From 2a7499cbc20bdaebd30a96b84f4809b2d30e465f Mon Sep 17 00:00:00 2001 From: Eric Forte Date: Thu, 11 Sep 2025 18:19:33 +0000 Subject: [PATCH 1/3] Bootstrap repository --- .buildkite/default-pipeline.yml | 14 ++++++++++++++ .buildkite/diff | 20 ++++++++++++++++++++ .buildkite/pipeline.yml | 27 +++++++++++++++++++++++++++ .github/CODEOWNERS | 3 +++ catalog-info.yaml | 30 ++++++++++++++++++++++++++++++ renovate.json | 6 ++++++ 6 files changed, 100 insertions(+) create mode 100644 .buildkite/default-pipeline.yml create mode 100755 .buildkite/diff create mode 100644 .buildkite/pipeline.yml create mode 100644 .github/CODEOWNERS create mode 100644 catalog-info.yaml create mode 100644 renovate.json diff --git a/.buildkite/default-pipeline.yml b/.buildkite/default-pipeline.yml new file mode 100644 index 0000000..477c433 --- /dev/null +++ b/.buildkite/default-pipeline.yml @@ -0,0 +1,14 @@ +--- +# $yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json +steps: + - label: "Build" + command: "true" + + - label: "Test" + command: "true" + + - label: "Deploy" + command: "true" + + - label: "Publish" + command: "true" diff --git a/.buildkite/diff b/.buildkite/diff new file mode 100755 index 0000000..7384b2e --- /dev/null +++ b/.buildkite/diff @@ -0,0 +1,20 @@ +#!/bin/bash +# Produces a list of changed files between two commits (works for merges and +# regular commits). +# Used in conjunction with the monorepo-diff-buildkite-plugin to determine +# which pipelines to upload/trigger based on the files changed. + +[ $# -lt 1 ] && { echo "argument is missing."; exit 1; } + +COMMIT=$1 + +HEAD_BRANCH=$(git remote show origin | awk '/HEAD branch/ {print $NF}') +BRANCH_POINT_COMMIT=$(git merge-base "$HEAD_BRANCH" "$COMMIT") + +if [ "$BUILDKITE_BRANCH" == "$HEAD_BRANCH" ]; then + echo "diff between $COMMIT and HEAD~1" + git diff --raw HEAD~1 | awk '{print $6; if($7) {print $7}}' +else + echo "diff between $COMMIT and $BRANCH_POINT_COMMIT" + git diff --raw "$COMMIT".."$BRANCH_POINT_COMMIT" | awk '{print $6; if($7) {print $7}}' +fi diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml new file mode 100644 index 0000000..d111410 --- /dev/null +++ b/.buildkite/pipeline.yml @@ -0,0 +1,27 @@ +--- +# $yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json +steps: + - label: "Triggering pipelines" + plugins: + monorepo-diff#v1.5.1: + diff: ".buildkite/diff ${BUILDKITE_COMMIT}" + wait: true + watch: + # if our Renovate configuration is amended, then make sure we have well-formed config + # for more info, see https://docs.elastic.dev/plat-prod-team/service-catalogue/renovate/testing-renovate-changes + - path: "renovate.json" + config: + label: "Verify Renovate configuration" + command: "renovate-config-validator" + agents: + image: "docker.elastic.co/ci-agent-images/pipelib:0.18.0@sha256:bbc09a43a69177c244ed0c5436c35f5788c228e74ea56f7bd895eb6218243910" + # if our catalog-info.yaml is changed, make sure it's well-formed according to our internal standards as well as Backstage's validation + - path: "catalog-info.yaml" + config: + command: "/agent/check-catalog-info.sh" + agents: + image: "docker.elastic.co/ci-agent-images/pipelib:0.18.0@sha256:bbc09a43a69177c244ed0c5436c35f5788c228e74ea56f7bd895eb6218243910" + - default: + config: + label: ":pipeline: Upload default Pipeline" + command: "buildkite-agent pipeline upload .buildkite/default-pipeline.yml" diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..633ffd5 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,3 @@ +# These owners will be the default owners for everything in +# the repo. +* @elastic/threat-research-and-detection-engineering diff --git a/catalog-info.yaml b/catalog-info.yaml new file mode 100644 index 0000000..71b53ba --- /dev/null +++ b/catalog-info.yaml @@ -0,0 +1,30 @@ +# Declare your Buildkite pipelines below +--- +# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/rre.schema.json +apiVersion: backstage.io/v1alpha1 +kind: Resource +metadata: + name: buildkite-pipeline-SWAT + description: Buildkite Pipeline for SWAT + links: + - title: Pipeline + url: https://buildkite.com/elastic/SWAT + +spec: + type: buildkite-pipeline + owner: group:threat-research-and-detection-engineering + system: buildkite + implementation: + apiVersion: buildkite.elastic.dev/v1 + kind: Pipeline + metadata: + name: SWAT + description: + spec: + repository: elastic/SWAT + pipeline_file: ".buildkite/pipeline.yml" + teams: + threat-research-and-detection-engineering: + access_level: MANAGE_BUILD_AND_READ + everyone: + access_level: READ_ONLY diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..591ec64 --- /dev/null +++ b/renovate.json @@ -0,0 +1,6 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "local>elastic/renovate-config" + ] +} From 2eecf8a41cc6cabaf5d9f8632fd9ae7c5e192e08 Mon Sep 17 00:00:00 2001 From: eric-forte-elastic Date: Thu, 11 Sep 2025 14:22:45 -0400 Subject: [PATCH 2/3] Update catalog-info --- .buildkite/default-pipeline.yml | 14 ------------- .buildkite/diff | 20 ------------------ .buildkite/pipeline.yml | 27 ------------------------- catalog-info.yaml | 36 +++++++++++---------------------- 4 files changed, 12 insertions(+), 85 deletions(-) delete mode 100644 .buildkite/default-pipeline.yml delete mode 100755 .buildkite/diff delete mode 100644 .buildkite/pipeline.yml diff --git a/.buildkite/default-pipeline.yml b/.buildkite/default-pipeline.yml deleted file mode 100644 index 477c433..0000000 --- a/.buildkite/default-pipeline.