Commit 3808997
authored
[Security Rules] Integrate security_detection_engine OOM testing pipeline (#15829)
**Partially addresses:** elastic/kibana#188090
## Summary
This PR integrates [Prebuilt Rules OOM testing Buildkite pipeline](https://buildkite.com/elastic/appex-qa-stateful-security-prebuilt-rules-ftr-oom-testing) into the Pull Request Buildkite pipeline.
## Details
Pull Request Builkite pipeline script have been extended in a generic way to support custom package checker scripts located under `<repo-root>/.buildkite/scripts/packages/<package-name>.sh`. It allows to run any custom verification and testing logic specific to a package.
This PR adds `.buildkite/scripts/packages/security_detection_engine.sh` script file. This script runs only for **security_detection_engine** package and triggers the [Prebuilt Rules Out-Of-Memory testing pipeline](https://buildkite.com/elastic/appex-qa-stateful-security-prebuilt-rules-ftr-oom-testing). The triggered pipeline performs e2e testing to reveal potential blockers due to Kibana Out-Of-Memory instance failures when performing actions upon the package (installing the package, review prebuilt rules available in the package, installing prebuilt rules from the package etc.).
### Tested stack versions
For now `.buildkite/scripts/packages/security_detection_engine.sh` triggers [Prebuilt Rules OOM testing Buildkite pipeline](https://buildkite.com/elastic/appex-qa-stateful-security-prebuilt-rules-ftr-oom-testing) against compatible minor versions under development. The decision is made based on Kibana's [versions.json](https://github.com/raw-content/elastic/kibana/main/versions.json). While compatibility is determined via `conditions.kibana.version` field in the package's `manifest.yml`.
For example `conditions.kibana.version` has `^9.2.0` restriction and we have `9.2.2` and `9.3.0` under development. It means the OOM tests will run against `9.2.2-SNAPSHOT` and `9.3.0-SNAPSHOT`.
We consider extending the testing surface to the latest release patch versions after collecting more data in the CI runs.
## Affected teams
@elastic/threat-research-and-detection-engineering,
FYI this PR will affect **security_detection_engine** package release process. Every PR containing changes to the **security_detection_engine** package will trigger [Prebuilt Rules OOM testing ECH Buildkite pipeline](https://buildkite.com/elastic/appex-qa-stateful-security-prebuilt-rules-ftr-oom-testing).
## Further improvements
- Pushing commits to this repo in a quick succession may lead to leaving rouge resources in the cloud. It happens due to `cancel_intermediate_builds: true` configuration at the Integrations PR Buildkite build. Pushing a fresh commit cancels the currently running PR build leading to cancelling the triggered build. Eventually the clean up steps in the triggered build can't execute and clean up resources in the cloud.
- We may speed up the build by using an **elastic-package** Docker container published to `docker.elastic.co`. **elastic-package** installation is a complex process requiring a chain on installations GVM -> Go -> elastic-package. And it takes in average **3 minutes** per each integration (integrations build in parallel). On top of that [Prebuilt Rules OOM testing Buildkite pipeline](https://buildkite.com/elastic/appex-qa-stateful-security-prebuilt-rules-ftr-oom-testing) has to install **elastic-package** as well. It sums up to **6 minutes** which could be reduced.1 parent 5e8fad9 commit 3808997
File tree
3 files changed
+91
-3
lines changed- .buildkite/scripts
- packages
3 files changed
+91
-3
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
728 | 728 | | |
729 | 729 | | |
730 | 730 | | |
731 | | - | |
| 731 | + | |
732 | 732 | | |
733 | 733 | | |
734 | 734 | | |
| |||
763 | 763 | | |
764 | 764 | | |
765 | 765 | | |
766 | | - | |
| 766 | + | |
767 | 767 | | |
768 | 768 | | |
769 | 769 | | |
| 770 | + | |
| 771 | + | |
| 772 | + | |
| 773 | + | |
| 774 | + | |
| 775 | + | |
| 776 | + | |
| 777 | + | |
| 778 | + | |
770 | 779 | | |
771 | 780 | | |
772 | 781 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
0 commit comments