Create encrypted rule package #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create encrypted rule package | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| zip-and-commit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'Yamato-Security/hayabusa-rules' | |
| - name: Extract directory | |
| run: | | |
| mkdir extracted | |
| cp -r ./config ./extracted | |
| cp -r ./hayabusa ./extracted | |
| cp -r ./sigma ./extracted | |
| - name: Zip directory | |
| run: | | |
| sudo apt-get install zip | |
| zip -r -P yamato-security-hayabusa encrypted-hayabusa-rules.zip ./extracted | |
| - name: Checkout self repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: './self' | |
| - name: Copy zip to self repository | |
| run: | | |
| cp ./encrypted-hayabusa-rules.zip ./self | |
| - name: Configure Git | |
| run: | | |
| git config --global user.name 'github-actions[bot]' | |
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | |
| - name: Commit changes | |
| run: | | |
| git add encrypted-hayabusa-rules.zip | |
| git commit -m "Automated update" | |
| - name: Create Pull Request | |
| if: env.change_exist == 'true' | |
| id: cpr | |
| uses: peter-evans/create-pull-request@v4 | |
| with: | |
| path: hayabusa-rules | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| commit-message: Sigma Rule Update (${{ env.action_date }}) | |
| branch: rules/auto-sigma-update | |
| delete-branch: true | |
| title: '[Auto] Sigma Update report(${{ env.action_date }})' ### If a PR with the same name already exists, this github action library will not create a new pull request but it will update the PR with the same name. Therefore I added the date to the pull request's title so it creates a new PR. | |
| branch-suffix: timestamp ### I use this field in order to avoid name duplication. If the pull request which is related to the same branch exists, the pull request is not newly created but is updated. So the next step will be skipped due to its if-field | |
| body: | | |
| ${{ env.action_date }} Update report | |
| - name: Enable Pull Request Automerge | |
| if: steps.cpr.outputs.pull-request-operation == 'created' # This only runs if there were sigma rules updates and a new PR was created. | |
| uses: peter-evans/enable-pull-request-automerge@v2 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| pull-request-number: ${{ steps.cpr.outputs.pull-request-number }} | |
| merge-method: squash |