forked from opensearch-project/OpenSearch
-
Notifications
You must be signed in to change notification settings - Fork 23
113 lines (97 loc) · 4 KB
/
generate-ecs-mappings.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: ECS Generator
on:
push:
paths:
- 'ecs/**'
jobs:
run-ecs-generator:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up Docker Compose
run: sudo apt-get install docker-compose
- name: Extract ECS Module and Run ECS Generator
id: run-ecs-generator
run: |
# Fetch base branch
git fetch origin +refs/heads/master:refs/remotes/origin/master
# Extract the ECS module name from the modified files
modified_files=$(git diff --name-only origin/master)
ecs_module=""
for file in $modified_files; do
if [[ $file == ecs/* ]]; then
ecs_module=$(echo $file | cut -d'/' -f2)
break
fi
done
if [[ -n "$ecs_module" ]]; then
# Run the ECS generator script
bash docker/ecs/mapping-generator.sh run "$ecs_module"
echo "ecs_module=$ecs_module" >> $GITHUB_ENV
else
echo "No modifications detected in ecs/ directory."
exit 0
fi
- name: Tear down ECS Generator
if: always()
run: bash docker/ecs/mapping-generator.sh down
- name: Upload artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: ecs-template
path: ecs/${{ env.ecs_module }}/mappings/v8.11.0/generated/elasticsearch/legacy/template.json
- name: Checkout target repository
uses: actions/checkout@v4
with:
repository: wazuh/wazuh-indexer-plugins
token: ${{ secrets.GITHUB_TOKEN }}
path: wazuh-indexer-plugins
- name: Copy generated file to target repository
run: |
# Map ECS module to target JSON filename
declare -A module_to_file=(
[agent]="index-template-agent.json"
[alerts]="index-template-alerts.json"
[commands]="index-template-commands.json"
[hardware]="index-template-hardware.json"
[hotfixes]="index-template-hotfixes.json"
[fim]="index-template-fim.json"
[networks]="index-template-networks.json"
[packages]="index-template-packages.json"
[ports]="index-template-ports.json"
[processes]="index-template-processes.json"
[scheduled-commands]="index-template-scheduled-commands.json"
[system]="index-template-system.json"
[vulnerabilities]="index-template-vulnerabilities.json"
)
target_file=${module_to_file[${{ env.ecs_module }}]}
if [[ -z "$target_file" ]]; then
echo "No corresponding file for module ${{ env.ecs_module }}"
exit 1
fi
mkdir -p wazuh-indexer-plugins/plugins/setup/src/main/resources/
cp ecs/${{ env.ecs_module }}/mappings/v8.11.0/generated/elasticsearch/legacy/template.json wazuh-indexer-plugins/plugins/setup/src/main/resources/$target_file
- name: Commit and push changes
run: |
cd wazuh-indexer-plugins
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
git checkout -b update-ecs-template-${{ env.ecs_module }}
git add .
git commit -m "Update ECS template for module ${{ env.ecs_module }}"
git push origin update-ecs-template-${{ env.ecs_module }}
- name: Create Pull Request
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: "Update ECS template for module ${{ env.ecs_module }}"
branch: update-ecs-template-${{ env.ecs_module }}
title: "Update ECS template for module ${{ env.ecs_module }}"
body: "This PR updates the ECS template for the ${{ env.ecs_module }} module."
base: master