edit checks to run the release workflow

Author: Mikaayenson

.github/release-drafter.yml

@@ -6,12 +6,27 @@ categories:
   - title: 🐛 Bug Fixes
     label: 'bug'
   - title: 🛠 Internal Changes
-    label: 'maintenance'
+    labels:
+      - 'maintenance'
+      - 'schema'
+      - 'documentation'
+      - 'python'
   - title: 🔍 Hunting Updates
-    label: 'hunting'
+    label: 'Hunting'
 change-template: '- $TITLE (#$NUMBER) @$AUTHOR'
 exclude-labels:
   - 'skip-changelog'
+version-resolver:
+  major:
+    labels:
+      - 'major'
+  minor:
+    labels:
+      - 'minor'
+  patch:
+    labels:
+      - 'patch'
+  default: patch
 template: |
   ## Changes
   $CHANGES

.github/workflows/version-code-and-release.yml

@@ -10,45 +10,58 @@ on:
       - 'docs/**'
       - 'detection_rules/**'
       - 'tests/**'
+      - '**/*.md'
     types: [opened, reopened, synchronize]
-  push:
-    branches:
-      - main
 
 permissions:
-  contents: write
-  pull-requests: write
+  contents: read
+  pull-requests: read
 
 jobs:
-  version_check:
+  label_check:
     runs-on: ubuntu-latest
+    steps:
+      - name: Ensure PR has Version Bump Label
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const labels = ['major', 'minor', 'patch'];
+            const prLabels = context.payload.pull_request.labels.map(label => label.name);
+            const hasVersionLabel = labels.some(label => prLabels.includes(label));
+            if (!hasVersionLabel) {
+              throw new Error("PR must have one of the following labels: major, minor, or patch.");
+            }
 
+  version_check:
+    needs: label_check
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Check for changes in kql, kibana, hunting, and etc
-        id: check_changes
+      - name: Check if core pyproject.toml was updated
         run: |
-          CHANGED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -E 'lib/kql|lib/kibana|detection_rules|tests|hunting|etc/' || echo "no-changes")
-          if [ "$CHANGED_FILES" != "no-changes" ]; then
-            echo "CHANGES_FOUND=true" >> $GITHUB_ENV
-          else
-            echo "CHANGES_FOUND=false" >> $GITHUB_ENV
+          if ! git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep '^pyproject.toml$'; then
+            echo "Code changes detected in core, but pyproject.toml was not updated."
+            exit 1
           fi
 
-      - name: Fail if no version bump in pyproject.toml
-        if: env.CHANGES_FOUND == 'true'
+      - name: Check if lib pyproject.toml files were updated
         run: |
-          if ! git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep 'pyproject.toml'; then
-            echo "Code changes detected in core, but pyproject.toml was not updated."
-            exit 1
+          if git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -E 'lib/kql/|lib/kibana/'; then
+            if ! git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -E 'lib/kql/pyproject.toml|lib/kibana/pyproject.toml'; then
+              echo "Changes detected in kql or kibana library, but respective pyproject.toml was not updated."
+              exit 1
+            fi
           fi
 
   release_drafter:
+    if: github.event.pull_request.merged == true && needs.version_check.conclusion == 'success'
     needs: version_check
     runs-on: ubuntu-latest
-
+    permissions:
+      contents: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4