[FR] Update the release versioning process and workflow #55
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Version Code Check and Draft Release | |
| on: | |
| pull_request: | |
| paths: | |
| - 'lib/**' | |
| - 'hunting/**/*.py' | |
| - 'pyproject.toml' | |
| - 'Makefile' | |
| - 'docs/**' | |
| - 'detection_rules/**' | |
| - 'tests/**' | |
| - '**/*.md' | |
| types: [opened, reopened, synchronize, labeled, closed] | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| label_check: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Ensure PR has Version Bump Label | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const labels = ['major', 'minor', 'patch']; | |
| const prLabels = context.payload.pull_request.labels.map(label => label.name); | |
| const hasVersionLabel = labels.some(label => prLabels.includes(label)); | |
| if (!hasVersionLabel) { | |
| throw new Error("PR must have one of the following labels: major, minor, or patch."); | |
| } | |
| version_check: | |
| if: github.event_name == 'pull_request' | |
| needs: label_check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set github config | |
| run: | | |
| git config --global user.email "72879786+protectionsmachine@users.noreply.github.com" | |
| git config --global user.name "protectionsmachine" | |
| - name: Check if core pyproject.toml was updated | |
| run: | | |
| BASE_COMMIT="${{ github.event.pull_request.base.sha }}" | |
| if ! git diff --name-only "$BASE_COMMIT" "$GITHUB_SHA" | grep '^pyproject.toml$'; then | |
| echo "Code changes detected in core, but pyproject.toml was not updated." | |
| exit 1 | |
| fi | |
| - name: Check if lib pyproject.toml files were updated | |
| run: | | |
| BASE_COMMIT="${{ github.event.pull_request.base.sha }}" | |
| if git diff --name-only "$BASE_COMMIT" "$GITHUB_SHA" | grep -E 'lib/kql/|lib/kibana/'; then | |
| if ! git diff --name-only "$BASE_COMMIT" "$GITHUB_SHA" | grep -E 'lib/kql/pyproject.toml|lib/kibana/pyproject.toml'; then | |
| echo "Changes detected in kql or kibana library, but respective pyproject.toml was not updated." | |
| exit 1 | |
| fi | |
| fi | |
| release_drafter: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Run Release Drafter | |
| uses: release-drafter/release-drafter@v6 | |
| with: | |
| config-name: release-drafter.yml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |