Merge branch 'contrib/metron-labs_devo_V2-dev' into devo_V2-dev

.circleci/config.yml

@@ -106,7 +106,7 @@ references:
           neo4j_conf_file="/etc/neo4j/neo4j.conf"
           sudo echo "dbms.security.procedures.unrestricted=apoc.*" >> $neo4j_conf_file
           sudo echo "dbms.security.procedures.allowlist=apoc.*" >> $neo4j_conf_file
-          sudo echo "dbms.memory.transaction.total.max=600m" >> $neo4j_conf_file
+          sudo echo "dbms.memory.transaction.total.max=2000m" >> $neo4j_conf_file
 
           apoc_conf_file="/etc/neo4j/apoc.conf"
           sudo echo "apoc.export.file.enabled=true" > $apoc_conf_file

.devcontainer/Dockerfile

@@ -1,12 +1,14 @@
-FROM python:3.10-slim-bullseye
+FROM python:3.10-slim-bookworm
 
 ENV USERNAME demisto
 ENV HOME /home/$USERNAME
 ENV NODE_EXTRA_CA_CERTS /usr/local/share/ca-certificates/certs.crt
 ENV PATH $PATH:$HOME/.local/bin:/root/.local/bin:/usr/local/share/nvm/current/bin
+ENV FEATURES_COMMIT_HASH fc62e9abf47c5ea52e02de997c91c5d52a5edc3a
+
 
 ADD createCerts.sh .
-RUN apt-get update && apt-get install dos2unix git python2 curl -y \
+RUN apt-get update && apt-get install dos2unix git curl -y \
     && dos2unix /createCerts.sh \
     && chmod +x /createCerts.sh \ 
     && /createCerts.sh $NODE_EXTRA_CA_CERTS \
@@ -15,13 +17,14 @@ RUN apt-get update && apt-get install dos2unix git python2 curl -y \
     && git clone https://github.com/devcontainers/features.git /features \
     && cd /features \
     # locking to the latest master commit in this repo (https://github.com/devcontainers/features.git) to prevent breaking changes
-    # We should update this commit hash from time to time to
-    && git checkout 96bff0097028001e6e4126c5528d37cb8c13e785
+    # We should update this commit hash from time to time to time
+    && git checkout $FEATURES_COMMIT_HASH
 
 # This is a workaround for VSCode devcontainer features in self signed certificate
 RUN UID="1000" GID="1000" bash /features/src/common-utils/install.sh
 RUN VERSION="os-provided" bash /features/src/git/install.sh
-RUN VERSION="latest" bash /features/src/docker-in-docker/install.sh
+# Install a specific version of moby-buildx when using Moby. (2024-02-09: Microsoft's Package Manifest has mismatching filesize and SHA for 0.12.1;  0.12.0 is the last known good version)
+RUN VERSION="lts" MOBYBUILDXVERSION="0.12.0" bash /features/src/docker-in-docker/install.sh
 RUN VERSION="lts" bash /features/src/node/install.sh
 RUN bash /features/src/sshd/install.sh
 RUN bash /features/src/github-cli/install.sh

.github/CODEOWNERS

@@ -101,7 +101,7 @@ Utils/trigger_nightly_sdk_build.sh @dorschw
 .pre-commit-config_template.yaml @dorschw @ilaner
 
 # XDR Related
-/Packs/CortexXDR/Integrations/ @dansterenson
+/Packs/CortexXDR/Integrations/ @maimorag
 /Packs/Core/Integrations/ @dansterenson
 /Packs/ApiModules/Scripts/CoreIRApiModule/* @dansterenson
 

.github/content_roles.json

@@ -1,14 +1,14 @@
 {
     "CONTRIBUTION_REVIEWERS": [
-        "YuvHayun",
-        "yucohen",
-        "shmuel44"
+        "jbabazadeh",
+        "moishce",
+        "merit-maita"
     ],
-    "CONTRIBUTION_TL": "AradCarmi",
+    "CONTRIBUTION_TL": "JudahSchwartz",
     "CONTRIBUTION_SECURITY_REVIEWER": "melamedbn",
     "ON_CALL_DEVS": [
-        "dfried",
-        "meichler"
+        "aedri",
+        "ipolishuk"
     ],
     "DOC_REVIEWER": "ShirleyDenkberg",
     "TIM_REVIEWER": "MLainer1"

