Merge pull request #58 from wazuh/change/47-adapt-ova-generation-repo…

…sitory-selection

Adapted repository selection in OVA generation

.github/workflows/builder_OVA.yaml

@@ -1,13 +1,13 @@
-run-name: Build OVA - Wazuh virtual machines branch ${{ inputs.WAZUH_VIRTUAL_MACHINES_REFERENCE }} - Launched by @${{ github.actor }}
+run-name: Build OVA ${{ inputs.id }} ${{ inputs.is_stage && ' - is stage' || '' }}${{ inputs.checksum && ' - checksum' || '' }} - Branch ${{ github.ref_name }} - Launched by @${{ github.actor }}
 name: Build OVA
 
 on:
   workflow_dispatch:
     inputs:
-      WAZUH_VIRTUAL_MACHINES_REFERENCE:
-        description: 'Branch or tag of the wazuh-virtual-machines repository'
-        required: true
-        default: '4.10.0'
+      id:
+        description: "ID used to identify the workflow uniquely."
+        type: string
+        required: false
       WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
         description: 'Branch or tag of the wazuh-installation-assistant repository'
         required: true
@@ -20,13 +20,21 @@ on:
           - prod
           - dev
           - staging
-      S3_REPOSITORY:
-        type: choice
-        description: 'packages-dev repository to upload the OVA'
+      OVA_REVISION:
+        type: string
+        description: 'Revision of the OVA file. Use "0" for development builds'
         required: true
-        options:
-          - pre-release
-          - staging
+        default: '0'
+      is_stage:
+        description: "Is stage?"
+        type: boolean
+        default: false
+      checksum:
+        type: boolean
+        description: |
+          Generate package checksum.
+          Default is 'false'.
+        required: false
       DEBUG:
         type: choice
         description: 'Debug mode'
@@ -35,6 +43,14 @@ on:
           - -v
           - -vv
           - -vvv
+  workflow_call:
+    inputs:
+      id:
+        type: string
+        required: false
+      checksum:
+        type: boolean
+        required: false
 
 env:
     OVA_AMI: "ami-0d4bd55523ee67aa4"
@@ -43,6 +59,7 @@ env:
     SUBNET: "subnet-0b6aea31fb32cffad"
     TEMPORAL_S3_BUCKET: "warehouse.wazuh.com"
     S3_BUCKET: "packages-dev.wazuh.com"
+    S3_PATH: "development/wazuh/4.x/secondary/OVA"
     OVA_ENVIRONMENT: "vmware"
     CONTAINER_FORMAT: "ova"
     TEMPORAL_S3_PATH: "trash/vm"
@@ -53,6 +70,7 @@ env:
     OVA_PATH: "/var/provision/wazuh-virtual-machines"
     WIA_DIR: "wazuh-installation-assistant"
     WIA_REPOSITORY: "https://github.com/wazuh/wazuh-installation-assistant"
+    ANSIBLE_CALLBACK: "yaml"
 
 permissions:
   id-token: write   # This is required for requesting the JWT
@@ -63,16 +81,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Ansible
-        run: sudo apt-get update && sudo apt install -y python3 jq sshpass && python3 -m pip install --user ansible-core==2.16
+        run: sudo apt-get update && sudo apt install -y python3 jq sshpass && python3 -m pip install --user ansible-core==2.16 && pip install pyyaml && ansible-galaxy collection install community.general
 
       - name: Checkout code
         uses: actions/checkout@v4
 
       - name: Setting FILENAME var
         run: |
           WAZUH_VERSION=$(cat VERSION)
+          COMMIT_SHA=$(git rev-parse --short ${{ github.sha }})
           echo "WAZUH_VERSION=$WAZUH_VERSION" >> $GITHUB_ENV
-          FILENAME="wazuh-${WAZUH_VERSION}"
+          FILENAME="wazuh-${WAZUH_VERSION}-${{ inputs.OVA_REVISION }}"
+
+          if [ ${{ inputs.is_stage }} == false ]; then
+            FILENAME="${FILENAME}-${COMMIT_SHA}"
+          fi
+          
           echo "FILENAME=$FILENAME" >> $GITHUB_ENV
           FILENAME_OVA="${FILENAME}.ova"
           echo "FILENAME_OVA=$FILENAME_OVA" >> $GITHUB_ENV
@@ -159,17 +183,10 @@ jobs:
 
