Test deprecated rule modification (#3727)

(cherry picked from commit f9b3534)
elastic · Jun 7, 2024 · fe7bca4 · fe7bca4
1 parent 80f2a34
commit fe7bca4
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
@@ -12,8 +12,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 1
+
+    - name: Fetch main branch
+      run: |
+        git fetch origin main:refs/remotes/origin/main
+ 
     - name: Set up Python 3.12
       uses: actions/setup-python@v5
       with:

diff --git a/tests/test_all_rules.py b/tests/test_all_rules.py
@@ -29,7 +29,7 @@
 from detection_rules.rule_loader import FILE_PATTERN
 from detection_rules.rule_validators import EQLValidator, KQLValidator
 from detection_rules.schemas import definitions, get_min_supported_stack_version, get_stack_schemas
-from detection_rules.utils import INTEGRATION_RULE_DIR, PatchedTemplate, get_path, load_etc_dump
+from detection_rules.utils import INTEGRATION_RULE_DIR, PatchedTemplate, get_path, load_etc_dump, make_git
 from detection_rules.version_lock import default_version_lock
 from rta import get_available_tests
 
@@ -626,6 +626,19 @@ def test_deprecated_rules(self):
             rule_str = f'{rule_id} - {entry["rule_name"]} ->'
             self.assertIn(rule_id, deprecated_rules, f'{rule_str} is logged in "deprecated_rules.json" but is missing')
 
+    def test_deprecated_rules_modified(self):
+        """Test to ensure deprecated rules are not modified."""
+
+        rules_path = get_path("rules", "_deprecated")
+
+        # Use git diff to check if the file(s) has been modified in rules/_deprecated directory
+        detection_rules_git = make_git()
+        result = detection_rules_git("diff", "--diff-filter=M", "origin/main", "--name-only", rules_path)
+
+        # If the output is not empty, then file(s) have changed in the directory
+        if result:
+            self.fail(f"Deprecated rules {result} has been modified")
+
     @unittest.skipIf(PACKAGE_STACK_VERSION < Version.parse("8.3.0"),
                      "Test only applicable to 8.3+ stacks regarding related integrations build time field.")
     def test_integration_tag(self):