Build rpm wazuh-dashboard on x86_64 - is stage - checksum main_2026-04-07_10-26-48-955 #1525
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow automates the build of the Wazuh Dashboard package along with | ||
| # its plugins. | ||
| # | ||
| # This workflow: | ||
| # - Download, build, package, test, and upload the Wazuh dashboard along | ||
| # with its plugins. | ||
| # - Customizable through inputs to adapt to different environments | ||
| # (production, staging, various architectures). | ||
| # - Ensure that each component is built with the exact reference provided and | ||
| # validated before the final packaging. | ||
| # | ||
| # - Allows customization of: | ||
| # - Operating system (`deb` or `rpm`) | ||
| # - Architecture (`amd64`, `x86_64`, `aarch64`, `arm64`) | ||
| # - Package revision | ||
| # - Plugin references (branches, tags, or commits) | ||
| # - Staging, upload, and checksum options. | ||
| run-name: Build ${{ inputs.system }} wazuh-dashboard on ${{ inputs.architecture }} ${{ inputs.is_stage && '- is stage' || '' }} ${{ inputs.checksum && '- checksum' || '' }} ${{ inputs.id }} | ||
| name: (5.x) Build Wazuh dashboard package with plugins (on demand) | ||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| system: | ||
| type: choice | ||
| description: 'Package OS' | ||
| required: true | ||
| options: | ||
| - deb | ||
| - rpm | ||
| default: 'deb' | ||
| architecture: | ||
| type: choice | ||
| description: 'Package architecture' | ||
| required: true | ||
| options: | ||
| - amd64 | ||
| - x86_64 | ||
| - aarch64 | ||
| - arm64 | ||
| default: amd64 | ||
| revision: | ||
| type: string | ||
| description: 'Package revision' | ||
| required: true | ||
| default: '0' | ||
| reference_plugins: | ||
| type: string | ||
| description: 'Git ref (branch/tag) to use for all plugins' | ||
| required: false | ||
| is_stage: | ||
| type: boolean | ||
| description: 'Set production nomenclature' | ||
| required: true | ||
| default: false | ||
| checksum: | ||
| type: boolean | ||
| description: 'Generate package checksum' | ||
| required: true | ||
| default: false | ||
| id: | ||
| description: 'ID used to identify the workflow uniquely.' | ||
| type: string | ||
| required: false | ||
| workflow_call: | ||
| inputs: | ||
| system: | ||
| type: string | ||
| required: true | ||
| default: 'deb' | ||
| architecture: | ||
| type: string | ||
| required: true | ||
| default: amd64 | ||
| revision: | ||
| type: string | ||
| required: true | ||
| default: '0' | ||
| reference_plugins: | ||
| type: string | ||
| description: 'Git ref (branch/tag) to use for all plugins' | ||
| required: false | ||
| is_stage: | ||
| type: boolean | ||
| required: true | ||
| default: false | ||
| checksum: | ||
| type: boolean | ||
| required: true | ||
| default: false | ||
| id: | ||
| type: string | ||
| required: false | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| jobs: | ||
| validate-job: | ||
| runs-on: wz-linux-amd64 | ||
| name: Validate inputs | ||
| steps: | ||
| - name: Validate inputs | ||
| run: | | ||
| if [[ "${{ inputs.architecture }}" == "amd64" || "${{ inputs.architecture }}" == "arm64" ]] && [[ "${{ inputs.system }}" == "rpm" ]]; then | ||
| echo "Invalid combination of architecture and system" | ||
| exit 1 | ||
| fi | ||
| if [[ "${{ inputs.architecture }}" == "x86_64" || "${{ inputs.architecture }}" == "aarch64" ]] && [[ "${{ inputs.system }}" == "deb" ]]; then | ||
| echo "Invalid combination of architecture and system" | ||
| exit 1 | ||
| fi | ||
| - name: Set up AWS CLI | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }} | ||
| aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }} | ||
| aws-region: ${{ secrets.CI_AWS_REGION }} | ||
| # This job retrieves the necessary information about the plugins to be used in the build process. | ||
| # if need to add more plugins: | ||
| # - Add them to the matrix (name: <plugin-name>, packageName: <plugin-package-name>, repository: <plugin-repo-url>, outputNamePackge: <plugin-output-name>, outputSHA: <plugin-output-sha>) | ||