.github/workflows/check-nightly-ok-label.yml

@@ -0,0 +1,51 @@
+name: Check nightly-ok label
+
+on:
+  pull_request:
+    types: [opened, synchronize, labeled, unlabeled]
+
+jobs:
+  check_label:
+    runs-on: ubuntu-latest
+    if: github.repository == 'demisto/content' && github.event.pull_request.head.repo.fork == false
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if files under .gitlab directory are changed
+        id: check-changes
+        run: |
+          CHANGED_FILES=$(git diff --name-only origin/master origin/${{ github.head_ref || github.ref_name }})
+          echo "All changed files:"
+          echo "${CHANGED_FILES}"
+          GITLAB_CHANGED_FILES=$( [[ $CHANGED_FILES == *".gitlab/ci"* ]] && echo true || echo false)
+          echo "Files in the .gitlab folder have changed: ${GITLAB_CHANGED_FILES}"
+          echo "gitlab_changed_files=$GITLAB_CHANGED_FILES" >> $GITHUB_OUTPUT
+          if [[ $GITLAB_CHANGED_FILES == true ]]; then
+            echo 'Files under .gitlab folder has changed, Will check if the PR has the `nightly-ok` label.'
+          else
+            echo 'Files in the .gitlab folder have not been changed.'
+          fi
+
+      - name: Check if PR has the nightly-ok label
+        uses: actions/github-script@v7
+        id: check-label
+        with:
+          script: |
+            const gitlabChangedFiles = ${{ steps.check-changes.outputs.gitlab_changed_files }};
+            if(gitlabChangedFiles) {
+              console.log('Files under .gitlab folder has changed, Will check if the PR has the `nightly-ok` label.');
+              const labels = context.payload.pull_request.labels.map(label => label.name);
+              const hasLabel = labels.includes('nightly-ok');
+              if (hasLabel) {
+                console.log('All good, the PR has the `nightly-ok` label.');
+              } else {
+                console.log('PR does not have the `nightly-ok` label. It is required when changing files under the `.gitlab` directory. Please run nightly using the Utils/gitlab_triggers/trigger_content_nightly_build.sh script, check that succeeded, and add the `nightly-ok` label');
+                process.exit(1); // Exit with failure status if label is missing
+              }
+            } else {
+              console.log('Files in the .gitlab folder have not been changed.');
+            }

.github/workflows/create-internal-pr-from-external.yml

@@ -5,6 +5,9 @@ on:
     branches:
       - contrib/**
 
+permissions:
+  pull-requests: write
+
 jobs:
   create_internal_pr:
     runs-on: ubuntu-latest
@@ -39,3 +42,11 @@ jobs:
           cd Utils/github_workflow_scripts
           poetry run ./create_internal_pr.py
           echo "Finished Creating Internal PR"
+      
+      - name: Notify External PR Merge
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          echo "Add a comment"
+          gh pr comment "$PR_URL" --body "Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days."

.github/workflows/pre-commit-reuse.yml

@@ -19,6 +19,9 @@ jobs:
       with:
         fetch-depth: 0
 
+    - name: Set PYTHONPATH
+      run: echo "PYTHONPATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
+
     - name: Setup python
       uses: actions/setup-python@v4
       with:
@@ -45,13 +48,44 @@ jobs:
 
     - name: "Check coverage.xml exists"
       if: always()
-      id: check_files
+      id: check-coverage-xml-exists
       uses: andstor/file-existence-action@v2
       with:
         files: "coverage_report/coverage.xml"
 