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# $yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json -steps: - - label: "Build" - command: "true" - - - label: "Test" - command: "true" - - - label: "Deploy" - command: "true" - - - label: "Publish" - command: "true" diff --git a/.buildkite/diff b/.buildkite/diff deleted file mode 100755 index 7384b2e..0000000 --- a/.buildkite/diff +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Produces a list of changed files between two commits (works for merges and -# regular commits). -# Used in conjunction with the monorepo-diff-buildkite-plugin to determine -# which pipelines to upload/trigger based on the files changed. - -[ $# -lt 1 ] && { echo "argument is missing."; exit 1; } - -COMMIT=$1 - -HEAD_BRANCH=$(git remote show origin | awk '/HEAD branch/ {print $NF}') -BRANCH_POINT_COMMIT=$(git merge-base "$HEAD_BRANCH" "$COMMIT") - -if [ "$BUILDKITE_BRANCH" == "$HEAD_BRANCH" ]; then - echo "diff between $COMMIT and HEAD~1" - git diff --raw HEAD~1 | awk '{print $6; if($7) {print $7}}' -else - echo "diff between $COMMIT and $BRANCH_POINT_COMMIT" - git diff --raw "$COMMIT".."$BRANCH_POINT_COMMIT" | awk '{print $6; if($7) {print $7}}' -fi diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml deleted file mode 100644 index d111410..0000000 --- a/.buildkite/pipeline.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# $yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json -steps: - - label: "Triggering pipelines" - plugins: - monorepo-diff#v1.5.1: - diff: ".buildkite/diff ${BUILDKITE_COMMIT}" - wait: true - watch: - # if our Renovate configuration is amended, then make sure we have well-formed config - # for more info, see https://docs.elastic.dev/plat-prod-team/service-catalogue/renovate/testing-renovate-changes - - path: "renovate.json" - config: - label: "Verify Renovate configuration" - command: "renovate-config-validator" - agents: - image: "docker.elastic.co/ci-agent-images/pipelib:0.18.0@sha256:bbc09a43a69177c244ed0c5436c35f5788c228e74ea56f7bd895eb6218243910" - # if our catalog-info.yaml is changed, make sure it's well-formed according to our internal standards as well as Backstage's validation - - path: "catalog-info.yaml" - config: - command: "/agent/check-catalog-info.sh" - agents: - image: "docker.elastic.co/ci-agent-images/pipelib:0.18.0@sha256:bbc09a43a69177c244ed0c5436c35f5788c228e74ea56f7bd895eb6218243910" - - default: - config: - label: ":pipeline: Upload default Pipeline" - command: "buildkite-agent pipeline upload .buildkite/default-pipeline.yml" diff --git a/catalog-info.yaml b/catalog-info.yaml index 71b53ba..f0d9bd5 100644 --- a/catalog-info.yaml +++ b/catalog-info.yaml @@ -1,30 +1,18 @@ -# Declare your Buildkite pipelines below +# Declare a Backstage Component that represents your application. --- -# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/rre.schema.json +# yaml-language-server: $schema=https://json.schemastore.org/catalog-info.json apiVersion: backstage.io/v1alpha1 -kind: Resource +kind: Component metadata: - name: buildkite-pipeline-SWAT - description: Buildkite Pipeline for SWAT - links: - - title: Pipeline - url: https://buildkite.com/elastic/SWAT + name: SWAT + description: Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK framework. + annotations: + backstage.io/source-location: "url:https://github.com/elastic/SWAT/" + github.com/project-slug: "elastic/SWAT" + github.com/team-slug: "elastic/threat-research-and-detection-engineering" + buildkite.com/project-slug: "elastic/SWAT" spec: - type: buildkite-pipeline + type: service owner: group:threat-research-and-detection-engineering - system: buildkite - implementation: - apiVersion: buildkite.elastic.dev/v1 - kind: Pipeline - metadata: - name: SWAT - description: - spec: - repository: elastic/SWAT - pipeline_file: ".buildkite/pipeline.yml" - teams: - threat-research-and-detection-engineering: - access_level: MANAGE_BUILD_AND_READ - everyone: - access_level: READ_ONLY + lifecycle: production \ No newline at end of file From 9ee9fd5cc046d9d7a6499b7fb13963f47636c4e6 Mon Sep 17 00:00:00 2001 From: eric-forte-elastic Date: Thu, 11 Sep 2025 14:23:05 -0400 Subject: [PATCH 3/3] add EOF --- catalog-info.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/catalog-info.yaml b/catalog-info.yaml index f0d9bd5..f47f07c 100644 --- a/catalog-info.yaml +++ b/catalog-info.yaml @@ -15,4 +15,4 @@ metadata: spec: type: service owner: group:threat-research-and-detection-engineering - lifecycle: production \ No newline at end of file + lifecycle: production