| # - If need to add more plugins from the wazuh-dashboard-plugins repo, outputSHA can be omitted because it will be retrieved from the main plugin | ||
| # - Add them to the outputs section (NAME_PLUGIN_... and WAZUH_..._SHA) | ||
| get-outputs-plugins: | ||
| runs-on: ${{ (inputs.architecture == 'arm64' || inputs.architecture == 'aarch64') && 'wz-linux-arm64' || 'wz-linux-amd64' }} | ||
| name: get-outputs-plugins | ||
| needs: [validate-job] | ||
| outputs: | ||
| VERSION: ${{ steps.get-version.outputs.VERSION }} | ||
| VERSION_OPENSEARCH: ${{ steps.get-version.outputs.VERSION_OPENSEARCH }} | ||
| REVISION: ${{ steps.get-version.outputs.REVISION }} | ||
| WAZUH_PLUGINS_SHA: ${{ steps.get-plugins.outputs.WAZUH_PLUGINS_SHA }} | ||
| WAZUH_SECURITY_SHA: ${{ steps.get-plugins.outputs.WAZUH_SECURITY_SHA }} | ||
| WAZUH_REPORTING_SHA: ${{ steps.get-plugins.outputs.WAZUH_REPORTING_SHA }} | ||
| WAZUH_SECURITY_ANALYTICS_SHA: ${{ steps.get-plugins.outputs.WAZUH_SECURITY_ANALYTICS_SHA }} | ||
| WAZUH_ALERTING_SHA: ${{ steps.get-plugins.outputs.WAZUH_ALERTING_SHA }} | ||
| WAZUH_NOTIFICATIONS_SHA: ${{ steps.get-plugins.outputs.WAZUH_NOTIFICATIONS_SHA }} | ||
| NAME_PLUGIN_WAZUH: ${{ steps.get-plugins.outputs.NAME_PLUGIN_WAZUH }} | ||
| NAME_PLUGIN_CORE: ${{ steps.get-plugins.outputs.NAME_PLUGIN_CORE }} | ||
| NAME_PLUGIN_CHECK_UPDATES: ${{ steps.get-plugins.outputs.NAME_PLUGIN_CHECK_UPDATES }} | ||
| NAME_PLUGIN_SECURITY: ${{ steps.get-plugins.outputs.NAME_PLUGIN_SECURITY }} | ||
| NAME_PLUGIN_REPORTING: ${{ steps.get-plugins.outputs.NAME_PLUGIN_REPORTING }} | ||
| NAME_PLUGIN_SECURITY_ANALYTICS: ${{ steps.get-plugins.outputs.NAME_PLUGIN_SECURITY_ANALYTICS }} | ||
| NAME_PLUGIN_ALERTING: ${{ steps.get-plugins.outputs.NAME_PLUGIN_ALERTING }} | ||
| NAME_PLUGIN_NOTIFICATIONS: ${{ steps.get-plugins.outputs.NAME_PLUGIN_NOTIFICATIONS }} | ||
| strategy: | ||
| fail-fast: true | ||
| matrix: | ||
| plugin: | ||
| - name: security # this is for reference only, | ||
| packageName: wazuh-security-dashboards-plugin # this is for the name of the plugin | ||
| repository: https://github.com/wazuh/wazuh-security-dashboards-plugin.git | ||
| outputNamePackage: NAME_PLUGIN_SECURITY # this is for the output name of the plugin | ||
| outputSHA: WAZUH_SECURITY_SHA # this is for the output sha of the plugin | ||
| - name: plugins-main | ||
| packageName: wazuh-dashboard-plugins_wazuh | ||
| repository: https://github.com/wazuh/wazuh-dashboard-plugins.git | ||
| outputNamePackage: NAME_PLUGIN_WAZUH | ||
| outputSHA: WAZUH_PLUGINS_SHA | ||
| - name: plugins-core | ||
| packageName: wazuh-dashboard-plugins_core | ||
| repository: https://github.com/wazuh/wazuh-dashboard-plugins.git | ||
| outputNamePackage: NAME_PLUGIN_CORE | ||
| - name: plugins-check-updates | ||
| packageName: wazuh-dashboard-plugins_wazuh-check-updates | ||
| repository: https://github.com/wazuh/wazuh-dashboard-plugins.git | ||
| outputNamePackage: NAME_PLUGIN_CHECK_UPDATES | ||
| - name: reporting | ||
| packageName: wazuh-dashboard-reporting | ||
| repository: https://github.com/wazuh/wazuh-dashboard-reporting.git | ||
| outputNamePackage: NAME_PLUGIN_REPORTING | ||
| outputSHA: WAZUH_REPORTING_SHA | ||
| - name: security-analytics | ||
| packageName: wazuh-dashboard-security-analytics | ||
| repository: https://github.com/wazuh/wazuh-dashboard-security-analytics.git | ||
| outputNamePackage: NAME_PLUGIN_SECURITY_ANALYTICS | ||
| outputSHA: WAZUH_SECURITY_ANALYTICS_SHA | ||
| - name: alerting | ||
| packageName: wazuh-dashboard-alerting | ||
| repository: https://github.com/wazuh/wazuh-dashboard-alerting.git | ||
| outputNamePackage: NAME_PLUGIN_ALERTING | ||
| outputSHA: WAZUH_ALERTING_SHA | ||
| - name: notifications | ||
| packageName: wazuh-dashboard-notifications | ||
| repository: https://github.com/wazuh/wazuh-dashboard-notifications.git | ||
| outputNamePackage: NAME_PLUGIN_NOTIFICATIONS | ||
| outputSHA: WAZUH_NOTIFICATIONS_SHA | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Node | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version-file: '.nvmrc' | ||
