Build deb wazuh-dashboard on amd64 #501
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
run-name: Build ${{ inputs.system }} wazuh-dashboard on ${{ inputs.architecture }} ${{ inputs.is_stage && '- is stage' || '' }} ${{ inputs.checksum && '- checksum' || '' }} ${{ inputs.id }} | |
name: Build Wazuh dashboard with plugins | |
on: | |
workflow_dispatch: | |
inputs: | |
system: | |
type: choice | |
description: 'Package OS' | |
required: true | |
options: | |
- deb | |
- rpm | |
default: 'deb' | |
architecture: | |
type: choice | |
description: 'Package architecture' | |
required: true | |
options: | |
- amd64 | |
- x86_64 | |
- aarch64 | |
- arm64 | |
default: amd64 | |
revision: | |
type: string | |
description: 'Package revision' | |
required: true | |
default: '0' | |
reference_security_plugins: | |
type: string | |
description: 'Branch/tag/commit of the wazuh-security-dashboards-plugin repository to build the security plugin' | |
required: true | |
default: 'master' | |
reference_wazuh_plugins: | |
type: string | |
description: 'Branch/tag/commit of the wazuh-dashboard-plugins repository to build the main plugins' | |
required: true | |
default: 'master' | |
reference_report_plugins: | |
type: string | |
description: 'Branch/tag/commit of the wazuh-dashboard-reporting repository to build the report plugin' | |
required: true | |
default: 'master' | |
is_stage: | |
type: boolean | |
description: 'Set production nomenclature' | |
required: true | |
default: false | |
upload: | |
description: 'Upload ?' | |
type: boolean | |
default: true | |
checksum: | |
type: boolean | |
description: 'Generate package checksum' | |
required: true | |
default: false | |
id: | |
description: 'ID used to identify the workflow uniquely.' | |
type: string | |
required: false | |
workflow_call: | |
inputs: | |
system: | |
type: string | |
required: true | |
default: 'deb' | |
architecture: | |
type: string | |
required: true | |
default: amd64 | |
revision: | |
type: string | |
required: true | |
default: '0' | |
reference_security_plugins: | |
type: string | |
required: true | |
default: 'master' | |
reference_wazuh_plugins: | |
type: string | |
required: true | |
default: 'master' | |
reference_report_plugins: | |
type: string | |
required: true | |
default: 'master' | |
is_stage: | |
type: boolean | |
required: true | |
default: false | |
upload: | |
type: boolean | |
default: true | |
checksum: | |
type: boolean | |
required: true | |
default: false | |
id: | |
type: string | |
required: false | |
jobs: | |
setup-variables: | |
runs-on: ubuntu-latest | |
name: Setup variables | |
outputs: | |
CURRENT_DIR: ${{ steps.setup-variables.outputs.CURRENT_DIR }} | |
VERSION: ${{ steps.setup-variables.outputs.VERSION }} | |
REVISION: ${{ steps.setup-variables.outputs.REVISION }} | |
COMMIT_SHA: ${{ steps.setup-variables.outputs.COMMIT_SHA }} | |
PRODUCTION: ${{ steps.setup-variables.outputs.PRODUCTION }} | |
WAZUH_DASHBOARD_SLIM: ${{ steps.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }} | |
WAZUH_SECURITY_PLUGIN: ${{ steps.setup-variables.outputs.WAZUH_SECURITY_PLUGIN }} | |
WAZUH_REPORT_PLUGIN: ${{ steps.setup-variables.outputs.WAZUH_REPORT_PLUGIN }} | |
WAZUH_PLUGINS_WAZUH: ${{ steps.setup-variables.outputs.WAZUH_PLUGINS_WAZUH }} | |
WAZUH_PLUGINS_CORE: ${{ steps.setup-variables.outputs.WAZUH_PLUGINS_CORE }} | |
WAZUH_PLUGINS_CHECK_UPDATES: ${{ steps.setup-variables.outputs.WAZUH_PLUGINS_CHECK_UPDATES }} | |
PACKAGE_NAME: ${{ steps.setup-variables.outputs.PACKAGE_NAME }} | |
FINAL_NAME: ${{ steps.setup-variables.outputs.FINAL_NAME }} | |
ARCHITECTURE_FLAG: ${{ steps.setup-variables.outputs.ARCHITECTURE_FLAG }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Get SHA of wazuh-dashboard-plugins | |
id: get-plugins-sha | |
run: | | |
git clone -b ${{ inputs.reference_wazuh_plugins }} --single-branch https://github.com/wazuh/wazuh-dashboard-plugins.git wzdp | |
cd wzdp | |
echo "WAZUH_PLUGINS_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: Get SHA of wazuh-security-dashboards-plugin | |
id: get-security-sha | |
run: | | |
git clone -b ${{ inputs.reference_security_plugins }} --single-branch https://github.com/wazuh/wazuh-security-dashboards-plugin.git wzsp | |
cd wzsp | |
echo "WAZUH_SECURITY_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: Get SHA of wazuh-dashboards-reporting | |
id: get-reporting-sha | |
run: | | |
git clone -b ${{ inputs.reference_report_plugins }} --single-branch https://github.com/wazuh/wazuh-dashboards-reporting.git wzrp | |
cd wzrp | |
echo "WAZUH_REPORTING_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Setup variables | |
id: setup-variables | |
run: | | |
CURRENT_DIR=$(pwd -P) | |
VERSION=$(tail -c +2 VERSION) | |
REVISION=$(yarn --silent wzd-revision) | |
COMMIT_SHA=$(git rev-parse --short HEAD) | |
PLUGINS_SHA=${{steps.get-plugins-sha.outputs.WAZUH_PLUGINS_SHA}} | |
SECURITY_SHA=${{steps.get-security-sha.outputs.WAZUH_SECURITY_SHA}} | |
REPORTING_SHA=${{steps.get-reporting-sha.outputs.WAZUH_REPORTING_SHA}} | |
if [ "${{ inputs.is_stage }}" = "true" ]; then | |
PRODUCTION=--production | |
else | |
PRODUCTION="" | |
fi | |
WAZUH_DASHBOARD_SLIM=wazuh-dashboard_${VERSION}-${REVISION}_${{ (inputs.ARCHITECTURE == 'x86_64' || inputs.ARCHITECTURE == 'amd64') && 'x64' || 'arm64' }}.tar.gz | |
WAZUH_SECURITY_PLUGIN=wazuh-security-dashboards-plugin_${VERSION}-${REVISION}_$(echo ${{ inputs.reference_security_plugins }} | sed 's/\//-/g').zip | |
WAZUH_REPORT_PLUGIN=reports-dashboards_${VERSION}-${REVISION}_$(echo ${{ inputs.reference_report_plugins }} | sed 's/\//-/g').zip | |
WAZUH_PLUGINS_WAZUH=wazuh-dashboard-plugins_wazuh_${VERSION}-${REVISION}_${{ inputs.reference_wazuh_plugins }}.zip | |
WAZUH_PLUGINS_CORE=wazuh-dashboard-plugins_wazuh-core_${VERSION}-${REVISION}_${{ inputs.reference_wazuh_plugins }}.zip | |
WAZUH_PLUGINS_CHECK_UPDATES=wazuh-dashboard-plugins_wazuh-check-updates_${VERSION}-${REVISION}_$(echo ${{ inputs.reference_wazuh_plugins }} | sed 's/\//-/g').zip | |
if [ "${{ inputs.system }}" = "deb" ]; then | |
if [ "${{ inputs.is_stage }}" = "true" ]; then | |
PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}.deb | |
FINAL_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}.deb | |
else | |
PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}.deb | |
FINAL_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}-${PLUGINS_SHA}-${SECURITY_SHA}-${REPORTING_SHA}.deb | |
fi | |
else | |
if [ "${{ inputs.is_stage }}" = "true" ]; then | |
PACKAGE_NAME=wazuh-dashboard-${VERSION}-${{ inputs.revision }}.${{ inputs.architecture }}.rpm | |
FINAL_NAME=wazuh-dashboard-${VERSION}-${{ inputs.revision }}.${{ inputs.architecture }}.rpm | |
else | |
PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}.rpm | |
FINAL_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}-${PLUGINS_SHA}-${SECURITY_SHA}-${REPORTING_SHA}.rpm | |
fi | |
fi | |
if [[ "${{ inputs.architecture }}" == "x86_64" || "${{ inputs.architecture }}" == "amd64" ]]; then | |
ARCHITECTURE_FLAG="" | |
else | |
ARCHITECTURE_FLAG=--arm | |
fi | |
echo "CURRENT_DIR=$CURRENT_DIR" >> $GITHUB_OUTPUT | |
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
echo "REVISION=$REVISION" >> $GITHUB_OUTPUT | |
echo "COMMIT_SHA=$COMMIT_SHA" >> $GITHUB_OUTPUT | |
echo "PRODUCTION=$PRODUCTION" >> $GITHUB_OUTPUT | |
echo "WAZUH_DASHBOARD_SLIM=$WAZUH_DASHBOARD_SLIM" >> $GITHUB_OUTPUT | |
echo "WAZUH_SECURITY_PLUGIN=$WAZUH_SECURITY_PLUGIN" >> $GITHUB_OUTPUT | |
echo "WAZUH_REPORT_PLUGIN=$WAZUH_REPORT_PLUGIN" >> $GITHUB_OUTPUT | |
echo "WAZUH_PLUGINS_WAZUH=$WAZUH_PLUGINS_WAZUH" >> $GITHUB_OUTPUT | |
echo "WAZUH_PLUGINS_CORE=$WAZUH_PLUGINS_CORE" >> $GITHUB_OUTPUT | |
echo "WAZUH_PLUGINS_CHECK_UPDATES=$WAZUH_PLUGINS_CHECK_UPDATES" >> $GITHUB_OUTPUT | |
echo "PACKAGE_NAME=$PACKAGE_NAME" >> $GITHUB_OUTPUT | |
echo "FINAL_NAME=$FINAL_NAME" >> $GITHUB_OUTPUT | |
echo "ARCHITECTURE_FLAG=$ARCHITECTURE_FLAG" >> $GITHUB_OUTPUT | |
validate-job: | |
runs-on: ubuntu-latest | |
needs: setup-variables | |
name: Validate job | |