       - name: Run Ansible playbook to generate the OVA
         run: |
-          if [ "${{ inputs.WAZUH_PACKAGE_REPOSITORY }}" == "prod" ]; then
-            builder_args="-i"
-          elif [ "${{ inputs.WAZUH_PACKAGE_REPOSITORY }}" == "staging" ]; then
-            builder_args="-i -d staging"
-          elif [ "${{ inputs.WAZUH_PACKAGE_REPOSITORY }}" == "dev" ]; then
-            builder_args="-i -d"
-          fi
-          ansible-playbook -i ${{ env.INVENTORY_PATH }}/inventory .github/workflows/ansible_playbooks/ova_generator.yaml \
+          builder_args="-i"
+          ANSIBLE_STDOUT_CALLBACK=$ANSIBLE_CALLBACK ansible-playbook -i ${{ env.INVENTORY_PATH }}/inventory .github/workflows/ansible_playbooks/ova_generator.yaml \
           --extra-vars " \
           wia_branch=${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }} \
-          ova_branch=${{ inputs.WAZUH_VIRTUAL_MACHINES_REFERENCE }} \
           repository=${{ inputs.WAZUH_PACKAGE_REPOSITORY }}  \
           ova_path=${{ env.OVA_PATH }} \
           wia_scripts=${{ env.WIA_DIR }} \
@@ -212,12 +229,13 @@ jobs:
 
       - name: Exporting OVA to final repository
         run: |
-          aws s3 cp --quiet --acl public-read /tmp/${{ env.FILENAME_OVA }} s3://${{ env.S3_BUCKET }}/${{ inputs.S3_REPOSITORY }}/vm/${{ env.FILENAME_OVA }}
+          aws s3 cp --quiet /tmp/${{ env.FILENAME_OVA }} s3://${{ secrets.AWS_S3_BUCKET }}/${{ env.S3_PATH }}/${{ env.FILENAME_OVA }}
 
       - name: Generating sha512 file
+        if: ${{ inputs.checksum == true }}
         run: |
           sha512sum /tmp/${{ env.FILENAME_OVA }} > /tmp/${{ env.FILENAME_SHA }}
-          aws s3 cp --quiet --acl public-read /tmp/${{ env.FILENAME_SHA }} s3://${{ env.S3_BUCKET }}/${{ inputs.S3_REPOSITORY }}/checksums/wazuh/${{ env.WAZUH_VERSION }}/${{ env.FILENAME_SHA }}
+          aws s3 cp --quiet /tmp/${{ env.FILENAME_SHA }} s3://${{ secrets.AWS_S3_BUCKET }}/${{ env.S3_PATH }}/${{ env.FILENAME_SHA }}
 
       - name: Removing temporal files
         run: |

CHANGELOG.md

@@ -6,15 +6,13 @@ All notable changes to this project will be documented in this file.
 ### Added
 
 - Added builder_OVA workflow ([#32](https://github.com/wazuh/wazuh-virtual-machines/pull/32))
-
 - Added packages_builder_ami workflow header ([#31](https://github.com/wazuh/wazuh-virtual-machines/pull/31))
-
 - Added the OVA to the wazuh-virtual-machines repository without changes ([#30](https://github.com/wazuh/wazuh-virtual-machines/pull/30)) - (OVA)
 
 ### Changed
 
+- Adapted repository selection in OVA generation ([#58](https://github.com/wazuh/wazuh-virtual-machines/pull/58))
 - Modify the AMI GHA workflow with the new Installation Assistant logic ([#55](https://github.com/wazuh/wazuh-virtual-machines/pull/55))
-
 - Migrated the OVA construction files to the wazuh-virtual-machines repository ([#29](https://github.com/wazuh/wazuh-virtual-machines/pull/29)) - (OVA)
 
 ### Fixed

ova/generate_ova.sh

@@ -231,12 +231,6 @@ main() {
     WAZUH_INSTALLATION_ASSISTANT_URL="https://github.com/wazuh/${WAZUH_INSTALLATION_ASSISTANT}.git"
     BUILDER_ARGS="-i"
 
-    if [[ "${PACKAGES_REPOSITORY}" == "dev" ]]; then
-        BUILDER_ARGS+=" -d"
-    elif [[ "${PACKAGES_REPOSITORY}" == "staging" ]]; then
-        BUILDER_ARGS+=" -d staging"
-    fi
-
     echo "Building Wazuh OVA version ${OVA_VERSION}"
     if git ls-remote ${REMOTE_TYPE} ${WAZUH_INSTALLATION_ASSISTANT_URL} ${INSTALLATION_ASSISTANT_BRANCH} | grep -q "${INSTALLATION_ASSISTANT_BRANCH}"; then
         echo "Cloning Wazuh installation assistant repository"

ova/provision.sh

@@ -13,6 +13,12 @@ ASSETS_PATH="${CURRENT_PATH}/assets"
 CUSTOM_PATH="${ASSETS_PATH}/custom"
 INSTALL_ARGS="-a"
 
+if [[ "${PACKAGES_REPOSITORY}" == "dev" ]]; then
+  INSTALL_ARGS+=" -d pre-release"
+elif [[ "${PACKAGES_REPOSITORY}" == "staging" ]]; then
+  INSTALL_ARGS+=" -d staging"
+fi
+
 if [[ "${DEBUG}" = "yes" ]]; then
   INSTALL_ARGS+=" -v"
 fi