+    - name: "Check pytest report exists"
+      if: always()
+      id: check-pytest-junit-exists
+      uses: andstor/file-existence-action@v2
+      with:
+        files: ".report_pytest.xml"
+
+    - name: Create pack-wise pytest report
+      run: poetry run python Utils/github_workflow_scripts/parse_junit_per_pack.py
+      if: |
+        always() && 
+        steps.check-pytest-junit-exists.outputs.files_exists == 'true' && 
+        github.event.pull_request.head.repo.fork == false
+
+    - name: Upload junit & pack-wise pytest report
+      uses: actions/upload-artifact@v4
+      if: |
+        always() && 
+        steps.check-pytest-junit-exists.outputs.files_exists == 'true' && 
+        github.event.pull_request.head.repo.fork == false
+      with:
+        name: pytest
+        path: |
+          packwise_pytest_time.csv
+          .report_pytest.xml
+        if-no-files-found: error
+
     - name: Pytest coverage comment
-      if: always() && steps.check_files.outputs.files_exists == 'true' && github.event.pull_request.head.repo.fork == false
+      if: |
+        always() && 
+        steps.check-coverage-xml-exists.outputs.files_exists == 'true' && 
+        steps.check-pytest-junit-exists.outputs.files_exists == false && 
+        github.event.pull_request.head.repo.fork == false
       uses: MishaKav/pytest-coverage-comment@main
       with:
         pytest-xml-coverage-path: coverage_report/coverage.xml

.github/workflows/trigger-contribution-build.yml

@@ -24,7 +24,7 @@ jobs:
           PR_NUMBER: ${{ github.event.pull_request.number }}
           BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
           CONTRIB_BRANCH: ${{ github.event.pull_request.head.label }}
-          CONTRIB_REPO: ${{ github.event.repository.name }}
+          CONTRIB_REPO: ${{ github.event.pull_request.head.repo.name }}
           USERNAME: ${{ secrets.SECRET_CHECK_USER_NG }}
           PASSWORD: ${{ secrets.SECRET_CHECK_PASS_NG }}
           GOLD_SERVER_URL: ${{ secrets.GOLD_SERVER_URL_NG }}

.github/workflows/update-demisto-sdk-version.yml

@@ -14,6 +14,11 @@ on:
         description: The SDK release changes
         required: true
         type: string
+      is_draft:
+        description: Is draft pull request
+        required: false
+        type: boolean
+        default: false
 
 permissions:
   contents: write
@@ -38,7 +43,7 @@ jobs:
         python-version: '3.10'
         cache: 'poetry'
 
-    - name: Create brnach
+    - name: Create branch
       run: |
         git config --global user.email "[email protected]"
         git config --global user.name "Content Bot"
@@ -49,14 +54,21 @@ jobs:
       run: |
         poetry add --group dev demisto-sdk@${{inputs.release_version}}
         poetry lock --no-update
+        git add .
         source .venv/bin/activate
-        demisto-sdk pre-commit --no-validate --no-secrets --no-unit-test
+        demisto-sdk pre-commit --mode=ci
         git add .
 
     - name: Create pull request
       run: |
         git commit -m "poetry files" -a
         git push origin ${{ inputs.release_version }}
-        gh pr create -B master -H ${{ inputs.release_version }} --title "demisto-sdk-release ${{ inputs.release_version }}" --body "${{ inputs.release_changes }}" --reviewer ${{ inputs.reviewer }} -l "docs-approved"
+        if ${{ inputs.is_draft == true }}; then
+          echo "creating draft release pull request"
+          gh pr create -B master -H ${{ inputs.release_version }} --title "demisto-sdk-release ${{ inputs.release_version }}" --body "${{ inputs.release_changes }}" --reviewer ${{ inputs.reviewer }} -l "docs-approved" --draft
+        else
+          echo "creating release pull request"
+          gh pr create -B master -H ${{ inputs.release_version }} --title "demisto-sdk-release ${{ inputs.release_version }}" --body "${{ inputs.release_changes }}" --reviewer ${{ inputs.reviewer }} -l "docs-approved"
+        fi
       env:
         GH_TOKEN: ${{ secrets.CONTENTBOT_GH_ADMIN_TOKEN }}

