change workflow

elastic · Mar 12, 2024 · af93c7f · af93c7f
1 parent 877afae
commit af93c7f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 26 deletions.
diff --git a/.github/workflows/sync-rule-templates.yml b/.github/workflows/sync-rule-templates.yml
@@ -10,6 +10,7 @@ on:
  branches:
  - main
  paths:
+ # only run when metadata failed not when the rule is updated
  - "security-policies/**"
 
 env:

diff --git a/scripts/sync_rule_templates.sh b/scripts/sync_rule_templates.sh
@@ -1,8 +1,6 @@
 #!/bin/bash
 set -euo pipefail
 
-# TODO: update changelog + manifest version
-
 git config --global user.email "cloudsecmachine@users.noreply.github.com"
 git config --global user.name "Cloud Security Machine"
 
@@ -13,22 +11,22 @@ templates_path="packages/cloud_security_posture/kibana/csp_rule_template"
 manifest_path="packages/cloud_security_posture/manifest.yml"
 changelog_path="packages/cloud_security_posture/changelog.yml"
 
+cd ../integrations
+if git fetch origin main "$branch_name" &>/dev/null; then
+ git checkout "$branch_name"
+else
+ git checkout -b "$branch_name" origin/main
+fi
+git checkout origin/main -- "$manifest_path" "$changelog_path"
+git rebase origin/main
+cd ../cloudbeat
 poetry run -C security-policies python security-policies/dev/generate_rule_templates.py
 cd ../integrations
+git add "$templates_path"
+git commit -m "Sync CIS rule templates"
+git push origin "$branch_name" -f
 
 if [[ -z "$pr_number" ]]; then
- echo "Create PR"
-
- if gh api "$repo/branches/$branch_name" &>/dev/null; then
- echo "Deleting existing branch $branch_name - no open PR found"
- gh api --method DELETE "$repo/git/refs/heads/$branch_name"
- fi
-
- git checkout -b "$branch_name" origin/main
- git add "$templates_path"
- git commit -m "Sync CIS rule templates"
- git push origin "$branch_name"
-
  pr=$(gh api \
  --method POST \
  -H "Accept: application/vnd.github+json" \
@@ -47,18 +45,6 @@ if [[ -z "$pr_number" ]]; then
  -H "X-GitHub-Api-Version: 2022-11-28" \
  "/$repo/issues/$pr_number/labels" \
  -f "labels[]=Team:Cloud Security" -f "labels[]=enhancement"
-
-else
- echo "Update PR"
-
- git fetch origin main "$branch_name"
- git checkout "$branch_name"
- git checkout origin/main -- "$manifest_path" "$changelog_path"
- git rebase origin/main
- git add "$templates_path"
- git commit -m "Sync CIS rule templates"
- git push origin "$branch_name" -f
-
 fi
 
 # TODO: update manifest.yml and changelog.yml