Conversation
- Add yamlfmt configuration (.yamlfmt) with 4-space indent, LF line endings - Add yamllint configuration (.yamllint) for syntax validation (detections/ only) - Add pre-commit hook for automatic YAML formatting - Add CI validation script with unified error output - Add GitHub Actions workflow for PR validation - Add documentation for setup and usage - Support custom yamlfmt binary path via --yamlfmt-path flag
|
Versioning and the CI failure will be addressed after the release. |
|
@nasbench - lets add a short update to the main read me as step 2 to install pre commit hook! other than that, LGTM! |
detections/application/cisco_duo_admin_login_unusual_browser.yml
Outdated
Show resolved
Hide resolved
I have updated the |
|
@patel-bhavin things should be green now. The unit-testing will fail due to the big changes. If you can double check again the overall structure and changes. We merge this and then we can run an internal build to see if things broke. Let me know |
|
Integration errors found internally were fixed in #3920 |
|
tested the precommit and the changes in the file : Formatting looks crisp! Lets make sure everybody installs these hooks ;) 
|
2 participants
This PR introduces a new CI, validation scrip and a pre-commit hook for YAML linting and validation.
It uses both
yamllintandyamlfmtto apply and verify yaml formatting and linting.Yamlfmt
We use
yamlfmtto apply formatting. A new config has been added in.yamlfmtthat ensures all the yaml has proper indentation and array nesting.Yamllint
We had to use
yamlfmtsince yamllint's ability/support for nested arrays is tricky to accommodate our format. Hence it's usage is for the other linting functionalities like duplicate keys and what not.Pre-commit Hook
A new pre-commit hook was introduced that apply that yamlfmt with the config to all yaml files sitting in the
detectionsfolder.New CI Job - Yaml Validation
A new CI job was added with a wrapper script
validate_yaml.pythat checks both configs mentioned above are applied.Docs
New documentation has been added describing how to use all of this in the
docs/cifolder.Changed Analytics
All the analytics residing in the
detectionsfolder have been touched and formatted accordingly.In addition to this a custom SPL search beautifying script (local) has been applied to all searches to make them use the
|-notation as well as make them more readable.This is only an initial effort to beautify the SPL. Since it is tricky to solve this for all generically, we will need to iterate on this a bit more.
Note for reviewers inspect the following commits de0d0ff and 734090a to verify the logic of the job and scripts to avoid confusion with the other many changes.