Build packages #121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
run-name: Build packages ${{ inputs.id }} | |
on: | |
workflow_dispatch: | |
inputs: | |
system: | |
type: choice | |
description: 'Package OS' | |
required: true | |
options: | |
- deb | |
- rpm | |
default: 'deb' | |
architecture: | |
type: choice | |
description: 'Package architecture' | |
required: true | |
options: | |
- amd64 | |
- x86_64 | |
default: amd64 | |
revision: | |
type: string | |
description: 'Package revision' | |
required: true | |
default: '0' | |
reference_security_plugins: | |
type: string | |
description: 'Branch/tag/commit of the wazuh-security-dashboards-plugin repository to build the security plugin' | |
required: true | |
default: 'master' | |
reference_wazuh_plugins: | |
type: string | |
description: 'Branch/tag/commit of the wazuh-dashboard-plugins repository to build the main plugins' | |
required: true | |
default: 'master' | |
is_stage: | |
type: boolean | |
description: 'Set production nomenclature' | |
required: true | |
default: false | |
checksum: | |
type: boolean | |
description: 'Generate package checksum' | |
required: true | |
default: false | |
id: | |
description: 'ID used to identify the workflow uniquely.' | |
type: string | |
required: false | |
workflow_call: | |
inputs: | |
system: | |
type: string | |
required: true | |
default: 'deb' | |
architecture: | |
type: string | |
required: true | |
default: amd64 | |
revision: | |
type: string | |
required: true | |
default: '0' | |
reference_security_plugins: | |
type: string | |
required: true | |
default: 'master' | |
reference_wazuh_plugins: | |
type: string | |
required: true | |
default: 'master' | |
is_stage: | |
type: boolean | |
required: true | |
default: false | |
checksum: | |
type: boolean | |
required: true | |
default: false | |
id: | |
type: string | |
required: false | |
jobs: | |
validate-inputs: | |
runs-on: ubuntu-latest | |
name: Validate inputs | |
steps: | |
- name: Validate inputs | |
run: | | |
if [ "${{ inputs.architecture }}" = "amd64" ] && [ "${{ inputs.system }}" = "rpm" ]; then | |
echo "Invalid combination of architecture and system" | |
exit 1 | |
fi | |
if [ "${{ inputs.architecture }}" = "x86_64" ] && [ "${{ inputs.system }}" = "deb" ]; then | |
echo "Invalid combination of architecture and system" | |
exit 1 | |
fi | |
build-base: | |
needs: [validate-inputs] | |
name: Build dashboard | |
# uses: wazuh/wazuh-dashboard/.github/workflows/[email protected] | |
uses: wazuh/wazuh-dashboard/.github/workflows/build_base.yml@bug/package-generation-branch-with-slash-test | |
with: | |
CHECKOUT_TO: ${{ github.head_ref || github.ref_name }} | |
build-main-plugins: | |
needs: [validate-inputs] | |
name: Build plugins | |
uses: wazuh/wazuh-dashboard-plugins/.github/workflows/[email protected] | |
with: | |
reference: ${{ inputs.reference_wazuh_plugins }} | |
build-security-plugin: | |
needs: [validate-inputs] | |
name: Build security plugin | |
uses: wazuh/wazuh-security-dashboards-plugin/.github/workflows/[email protected] | |
with: | |
reference: ${{ inputs.reference_security_plugins }} | |
build-and-test-package: | |
needs: [build-main-plugins, build-base, build-security-plugin] | |
runs-on: ubuntu-latest | |
name: Generate packages | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version-file: '.nvmrc' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Setup variables | |
run: | | |
echo "CURRENT_DIR=$(pwd -P)" >> $GITHUB_ENV | |
echo "VERSION=$(tail -c +2 VERSION)" >> $GITHUB_ENV | |
echo "REVISION=$(yarn --silent wzd-revision)" >> $GITHUB_ENV | |
echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