| registry-url: 'https://registry.npmjs.org' | ||
| - name: Get VERSION and REVISION | ||
| id: get-version | ||
| run: | | ||
| VERSION=$(jq -r '.version' VERSION.json) | ||
| VERSION_OPENSEARCH=$(jq -r '.version' package.json) | ||
| REVISION=$(yarn --silent wzd-revision) | ||
| echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | ||
| echo "VERSION_OPENSEARCH=$VERSION_OPENSEARCH" >> $GITHUB_OUTPUT | ||
| echo "REVISION=$REVISION" >> $GITHUB_OUTPUT | ||
| - name: Get outputs of wazuh-dashboard-plugins | ||
| id: get-plugins | ||
| run: | | ||
| REPOSITORY=${{ matrix.plugin.repository }} | ||
| REFERENCE="${{ inputs.reference_plugins }}" | ||
| if [ -z "$REFERENCE" ]; then | ||
| echo "No plugin reference provided, using github.ref_name: ${{ github.ref_name }}" | ||
| REFERENCE="${{ github.ref_name }}" | ||
| SHA=$(git ls-remote $REPOSITORY "$REFERENCE" | cut -f1 | cut -c1-7) | ||
| PACKAGE_NAME=${{matrix.plugin.packageName}}_${{ steps.get-version.outputs.VERSION }}-${{ steps.get-version.outputs.REVISION }}_$(echo $REFERENCE | sed 's/\//-/g').zip | ||
| else | ||
| echo "Using reference: $REFERENCE" | ||
| SHA=$(git ls-remote $REPOSITORY "$REFERENCE" | cut -f1 | cut -c1-7) | ||
| if [ -z "$SHA" ]; then | ||
| echo "Reference $REFERENCE not found, trying with '${{ github.ref_name }}' branch" | ||
| REFERENCE="${{ github.ref_name }}" | ||
| SHA=$(git ls-remote $REPOSITORY $REFERENCE | cut -f1 | cut -c1-7) | ||
| fi | ||
| PACKAGE_NAME=${{matrix.plugin.packageName}}_${{ steps.get-version.outputs.VERSION }}-${{ steps.get-version.outputs.REVISION }}_$(echo $REFERENCE | sed 's/\//-/g').zip | ||
| fi | ||
| if [ -z "$SHA" ]; then | ||
| echo "Reference ${{ github.ref_name }} not found, check if the repository exists and the reference is correct." | ||
| exit 1 | ||
| fi | ||
| echo "${{matrix.plugin.outputNamePackage}}=$PACKAGE_NAME" >> $GITHUB_OUTPUT | ||
| if [ -n "${{ matrix.plugin.outputSHA}}" ]; then | ||
| echo "${{matrix.plugin.outputSHA}}=$SHA" >> $GITHUB_OUTPUT | ||
| fi | ||
| setup-variables: | ||
| runs-on: ${{ (inputs.architecture == 'arm64' || inputs.architecture == 'aarch64') && 'wz-linux-arm64' || 'wz-linux-amd64' }} | ||
| needs: [validate-job, get-outputs-plugins] | ||
| name: Setup variables | ||
| outputs: | ||
| CURRENT_DIR: ${{ steps.setup-variables.outputs.CURRENT_DIR }} | ||
| VERSION: ${{ steps.setup-variables.outputs.VERSION }} | ||
| PREVIOUS: ${{ steps.setup-variables.outputs.PREVIOUS }} | ||
| REVISION: ${{ steps.setup-variables.outputs.REVISION }} | ||
| ALL_COMMIT_SHAS: ${{ steps.setup-variables.outputs.ALL_COMMIT_SHAS }} | ||
| PRODUCTION: ${{ steps.setup-variables.outputs.PRODUCTION }} | ||
| WAZUH_DASHBOARD_SLIM: ${{ steps.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }} | ||
| PACKAGE_NAME: ${{ steps.setup-variables.outputs.PACKAGE_NAME }} | ||
| ARCHITECTURE_FLAG: ${{ steps.setup-variables.outputs.ARCHITECTURE_FLAG }} | ||
| VERSION_OPENSEARCH: ${{ steps.setup-variables.outputs.VERSION_OPENSEARCH }} | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Setup variables | ||
| id: setup-variables | ||
| run: | | ||
| CURRENT_DIR=$(pwd -P) | ||
| VERSION=${{ needs.get-outputs-plugins.outputs.VERSION }} | ||
| VERSION_OPENSEARCH=${{ needs.get-outputs-plugins.outputs.VERSION_OPENSEARCH }} | ||
| REVISION=${{ needs.get-outputs-plugins.outputs.REVISION }} | ||
| ALL_COMMIT_SHAS=$(git rev-parse --short HEAD)-${{needs.get-outputs-plugins.outputs.WAZUH_PLUGINS_SHA}}-${{needs.get-outputs-plugins.outputs.WAZUH_SECURITY_SHA}}-${{needs.get-outputs-plugins.outputs.WAZUH_REPORTING_SHA}}-${{needs.get-outputs-plugins.outputs.WAZUH_SECURITY_ANALYTICS_SHA}}-${{needs.get-outputs-plugins.outputs.WAZUH_ALERTING_SHA}}-${{needs.get-outputs-plugins.outputs.WAZUH_NOTIFICATIONS_SHA}} | ||
| # Check the corresponding previous version to be used in the upgrade test | ||
| sudo curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && sudo chmod 644 /usr/share/keyrings/wazuh.gpg | ||
| sudo echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee -a /etc/apt/sources.list.d/wazuh.list | ||
