Skip to content

Build rpm wazuh-dashboard on x86_64 - checksum #352

Build rpm wazuh-dashboard on x86_64 - checksum

Build rpm wazuh-dashboard on x86_64 - checksum #352

run-name: Build ${{ inputs.system }} wazuh-dashboard on ${{ inputs.architecture }} ${{ inputs.is_stage && '- is stage' || '' }} ${{ inputs.checksum && '- checksum' || '' }} ${{ inputs.id }}
name: Build Wazuh dashboard with plugins
on:
workflow_dispatch:
inputs:
system:
type: choice
description: 'Package OS'
required: true
options:
- deb
- rpm
default: 'deb'
architecture:
type: choice
description: 'Package architecture'
required: true
options:
- amd64
- x86_64
- aarch64
- arm64
default: amd64
revision:
type: string
description: 'Package revision'
required: true
default: '0'
reference_security_plugins:
type: string
description: 'Branch/tag/commit of the wazuh-security-dashboards-plugin repository to build the security plugin'
required: true
default: 'master'
reference_wazuh_plugins:
type: string
description: 'Branch/tag/commit of the wazuh-dashboard-plugins repository to build the main plugins'
required: true
default: 'master'
reference_report_plugins:
type: string
description: 'Branch/tag/commit of the wazuh-dashboard-reporting repository to build the report plugin'
required: true
default: 'master'
is_stage:
type: boolean
description: 'Set production nomenclature'
required: true
default: false
upload:
description: "Upload ?"
type: boolean
default: true
checksum:
type: boolean
description: 'Generate package checksum'
required: true
default: false
id:
description: 'ID used to identify the workflow uniquely.'
type: string
required: false
workflow_call:
inputs:
system:
type: string
required: true
default: 'deb'
architecture:
type: string
required: true
default: amd64
revision:
type: string
required: true
default: '0'
reference_security_plugins:
type: string
required: true
default: 'master'
reference_wazuh_plugins:
type: string
required: true
default: 'master'
reference_report_plugins:
type: string
required: true
default: 'master'
is_stage:
type: boolean
required: true
default: false
upload:
type: boolean
default: true
checksum:
type: boolean
required: true
default: false
id:
type: string
required: false
jobs:
setup-variables:
runs-on: ubuntu-latest
name: Setup variables
outputs:
CURRENT_DIR: ${{ steps.setup-variables.outputs.CURRENT_DIR }}
VERSION: ${{ steps.setup-variables.outputs.VERSION }}
REVISION: ${{ steps.setup-variables.outputs.REVISION }}
COMMIT_SHA: ${{ steps.setup-variables.outputs.COMMIT_SHA }}
PRODUCTION: ${{ steps.setup-variables.outputs.PRODUCTION }}
WAZUH_DASHBOARD_SLIM: ${{ steps.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }}
WAZUH_SECURITY_PLUGIN: ${{ steps.setup-variables.outputs.WAZUH_SECURITY_PLUGIN }}
WAZUH_REPORT_PLUGIN: ${{ steps.setup-variables.outputs.WAZUH_REPORT_PLUGIN }}
WAZUH_PLUGINS: ${{ steps.setup-variables.outputs.WAZUH_PLUGINS }}
PACKAGE_NAME: ${{ steps.setup-variables.outputs.PACKAGE_NAME }}
FINAL_NAME: ${{ steps.setup-variables.outputs.FINAL_NAME }}
ARCHITECTURE_FLAG: ${{ steps.setup-variables.outputs.ARCHITECTURE_FLAG }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get SHA of wazuh-dashboard-plugins
id: get-plugins-sha
run: |
git clone -b ${{ inputs.reference_wazuh_plugins }} --single-branch https://github.com/wazuh/wazuh-dashboard-plugins.git wzdp
cd wzdp
echo "WAZUH_PLUGINS_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Get SHA of wazuh-security-dashboards-plugin
id: get-security-sha
run: |
git clone -b ${{ inputs.reference_security_plugins }} --single-branch https://github.com/wazuh/wazuh-security-dashboards-plugin.git wzsp
cd wzsp
echo "WAZUH_SECURITY_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Get SHA of wazuh-dashboards-reporting
id: get-reporting-sha
run: |
git clone -b ${{ inputs.reference_report_plugins }} --single-branch https://github.com/wazuh/wazuh-dashboards-reporting.git wzrp
cd wzrp
echo "WAZUH_REPORTING_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Setup variables
id: setup-variables
run: |
CURRENT_DIR=$(pwd -P)
