Move etc under detection_rules (elastic#1885)

* Move etc directory under detection_rules
* Prepend original `etc` path with `detection_rules`
* Update docstrings in util and CODEOWNERS
* Add resiliency to tags to account for the old directory structure
* Bug fix: remove unused param caused by commit 6ed1a39

Co-authored-by: Justin Ibarra <[email protected]>

Author: Mikaayenson

.github/CODEOWNERS

@@ -1,13 +1,13 @@
 # detection-rules code owners
 # POC: Elastic Security Intelligence and Analytics Team
 
-tests/**/*.py     @brokensound77 @rw-access
-detection_rules/  @brokensound77 @rw-access
-tests/            @brokensound77 @rw-access
+tests/**/*.py     @brokensound77 @mikaayenson @terrancedejesus
+detection_rules/  @brokensound77 @mikaayenson @terrancedejesus
+tests/            @brokensound77 @mikaayenson @terrancedejesus
 
 # skip rta-mapping to avoid the spam
-etc/packages.yml  @brokensound77 @rw-access
-etc/*.json        @brokensound77 @rw-access
-etc/*.json        @brokensound77 @rw-access
-etc/*/*           @brokensound77 @rw-access
+detection_rules/etc/packages.yml  @brokensound77 @mikaayenson @terrancedejesus
+detection_rules/etc/*.json        @brokensound77 @mikaayenson @terrancedejesus
+detection_rules/etc/*.json        @brokensound77 @mikaayenson @terrancedejesus
+detection_rules/etc/*/*           @brokensound77 @mikaayenson @terrancedejesus
 

.github/paths-labeller.yml

@@ -3,10 +3,10 @@
   - "./**/*.md"
 - "schema":
   - "detection_rules/beats.py"
-  - "etc/beats_schemas/**/*"
+  - "detection_rules/etc/beats_schemas/**/*"
   - "detection_rules/ecs.py"
-  - "etc/ecs_schemas/**/*"
-  - "etc/api_schemas/**/*"
+  - "detection_rules/etc/ecs_schemas/**/*"
+  - "detection_rules/etc/api_schemas/**/*"
   - "detection_rules/schemas/**/*"
 - "python":
   - "detection_rules/**/*.py"

.github/workflows/lock-versions.yml

@@ -49,8 +49,8 @@ jobs:
         env:
           BRANCHES: "${{github.event.inputs.branches}}"
         run: |
-          ./etc/lock-multiple.sh $BRANCHES
-          git add etc/version.lock.json
+          ./detection_rules/etc/lock-multiple.sh $BRANCHES
+          git add detection_rules/etc/version.lock.json
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v3

CONTRIBUTING.md

@@ -56,7 +56,7 @@ def _decompress_and_save_schema(url, release_name):
 
     # remove all non-beat directories
     fs = {k: v for k, v in fs.get("folders", {}).items() if k.endswith("beat")}
-    print(f"Saving etc/beats_schema/{release_name}.json")
+    print(f"Saving detection_rules/etc/beats_schema/{release_name}.json")
 
     compressed = gzip_compress(json.dumps(fs, sort_keys=True, cls=DateTimeEncoder))
     path = get_etc_path("beats_schemas", release_name + ".json.gz")

README.md

@@ -189,7 +189,7 @@ def read(self, git_tree="HEAD") -> bytes:
 def prune_staging_area(target_stack_version: str, dry_run: bool):
     """Prune the git staging area to remove changes to incompatible rules."""
     exceptions = {
-        "etc/packages.yml",
+        "detection_rules/etc/packages.yml",
     }
 
     target_stack_version = Version(target_stack_version)[:2]