if [ "${{ inputs.is_stage }}" = "true" ]; then | |
echo "PRODUCTION=--production" >> $GITHUB_ENV | |
fi | |
- name: Setup packages names | |
run: | | |
echo "WAZUH_DASHBOARD_SLIM=wazuh-dashboard_${{ env.VERSION }}-${{ env.REVISION }}_x64.tar.gz" >> $GITHUB_ENV | |
echo "WAZUH_SECURITY_PLUGIN=wazuh-security-dashboards-plugin_${{ env.VERSION }}-${{ env.REVISION }}_${{ inputs.reference_security_plugins }}.zip" >> $GITHUB_ENV | |
echo "WAZUH_PLUGINS=wazuh-dashboard-plugins_${{ env.VERSION }}-${{ env.REVISION }}_${{ inputs.reference_wazuh_plugins }}.zip" >> $GITHUB_ENV | |
if [ "${{ inputs.system }}" = "deb" ]; then | |
if [ "${{ inputs.is_stage }}" = "true" ]; then | |
echo "PACKAGE_NAME=wazuh-dashboard_${{ env.VERSION }}-${{ inputs.revision }}_${{ inputs.architecture }}.deb" >> $GITHUB_ENV | |
else | |
echo "PACKAGE_NAME=wazuh-dashboard_${{ env.VERSION }}-${{ inputs.revision }}_${{ inputs.architecture }}_${{ env.COMMIT_SHA}}.deb" >> $GITHUB_ENV | |
fi | |
else | |
if [ "${{ inputs.is_stage }}" = "true" ]; then | |
echo "PACKAGE_NAME=wazuh-dashboard-${{ env.VERSION }}-${{ inputs.revision }}.${{ inputs.architecture }}.rpm" >> $GITHUB_ENV | |
else | |
echo "PACKAGE_NAME=wazuh-dashboard_${{ env.VERSION }}-${{ inputs.revision }}_${{ inputs.architecture }}_${{ env.COMMIT_SHA}}.rpm" >> $GITHUB_ENV | |
fi | |
fi | |
- name: Download dashboard artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.WAZUH_DASHBOARD_SLIM }} | |
path: ${{ env.CURRENT_DIR }}/artifacts/dashboard | |
- name: Download security plugin artifact | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.WAZUH_SECURITY_PLUGIN }} | |
path: ${{ env.CURRENT_DIR }}/artifacts/security-plugin | |
- name: Download plugins artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ env.WAZUH_PLUGINS }} | |
path: ${{ env.CURRENT_DIR }}/artifacts/plugins | |
- name: Zip plugins | |
run: | | |
zip -r -j ${{ env.CURRENT_DIR }}/artifacts/wazuh-package.zip ${{ env.CURRENT_DIR }}/artifacts/plugins | |
zip -r -j ${{ env.CURRENT_DIR }}/artifacts/security-package.zip ${{ env.CURRENT_DIR }}/artifacts/security-plugin | |
zip -r -j ${{ env.CURRENT_DIR }}/artifacts/dashboard-package.zip ${{ env.CURRENT_DIR }}/artifacts/dashboard/${{ env.WAZUH_DASHBOARD_SLIM }} | |
- name: Build package | |
run: | | |
cd ${{ env.CURRENT_DIR }}/dev-tools/build-packages | |
bash ./build-packages.sh \ | |
-v ${{ env.VERSION }} \ | |
-r ${{ inputs.revision }} \ | |
-a file://${{env.CURRENT_DIR}}/artifacts/wazuh-package.zip \ | |
-s file://${{env.CURRENT_DIR}}/artifacts/security-package.zip \ | |
-b file://${{env.CURRENT_DIR}}/artifacts/dashboard-package.zip \ | |
--${{ inputs.system }} ${{ env.PRODUCTION }} | |
- name: Test package | |
run: | | |
cd ${{ env.CURRENT_DIR }}/dev-tools/test-packages | |
ls -la ${{ env.CURRENT_DIR }}/dev-tools/build-packages/output/${{ inputs.system }} | |
cp ${{ env.CURRENT_DIR }}/dev-tools/build-packages/output/${{ inputs.system }}/${{env.PACKAGE_NAME}} ${{ env.CURRENT_DIR }}/dev-tools/test-packages/${{ inputs.system }} | |
bash ./test-packages.sh \ | |
-p ${{env.PACKAGE_NAME}} | |
- name: Set up AWS CLI | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }} | |
aws-region: ${{ secrets.CI_AWS_REGION }} | |
- name: Upload package | |
run: | | |
echo "Uploading package" | |
aws s3 cp ${{ env.CURRENT_DIR }}/dev-tools/build-packages/output/${{ inputs.system }}/${{env.PACKAGE_NAME}} s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/ | |
if [ "${{ inputs.checksum }}" = "true" ]; then | |
echo "Uploading checksum" | |
aws s3 cp ${{ env.CURRENT_DIR }}/dev-tools/build-packages/output/${{ inputs.system }}/${{env.PACKAGE_NAME}}.sha512 s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/ | |
fi |