.github/workflows/timeline-diff.yml

name: Check CSV timeline and JSON timeline Diff

on:
  workflow_dispatch:

jobs:
  timeline-diff:
    runs-on: ubuntu-latest
    env:
      BRANCH_NAME: ${{ github.head_ref }}

    steps:
      - name: Checkout main
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.ref }}
          submodules: recursive
          fetch-depth: 0

      - name: Checkout hayabusa-sample-evtx repo
        uses: actions/checkout@v4
        with:
          repository: Yamato-Security/hayabusa-sample-evtx
          path: hayabusa-sample-evtx

      - name: Set up Rust
        uses: dtolnay/rust-toolchain@stable

      - name: Run on dev branch
        run: |
          cargo run --release -- update-rules -q
          cargo run --release -- csv-timeline -d ./hayabusa-sample-evtx -o dev.csv -p super-verbose -q -w -D -n -u
          cargo run --release -- json-timeline -d ./hayabusa-sample-evtx -o dev.jsonl -L -p super-verbose -q -w -D -n -u

      - name: Run on dev branch(encoded_rules)
        run: |
          cargo build --release
          mv ./config ../
          mv ./rules ../
          cp target/release/hayabusa .
          curl -O https://raw.githubusercontent.com/Yamato-Security/hayabusa-encoded-rules/refs/heads/main/encoded_rules.yml
          curl -O https://raw.githubusercontent.com/Yamato-Security/hayabusa-encoded-rules/refs/heads/main/rules_config_files.txt
          ./hayabusa update-rules -q
          ./hayabusa csv-timeline -d ./hayabusa-sample-evtx -o dev-encoded.csv -p super-verbose -q -w -D -n -u
          ./hayabusa json-timeline -d ./hayabusa-sample-evtx -o dev-encoded.jsonl -L -p super-verbose -q -w -D -n -u
          mv ../config ./
          mv ../rules ./
          mv encoded_rules.yml ../
          mv rules_config_files.txt ../

      - name: Run on main branch
        run: |
          git checkout main
          cargo run --release -- update-rules -q
          cargo run --release -- csv-timeline -d ./hayabusa-sample-evtx -o main.csv -p super-verbose -q -w -D -n -u
          cargo run --release -- json-timeline -d ./hayabusa-sample-evtx -o main.jsonl -L -p super-verbose -q -w -D -n -u

      - name: Run on main branch(encoded_rules)
        run: |
          cargo build --release
          mv ./config ../
          mv ./rules ../
          curl -O https://raw.githubusercontent.com/Yamato-Security/hayabusa-encoded-rules/refs/heads/main/encoded_rules.yml
          curl -O https://raw.githubusercontent.com/Yamato-Security/hayabusa-encoded-rules/refs/heads/main/rules_config_files.txt
          cp target/release/hayabusa .
          ./hayabusa update-rules -q
          ./hayabusa csv-timeline -d ./hayabusa-sample-evtx -o main-encoded.csv -p super-verbose -q -w -D -n -u
          ./hayabusa json-timeline -d ./hayabusa-sample-evtx -o main-encoded.jsonl -L -p super-verbose -q -w -D -n -u
          rm -rf encoded_rules.yml rules_config_files.txt hayabusa

      - name: Check CSV Timeline diff
        run: |
          diff main.csv dev.csv
          if [ $? -ne 0 ]; then
            echo "CSV files are different"
            exit 1
          fi

      - name: Check CSV Timeline diff(encoded_rules)
        run: |
          diff main-encoded.csv dev-encoded.csv
          if [ $? -ne 0 ]; then
            echo "CSV files are different"
            exit 1
          fi

      - name: Check JSONL Timeline diff
        run: |
          diff main.jsonl dev.jsonl
          if [ $? -ne 0 ]; then
            echo "JSON files are different"
            exit 1
          fi

      - name: Check JSONL Timeline diff(encoded_rules)
        run: |
          diff main.jsonl dev.jsonl
          if [ $? -ne 0 ]; then
            echo "JSON files are different"
            exit 1
          fi