Skip to content

Commit

Permalink
Collect mql-mimic-exempt Comments & Sent to MQL Mimic (#1199)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cameron-dunn-sublime
cameron-dunn-sublime authored Dec 27, 2023
1 parent e703838 commit 797e0f5
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 9 deletions.
74 changes: 70 additions & 4 deletions .github/workflows/rule-validate.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ jobs:
uses: actions/checkout@v3
if: github.event_name == 'issue_comment'
with:
repository: ${{ steps.comment-branch.outputs.head_owner }}/${{ steps.comment-branch.outputs.head_repo }}
ref: ${{ steps.comment-branch.outputs.head_ref }}
repository: ${{ steps.comment_branch.outputs.head_owner }}/${{ steps.comment_branch.outputs.head_repo }}
ref: ${{ steps.comment_branch.outputs.head_ref }}
fetch-depth: 0

- name: Checkout
Expand Down Expand Up @@ -175,7 +175,7 @@ jobs:
# Run on a target, so run for all rules.
echo "##[set-output name=run_all;]true"
elif [[ "${{ github.event_name }}" == 'issue_comment' ]]; then
echo "##[set-output name=ref;]${{ steps.comment-branch.outputs.base_ref }}"
echo "##[set-output name=ref;]${{ steps.comment_branch.outputs.base_ref }}"
fi
- name: Checkout base
Expand Down Expand Up @@ -231,6 +231,71 @@ jobs:
# TODO: This doesn't solve for a modified rule_id. We could merge with any files known on 'main', but changing
# a rule ID is a separate problem.
- name: Get PR Number
if: github.event_name == 'pull_request_target' || github.event_name == 'issue_comment'
id: find_pr_number
run: |
if [[ "${{ github.event_name }}" == 'pull_request_target' ]]; then
result="${{ github.event.number }}"
elif [[ "${{ github.event_name }}" == 'issue_comment' ]]; then
result="${{ github.event.issue.number }}"
fi
echo "PR $result"
echo "##[set-output name=result;]$result"
- name: "Find mql-mimic-exempt Comments"
uses: actions/github-script@v6
id: find_emls_to_skip
if: steps.find_pr_number.outputs.result != ''
with:
debug: ${{ secrets.ACTIONS_STEP_DEBUG || false }}
result-encoding: string
script: |
const opts = github.rest.issues.listComments.endpoint.merge({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: "${{ steps.find_pr_number.outputs.result }}",
})
const comments = await github.paginate(opts)
const seperatorRegex = /[\s:,;\/]+/
const exemptRegex = /\/mql-mimic-exempt((?:[\s:,;\/]+#*\d+)+)/gis
let allEMLsToSkip = []
for (const comment of comments) {
if (comment.author_association !== "MEMBER") {
console.log("Ignoring comment from non-member" + comment.user.login)
}
while ((m = exemptRegex.exec(comment.body)) !== null) {
if (m.index === exemptRegex.lastIndex) {
break
}
// The result can be accessed through the `m`-variable.
m.forEach((match, groupIndex) => {
if (groupIndex != 1) {
return
}
console.log("Found MQL Mimic Exemption EMLs: " + match)
// First cut out all (optional) #
match = match.replaceAll("#", "")
let emls = match.split(seperatorRegex)
console.log("Split EMLs: " + JSON.stringify(emls))
allEMLsToSkip = allEMLsToSkip.concat(emls.filter((s) => s !== ""))
});
}
}
console.log("All EMLs: " + JSON.stringify(allEMLsToSkip))
// MQL Mimic will handle duplicates gracefully, no need to handle here.
return allEMLsToSkip.join(" ")
- name: "Trigger MQL Mimic Tests"
env:
trigger_url: '${{ secrets.MQL_MOCK_TRIGGER }}'
Expand All @@ -239,8 +304,9 @@ jobs:
token: '${{ secrets.GITHUB_TOKEN }}'
sha: '${{ steps.get_head.outputs.HEAD }}'
only_rule_ids: '${{ steps.find_ids.outputs.rule_ids }}'
skip_eml_ids: '${{ steps.find_emls_to_skip.outputs.result }}'
run: |
body='{"branch":"'$branch'","repo":"'$repo'","token":"'$token'","sha":"'$sha'","only_rule_ids":"'$only_rule_ids'"}'
body='{"branch":"'$branch'","repo":"'$repo'","token":"'$token'","sha":"'$sha'","only_rule_ids":"'$only_rule_ids'","skip_eml_ids":"'$skip_eml_ids'"}'
echo $body
curl -X POST $trigger_url \
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/update-test-rules.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,12 @@ jobs:

- name: Get PR branch
uses: alessbell/[email protected] # Fork of xt0rted/pull-request-comment-branch, see https://github.com/xt0rted/pull-request-comment-branch/issues/322
id: comment-branch
id: comment_branch

- name: Wait for Rule Validation Succeed
uses: lewagon/[email protected]
with:
ref: ${{ steps.comment-branch.outputs.head_sha }}
ref: ${{ steps.comment_branch.outputs.head_sha }}
check-name: 'Rule Tests and ID Updated'
repo-token: ${{ secrets.GITHUB_TOKEN }}
wait-interval: 10
Expand All @@ -70,13 +70,13 @@ jobs:
steps:
- name: Get PR branch
uses: alessbell/[email protected] # Fork of xt0rted/pull-request-comment-branch, see https://github.com/xt0rted/pull-request-comment-branch/issues/322
id: comment-branch
id: comment_branch

- name: Checkout PR branch
uses: actions/checkout@v3
with:
repository: ${{ steps.comment-branch.outputs.head_owner }}/${{ steps.comment-branch.outputs.head_repo }}
ref: ${{ steps.comment-branch.outputs.head_ref }}
ref: ${{ steps.comment_branch.outputs.head_ref }}
fetch-depth: 0
path: source

Expand Down Expand Up @@ -117,7 +117,7 @@ jobs:
# Used to testing_sha key in the rule. If the PR is updated multiple times without changing all files, we'll
# always use the latest sha.
export sha=${{ steps.comment-branch.outputs.head_sha }}
export sha=${{ steps.comment_branch.outputs.head_sha }}
# Copy any file that was added/changed/modified to the destination git folder (we could do this with git checkout
# but it doesn't seem any simpler). And then add testing metadata.
Expand Down

0 comments on commit 797e0f5

Please sign in to comment.