.gitignore

@@ -99,4 +99,9 @@ demisto_sdk_debug.log.*
 *.log
 
 # Ignore Modeling Rules test conf
-Packs/**/ModelingRules/**/**/*_testdata.json
+Packs/**/ModelingRules/**/**/*_testdata.json
+
+# Build files
+.cache/
+.npm/
+pipeline_jobs_folder/

.gitlab/ci/.gitlab-ci.bucket-upload.yml

@@ -351,6 +351,12 @@ upload-packs-to-marketplace:
         fi
         python3 ./Tests/Marketplace/copy_and_upload_packs.py -a "${PACK_ARTIFACTS}" -e $EXTRACT_FOLDER -pb "$GCS_MARKET_BUCKET" -bb "$GCS_BUILD_BUCKET" -s $GCS_MARKET_KEY -n $CI_PIPELINE_ID -c $CI_COMMIT_BRANCH -p "${PACKS_TO_UPLOAD}" -pbp "$STORAGE_BASE_PATH/packs" --marketplace xsoar
         
+        gcloud auth activate-service-account --key-file="$GCS_ARTIFACTS_KEY" >> "${ARTIFACTS_FOLDER}/logs/gcloud_auth.log" 2>&1
+        if [[ $TEST_UPLOAD == "false" ]] && [[ -f "${ARTIFACTS_FOLDER_SERVER_TYPE}/packs_results_upload.json" ]]; then
+          gsutil cp "${ARTIFACTS_FOLDER_SERVER_TYPE}/packs_results_upload.json" "gs://xsoar-ci-artifacts/content/$CI_COMMIT_SHA/$MARKETPLACE_VERSION/packs_results_upload.json"
+          echo "packs_results_upload.json upload successfully"
+        fi
+        
         core_packs_files_count=$(find "${ARTIFACTS_FOLDER_SERVER_TYPE}" -name "corepacks*.json" | wc -l)
         if [ "${core_packs_files_count}" -eq 0 ]; then
           echo "No core packs files were found, skipping uploading."
@@ -438,6 +444,13 @@ upload-packs-to-marketplace-v2:
         fi
         python3 ./Tests/Marketplace/copy_and_upload_packs.py -a "${PACK_ARTIFACTS}" -e $EXTRACT_FOLDER -pb "$GCS_MARKET_V2_BUCKET" -bb "$GCS_BUILD_BUCKET" -s $GCS_MARKET_KEY -n $CI_PIPELINE_ID -c $CI_COMMIT_BRANCH -p "${PACKS_TO_UPLOAD}" -pbp "$STORAGE_BASE_PATH/packs" --marketplace marketplacev2
         
+        gcloud auth activate-service-account --key-file="$GCS_ARTIFACTS_KEY" >> "${ARTIFACTS_FOLDER}/logs/gcloud_auth.log" 2>&1
+      
+        if [[ $TEST_UPLOAD == "false" ]] && [[ -f "${ARTIFACTS_FOLDER_SERVER_TYPE}/packs_results_upload.json" ]]; then
+          gsutil cp "${ARTIFACTS_FOLDER_SERVER_TYPE}/packs_results_upload.json" "gs://xsoar-ci-artifacts/content/$CI_COMMIT_SHA/$MARKETPLACE_VERSION/packs_results_upload.json"
+          echo "packs_results_upload.json upload successfully"
+        fi
+        
         core_packs_files_count=$(find "${ARTIFACTS_FOLDER_SERVER_TYPE}" -name "corepacks*.json" | wc -l)
         if [ "${core_packs_files_count}" -eq 0 ]; then
           echo "No core packs files were found, skipping uploading."
@@ -523,6 +536,12 @@ upload-packs-to-xpanse-marketplace:
         fi
         python3 ./Tests/Marketplace/copy_and_upload_packs.py -a "${PACK_ARTIFACTS}" -e $EXTRACT_FOLDER -pb "$GCS_MARKET_XPANSE_BUCKET" -bb "$GCS_BUILD_BUCKET" -s $GCS_MARKET_KEY -n $CI_PIPELINE_ID -c $CI_COMMIT_BRANCH -p "${PACKS_TO_UPLOAD}" -pbp "$STORAGE_BASE_PATH/packs" --marketplace xpanse
         
+        gcloud auth activate-service-account --key-file="$GCS_ARTIFACTS_KEY" >> "${ARTIFACTS_FOLDER}/logs/gcloud_auth.log" 2>&1
+        if [[ $TEST_UPLOAD == "false" ]] && [[ -f "${ARTIFACTS_FOLDER_SERVER_TYPE}/packs_results_upload.json" ]]; then
+          gsutil cp "${ARTIFACTS_FOLDER_SERVER_TYPE}/packs_results_upload.json" "gs://xsoar-ci-artifacts/content/$CI_COMMIT_SHA/$MARKETPLACE_VERSION/packs_results_upload.json"
+          echo "packs_results_upload.json upload successfully"
+        fi
+      
         core_packs_files_count=$(find "${ARTIFACTS_FOLDER_SERVER_TYPE}" -name "corepacks*.json" | wc -l)
         if [ "${core_packs_files_count}" -eq 0 ]; then
           echo "No core packs files were found, skipping uploading."
@@ -608,6 +627,12 @@ upload-packs-to-xsoar-saas-marketplace:
         fi
         python3 ./Tests/Marketplace/copy_and_upload_packs.py -a "${PACK_ARTIFACTS}" -e $EXTRACT_FOLDER -pb "$GCS_MARKET_XSOAR_SAAS_BUCKET" -bb "$GCS_BUILD_BUCKET" -s $GCS_MARKET_KEY -n $CI_PIPELINE_ID -c $CI_COMMIT_BRANCH -pbp "$STORAGE_BASE_PATH/packs" --marketplace xsoar_saas
         
+        gcloud auth activate-service-account --key-file="$GCS_ARTIFACTS_KEY" >> "${ARTIFACTS_FOLDER}/logs/gcloud_auth.log" 2>&1
+        if [[ $TEST_UPLOAD == "false" ]] && [[ -f "${ARTIFACTS_FOLDER_SERVER_TYPE}/packs_results_upload.json" ]]; then
+          gsutil cp "${ARTIFACTS_FOLDER_SERVER_TYPE}/packs_results_upload.json" "gs://xsoar-ci-artifacts/content/$CI_COMMIT_SHA/$MARKETPLACE_VERSION/packs_results_upload.json"
+          echo "packs_results_upload.json upload successfully"
+        fi
+        
         core_packs_files_count=$(find "${ARTIFACTS_FOLDER_SERVER_TYPE}" -name "corepacks*.json" | wc -l)
         if [ "${core_packs_files_count}" -eq 0 ]; then
           echo "No core packs files were found, skipping uploading."