VERSION=$(tail -c +2 VERSION)
REVISION=$(yarn --silent wzd-revision)
COMMIT_SHA=$(git rev-parse --short HEAD)
PLUGINS_SHA=${{steps.get-plugins-sha.outputs.WAZUH_PLUGINS_SHA}}
SECURITY_SHA=${{steps.get-security-sha.outputs.WAZUH_SECURITY_SHA}}
REPORTING_SHA=${{steps.get-reporting-sha.outputs.WAZUH_REPORTING_SHA}}
if [ "${{ inputs.is_stage }}" = "true" ]; then
PRODUCTION=--production
else
PRODUCTION=""
fi
WAZUH_DASHBOARD_SLIM=wazuh-dashboard_${VERSION}-${REVISION}_${{ (inputs.ARCHITECTURE == 'x86_64' || inputs.ARCHITECTURE == 'amd64') && 'x64' || 'arm64' }}.tar.gz
WAZUH_SECURITY_PLUGIN=wazuh-security-dashboards-plugin_${VERSION}-${REVISION}_${{ inputs.reference_security_plugins }}.zip
WAZUH_REPORT_PLUGIN=reports-dashboards_${VERSION}-${REVISION}_${{ inputs.reference_report_plugins }}.zip
WAZUH_PLUGINS=wazuh-dashboard-plugins_${VERSION}-${REVISION}_${{ inputs.reference_wazuh_plugins }}.zip
if [ "${{ inputs.system }}" = "deb" ]; then
if [ "${{ inputs.is_stage }}" = "true" ]; then
PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}.deb
FINAL_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}.deb
else
PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}.deb
FINAL_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}-${PLUGINS_SHA}-${SECURITY_SHA}-${REPORTING_SHA}.deb
fi
else
if [ "${{ inputs.is_stage }}" = "true" ]; then
PACKAGE_NAME=wazuh-dashboard-${VERSION}-${{ inputs.revision }}.${{ inputs.architecture }}.rpm
FINAL_NAME=wazuh-dashboard-${VERSION}-${{ inputs.revision }}.${{ inputs.architecture }}.rpm
else
PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}.rpm
FINAL_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}-${PLUGINS_SHA}-${SECURITY_SHA}-${REPORTING_SHA}.rpm
fi
fi
if [[ "${{ inputs.architecture }}" == "x86_64" || "${{ inputs.architecture }}" == "amd64" ]]; then
ARCHITECTURE_FLAG=""
else
ARCHITECTURE_FLAG=--arm
fi
echo "CURRENT_DIR=$CURRENT_DIR" >> $GITHUB_OUTPUT
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "REVISION=$REVISION" >> $GITHUB_OUTPUT
echo "COMMIT_SHA=$COMMIT_SHA" >> $GITHUB_OUTPUT
echo "PRODUCTION=$PRODUCTION" >> $GITHUB_OUTPUT
echo "WAZUH_DASHBOARD_SLIM=$WAZUH_DASHBOARD_SLIM" >> $GITHUB_OUTPUT
echo "WAZUH_SECURITY_PLUGIN=$WAZUH_SECURITY_PLUGIN" >> $GITHUB_OUTPUT
echo "WAZUH_REPORT_PLUGIN=$WAZUH_REPORT_PLUGIN" >> $GITHUB_OUTPUT
echo "WAZUH_PLUGINS=$WAZUH_PLUGINS" >> $GITHUB_OUTPUT
echo "PACKAGE_NAME=$PACKAGE_NAME" >> $GITHUB_OUTPUT
echo "FINAL_NAME=$FINAL_NAME" >> $GITHUB_OUTPUT
echo "ARCHITECTURE_FLAG=$ARCHITECTURE_FLAG" >> $GITHUB_OUTPUT
validate-job:
runs-on: ubuntu-latest
needs: setup-variables
name: Validate job
steps:
- name: Validate inputs
run: |
if [[ "${{ inputs.architecture }}" == "amd64" || "${{ inputs.architecture }}" == "arm64" ]] && [[ "${{ inputs.system }}" == "rpm" ]]; then
echo "Invalid combination of architecture and system"
exit 1
fi
if [[ "${{ inputs.architecture }}" == "x86_64" || "${{ inputs.architecture }}" == "aarch64" ]] && [[ "${{ inputs.system }}" == "deb" ]]; then
echo "Invalid combination of architecture and system"
exit 1
fi
- name: Set up AWS CLI
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }}
aws-region: ${{ secrets.CI_AWS_REGION }}
- name: Verify if package is already built
run: |
set +e
echo "Verifying package"
PACKAGE_NAME=${{ needs.setup-variables.outputs.FINAL_NAME }}
exists=$(aws s3 ls s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/$PACKAGE_NAME)
if [ -n "$exists" ]; then
echo "Package already exists"
exit 1
fi
set -e
build-base:
needs: [validate-job]
name: Build dashboard
uses: wazuh/wazuh-dashboard/.github/workflows/[email protected]
with:
CHECKOUT_TO: ${{ github.head_ref || github.ref_name }}
ARCHITECTURE: ${{ inputs.architecture }}
build-main-plugins:
needs: [validate-job]
name: Build plugins
uses: wazuh/wazuh-dashboard-plugins/.github/workflows/[email protected]
with:
reference: ${{ inputs.reference_wazuh_plugins }}
build-security-plugin:
needs: [validate-job]
name: Build security plugin
uses: wazuh/wazuh-security-dashboards-plugin/.github/workflows/[email protected]
with:
