From 9e56293b55dac24c8f124b5b7aebfec07a6b4f5e Mon Sep 17 00:00:00 2001
From: Leonardo Grasso <me@leonardograsso.com>
Date: Wed, 22 May 2024 11:33:43 +0200
Subject: [PATCH] fix(.github/workflow): strict naming convention for changed
 rules files

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
---
 .github/workflows/rules.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/rules.yaml b/.github/workflows/rules.yaml
index 80cfe5ce..6cbd5f18 100644
--- a/.github/workflows/rules.yaml
+++ b/.github/workflows/rules.yaml
@@ -31,15 +31,17 @@ jobs:
       - name: Find changed rules files
         id: set-changed-files
         run: |
-          # if we skip changed-files because we're not in a pull-request,
-          # then we consider all the rules contained in the repo
+          # Find any changed file located under the /rules folder that matches the naming convention <ruleset>_rules.yaml.
+          # See https://github.com/falcosecurity/rules/blob/main/README.md#naming-convention for details.
+          # Additionally, if we skip changed-files because we're not in a pull request,
+          # then we consider all the rules contained in the repository.
           all_files="${{ steps.changed-files.outputs.all }}"
           values=""
           if [ -z "$all_files" ]; then
-            values=$(ls rules/*.yaml)
+            values=$(ls rules/*_rules.yaml)
           else
             for changed_file in $all_files; do
-              if [[ "${changed_file}" =~ ^rules/.* ]]; then
+              if [[ "${changed_file}" =~ ^rules/[^/]*_rules\.yaml$ ]]; then
                 values=${values}${changed_file}$'\n'
               fi
             done