.yml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |