Problem
The README states that individual query YAML files are "automatically combined into a single Queries.json file that powers the front-end." However, queries/*.yml appears to be updated more frequently than main/Queries.json, so the aggregated JSON can lag behind the YAML source-of-truth.
Additionally, the README references /Queries (capital Q), but the repo directory is queries/ (lowercase).
What I found
There is already a GitHub Actions workflow that runs utilities/python/convert.py to generate both Queries.zip and Queries.json, but it looks like those are generated for a (draft) release and not committed back into main. That would explain why main/Queries.json can drift from queries/*.yml.
Suggested fixes (choose one)
Option A (recommended): Treat main/Queries.json as the canonical aggregate and auto-regenerate + commit it whenever queries/**/*.yml changes (with paths-ignore for Queries.json to avoid workflow loops).
on:
push:
branches: [ main ]
paths:
- "queries/**/*.yml"
- "utilities/python/**"
- "requirements.txt"
paths-ignore:
- "Queries.json"
jobs:
regenerate-json:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v3
with:
python-version: "3.10"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Generate Queries.json from YAML
run: |
python utilities/python/convert.py ./queries ./Queries.json
- name: Commit updated Queries.json (if changed)
if: github.actor != 'github-actions[bot]'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if git diff --quiet -- Queries.json; then
echo "No changes to Queries.json"
exit 0
fi
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add Queries.json
git commit -m "chore: regenerate Queries.json [skip ci]"
git pushOption B: Treat Queries.json as a build artifact only and update the README to direct users to Releases for the latest JSON/ZIP (and clarify what the frontend consumes).
Option C: At minimum, document how to run convert.py locally so contributors/users can regenerate Queries.json when it lags.
Also, there is a typo in the word BloodHound in the readme:
Problem
The README states that individual query YAML files are "automatically combined into a single Queries.json file that powers the front-end." However,
queries/*.ymlappears to be updated more frequently thanmain/Queries.json, so the aggregated JSON can lag behind the YAML source-of-truth.Additionally, the README references
/Queries(capital Q), but the repo directory isqueries/(lowercase).What I found
There is already a GitHub Actions workflow that runs
utilities/python/convert.pyto generate bothQueries.zipandQueries.json, but it looks like those are generated for a (draft) release and not committed back intomain. That would explain whymain/Queries.jsoncan drift fromqueries/*.yml.Suggested fixes (choose one)
Option A (recommended): Treat
main/Queries.jsonas the canonical aggregate and auto-regenerate + commit it wheneverqueries/**/*.ymlchanges (withpaths-ignoreforQueries.jsonto avoid workflow loops).Option B: Treat
Queries.jsonas a build artifact only and update the README to direct users to Releases for the latest JSON/ZIP (and clarify what the frontend consumes).Option C: At minimum, document how to run
convert.pylocally so contributors/users can regenerateQueries.jsonwhen it lags.Also, there is a typo in the word BloodHound in the readme: