From e466e310cedacb85faa288d540b474974e20f681 Mon Sep 17 00:00:00 2001
From: Luke Snyder <709836+lksnyder0@users.noreply.github.com>
Date: Wed, 9 Oct 2024 12:36:23 -0400
Subject: [PATCH 1/8] Don't bother caching

---
 .github/workflows/build_elastic_common_schema_toolchain.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/build_elastic_common_schema_toolchain.yml b/.github/workflows/build_elastic_common_schema_toolchain.yml
index b58bd506c..034588638 100644
--- a/.github/workflows/build_elastic_common_schema_toolchain.yml
+++ b/.github/workflows/build_elastic_common_schema_toolchain.yml
@@ -50,11 +50,6 @@ jobs:
       - name: Build and Push
         uses: docker/build-push-action@v5
         with:
-          context: "{{defaultContext}}:docker"
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=068738303278.dkr.ecr.us-east-1.amazonaws.com/elastic-common-schema-toolchain:cache
-          cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=068738303278.dkr.ecr.us-east-1.amazonaws.com/elastic-common-schema-toolchain:cache
           push: true
-          build-args: |
-            BRANCH=${{ github.head_ref || github.ref_name }}

From e4b6e0f691efafa72f61c6346a65519cde6424a9 Mon Sep 17 00:00:00 2001
From: Luke Snyder <709836+lksnyder0@users.noreply.github.com>
Date: Wed, 9 Oct 2024 12:42:29 -0400
Subject: [PATCH 2/8] Simplify the docker build process

Why the fuck did I clone the repo instead of just copying it.....
---
 .../workflows/build_elastic_common_schema_toolchain.yml    | 1 +
 docker/Dockerfile                                          | 7 +++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build_elastic_common_schema_toolchain.yml b/.github/workflows/build_elastic_common_schema_toolchain.yml
index 034588638..10b19c304 100644
--- a/.github/workflows/build_elastic_common_schema_toolchain.yml
+++ b/.github/workflows/build_elastic_common_schema_toolchain.yml
@@ -50,6 +50,7 @@ jobs:
       - name: Build and Push
         uses: docker/build-push-action@v5
         with:
+          context: "{{defaultContext}}:docker" # Dockerfile is in docker dir
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           push: true
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 59a3965c5..bd3a968e5 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,7 +1,6 @@
 FROM ubuntu:latest
-ARG BRANCH=main
 RUN mkdir /ecs && apt update && apt install -y git python3-pip && apt clean
 WORKDIR /ecs
-RUN git clone https://github.com/huntresslabs/ecs . && git checkout ${BRANCH} && python3 -m pip install --break-system-packages -r scripts/requirements.txt
-COPY scripts/entry_point.sh entry_point.sh
-ENTRYPOINT ["/bin/bash", "/ecs/entry_point.sh"]
+COPY . /ecs
+RUN python3 -m pip install --break-system-packages -r scripts/requirements.txt
+ENTRYPOINT ["/bin/bash", "/ecs/scripts/entry_point.sh"]

From b3a4ca8ca215ea71df1553cd134df08072da22a2 Mon Sep 17 00:00:00 2001
From: Luke Snyder <709836+lksnyder0@users.noreply.github.com>
Date: Wed, 9 Oct 2024 12:44:43 -0400
Subject: [PATCH 3/8] Need to checkout code

---
 .github/workflows/build_elastic_common_schema_toolchain.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build_elastic_common_schema_toolchain.yml b/.github/workflows/build_elastic_common_schema_toolchain.yml
index 10b19c304..59c469887 100644
--- a/.github/workflows/build_elastic_common_schema_toolchain.yml
+++ b/.github/workflows/build_elastic_common_schema_toolchain.yml
@@ -14,6 +14,9 @@ jobs:
       contents: write
       id-token: write
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:

From 4bfbd4ea2c0d9fd8207e76fe2c3eac2eba30ed5d Mon Sep 17 00:00:00 2001
From: Luke Snyder <709836+lksnyder0@users.noreply.github.com>
Date: Wed, 9 Oct 2024 12:48:34 -0400
Subject: [PATCH 4/8] Update Dockerfile

---
 docker/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index bd3a968e5..6a8693bf2 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -2,5 +2,5 @@ FROM ubuntu:latest
 RUN mkdir /ecs && apt update && apt install -y git python3-pip && apt clean
 WORKDIR /ecs
 COPY . /ecs
-RUN python3 -m pip install --break-system-packages -r scripts/requirements.txt
-ENTRYPOINT ["/bin/bash", "/ecs/scripts/entry_point.sh"]
+RUN python3 -m pip install --break-system-packages -r /ecs/scripts/requirements.txt
+ENTRYPOINT ["/bin/bash", "/ecs/docker/scripts/entry_point.sh"]

From fa1a7d0fba7b890b6270712341be7cdd5a640e87 Mon Sep 17 00:00:00 2001
From: Luke Snyder <709836+lksnyder0@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:03:24 -0400
Subject: [PATCH 5/8] Move Dockerfile

---
 .../workflows/build_elastic_common_schema_toolchain.yml   | 2 --
 Dockerfile                                                | 8 ++++++++
 docker/Dockerfile                                         | 6 ------
 {docker/scripts => scripts}/entry_point.sh                | 0
 4 files changed, 8 insertions(+), 8 deletions(-)
 create mode 100644 Dockerfile
 delete mode 100644 docker/Dockerfile
 rename {docker/scripts => scripts}/entry_point.sh (100%)

diff --git a/.github/workflows/build_elastic_common_schema_toolchain.yml b/.github/workflows/build_elastic_common_schema_toolchain.yml
index 59c469887..0426edd15 100644
--- a/.github/workflows/build_elastic_common_schema_toolchain.yml
+++ b/.github/workflows/build_elastic_common_schema_toolchain.yml
@@ -44,7 +44,6 @@ jobs:
             # Tag with short sha when built on default branch
             type=sha,enable={{is_default_branch}}
 
-      # Setting up Docker Buildx with docker-container driver is required
       # Setting up Docker Buildx with docker-container driver is required
       # at the moment to be able to use a subdirectory with Git context
       - name: Set up Docker Buildx
@@ -53,7 +52,6 @@ jobs:
       - name: Build and Push
         uses: docker/build-push-action@v5
         with:
-          context: "{{defaultContext}}:docker" # Dockerfile is in docker dir
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           push: true
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..747299c47
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,8 @@
+FROM ubuntu:latest
+WORKDIR /ecs
+COPY . /ecs
+RUN apt update \
+    && apt install -y python3-pip \
+    && apt clean \
+    && python3 -m pip install --break-system-packages -r scripts/requirements.txt
+ENTRYPOINT ["/bin/bash", "/ecs/scripts/entry_point.sh"]
diff --git a/docker/Dockerfile b/docker/Dockerfile
deleted file mode 100644
index 6a8693bf2..000000000
--- a/docker/Dockerfile
+++ /dev/null
@@ -1,6 +0,0 @@
-FROM ubuntu:latest
-RUN mkdir /ecs && apt update && apt install -y git python3-pip && apt clean
-WORKDIR /ecs
-COPY . /ecs
-RUN python3 -m pip install --break-system-packages -r /ecs/scripts/requirements.txt
-ENTRYPOINT ["/bin/bash", "/ecs/docker/scripts/entry_point.sh"]
diff --git a/docker/scripts/entry_point.sh b/scripts/entry_point.sh
similarity index 100%
rename from docker/scripts/entry_point.sh
rename to scripts/entry_point.sh

From 92ef5a2026d1b993ca042bfe83ccdcb98ec5a89e Mon Sep 17 00:00:00 2001
From: Luke Snyder <709836+lksnyder0@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:12:22 -0400
Subject: [PATCH 6/8] Need git binary

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 747299c47..3a8c74392 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM ubuntu:latest
 WORKDIR /ecs
 COPY . /ecs
 RUN apt update \
-    && apt install -y python3-pip \
+    && apt install -y python3-pip git \
     && apt clean \
     && python3 -m pip install --break-system-packages -r scripts/requirements.txt
 ENTRYPOINT ["/bin/bash", "/ecs/scripts/entry_point.sh"]

From 27c3dd033eed70cef99cc242697158cfda45c4aa Mon Sep 17 00:00:00 2001
From: Luke Snyder <709836+lksnyder0@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:30:51 -0400
Subject: [PATCH 7/8] Remove responsible from process

---
 schemas/process.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/schemas/process.yml b/schemas/process.yml
index abb5366d0..5e7f5ab83 100644
--- a/schemas/process.yml
+++ b/schemas/process.yml
@@ -61,10 +61,6 @@
         short_override: An array of previous executions for the process, including the initial fork. Only executable and args are set.
         normalize:
           - array
-      - at: process
-        as: responsible
-        short_override: Responsible process in macOS tracks the originating process of an app, key for understanding permissions and hierarchy.
-        beta: This field is beta and subject to change.
 
   fields:
 

From 66a1ebe0e4f6a306c6c61df2450ed59f233029e8 Mon Sep 17 00:00:00 2001
From: Luke Snyder <709836+lksnyder0@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:39:54 -0400
Subject: [PATCH 8/8] Revert "Remove responsible from process"

This reverts commit 27c3dd033eed70cef99cc242697158cfda45c4aa.
---
 schemas/process.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/schemas/process.yml b/schemas/process.yml
index 5e7f5ab83..abb5366d0 100644
--- a/schemas/process.yml
+++ b/schemas/process.yml
@@ -61,6 +61,10 @@
         short_override: An array of previous executions for the process, including the initial fork. Only executable and args are set.
         normalize:
           - array
+      - at: process
+        as: responsible
+        short_override: Responsible process in macOS tracks the originating process of an app, key for understanding permissions and hierarchy.
+        beta: This field is beta and subject to change.
 
   fields: