-
Notifications
You must be signed in to change notification settings - Fork 513
76 lines (66 loc) · 2.38 KB
/
attack-coverage-update.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
name: attack-coverage-update
on:
workflow_dispatch:
inputs:
update-coverage:
description: 'Update the docs/ATT&CK-coverage.md file'
required: true
default: '--update-coverage'
pull_request:
branches: [ "*" ]
jobs:
pr:
runs-on: ubuntu-latest
steps:
- name: Checkout detection-rules
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip cache purge
pip install .[dev]
- name: Build release package with navigator files
run: |
python -m detection_rules dev build-release --generate-navigator
- name: Set github config
run: |
git config --global user.email "[email protected]"
git config --global user.name "protectionsmachine"
- name: Update navigator gist files and docs/ATT&CK-coverage.md file.
env:
GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}"
run: |
python -m detection_rules dev update-navigator-gists ${{ github.event.inputs.update-coverage }}
changed_file = $(git diff --name-only)
if [ "docs/ATT&CK-coverage.md" = "$changed_file" ]
then
echo "Changes to docs/ATT&CK-coverage.md detected. Adding to commit."
git add docs/ATT&CK-coverage.md
else
echo "No changes to docs/ATT&CK-coverage.md detected."
fi
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
with:
assignees: '${{github.actor}}'
delete-branch: true
branch: "update-attack-coverage"
commit-message: "Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md"
branch-suffix: "short-commit-hash"
title: 'Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md'
body: |
Update ATT&CK coverage URL(s) in docs/ATT&CK-coverage.md
- Autogenerated from job `attack-coverage-update: pr`.
labels: "backport: auto"
- name: Archive production artifacts
uses: actions/upload-artifact@v4
with:
name: release-files
path: |
releases