| sudo apt-get update | ||
| PREVIOUS=$(apt-cache madison wazuh-dashboard | grep -A 1 "$VERSION" | tail -1 | awk '{print $3}') | ||
| if [ -z "$PREVIOUS" ]; then | ||
| MAJOR_MINOR=$(echo "$VERSION" | cut -d '.' -f 1,2)$(echo ".") | ||
| PREVIOUS=$(apt-cache madison wazuh-dashboard | grep "$MAJOR_MINOR" | head -1 | awk '{print $3}') | ||
| fi | ||
| if [ -z "$PREVIOUS" ]; then | ||
| PREVIOUS=$(apt-cache madison wazuh-dashboard | head -1 | awk '{print $3}') | ||
| fi | ||
| if [ -z "$PREVIOUS" ]; then | ||
| echo "::warning No previous version::No previous version found for this architecture. Upgrade test will be skipped." | ||
| fi | ||
| if [ "${{ inputs.is_stage }}" = "true" ]; then | ||
| PRODUCTION=--production | ||
| else | ||
| PRODUCTION="" | ||
| fi | ||
| WAZUH_DASHBOARD_SLIM=wazuh-dashboard_${VERSION}-${REVISION}_${{ (inputs.ARCHITECTURE == 'x86_64' || inputs.ARCHITECTURE == 'amd64') && 'x64' || 'arm64' }}.tar.gz | ||
| if [ "${{ inputs.system }}" = "deb" ]; then | ||
| if [ "${{ inputs.is_stage }}" = "true" ]; then | ||
| PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}.deb | ||
| else | ||
| PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${ALL_COMMIT_SHAS}.deb | ||
| fi | ||
| else | ||
| if [ "${{ inputs.is_stage }}" = "true" ]; then | ||
| PACKAGE_NAME=wazuh-dashboard-${VERSION}-${{ inputs.revision }}.${{ inputs.architecture }}.rpm | ||
| else | ||
| PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${ALL_COMMIT_SHAS}.rpm | ||
| fi | ||
| fi | ||
| if [[ "${{ inputs.architecture }}" == "x86_64" || "${{ inputs.architecture }}" == "amd64" ]]; then | ||
| ARCHITECTURE_FLAG="" | ||
| else | ||
| ARCHITECTURE_FLAG=--arm | ||
| fi | ||
| echo "CURRENT_DIR=$CURRENT_DIR" >> $GITHUB_OUTPUT | ||
| echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | ||
| echo "VERSION_OPENSEARCH=$VERSION_OPENSEARCH" >> $GITHUB_OUTPUT | ||
| echo "PREVIOUS=$PREVIOUS" >> $GITHUB_OUTPUT | ||
| echo "REVISION=$REVISION" >> $GITHUB_OUTPUT | ||
| echo "ALL_COMMIT_SHAS=$ALL_COMMIT_SHAS" >> $GITHUB_OUTPUT | ||
| echo "PRODUCTION=$PRODUCTION" >> $GITHUB_OUTPUT | ||
| echo "WAZUH_DASHBOARD_SLIM=$WAZUH_DASHBOARD_SLIM" >> $GITHUB_OUTPUT | ||
| echo "PACKAGE_NAME=$PACKAGE_NAME" >> $GITHUB_OUTPUT | ||
| echo "ARCHITECTURE_FLAG=$ARCHITECTURE_FLAG" >> $GITHUB_OUTPUT | ||
| build-dashboard: | ||
| needs: [validate-job, setup-variables] | ||
| name: Build dashboard | ||
| uses: ./.github/workflows/5_builderpackage_dashboard_core.yml | ||
| with: | ||
| CHECKOUT_TO: ${{ github.ref_name }} | ||
| ARCHITECTURE: ${{ inputs.architecture }} | ||
| # Build plugins in parallel to the dashboard build | ||
| # If need to add more plugins from the wazuh-dashboard-plugins repo: | ||
| # - Add them to the matrix (name: <plugin-name>, packageName: <plugin-package-name>, repo: <owner/repo>, pathPlugin: <path-to-repo>, path: <path-to-plugin>) | ||
| # If need to add more forked plugins: | ||
| # - Add them to the matrix (name: <plugin-name>, packageName: <plugin-package-name>, repo: <owner/repo>) | ||
| build-plugins: | ||
| needs: [setup-variables, validate-job, get-outputs-plugins] | ||
| strategy: | ||
| fail-fast: true | ||
| matrix: | ||
| plugin: | ||
| - name: wazuh-dashboard-plugins_wazuh | ||
| packageName: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_WAZUH }} | ||
| repo: wazuh/wazuh-dashboard-plugins | ||
| pathPlugin: plugins/wazuh-dashboard-plugins | ||
| path: plugins/main | ||
| - name: wazuh-dashboard-plugins_wazuh-check-updates | ||
| packageName: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_CHECK_UPDATES }} | ||
| repo: wazuh/wazuh-dashboard-plugins | ||
| pathPlugin: plugins/wazuh-dashboard-plugins | ||
| path: plugins/wazuh-check-updates | ||
| - name: wazuh-dashboard-plugins_wazuh-core | ||
| packageName: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_CORE }} | ||
| repo: wazuh/wazuh-dashboard-plugins | ||
| pathPlugin: plugins/wazuh-dashboard-plugins | ||
| path: plugins/wazuh-core | ||
| - name: reports-dashboards | ||