.gitlab/ci/.gitlab-ci.global.yml

@@ -71,7 +71,7 @@
 .check_build_files_are_up_to_date: &check_build_files_are_up_to_date
   - section_start "Check Build Files Are Up To Date"
   - |
-    if [[ -n "${DEMISTO_SDK_NIGHTLY}" ]] || [[ -n "${NIGHTLY}" ]] || [[ -n "${BUCKET_UPLOAD}" ]] || [[ -n "${SLACK_JOB}" ]] || [[ "${BUILD_MACHINES_CLEANUP}" == "true" ]] || [[ "${DELETE_MISMATCHED_BRANCHES}" == "true" ]] || [[ "${SECURITY_SCANS}" == "true" ]] || [[ "${DEMISTO_TEST_NATIVE_CANDIDATE}" == "true" ]] || [[ "${CI_COMMIT_BRANCH}" == "master" ]]; then
+    if [[ -n "${DEMISTO_SDK_NIGHTLY}" ]] || [[ -n "${NIGHTLY}" ]] || [[ -n "${BUCKET_UPLOAD}" ]] || [[ -n "${SLACK_JOB}" ]] || [[ "${BUILD_MACHINES_CLEANUP}" == "true" ]] || [[ "${DELETE_MISMATCHED_BRANCHES}" == "true" ]] || [[ "${SECURITY_SCANS}" == "true" ]] || [[ "${DEMISTO_TEST_NATIVE_CANDIDATE}" == "true" ]] || [[ "${CI_COMMIT_BRANCH}" == "master" ]] || [[ "${SDK_RELEASE}" == "true" ]]; then
       echo "Running a build which doesn't require build files check validation"
     else
       ./Tests/scripts/is_file_up_to_date.sh .gitlab $CI_COMMIT_BRANCH
@@ -127,6 +127,14 @@
       source "$BASH_ENV"
     fi
   - source .circleci/content_release_vars.sh
+  # DEMISTO_SDK_GRAPH_FORCE_CREATE set to true to create graph from scratch.
+  - |
+    if [[ $NIGHTLY ]]; then
+      echo "set DEMISTO_SDK_GRAPH_FORCE_CREATE to true to create graph from scratch"
+      export DEMISTO_SDK_GRAPH_FORCE_CREATE=true
+      echo "DEMISTO_SDK_GRAPH_FORCE_CREATE was set to true to create graph from scratch"
+      echo $DEMISTO_SDK_GRAPH_FORCE_CREATE
+    fi
   - section_end "Source BASH Environment"
   - section_start "Granting execute permissions on files" --collapsed
   - chmod +x ./Tests/scripts/*
@@ -493,8 +501,6 @@
   stage: unittests-and-validations
   extends:
     - .default-job-settings
-  variables:
-    KUBERNETES_CPU_REQUEST: 1000m
   artifacts:
     expire_in: 30 days
     paths:

.gitlab/ci/.gitlab-ci.on-push.yml

@@ -90,6 +90,8 @@ run-unittests-and-lint:
       when: never
     - if: '$BUILD_MACHINES_CLEANUP == "true"'
       when: never
+    - if: '$SDK_RELEASE == "true"'
+      when: never
     - if: '$FORCE_BUCKET_UPLOAD == "true"'
       when: never
     - if: '$DEMISTO_TEST_NATIVE_CANDIDATE == "true"'
@@ -130,15 +132,20 @@ validate-content-conf:
   cache:
     policy: pull-push
   variables:
-    KUBERNETES_CPU_REQUEST: 2000m
     EXTRACT_PRIVATE_TESTDATA: "true"
   stage: prepare-testing-bucket
   script:
     - !reference [.download-demisto-conf]
     - !reference [.create-release-notes-and-common-docs]
     - !reference [.secrets-fetch]
     - section_start "Create or update content graph" --collapsed
-
+    - |
+        echo "set DEMISTO_SDK_GRAPH_FORCE_CREATE to true to create graph from scratch"
+        export DEMISTO_SDK_GRAPH_FORCE_CREATE=true
+        echo "DEMISTO_SDK_GRAPH_FORCE_CREATE was set to true to create graph from scratch"
+        echo $DEMISTO_SDK_GRAPH_FORCE_CREATE
+    - echo "Staging the repo to include the private packs in the graph"
+    - git add Packs
     - echo "Updating the content graph"
     - mkdir "${ARTIFACTS_FOLDER_SERVER_TYPE}/content_graph"
     - demisto-sdk update-content-graph -g --marketplace "${MARKETPLACE_VERSION}" -o "${ARTIFACTS_FOLDER_SERVER_TYPE}/content_graph"
@@ -373,9 +380,6 @@ tests_xsoar_server:
     - !reference [.filter-non-nightly-docker-updates-rule, rules]
     - if: '$CI_PIPELINE_SOURCE =~ /^(push|contrib)$/'
     - if: '$NIGHTLY'
-      when: always
-      variables:
-        KUBERNETES_CPU_REQUEST: 2000m
   parallel:
     matrix:
       - INSTANCE_ROLE: