Merge branch 'master' into ds-adopt-ruff

demisto · Mar 19, 2024 · abf04c4 · abf04c4
2 parents 90b4494 + 383f3ad
commit abf04c4
Show file tree

Hide file tree

Showing 4,312 changed files with 220,100 additions and 142,610 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -106,7 +106,7 @@ references:
           neo4j_conf_file="/etc/neo4j/neo4j.conf"
           sudo echo "dbms.security.procedures.unrestricted=apoc.*" >> $neo4j_conf_file
           sudo echo "dbms.security.procedures.allowlist=apoc.*" >> $neo4j_conf_file
-          sudo echo "dbms.memory.transaction.total.max=600m" >> $neo4j_conf_file
+          sudo echo "dbms.memory.transaction.total.max=2000m" >> $neo4j_conf_file
 
           apoc_conf_file="/etc/neo4j/apoc.conf"
           sudo echo "apoc.export.file.enabled=true" > $apoc_conf_file
@@ -297,9 +297,10 @@ references:
             name: Get Contributor pack
             when: always
             command: |
-                REPO=$(echo $CONTRIB_BRANCH | cut -d ":" -f 1)
+                USERNAME=$(echo $CONTRIB_BRANCH | cut -d ":" -f 1)
                 BRANCH=$(echo $CONTRIB_BRANCH | cut -d ":" -f 2)
-                python3 ./Utils/update_contribution_pack_in_base_branch.py -p $PULL_REQUEST_NUMBER -b $BRANCH -c $REPO
+                $CONTRIB_REPO="content"
+                python3 ./Utils/update_contribution_pack_in_base_branch.py -p $PULL_REQUEST_NUMBER -b $BRANCH -u $USERNAME -c $CONTRIB_REPO
 
   comment_on_contrib_pr: &comment_on_contrib_pr
     when:

diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,12 +1,14 @@
-FROM python:3.10-slim-bullseye
+FROM python:3.10-slim-bookworm
 
 ENV USERNAME demisto
 ENV HOME /home/$USERNAME
 ENV NODE_EXTRA_CA_CERTS /usr/local/share/ca-certificates/certs.crt
 ENV PATH $PATH:$HOME/.local/bin:/root/.local/bin:/usr/local/share/nvm/current/bin
+ENV FEATURES_COMMIT_HASH fc62e9abf47c5ea52e02de997c91c5d52a5edc3a
+
 
 ADD createCerts.sh .
-RUN apt-get update && apt-get install dos2unix git python2 curl -y \
+RUN apt-get update && apt-get install dos2unix git curl -y \
     && dos2unix /createCerts.sh \
     && chmod +x /createCerts.sh \ 
     && /createCerts.sh $NODE_EXTRA_CA_CERTS \
@@ -15,13 +17,14 @@ RUN apt-get update && apt-get install dos2unix git python2 curl -y \
     && git clone https://github.com/devcontainers/features.git /features \
     && cd /features \
     # locking to the latest master commit in this repo (https://github.com/devcontainers/features.git) to prevent breaking changes
-    # We should update this commit hash from time to time to
-    && git checkout 96bff0097028001e6e4126c5528d37cb8c13e785
+    # We should update this commit hash from time to time to time
+    && git checkout $FEATURES_COMMIT_HASH
 
 # This is a workaround for VSCode devcontainer features in self signed certificate
 RUN UID="1000" GID="1000" bash /features/src/common-utils/install.sh
 RUN VERSION="os-provided" bash /features/src/git/install.sh
-RUN VERSION="latest" bash /features/src/docker-in-docker/install.sh
+# Install a specific version of moby-buildx when using Moby. (2024-02-09: Microsoft's Package Manifest has mismatching filesize and SHA for 0.12.1;  0.12.0 is the last known good version)
+RUN VERSION="lts" MOBYBUILDXVERSION="0.12.0" bash /features/src/docker-in-docker/install.sh
 RUN VERSION="lts" bash /features/src/node/install.sh
 RUN bash /features/src/sshd/install.sh
 RUN bash /features/src/github-cli/install.sh

diff --git a/.devcontainer/createCommand.sh b/.devcontainer/createCommand.sh
@@ -3,27 +3,22 @@
 set -e
 
 echo "Fixing permissions"
-
-sudo chown demisto /workspaces /workspaces/content
-sudo chown -R demisto /workspaces/content/.vscode /workspaces/content/.git /workspaces/content/.venv /workspaces/content/node_modules /workspaces/content/package-lock.json
+# get current folder name
+repo=${PWD##*/}
+sudo chown demisto /workspaces /workspaces/$repo
+sudo chown -R demisto /workspaces/$repo/.vscode /workspaces/content/.git /workspaces/$repo/.venv /workspaces/$repo/node_modules /workspaces/$repo/package-lock.json
 
 sudo chown -R demisto $HOME
 
-echo "Setting up VSCode paths"
-
-cp .devcontainer/settings.json .vscode/settings.json 
-touch CommonServerUserPython.py
-touch DemistoClassApiModule.py
-path=$(printf '%s:' Packs/ApiModules/Scripts/*)
-rm -f .env
-echo "PYTHONPATH=""$path"":$PYTHONPATH" >> .env
-echo "MYPYPATH=""$path"":$MYPYPATH" >> .env
-
 echo "Setting up git safe directory"
-git config --global --add safe.directory /workspaces/content
+git config --global --add safe.directory /workspaces/$repo
 
 echo "Setting up content dependencies"
 .hooks/bootstrap
 
+echo "Setting up VSCode"
+poetry run demisto-sdk setup-env
+
+
 echo "Run demisto-sdk pre-commit to cache dependencies"
-poetry run demisto-sdk pre-commit >/dev/null 2>&1 || true
+poetry run demisto-sdk pre-commit --mode=commit >/dev/null 2>&1 || true
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -24,11 +24,6 @@
 		"DEMISTO_SDK_CONTENT_PATH": "${containerWorkspaceFolder}",
 		"PYTHONPATH": "${containerWorkspaceFolder}:${containerWorkspaceFolder}/Packs/Base/Scripts/CommonServerPython/:${containerWorkspaceFolder}/Packs/Base/Scripts/CommonServerUserPython/:${containerWorkspaceFolder}/Tests/demistomock/:${containerEnv:PYTHONPATH}",
 		"MYPYPATH": "${containerWorkspaceFolder}:${containerWorkspaceFolder}/Packs/Base/Scripts/CommonServerPython/:${containerWorkspaceFolder}/Packs/Base/Scripts/CommonServerUserPython/:${containerWorkspaceFolder}/Tests/demistomock/:${containerEnv:PYTHONPATH}",
-		"DEMISTO_BASE_URL": "${localEnv:DEMISTO_BASE_URL}",
-		"DEMISTO_USERNAME": "${localEnv:DEMISTO_USERNAME}",
-		"DEMISTO_PASSWORD": "${localEnv:DEMISTO_PASSWORD}",
-		"DEMISTO_VERIFY_SSL": "${localEnv:DEMISTO_VERIFY_SSL}",
-		"DEMISTO_API_KEY": "${localEnv:DEMISTO_API_KEY}"
 	},
 	"customizations": {
 		"vscode": {
@@ -97,7 +92,7 @@
 // 	"ghcr.io/devcontainers/features/common-utils:1"
 // ],
 "onCreateCommand": "sudo dos2unix -n .devcontainer/createCommand.sh .devcontainer/createCommand_unix.sh && bash .devcontainer/createCommand_unix.sh",
-"postStartCommand": "poetry install && poetry run demisto-sdk pre-commit >/dev/null 2>&1 || true",
+"postStartCommand": "git pull || true && poetry install && poetry run demisto-sdk pre-commit --mode=commit >/dev/null 2>&1 || true",
 "hostRequirements": {
 	"cpus": 4,
 	"memory": "8gb",

diff --git a/.devcontainer/settings.json b/.devcontainer/settings.json
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -5,6 +5,8 @@
 /Tests/Marketplace/approved_categories.json @yaakovpraisler @bakatzir @GuyLibermanPA @demisto/content-leaders
 /Tests/Marketplace/core_packs_list.json @yaakovpraisler @bakatzir @GuyLibermanPA @demisto/content-leaders
 /Tests/Marketplace/core_packs_mpv2_list.json @yaakovpraisler @bakatzir @GuyLibermanPA @demisto/content-leaders
+/Tests/Marketplace/versions-metadata.json @yaakovpraisler
+/Tests/Marketplace/corepacks_override.json @yaakovpraisler
 
 # Docker native image
 /Tests/docker_native_image_config.json @GuyAfik @JudahSchwartz @samuelFain
@@ -35,7 +37,7 @@
 
 # PANW Products
 /Packs/Palo_Alto_Networks_Enterprise_DLP/ @DeanArbel
-/Packs/PAN-OS/Integrations/ @GuyAfik @jlevypaloalto
+/Packs/PAN-OS/Integrations/ @jlevypaloalto
 /Packs/PrismaCloudCompute/Integrations/ @GuyAfik
 /Packs/PrismaSaasSecurity/Integrations/ @GuyAfik
 