| packageName: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_REPORTING }} | ||
| repo: wazuh/wazuh-dashboard-reporting | ||
| - name: wazuh-security-dashboards-plugin | ||
| packageName: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_SECURITY }} | ||
| repo: wazuh/wazuh-security-dashboards-plugin | ||
| - name: security-analytics-dashboards | ||
| packageName: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_SECURITY_ANALYTICS }} | ||
| repo: wazuh/wazuh-dashboard-security-analytics | ||
| - name: wazuh-dashboard-alerting | ||
| packageName: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_ALERTING }} | ||
| repo: wazuh/wazuh-dashboard-alerting | ||
| - name: wazuh-dashboard-notifications | ||
| packageName: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_NOTIFICATIONS }} | ||
| repo: wazuh/wazuh-dashboard-notifications | ||
| uses: ./.github/workflows/5_builderpackage_dashboard_plugins.yml | ||
| with: | ||
| reference_plugins: ${{ inputs.reference_plugins }} | ||
| version_opensearch: ${{ needs.setup-variables.outputs.VERSION_OPENSEARCH }} | ||
| name: ${{ matrix.plugin.name }} | ||
| packageName: ${{ matrix.plugin.packageName }} | ||
| path: ${{ matrix.plugin.path }} | ||
| repo: ${{ matrix.plugin.repo }} | ||
| pathPlugin: ${{ matrix.plugin.pathPlugin }} | ||
| build-package: | ||
| needs: [setup-variables, get-outputs-plugins, build-dashboard, build-plugins] | ||
| runs-on: ${{ (inputs.architecture == 'arm64' || inputs.architecture == 'aarch64') && 'wz-linux-arm64' || 'wz-linux-amd64' }} | ||
| name: Generate packages | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Node | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version-file: '.nvmrc' | ||
| registry-url: 'https://registry.npmjs.org' | ||
| - name: Download dashboard artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard | ||
| - name: Download security plugin artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_SECURITY }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-plugin | ||
| - name: Download main plugin's artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_WAZUH }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins | ||
| - name: Download core plugin's artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_CORE }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins | ||
| - name: Download check update plugin's artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_CHECK_UPDATES }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins | ||
| - name: Download report plugin artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_REPORTING }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-plugin | ||
| - name: Download security analytics plugin artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_SECURITY_ANALYTICS }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-analytics-plugin | ||
| - name: Download alerting plugin artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_ALERTING }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/alerting-plugin | ||
| - name: Download notifications plugin artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{ needs.get-outputs-plugins.outputs.NAME_PLUGIN_NOTIFICATIONS }} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/notifications-plugin | ||
| - name: Zip plugins | ||
| run: | | ||
| zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/wazuh-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins | ||
| zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-plugin | ||
| zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-plugin | ||
| zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard/${{ needs.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }} | ||
| zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-analytics-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-analytics-plugin | ||
| zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/alerting-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/alerting-plugin | ||
| zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/notifications-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/notifications-plugin | ||
| - name: Build package | ||
| run: | | ||
| cd ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages | ||
| bash ./build-packages.sh \ | ||
| -r ${{ inputs.revision }} ${{ needs.setup-variables.outputs.ARCHITECTURE_FLAG }} \ | ||
| -a file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/wazuh-package.zip \ | ||
| -s file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/security-package.zip \ | ||
| -b file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/dashboard-package.zip \ | ||
| -rp file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/report-package.zip \ | ||
| -sa file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/security-analytics-package.zip \ | ||
| -al file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/alerting-package.zip \ | ||
| -no file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/notifications-package.zip \ | ||
| --commit-sha ${{needs.setup-variables.outputs.ALL_COMMIT_SHAS}} \ | ||
| --${{ inputs.system }} ${{ needs.setup-variables.outputs.PRODUCTION }} --debug | ||
| - name: Upload artifact | ||
| uses: actions/upload-artifact@v4 | ||
| if: success() | ||
| with: | ||
| name: ${{needs.setup-variables.outputs.PACKAGE_NAME}} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} | ||
| retention-days: 30 | ||
| overwrite: true | ||
| - name: Upload checksum | ||
| if: success() && ${{ inputs.checksum }} | ||
|
Check warning on line 475 in .github/workflows/5_builderpackage_dashboard.yml
|
||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ${{needs.setup-variables.outputs.PACKAGE_NAME}}.sha512 | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}}.sha512 | ||
| retention-days: 30 | ||
| overwrite: true | ||
| test-package: | ||
| needs: [setup-variables, build-package] | ||
| runs-on: ${{ needs.setup-variables.outputs.ARCHITECTURE_FLAG == '--arm' && 'wz-linux-arm64' || 'wz-linux-amd64' }} | ||
| strategy: | ||
| fail-fast: false | ||
| name: Test package | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Download artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{needs.setup-variables.outputs.PACKAGE_NAME}} | ||
| path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages | ||
| - name: Test package integrity | ||
| run: | | ||
| cd ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages | ||
| cp ./${{needs.setup-variables.outputs.PACKAGE_NAME}} ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages/${{ inputs.system }} | ||
| bash ./test-packages.sh \ | ||
| -p ${{needs.setup-variables.outputs.PACKAGE_NAME}} | ||
| - name: DEB - Test package install/uninstall | ||
| if: ${{ inputs.system == 'deb' }} | ||
| run: | | ||
| sudo dpkg -i ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages/${{needs.setup-variables.outputs.PACKAGE_NAME}} | ||
| if dpkg-query -W -f='${Status}' wazuh-dashboard 2>/dev/null | grep -q "install ok installed"; then | ||
| echo "Package installed" | ||
| else | ||
| echo "Package not installed" | ||
| exit 1 | ||
| fi | ||
| sudo systemctl daemon-reload | ||
| sudo systemctl enable wazuh-dashboard | ||
| sudo systemctl start wazuh-dashboard | ||
| if sudo systemctl status wazuh-dashboard | grep -q "active (running)"; then | ||
| echo "Service running" | ||
| else | ||
| echo "Service not running" | ||
| exit 1 | ||
| fi | ||
| sudo apt-get remove --purge wazuh-dashboard -y | ||
| if dpkg-query -W -f='${Status}' wazuh-dashboard 2>/dev/null | grep -q "install ok installed"; then | ||
| echo "Package not uninstalled" | ||
| exit 1 | ||
| else | ||
| echo "Package uninstalled" | ||
| fi | ||
| - name: DEB - Test package upgrade | ||
| if: ${{ needs.setup-variables.outputs.PREVIOUS != '' && inputs.system == 'deb' }} | ||
| run: | | ||
| sudo apt-get install debhelper tar curl libcap2-bin #debhelper version 9 or later | ||
| sudo apt-get install gnupg apt-transport-https | ||
| sudo curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && sudo chmod 644 /usr/share/keyrings/wazuh.gpg | ||
