forked from opensearch-project/OpenSearch
-
Notifications
You must be signed in to change notification settings - Fork 22
130 lines (111 loc) · 4.55 KB
/
generate-ecs-mappings.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: ECS Generator
on:
push:
paths:
- 'ecs/**'
jobs:
run-ecs-generator:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up Docker Compose
run: sudo apt-get install docker-compose
- name: Extract ECS Modules and Run ECS Generator
id: run-ecs-generator
run: |
# Fetch base branch
git fetch origin +refs/heads/master:refs/remotes/origin/master
# Extract the ECS module names from the modified files
modified_files=$(git diff --name-only origin/master)
updated_modules=()
for file in $modified_files; do
if [[ $file == ecs/* ]]; then
ecs_module=$(echo $file | cut -d'/' -f2)
if [[ ! " ${updated_modules[*]} " =~ " ${ecs_module} " ]]; then
updated_modules+=("$ecs_module")
fi
fi
done
if [[ ${#updated_modules[@]} -gt 0 ]]; then
export REPO_PATH=$(pwd)
for ecs_module in "${updated_modules[@]}"; do
# Run the ECS generator script for each module
bash docker/ecs/mapping-generator.sh run "$ecs_module"
echo "Processed ECS module: $ecs_module"
done
echo "updated_modules=${updated_modules[*]}" >> $GITHUB_ENV
else
echo "No modifications detected in ecs/ directory."
exit 0
fi
- name: Tear down ECS Generator
if: always()
run: bash docker/ecs/mapping-generator.sh down
- name: Upload artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: ecs-template
path: ecs/**/mappings/v8.11.0/generated/elasticsearch/legacy/template.json
- name: Checkout target repository
uses: actions/checkout@v4
with:
repository: wazuh/wazuh-indexer-plugins
token: ${{ secrets.GITHUB_TOKEN }}
path: wazuh-indexer-plugins
- name: Copy generated files to target repository
run: |
# Map ECS modules to target JSON filenames
declare -A module_to_file=(
[agent]="index-template-agent.json"
[alerts]="index-template-alerts.json"
[commands]="index-template-commands.json"
[hardware]="index-template-hardware.json"
[hotfixes]="index-template-hotfixes.json"
[fim]="index-template-fim.json"
[networks]="index-template-networks.json"
[packages]="index-template-packages.json"
[ports]="index-template-ports.json"
[processes]="index-template-processes.json"
[scheduled-commands]="index-template-scheduled-commands.json"
[system]="index-template-system.json"
[vulnerabilities]="index-template-vulnerabilities.json"
)
for ecs_module in ${updated_modules[@]}; do
target_file=${module_to_file[$ecs_module]}
if [[ -z "$target_file" ]]; then
echo "No corresponding file for module $ecs_module"
exit 1
fi
mkdir -p wazuh-indexer-plugins/plugins/setup/src/main/resources/
cp ecs/$ecs_module/mappings/v8.11.0/generated/elasticsearch/legacy/template.json wazuh-indexer-plugins/plugins/setup/src/main/resources/$target_file
done
- name: Commit and push changes
run: |
cd wazuh-indexer-plugins
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
branch_name="update-ecs-templates"
# Check if branch exists
if git ls-remote --heads origin $branch_name | grep $branch_name; then
git checkout $branch_name
else
git checkout -b $branch_name
fi
git add .
git commit -m "Update ECS templates for modified modules: $updated_modules"
git push origin $branch_name
- name: Create Pull Request
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: "Update ECS templates for modified modules: $updated_modules"
branch: update-ecs-templates
title: "Update ECS templates for modified modules: $updated_modules"
body: "This PR updates the ECS templates for the following modules: $updated_modules."
base: master