From 5ccbda1eeec747038634504950db7b84fadd0570 Mon Sep 17 00:00:00 2001
From: Ariel Ropek <ariel.ropek@panther.com>
Date: Mon, 16 Sep 2024 14:06:39 -0600
Subject: [PATCH] Validate on PR approval

---
 .github/workflows/upload.yml                  |  5 +--
 .github/workflows/validate.yml                | 42 +++++++++++++++++++
 ...tion_login_followed_by_account_change.yml} |  0
 3 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 .github/workflows/validate.yml
 rename correlation_rules/{notion_account_changed_after_login.yml => notion_login_followed_by_account_change.yml} (100%)

diff --git a/.github/workflows/upload.yml b/.github/workflows/upload.yml
index 45b4763ac..a854ba46c 100644
--- a/.github/workflows/upload.yml
+++ b/.github/workflows/upload.yml
@@ -17,6 +17,7 @@ jobs:
       - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
         with:
           egress-policy: audit
+          
       - name: Validate Secrets
         if: ${{ env.API_HOST == '' || env.API_TOKEN == '' }}
         run: |
@@ -37,10 +38,6 @@ jobs:
       - name: Setup venv
         run: make venv
 
-      - name: validate
-        run: |
-          pipenv run panther_analysis_tool validate --api-host ${{ env.API_HOST }} --api-token ${{ env.API_TOKEN }}
-
       - name: upload
         run: |
           pipenv run panther_analysis_tool upload --api-host ${{ env.API_HOST }} --api-token ${{ env.API_TOKEN }}
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
new file mode 100644
index 000000000..5b5e1192a
--- /dev/null
+++ b/.github/workflows/validate.yml
@@ -0,0 +1,42 @@
+on:
+  pull_request_review:
+    types: [submitted]
+
+permissions:
+  contents: read
+
+jobs:
+  validate:
+    if: github.event.review.state == 'approved'
+    name: Validate
+    runs-on: ubuntu-latest
+    env:
+      API_HOST: ${{ secrets.API_HOST }}
+      API_TOKEN: ${{ secrets.API_TOKEN }}
+    steps:
+      - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+      - name: Validate Secrets
+        if: ${{ env.API_HOST == '' || env.API_TOKEN == '' }}
+        run: |
+          echo "API_HOST or API_TOKEN not set"
+          exit 0
+
+      - name: Checkout panther-analysis
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.1.7
+
+      - name: Set python version
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 #v5.2.0
+        with:
+          python-version: "3.11"
+
+      - name: Install pipenv
+        run: pip install pipenv
+
+      - name: Setup venv
+        run: make venv
+
+      - name: validate
+        run: |
+          pipenv run panther_analysis_tool validate --api-host ${{ env.API_HOST }} --api-token ${{ env.API_TOKEN }}
diff --git a/correlation_rules/notion_account_changed_after_login.yml b/correlation_rules/notion_login_followed_by_account_change.yml
similarity index 100%
rename from correlation_rules/notion_account_changed_after_login.yml
rename to correlation_rules/notion_login_followed_by_account_change.yml