Merge PR #4472 From @Tuutaans - New Registry Rule Related To HVCI #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
tags: | |
- 'r*' | |
name: Create Release | |
jobs: | |
build: | |
name: Create Release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Generate Changelog | |
run: | | |
prev_tag=$(git for-each-ref --sort=creatordate --format '%(refname:lstrip=2)' refs/tags | grep ^r | tail -2 | head -1) | |
curr_tag=$(git for-each-ref --sort=creatordate --format '%(refname:lstrip=2)' refs/tags | grep ^r | tail -1) | |
echo "Previous tag: ${prev_tag}" | |
echo "Current tag: ${curr_tag}" | |
if [[ $(git log --pretty=%B ${prev_tag}..${curr_tag} | grep -E '^\s*new: ' -c) -gt 0 ]]; then echo "### New Rules" > changes.txt; fi | |
git log --pretty=%B ${prev_tag}..${curr_tag} | grep -E '^\s*new: ' | sort | sed -e 's%^% - %' >> changes.txt | |
if [[ $(git log --pretty=%B ${prev_tag}..${curr_tag} | grep -E '^\s*update: ' -c) -gt 0 ]]; then echo "### Updated Rules" >> changes.txt; fi | |
git log --pretty=%B ${prev_tag}..${curr_tag} | grep -E '^\s*update: ' | sort | sed -e 's%^% - %' >> changes.txt | |
if [[ $(git log --pretty=%B ${prev_tag}..${curr_tag} | grep -E '^\s*fix: ' -c) -gt 0 ]]; then echo "### Fixed Rules" >> changes.txt; fi | |
git log --pretty=%B ${prev_tag}..${curr_tag} | grep -E '^\s*fix: ' | sort | sed -e 's%^% - %' >> changes.txt | |
git log --pretty=%B ${prev_tag}..${curr_tag} | grep -oP 'Merge PR #\d+ from \K(@\S+)' | sort -u > authors_raw.txt | |
git log --pretty=%B ${prev_tag}..${curr_tag} | grep -oP "Co-authored-by: \K.*(?= <)" | sort -u | sed -e 's%^%@%' >> authors_raw.txt | |
LC_ALL=en_US.UTF-8 sort -u authors_raw.txt | grep -v 'dependabot\[bot\]' > authors.txt | |
cat changes.txt >> changelog.txt | |
echo "" >> changelog.txt | |
echo "### Acknowledgement" >> changelog.txt | |
echo "Thanks to $(perl -pe 's%\n%, %' authors.txt | sed 's%, $%%') for their contribution to this release" >> changelog.txt | |
echo "" >> changelog.txt | |
echo "" >> changelog.txt | |
echo "### Which Sigma rule package should I use?" >> changelog.txt | |
echo "A detailed explanation can be found in the [Releases.md](Releases.md) file. If you are new to Sigma, we recommend starting with the \"Core\" ruleset." >> changelog.txt | |
cat changelog.txt | |
- name: Build all release packages | |
run: | | |
python3 tests/sigma-package-release.py --min-status test --min-level high --rule-types generic --outfile sigma_core_${{ github.ref_name }}.zip | |
python3 tests/sigma-package-release.py --min-status test --min-level medium --rule-types generic --outfile sigma_core+_${{ github.ref_name }}.zip | |
python3 tests/sigma-package-release.py --min-status experimental --min-level medium --rule-types generic --outfile sigma_core++_${{ github.ref_name }}.zip | |
python3 tests/sigma-package-release.py --min-status experimental --min-level medium --rule-types et --outfile sigma_emerging_threats_addon_${{ github.ref_name }}.zip | |
python3 tests/sigma-package-release.py --min-status experimental --min-level medium --rule-types generic et --outfile sigma_all_rules_${{ github.ref_name }}.zip | |
- name: Create Release with Assets | |
id: create_release | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ github.ref }} | |
name: Release ${{ github.ref_name }} | |
body_path: changelog.txt | |
token: ${{ secrets.GITHUB_TOKEN }} | |
draft: false | |
prerelease: false | |
files: | | |
sigma_core_${{ github.ref_name }}.zip | |
sigma_core+_${{ github.ref_name }}.zip | |
sigma_core++_${{ github.ref_name }}.zip | |
sigma_emerging_threats_addon_${{ github.ref_name }}.zip | |
sigma_all_rules_${{ github.ref_name }}.zip |