| sudo echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee -a /etc/apt/sources.list.d/wazuh.list | ||
| sudo apt-get update | ||
| sudo apt-get -y install wazuh-dashboard=${{needs.setup-variables.outputs.PREVIOUS}} | ||
| sudo systemctl daemon-reload | ||
| sudo systemctl enable wazuh-dashboard | ||
| sudo systemctl start wazuh-dashboard | ||
| sudo dpkg -i ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages/${{needs.setup-variables.outputs.PACKAGE_NAME}} | ||
| sudo systemctl restart wazuh-dashboard | ||
| if dpkg -s wazuh-dashboard | grep '^Version:' | grep -q "${{needs.setup-variables.outputs.VERSION}}"; then | ||
| echo "Package upgraded" | ||
| else | ||
| echo "Package not upgraded" | ||
| exit 1 | ||
| fi | ||
| if sudo systemctl status wazuh-dashboard | grep -q "active (running)"; then | ||
| echo "Service running" | ||
| else | ||
| echo "Service not running" | ||
| exit 1 | ||
| fi | ||
| - name: RPM - Clone automation repo | ||
| if: ${{ inputs.system == 'rpm' }} | ||
| env: | ||
| username: 'wazuh-devel-xdrsiem-dashboard' | ||
| run: | | ||
| git clone https://${{ env.username }}:${{ secrets.DASHBOARD_BOT_SMOKE_TEST_TOKEN }}@github.com/wazuh/wazuh-automation.git | ||
| cd wazuh-automation | ||
| pip3 install -r deployability/deps/requirements.txt | ||
| - name: RPM - Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| if: ${{ inputs.system == 'rpm' }} | ||
| with: | ||
| aws-region: 'us-east-1' | ||
| role-to-assume: ${{ secrets.AWS_IAM_ROLE }} | ||
| role-session-name: 'Dashboard-smoke-test' | ||
| - name: RPM - Setup environment | ||
| if: ${{ inputs.system == 'rpm' }} | ||
| run: | | ||
| if [ "${{ inputs.architecture }}" = "x86_64" ]; then | ||
| python3 wazuh-automation/deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name centos_stream-9-amd64 --instance-name "centos_9_amd_large_aws" --inventory-output "/tmp/inventory.yaml" --track-output "/tmp/track.yaml" --label-team dashboard --label-termination-date 1d --working-dir /tmp/dashboard | ||
| else | ||
| python3 wazuh-automation/deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name centos_stream-8-arm64 --instance-name "centos_8_arm_large_aws" --inventory-output "/tmp/inventory.yaml" --track-output "/tmp/track.yaml" --label-team dashboard --label-termination-date 1d --working-dir /tmp/dashboard | ||
| fi | ||
| ansible_host=$(grep 'ansible_host:' /tmp/inventory.yaml | sed 's/.*: *//') | ||
| ansible_port=$(grep 'ansible_port:' /tmp/inventory.yaml | sed 's/.*: *//') | ||
| ansible_user=$(grep 'ansible_user:' /tmp/inventory.yaml | sed 's/.*: *//') | ||
| ansible_ssh_private_key_file=$(grep 'ansible_ssh_private_key_file:' /tmp/inventory.yaml | sed 's/.*: *//') | ||
| ssh_command="ssh -o StrictHostKeyChecking=no -i $ansible_ssh_private_key_file -p $ansible_port $ansible_user@$ansible_host" | ||
| scp_command="scp -o StrictHostKeyChecking=no -i $ansible_ssh_private_key_file -P $ansible_port" | ||
| echo "ansible_host=$ansible_host" >> $GITHUB_OUTPUT | ||
| echo "ansible_port=$ansible_port" >> $GITHUB_OUTPUT | ||
| echo "ansible_user=$ansible_user" >> $GITHUB_OUTPUT | ||
| echo "ansible_ssh_private_key_file=$ansible_ssh_private_key_file" >> $GITHUB_OUTPUT | ||
| echo "ssh_command=$ssh_command" >> $GITHUB_OUTPUT | ||
| echo "scp_command=$scp_command" >> $GITHUB_OUTPUT | ||
| id: setup_rpm_env | ||
| - name: RPM - Test package install/uninstall | ||
| if: ${{ inputs.system == 'rpm' }} | ||
| run: | | ||
| # echo 'Installing package...' is necessary to init the ssh connection prior to running scp | ||
| ${{ steps.setup_rpm_env.outputs.ssh_command }} "echo 'Installing package...'" | ||
| ${{ steps.setup_rpm_env.outputs.scp_command }} ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages/${{needs.setup-variables.outputs.PACKAGE_NAME}} ${{ steps.setup_rpm_env.outputs.ansible_user }}@${{ steps.setup_rpm_env.outputs.ansible_host }}:/home/${{ steps.setup_rpm_env.outputs.ansible_user }}/ | ||
| ${{ steps.setup_rpm_env.outputs.ssh_command }} "sudo rpm -i ./${{needs.setup-variables.outputs.PACKAGE_NAME}}; \ | ||