reference: ${{ inputs.reference_security_plugins }}
build-report-plugin:
needs: [validate-job]
name: Build reporting plugin
uses: wazuh/wazuh-dashboards-reporting/.github/workflows/manual-build.yml@master
with:
reference: ${{ inputs.reference_report_plugins }}
build-and-test-package:
needs: [setup-variables, build-main-plugins, build-base, build-security-plugin, build-report-plugin]
runs-on: ${{ (inputs.architecture == 'arm64' || inputs.architecture == 'aarch64') && 'wz-linux-arm64' || 'ubuntu-22.04' }}
name: Generate packages
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
registry-url: 'https://registry.npmjs.org'
- name: Download dashboard artifact
uses: actions/download-artifact@v3
with:
name: ${{ needs.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }}
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard
- name: Download security plugin artifact
uses: actions/download-artifact@v3
with:
name: ${{ needs.setup-variables.outputs.WAZUH_SECURITY_PLUGIN }}
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-plugin
- name: Download plugins artifacts
uses: actions/download-artifact@v3
with:
name: ${{ needs.setup-variables.outputs.WAZUH_PLUGINS }}
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins
- name: Download report plugin artifact
uses: actions/download-artifact@v3
with:
name: ${{ needs.setup-variables.outputs.WAZUH_REPORT_PLUGIN }}
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-plugin
- name: Zip plugins
run: |
zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/wazuh-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins
zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-plugin
zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard/${{ needs.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }}
zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-plugin
- name: Build package
run: |
cd ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages
bash ./build-packages.sh \
-v ${{ needs.setup-variables.outputs.VERSION }} \
-r ${{ inputs.revision }} ${{ needs.setup-variables.outputs.ARCHITECTURE_FLAG }} \
-a file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/wazuh-package.zip \
-s file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/security-package.zip \
-b file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/dashboard-package.zip \
-rp file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/report-package.zip \
${{ needs.setup-variables.outputs.PRODUCTION }} --${{ inputs.system }} --debug
- name: Test package
run: |
cd ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages
cp ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages/${{ inputs.system }}
bash ./test-packages.sh \
-p ${{needs.setup-variables.outputs.PACKAGE_NAME}}
- name: Set package final name
run: |
mv ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}}
- name: Set SHA final name
if: ${{ inputs.checksum }}
run: |
mv ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}}.sha512 ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}}.sha512
- uses: actions/upload-artifact@v3
if: success()
with:
name: ${{ needs.setup-variables.outputs.PACKAGE_NAME }}
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}}
retention-days: 30
- name: Set up AWS CLI
if: ${{ inputs.upload }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }}
aws-region: ${{ secrets.CI_AWS_REGION }}
- name: Upload package
if: ${{ inputs.upload }}
run: |
echo "Uploading package"
aws s3 cp ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}} s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/
s3uri="s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/${{needs.setup-variables.outputs.FINAL_NAME}}"
echo "S3 URI: ${s3uri}"
- name: Upload SHA512
if: ${{ inputs.checksum }}
run: |
echo "Uploading checksum"
aws s3 cp ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}}.sha512 s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/
s3uri="s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/${{needs.setup-variables.outputs.FINAL_NAME}}.sha512"
echo "S3 sha512 URI: ${s3uri}"