[8.14] [Security Solution] [Attack discovery] Overrides default Attack discovery timeouts (#183575) #33617
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Add QA labels to Fleet issues | |
| on: | |
| # pull_request_target allows running actions on PRs from forks with a read/write GITHUB_TOKEN, but it will not allow | |
| # running workflows defined in the PRs itself, only workflows already merged into the target branch. This avoids | |
| # potential vulnerabilities that could allow someone to open a PR and retrieve secrets. | |
| # It's important that this workflow never runs any checkout actions which could be used to circumvent this protection. | |
| # See these links for more information: | |
| # - https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/ | |
| # - https://nathandavison.com/blog/github-actions-and-the-threat-of-malicious-pull-requests | |
| pull_request_target: | |
| types: | |
| - closed | |
| jobs: | |
| fetch_issues_to_label: | |
| runs-on: ubuntu-latest | |
| # Only run on PRs that were merged for the Fleet team | |
| if: | | |
| github.event.pull_request.merged_at && | |
| contains(github.event.pull_request.labels.*.name, 'Team:Fleet') | |
| outputs: | |
| issue_ids: ${{ steps.issues_to_label.outputs.value }} | |
| label_ids: ${{ steps.label_ids.outputs.value }} | |
| steps: | |
| - uses: octokit/graphql-action@v2.x | |
| id: closing_issues | |
| with: | |
| query: | | |
| query closingIssueNumbersQuery($prnumber: Int!) { | |
| repository(owner: "elastic", name: "kibana") { | |
| pullRequest(number: $prnumber) { | |
| closingIssuesReferences(first: 10) { | |
| nodes { | |
| id | |
| labels(first: 20) { | |
| nodes { | |
| id | |
| name | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| prnumber: ${{ github.event.number }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: sergeysova/jq-action@v2 | |
| id: issues_to_label | |
| with: | |
| # Map to the issues' node id | |
| cmd: echo $CLOSING_ISSUES | jq -c '.repository.pullRequest.closingIssuesReferences.nodes | map(.id)' | |
| multiline: true | |
| env: | |
| CLOSING_ISSUES: ${{ steps.closing_issues.outputs.data }} | |
| - uses: sergeysova/jq-action@v2 | |
| id: label_ids | |
| with: | |
| # Get list of version labels on pull request and map to label's node id, append 'QA:Ready For Testing' id ("MDU6TGFiZWwyNTQ1NjcwOTI4") | |
| cmd: echo $PR_LABELS | jq -c 'map(select(.name | test("v[0-9]+\\.[0-9]+\\.[0-9]+")) | .node_id) + ["MDU6TGFiZWwyNTQ1NjcwOTI4"]' | |
| multiline: true | |
| env: | |
| PR_LABELS: ${{ toJSON(github.event.pull_request.labels) }} | |
| label_issues: | |
| needs: fetch_issues_to_label | |
| runs-on: ubuntu-latest | |
| # For each issue closed by the PR x each label to apply, run this job | |
| if: | | |
| fromJSON(needs.fetch_issues_to_label.outputs.issue_ids).length > 0 && | |
| fromJSON(needs.fetch_issues_to_label.outputs.label_ids).length > 0 | |
| strategy: | |
| matrix: | |
| issueId: ${{ fromJSON(needs.fetch_issues_to_label.outputs.issue_ids) }} | |
| labelId: ${{ fromJSON(needs.fetch_issues_to_label.outputs.label_ids) }} | |
| name: Label issue ${{ matrix.issueId }} with ${{ matrix.labelId }} | |
| steps: | |
| - uses: octokit/graphql-action@v2.x | |
| id: add_labels_to_closed_issue | |
| with: | |
| query: | | |
| mutation add_label($issueid: ID!, $labelid:ID!) { | |
| addLabelsToLabelable(input: {labelableId: $issueid, labelIds: [$labelid]}) { | |
| clientMutationId | |
| } | |
| } | |
| issueid: ${{ matrix.issueId }} | |
| labelid: ${{ matrix.labelId }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |