Add initial workflow

eric-forte-elastic · eric-forte-elastic · commit 6f018b5e6b7a · 2025-08-28T21:31:24.000-04:00
diff --git a/.github/workflows/esql-validation.yml b/.github/workflows/esql-validation.yml
@@ -0,0 +1,70 @@
+name: ES|QL Validation
+on:
+    push:
+      branches: [ "main", "7.*", "8.*", "9.*" ]
+    pull_request:
+      branches: [ "*" ]
+      paths:
+        - 'rules/**/*.toml'
+jobs:
+  build-and-validate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          path: elastic-container
+          repository: eric-forte-elastic/elastic-container
+
+      - name: Build and run containers
+        run: |
+          cd elastic-container
+          GENERATED_PASSWORD=$(openssl rand -base64 16)
+          sed -i 's/changeme/$GENERATED_PASSWORD/' .env
+          echo "GENERATED_PASSWORD=$GENERATED_PASSWORD" >> $GITHUB_ENV
+          set -x
+          bash elastic-container.sh start
+          
+
+      - name: Setup Detection Rules
+        uses: actions/checkout@v4
+        with:
+            fetch-depth: 0        
+
+      - name: Set up Python 3.13
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Get API Key and setup auth
+        env:
+          DR_KIBANA_URL: "https://localhost:5601"
+          DR_ELASTICSEARCH_URL: "https://localhost:9200"
+          ES_USER: "elastic"
+          ES_PASSWORD: ${{ env.GENERATED_PASSWORD }}
+        run: |
+          cd detection-rules
+          response=$(curl -k -X POST -u "$ES_USER:$ES_PASSWORD" -H "Content-Type: application/json" -d '{
+              "name": "tmp-api-key",
+              "expiration": "1d"
+          }' "$ELASTICSEARCH_URL/_security/api_key")
+
+          DR_API_KEY=$(echo "$response" | jq -r '.api_key')
+          echo "DR_API_KEY=$DR_API_KEY" >> $GITHUB_ENV
+
+      - name: Install dependencies
+        run: |
+          cd detection-rules
+          python -m pip install --upgrade pip
+          pip cache purge
+          pip install .[dev]
+
+      - name: Validate Test ESQL Rule
+        env:
+          DR_KIBANA_URL: "https://localhost:5601"
+          DR_ES_USER: "elastic"
+          DR_API_KEY: ${{ env.DR_API_KEY }}
+        run: |
+          cd detection-rules
+          python -m pytest tests/test_rules_remote.py::TestRemoteRules::test_esql_rules
