From 797e0f5992af043c181c2024f84eeb669c066dfa Mon Sep 17 00:00:00 2001 From: Cameron Dunn Date: Wed, 27 Dec 2023 11:53:32 -0800 Subject: [PATCH] Collect mql-mimic-exempt Comments & Sent to MQL Mimic (#1199) --- .github/workflows/rule-validate.yml | 74 +++++++++++++++++++++++-- .github/workflows/update-test-rules.yml | 10 ++-- 2 files changed, 75 insertions(+), 9 deletions(-) diff --git a/.github/workflows/rule-validate.yml b/.github/workflows/rule-validate.yml index 9ea9538665a..5e6ba64af2a 100644 --- a/.github/workflows/rule-validate.yml +++ b/.github/workflows/rule-validate.yml @@ -39,8 +39,8 @@ jobs: uses: actions/checkout@v3 if: github.event_name == 'issue_comment' with: - repository: ${{ steps.comment-branch.outputs.head_owner }}/${{ steps.comment-branch.outputs.head_repo }} - ref: ${{ steps.comment-branch.outputs.head_ref }} + repository: ${{ steps.comment_branch.outputs.head_owner }}/${{ steps.comment_branch.outputs.head_repo }} + ref: ${{ steps.comment_branch.outputs.head_ref }} fetch-depth: 0 - name: Checkout @@ -175,7 +175,7 @@ jobs: # Run on a target, so run for all rules. echo "##[set-output name=run_all;]true" elif [[ "${{ github.event_name }}" == 'issue_comment' ]]; then - echo "##[set-output name=ref;]${{ steps.comment-branch.outputs.base_ref }}" + echo "##[set-output name=ref;]${{ steps.comment_branch.outputs.base_ref }}" fi - name: Checkout base @@ -231,6 +231,71 @@ jobs: # TODO: This doesn't solve for a modified rule_id. We could merge with any files known on 'main', but changing # a rule ID is a separate problem. + - name: Get PR Number + if: github.event_name == 'pull_request_target' || github.event_name == 'issue_comment' + id: find_pr_number + run: | + if [[ "${{ github.event_name }}" == 'pull_request_target' ]]; then + result="${{ github.event.number }}" + elif [[ "${{ github.event_name }}" == 'issue_comment' ]]; then + result="${{ github.event.issue.number }}" + fi + + echo "PR $result" + echo "##[set-output name=result;]$result" + + + - name: "Find mql-mimic-exempt Comments" + uses: actions/github-script@v6 + id: find_emls_to_skip + if: steps.find_pr_number.outputs.result != '' + with: + debug: ${{ secrets.ACTIONS_STEP_DEBUG || false }} + result-encoding: string + script: | + const opts = github.rest.issues.listComments.endpoint.merge({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: "${{ steps.find_pr_number.outputs.result }}", + }) + const comments = await github.paginate(opts) + + const seperatorRegex = /[\s:,;\/]+/ + const exemptRegex = /\/mql-mimic-exempt((?:[\s:,;\/]+#*\d+)+)/gis + + let allEMLsToSkip = [] + for (const comment of comments) { + if (comment.author_association !== "MEMBER") { + console.log("Ignoring comment from non-member" + comment.user.login) + } + + while ((m = exemptRegex.exec(comment.body)) !== null) { + if (m.index === exemptRegex.lastIndex) { + break + } + + // The result can be accessed through the `m`-variable. + m.forEach((match, groupIndex) => { + if (groupIndex != 1) { + return + } + + console.log("Found MQL Mimic Exemption EMLs: " + match) + + // First cut out all (optional) # + match = match.replaceAll("#", "") + let emls = match.split(seperatorRegex) + console.log("Split EMLs: " + JSON.stringify(emls)) + allEMLsToSkip = allEMLsToSkip.concat(emls.filter((s) => s !== "")) + }); + } + } + + console.log("All EMLs: " + JSON.stringify(allEMLsToSkip)) + // MQL Mimic will handle duplicates gracefully, no need to handle here. + return allEMLsToSkip.join(" ") + + - name: "Trigger MQL Mimic Tests" env: trigger_url: '${{ secrets.MQL_MOCK_TRIGGER }}' @@ -239,8 +304,9 @@ jobs: token: '${{ secrets.GITHUB_TOKEN }}' sha: '${{ steps.get_head.outputs.HEAD }}' only_rule_ids: '${{ steps.find_ids.outputs.rule_ids }}' + skip_eml_ids: '${{ steps.find_emls_to_skip.outputs.result }}' run: | - body='{"branch":"'$branch'","repo":"'$repo'","token":"'$token'","sha":"'$sha'","only_rule_ids":"'$only_rule_ids'"}' + body='{"branch":"'$branch'","repo":"'$repo'","token":"'$token'","sha":"'$sha'","only_rule_ids":"'$only_rule_ids'","skip_eml_ids":"'$skip_eml_ids'"}' echo $body curl -X POST $trigger_url \ diff --git a/.github/workflows/update-test-rules.yml b/.github/workflows/update-test-rules.yml index 4ca584c97f1..f8b9425e7a0 100644 --- a/.github/workflows/update-test-rules.yml +++ b/.github/workflows/update-test-rules.yml @@ -45,12 +45,12 @@ jobs: - name: Get PR branch uses: alessbell/pull-request-comment-branch@v1.1 # Fork of xt0rted/pull-request-comment-branch, see https://github.com/xt0rted/pull-request-comment-branch/issues/322 - id: comment-branch + id: comment_branch - name: Wait for Rule Validation Succeed uses: lewagon/wait-on-check-action@v1.3.1 with: - ref: ${{ steps.comment-branch.outputs.head_sha }} + ref: ${{ steps.comment_branch.outputs.head_sha }} check-name: 'Rule Tests and ID Updated' repo-token: ${{ secrets.GITHUB_TOKEN }} wait-interval: 10 @@ -70,13 +70,13 @@ jobs: steps: - name: Get PR branch uses: alessbell/pull-request-comment-branch@v1.1 # Fork of xt0rted/pull-request-comment-branch, see https://github.com/xt0rted/pull-request-comment-branch/issues/322 - id: comment-branch + id: comment_branch - name: Checkout PR branch uses: actions/checkout@v3 with: repository: ${{ steps.comment-branch.outputs.head_owner }}/${{ steps.comment-branch.outputs.head_repo }} - ref: ${{ steps.comment-branch.outputs.head_ref }} + ref: ${{ steps.comment_branch.outputs.head_ref }} fetch-depth: 0 path: source @@ -117,7 +117,7 @@ jobs: # Used to testing_sha key in the rule. If the PR is updated multiple times without changing all files, we'll # always use the latest sha. - export sha=${{ steps.comment-branch.outputs.head_sha }} + export sha=${{ steps.comment_branch.outputs.head_sha }} # Copy any file that was added/changed/modified to the destination git folder (we could do this with git checkout # but it doesn't seem any simpler). And then add testing metadata.