@@ -80,26 +82,27 @@
 .gitlab/ci/* @yucohen
 .gitlab/* @yucohen
 .gitlab-ci.yml @yucohen
-/Tests/scripts/wait_in_line_for_cloud_env.sh @daryakoval
+/Tests/scripts/wait_in_line_for_cloud_env.sh @yucohen
 .gitlab/ci/.gitlab-ci.staging.yml @ilaner
-/Tests/scripts/uninstall_packs_and_reset_bucket_cloud.sh @daryakoval
-/Tests/Marketplace/search_and_uninstall_pack.py @daryakoval
-/Tests/scripts/install_content_and_test_integrations.sh @daryakoval
-/Tests/configure_and_test_integration_instances.py @daryakoval
-/Tests/scripts/print_cloud_machine_details.sh @daryakoval
-/Tests/scripts/run_tests.sh @daryakoval
-/Tests/scripts/download_demisto_conf.sh @daryakoval
-Tests/scripts/test_modeling_rules.sh @daryakoval
-Tests/scripts/lock_cloud_machines.py @daryakoval
+/Tests/scripts/uninstall_packs_and_reset_bucket_cloud.sh @yucohen
+/Tests/Marketplace/search_and_uninstall_pack.py @yucohen
+/Tests/scripts/install_content_and_test_integrations.sh @yucohen
+/Tests/configure_and_test_integration_instances.py @yucohen
+/Tests/scripts/print_cloud_machine_details.sh @yucohen
+/Tests/scripts/run_tests.sh @yucohen
+/Tests/scripts/download_demisto_conf.sh @yucohen
+Tests/scripts/test_modeling_rules.sh @AradCarmi
+Tests/scripts/lock_cloud_machines.py @yucohen
 Tests/Marketplace/server_content_items.json @dantavori
+validation_config.toml @YuvHayun @JudahSchwartz @GuyAfik @anara123
 
 # SDK Related
 .gitlab/ci/.gitlab-ci.sdk-nightly.yml @dorschw
 Utils/trigger_nightly_sdk_build.sh @dorschw
 .pre-commit-config_template.yaml @dorschw @ilaner
 
 # XDR Related
-/Packs/CortexXDR/Integrations/ @dansterenson
+/Packs/CortexXDR/Integrations/ @maimorag
 /Packs/Core/Integrations/ @dansterenson
 /Packs/ApiModules/Scripts/CoreIRApiModule/* @dansterenson
 
@@ -111,7 +114,7 @@ poetry.lock @ilaner @dorschw
 .devcontainer/* @ilaner
 
 # Demisto Class
-Packs/ApiModules/Scripts/DemistoClassApiModule/DemistoClassApiModule.py @daryakoval
+Packs/ApiModules/Scripts/DemistoClassApiModule/DemistoClassApiModule.py @dantavori
 
 # TIM Related
 /Packs/TAXIIServer/Integrations/* @MLainer1
@@ -137,4 +140,4 @@ Packs/ApiModules/Scripts/DemistoClassApiModule/DemistoClassApiModule.py @daryako
 /Packs/Base/Scripts/DBotFindSimilarIncidentsByIndicators/ @jlevypaloalto
 /Packs/Base/Scripts/DBotSuggestClassifierMapping/ @jlevypaloalto
 /Packs/Base/Scripts/GetMLModelEvaluation/ @jlevypaloalto
-/Packs/Base/Scripts/DBotMLFetchData/ @jlevypaloalto
+/Packs/Base/Scripts/DBotMLFetchData/ @jlevypaloalto
diff --git a/.github/content_roles.json b/.github/content_roles.json
@@ -1,14 +1,14 @@
 {
     "CONTRIBUTION_REVIEWERS": [
-        "YuvHayun",
-        "yucohen",
-        "shmuel44"
+        "jbabazadeh",
+        "moishce",
+        "merit-maita"
     ],
-    "CONTRIBUTION_TL": "AradCarmi",
+    "CONTRIBUTION_TL": "JudahSchwartz",
     "CONTRIBUTION_SECURITY_REVIEWER": "melamedbn",
     "ON_CALL_DEVS": [
-        "dfried",
-        "meichler"
+        "aedri",
+        "ipolishuk"
     ],
     "DOC_REVIEWER": "ShirleyDenkberg",
     "TIM_REVIEWER": "MLainer1"

diff --git a/.github/workflows/check-nightly-ok-label.yml b/.github/workflows/check-nightly-ok-label.yml
@@ -0,0 +1,51 @@
+name: Check nightly-ok label
+
+on:
+  pull_request:
+    types: [opened, synchronize, labeled, unlabeled]
+
+jobs:
+  check_label:
+    runs-on: ubuntu-latest
+    if: github.repository == 'demisto/content' && github.event.pull_request.head.repo.fork == false
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if files under .gitlab directory are changed
+        id: check-changes
+        run: |
+          CHANGED_FILES=$(git diff --name-only origin/master origin/${{ github.head_ref || github.ref_name }})
+          echo "All changed files:"
+          echo "${CHANGED_FILES}"
+          GITLAB_CHANGED_FILES=$( [[ $CHANGED_FILES == *".gitlab/ci"* ]] && echo true || echo false)
+          echo "Files in the .gitlab folder have changed: ${GITLAB_CHANGED_FILES}"
+          echo "gitlab_changed_files=$GITLAB_CHANGED_FILES" >> $GITHUB_OUTPUT
+          if [[ $GITLAB_CHANGED_FILES == true ]]; then
+            echo 'Files under .gitlab folder has changed, Will check if the PR has the `nightly-ok` label.'
+          else
+            echo 'Files in the .gitlab folder have not been changed.'
+          fi
+
+      - name: Check if PR has the nightly-ok label
+        uses: actions/github-script@v7
+        id: check-label
+        with:
+          script: |
+            const gitlabChangedFiles = ${{ steps.check-changes.outputs.gitlab_changed_files }};
+            if(gitlabChangedFiles) {
+              console.log('Files under .gitlab folder has changed, Will check if the PR has the `nightly-ok` label.');
+              const labels = context.payload.pull_request.labels.map(label => label.name);
+              const hasLabel = labels.includes('nightly-ok');
+              if (hasLabel) {
+                console.log('All good, the PR has the `nightly-ok` label.');
+              } else {
+                console.log('PR does not have the `nightly-ok` label. It is required when changing files under the `.gitlab` directory. Please run nightly using the Utils/gitlab_triggers/trigger_content_nightly_build.sh script, check that succeeded, and add the `nightly-ok` label');
+                process.exit(1); // Exit with failure status if label is missing
+              }
+            } else {
+              console.log('Files in the .gitlab folder have not been changed.');
+            }
diff --git a/.github/workflows/clean_stale_branches.yml b/.github/workflows/clean_stale_branches.yml
@@ -6,11 +6,12 @@ on:
 env:
   DAY_BEFORE_STALE: 30
   DAY_BEFORE_CLOSE: 15
-  EXEMPT_LABELS: "Ignore Stale"
+  EXEMPT_LABELS: "Ignore Stale,External PR"
 
 jobs:
   stale:
     runs-on: ubuntu-latest
+    if: github.repository == 'demisto/content' && github.event.pull_request.head.repo.fork == false
     steps:
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/create-internal-pr-from-external.yml b/.github/workflows/create-internal-pr-from-external.yml
@@ -5,19 +5,25 @@ on:
     branches:
       - contrib/**
 
+permissions:
+  pull-requests: write
+
 jobs:
   create_internal_pr:
     runs-on: ubuntu-latest
     if: github.repository == 'demisto/content' && github.event.action == 'closed' && github.event.pull_request.merged == true && github.event.pull_request.head.repo.fork == true
     steps:
+      - name: set pythonpath
+        run: |
+          echo "PYTHONPATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
       - name: Checkout
         uses: actions/checkout@v4
       - name: Setup Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10'
       - name: Setup Poetry
-        uses: Gr1N/setup-poetry@v8
+        uses: Gr1N/setup-poetry@v9
       - name: Print Context
         run: |
           echo "$GITHUB_CONTEXT"
@@ -36,3 +42,11 @@ jobs:
           cd Utils/github_workflow_scripts
           poetry run ./create_internal_pr.py
           echo "Finished Creating Internal PR"
+      
+      - name: Notify External PR Merge
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          echo "Add a comment"
+          gh pr comment "$PR_URL" --body "Thank you for your contribution. Your external PR has been merged and the changes are now included in an internal PR for further review. The internal PR will be merged to the master branch within 3 business days."
diff --git a/.github/workflows/handle-new-external-pr.yml b/.github/workflows/handle-new-external-pr.yml
@@ -17,11 +17,11 @@ jobs:
           fetch-depth: 2
 
       - name: Setup Python
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10'
       - name: Setup Poetry
-        uses: Gr1N/setup-poetry@v8
+        uses: Gr1N/setup-poetry@v9
       - name: Print Context
         run: |
           echo "$GITHUB_CONTEXT"
@@ -31,7 +31,9 @@ jobs:
       - name: Install Python Dependencies
         run: |
           poetry install --with ci
-
+      - name: set pythonpath
+        run: |
+          echo "PYTHONPATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
       - name: Update External PR
         env:
           CONTENTBOT_GH_ADMIN_TOKEN: ${{ secrets.CONTENTBOT_GH_ADMIN_TOKEN }}