forked from elastic/detection-rules
-
Notifications
You must be signed in to change notification settings - Fork 0
74 lines (68 loc) · 2.31 KB
/
push_latest_to_elastic_security.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Push Latest Rules to Elastic Security Space
on:
push:
branches:
- DAC-feature
paths:
- '**/*.toml'
workflow_dispatch:
inputs:
overwrite:
description: 'Overwrite existing rules'
required: false
default: 'true'
overwrite_exceptions:
description: 'Overwrite existing exceptions'
required: false
default: 'true'
overwrite_action_connectors:
description: 'Overwrite existing action connectors'
required: false
default: 'true'
space:
description: 'Kibana space to use (dev or prod)'
required: false
default: 'prod'
jobs:
sync-to-production:
runs-on: ubuntu-latest
env:
CUSTOM_RULES_DIR: ${{ secrets.CUSTOM_RULES_DIR }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v2
with:
python-version: '3.12'
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip cache purge
pip install .[dev]
- name: Import Rules to Kibana
run: |
FLAGS=""
if [[ "${{ github.event_name }}" == "push" || "${{ inputs.overwrite }}" == "true" ]]; then
FLAGS="$FLAGS --overwrite"
fi
if [[ "${{ github.event_name }}" == "push" || "${{ inputs.overwrite_exceptions }}" == "true" ]]; then
FLAGS="$FLAGS --overwrite-exceptions"
fi
if [[ "${{ github.event_name }}" == "push" || "${{ inputs.overwrite_action_connectors }}" == "true" ]]; then
FLAGS="$FLAGS --overwrite-action-connectors"
fi
if [[ "${{ github.event_name }}" == "push" ]]; then
SPACE="prod" # Default to production for push events
elif [[ "${{ inputs.space }}" == "dev" || "${{ inputs.space }}" == "prod" ]]; then
SPACE="${{ inputs.space }}" # Use provided space if valid
else
echo "::error::Invalid space provided. Defaulting to 'dev'."
SPACE="dev"
fi
SPACE_FLAG="--space $SPACE"
python -m detection_rules kibana $SPACE_FLAG import-rules $FLAGS
env:
DR_CLOUD_ID: ${{ secrets.ELASTIC_CLOUD_ID }}
DR_KIBANA_USER: ${{ secrets.ELASTIC_USERNAME }}
DR_KIBANA_PASSWORD: ${{ secrets.ELASTIC_PASSWORD }}