Release 1.3.0 MERGE TO MAIN (#91)

* added branch naming conventions to Contributing, fixed typo (#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (#101) (#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
cisagov · Jan 10, 2024 · 0824fa0 · 0824fa0
1 parent c2b9b99
commit 0824fa0
Show file tree

Hide file tree

Showing 14 changed files with 366 additions and 154 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+testing export-ignore
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,32 +1,71 @@
----
 on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+*'  # match basic semver tags
-  pull_request:
-    branches:
-      - main
-
+    workflow_dispatch:
+    push:
+      branches:
+        - main
+      tags:
+        - 'v[0-9]+.[0-9]+.[0-9]+*'  # match basic semver tags
+    pull_request:
+      branches:
+         - main
+         - 'release-*'
+
 jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - name: Linters
-        run: true  # place-holder
+      - name: Checkout
+        uses: actions/checkout@v4
 
-  test:
+      - name: Lint Shell Scripts
+        continue-on-error: true
+        run: |
+          sudo apt-get update
+          sudo apt-get install shellcheck
+          shellcheck **/*.sh
+  
+      - name: Lint PowerShell Scripts
+        continue-on-error: true
+        run: |
+          pwsh -Command "Invoke-ScriptAnalyzer -EnableExit -Recurse -Path ."
+  
+      - name: Lint Lua
+        continue-on-error: true
+        run: |
+          sudo apt-get install -y luarocks
+          sudo luarocks install luacheck
+          luacheck **/*.lua
+  
+      - name: Lint TeX Files
+        continue-on-error: true
+        run: |
+          sudo apt-get install chktex
+          chktex **/*.tex
+
+      - name: Lint YAML Files
+        continue-on-error: true
+        run: |
+          sudo apt-get update
+          sudo apt-get install yamllint
+          yamllint -f parsable **/*.yml
+          
+  semgrep-scan:
     runs-on: ubuntu-latest
+    container: 
+      image: returntocorp/semgrep:latest
     steps:
-      - name: Tests
-        run: true  # place-holder
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Semgrep Scan
+        continue-on-error: true
+        run: |
+          semgrep --config "p/r2c" .
 
   release:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/v')
-    needs: [lint, test]
+    needs: [lint, semgrep-scan]
     steps:
       - name: Checkout
         uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -11,10 +11,18 @@ We recommend that you first search through existing issues (both open and closed
 
 If it has then you might want to add a comment to the existing issue.  
 
-If it hasn't then feel free to create a new one. 
+If it hasn't then please create a new one. 
 
 Please follow the provided template and fill out all sections. We have a `BUG` and `FEATURE REQUEST` Template
 
+## Branch naming conventions
+
+If you are planning to submit a pull request, please name your branch using the following naming convention:  
+`<githubusername>-<issue #>-<short description>`  
+
+Example:  
+`mreeve-22-filter-events`
+
 ## Pull Requests (PR)
 
 If you choose to submit a pull request, it will be required to pass various sanity checks in our continuous integration (CI) pipeline, before we merge it. Your pull request may fail these checks, and that's OK. If you want you can stop there and wait for us to make the necessary corrections to ensure your code passes the CI checks, you're more than within your rights; however, it helps our team greatly if you fix the issues found by our CI pipeline. 
@@ -26,9 +34,9 @@ Below are some loose requirements we'd like all PR's to follow. Our release proc
 All PRs will be tested, vetted, and reviewed by our team before being merged with the main code base. All should be pull requested into whatever the upcoming release branch is. Find that by searching for the highest SEMVER `release-X.Y.Z` branch or following our release documentation.
 
 ### Steps to submit a PR
-	- All PRs should request merges back into LME's *CLOSEST* Major or Minor upcoming release branch `release-X.Y.Z`. This will be viewable in the branch list on Github. You can also refer to our release documentation for guidance.
+	- All PRs should request merges back into LME's *CLOSEST* Major or Minor upcoming release branch `release-X.Y.Z`. This will be viewable in the branch list on Github. You can also refer to our release documentation for guidance. 
   - If the PR corresponds to an issue we are already tracking on LME's public Github [project](https://github.com/orgs/cisagov/projects/68), please comment the PR in the issue, and we will update the issue. 
-  - If the PR does not have an issue, please add a comment at the top of the pull request describing the PR and how it fits into LME's project/code. If the PR follows our other requirements listed here, we'll add it into our public project linked previously.
+  - If the PR does not have an issue, please create a new issue and name your branch according to the conventions [here](#branch-naming-conventions). Add a comment at the top of the pull request describing the PR and how it fits into LME's project/code. If the PR follows our other requirements listed here, we'll add it into our public project linked previously.
   - We'll work with you to mold it to our development goals/process, so your work can be merged into LME and your Github profile gets credit for the contributions. 
   - Before merging we request that all commits be squashed into one commit. This way your changes to the repository are tracked, but our `git log` history does not rapidly expand. 
   - Thanks for wanting to submit and develop improvements for LME!!

diff --git a/Chapter 3 Files/dashboard_update.sh b/Chapter 3 Files/dashboard_update.sh
@@ -4,11 +4,12 @@ IFS=$'\n'
 Dashboards="$(ls -1 ${LME_DIR}Chapter\ 4\ Files/dashboards/*.ndjson)"
 echo $Dashboards
 
+
 if [ -r /opt/lme/lme.conf ]; then
   #reference this file as a source
   . /opt/lme/lme.conf
   #check if the version number is equal to the one we want
-  if [ "$version" == "1.2.0" ]; then
+  if [ "$version" == "1.3.0" ]; then
     echo -e "\e[32m[X]\e[0m Updating from git repo"
     git -C /opt/lme/ pull
     #make sure the hostname variable is present
@@ -18,10 +19,14 @@ if [ -r /opt/lme/lme.conf ]; then
       echo -e "\e[32m[X]\e[0m Uploading the new dashboards to Kibana"
       for db in ${Dashboards};
       do
-        echo -e "\e[32m[X]\e[0m Uploading ${db%%*.} dashboard"
+        echo -e "\e[32m[X]\e[0m Uploading ${db%%*.} dashboard\n"
         curl -X POST -k --user dashboard_update:dashboardupdatepassword -H 'kbn-xsrf: true' --form file="@${dashbaord_dir}/${db}" "https://127.0.0.1/api/saved_objects/_import?overwrite=true"
+        echo
       done
 
     fi
+  else 
+    echo "!!Upgrade to 1.3.0!!"
   fi
+
 fi