| if rpm -q wazuh-dashboard &>/dev/null; then \ | ||
| echo 'Package installed'; \ | ||
| else \ | ||
| echo 'Package not installed'; \ | ||
| exit 1; \ | ||
| fi; \ | ||
| sudo systemctl daemon-reload;\ | ||
| sudo systemctl enable wazuh-dashboard;\ | ||
| sudo systemctl start wazuh-dashboard;\ | ||
| if sudo systemctl status wazuh-dashboard | grep -q 'active (running)'; then \ | ||
| echo 'Service running'; \ | ||
| else \ | ||
| echo 'Service not running' ;\ | ||
| exit 1 ;\ | ||
| fi; \ | ||
| sudo yum remove wazuh-dashboard -y ;\ | ||
| sudo rm -rf /var/lib/wazuh-dashboard/ ; \ | ||
| sudo rm -rf /usr/share/wazuh-dashboard/ ; \ | ||
| sudo rm -rf /etc/wazuh-dashboard/; \ | ||
| if rpm -q wazuh-dashboard &>/dev/null; then \ | ||
| echo 'Package not uninstalled'; \ | ||
| exit 1; \ | ||
| else \ | ||
| echo 'Package uninstalled'; \ | ||
| fi | ||
| " | ||
| - name: RPM - Test package upgrade | ||
| if: ${{ needs.setup-variables.outputs.PREVIOUS != '' && inputs.system == 'rpm' }} | ||
| run: | | ||
| ${{ steps.setup_rpm_env.outputs.ssh_command }} "sudo yum install libcap; \ | ||
| sudo rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH; \ | ||
| sudo echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | sudo tee /etc/yum.repos.d/wazuh.repo; \ | ||
| sudo yum install -y wazuh-dashboard-${{needs.setup-variables.outputs.PREVIOUS}}; \ | ||
| sudo systemctl daemon-reload; \ | ||
| sudo systemctl enable wazuh-dashboard; \ | ||
| sudo systemctl start wazuh-dashboard; \ | ||
| sudo yum install -y ${{needs.setup-variables.outputs.PACKAGE_NAME}}; \ | ||
| sudo systemctl restart wazuh-dashboard; \ | ||
| if rpm -q wazuh-dashboard | grep -q '${{needs.setup-variables.outputs.VERSION}}'; then \ | ||
| echo 'Package upgraded'; \ | ||
| else \ | ||
| echo 'Package not upgraded'; \ | ||
| exit 1; \ | ||
| fi; \ | ||
| if sudo systemctl status wazuh-dashboard | grep -q 'active (running)'; then \ | ||
| echo 'Service running'; \ | ||
| else \ | ||
| echo 'Service not running'; \ | ||
| exit 1; \ | ||
| fi | ||
| " | ||
| - name: Destroy Allocator Machine | ||
| #DO NOT DELETE. This ensures that the generated instance is destroyed even if the job fails. | ||
| if: ${{ always() }} | ||
| ######################################## | ||
| run: | | ||
| if [ "${{ inputs.system }}" = "rpm" ]; then | ||
| echo "Destroying Allocator Machine" | ||
| cd wazuh-automation/deployability | ||
| python3 modules/allocation/main.py --action delete --track-output "/tmp/track.yaml" | ||
| fi | ||
| upload-package: | ||
| needs: [setup-variables, test-package] | ||
| runs-on: ${{ inputs.architecture == 'arm64' && 'wz-linux-arm64' || 'wz-linux-amd64' }} | ||
| name: Upload package | ||
| steps: | ||
| - name: Set up AWS CLI | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }} | ||
| aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }} | ||
| aws-region: ${{ secrets.CI_AWS_REGION }} | ||
| - name: Download artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{needs.setup-variables.outputs.PACKAGE_NAME}} | ||
| path: ./ | ||
| - name: Download checksum | ||
| if: ${{ inputs.checksum }} | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: ${{needs.setup-variables.outputs.PACKAGE_NAME}}.sha512 | ||
| path: ./ | ||
| - name: Upload package | ||
| run: | | ||
| echo "Uploading package" | ||
| aws s3 cp ./${{needs.setup-variables.outputs.PACKAGE_NAME}} s3://xdrsiem-packages-dev-internal/development/wazuh/5.x/main/packages/ | ||
| s3uri="s3://xdrsiem-packages-dev-internal/development/wazuh/5.x/main/packages/${{needs.setup-variables.outputs.PACKAGE_NAME}}" | ||
| echo "S3 URI: ${s3uri}" | ||
| - name: Upload SHA512 | ||
| if: ${{ inputs.checksum }} | ||
| run: | | ||
| echo "Uploading checksum" | ||
| aws s3 cp ./${{needs.setup-variables.outputs.PACKAGE_NAME}}.sha512 s3://xdrsiem-packages-dev-internal/development/wazuh/5.x/main/packages/ | ||
| s3uri="s3://xdrsiem-packages-dev-internal/development/wazuh/5.x/main/packages/${{needs.setup-variables.outputs.PACKAGE_NAME}}.sha512" | ||
| echo "S3 sha512 URI: ${s3uri}" | ||