steps: | |
- name: Validate inputs | |
run: | | |
if [[ "${{ inputs.architecture }}" == "amd64" || "${{ inputs.architecture }}" == "arm64" ]] && [[ "${{ inputs.system }}" == "rpm" ]]; then | |
echo "Invalid combination of architecture and system" | |
exit 1 | |
fi | |
if [[ "${{ inputs.architecture }}" == "x86_64" || "${{ inputs.architecture }}" == "aarch64" ]] && [[ "${{ inputs.system }}" == "deb" ]]; then | |
echo "Invalid combination of architecture and system" | |
exit 1 | |
fi | |
- name: Set up AWS CLI | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }} | |
aws-region: ${{ secrets.CI_AWS_REGION }} | |
build-base: | |
needs: [validate-job] | |
name: Build dashboard | |
uses: wazuh/wazuh-dashboard/.github/workflows/[email protected] | |
with: | |
CHECKOUT_TO: ${{ github.head_ref || github.ref_name }} | |
ARCHITECTURE: ${{ inputs.architecture }} | |
build-main-plugins: | |
needs: [validate-job] | |
name: Build plugins | |
uses: wazuh/wazuh-dashboard-plugins/.github/workflows/[email protected] | |
with: | |
reference: ${{ inputs.reference_wazuh_plugins }} | |
build-security-plugin: | |
needs: [validate-job] | |
name: Build security plugin | |
uses: wazuh/wazuh-security-dashboards-plugin/.github/workflows/[email protected] | |
with: | |
reference: ${{ inputs.reference_security_plugins }} | |
build-report-plugin: | |
needs: [validate-job] | |
name: Build reporting plugin | |
uses: wazuh/wazuh-dashboards-reporting/.github/workflows/manual-build.yml@change/10-upgrade-actions-version | |
with: | |
reference: ${{ inputs.reference_report_plugins }} | |
build-and-test-package: | |
needs: | |
[setup-variables, build-main-plugins, build-base, build-security-plugin, build-report-plugin] | |
runs-on: ${{ (inputs.architecture == 'arm64' || inputs.architecture == 'aarch64') && 'wz-linux-arm64' || 'ubuntu-22.04' }} | |
name: Generate packages | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Download dashboard artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ needs.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }} | |
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard | |
- name: Download security plugin artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ needs.setup-variables.outputs.WAZUH_SECURITY_PLUGIN }} | |
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-plugin | |
- name: Download plugins artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ needs.setup-variables.outputs.WAZUH_PLUGINS_WAZUH }} | |
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins | |
- name: Download plugins artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ needs.setup-variables.outputs.WAZUH_PLUGINS_CORE }} | |
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins | |
- name: Download plugins artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ needs.setup-variables.outputs.WAZUH_PLUGINS_CHECK_UPDATES }} | |
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins | |
- name: Download report plugin artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ needs.setup-variables.outputs.WAZUH_REPORT_PLUGIN }} | |
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-plugin | |
- name: Zip plugins | |
run: | | |
zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/wazuh-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/plugins | |
zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/security-plugin | |
zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/dashboard/${{ needs.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }} | |
zip -r -j ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-package.zip ${{ needs.setup-variables.outputs.CURRENT_DIR }}/artifacts/report-plugin | |
- name: Build package | |
run: | | |
cd ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages | |
bash ./build-packages.sh \ | |
-v ${{ needs.setup-variables.outputs.VERSION }} \ | |
-r ${{ inputs.revision }} ${{ needs.setup-variables.outputs.ARCHITECTURE_FLAG }} \ | |
-a file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/wazuh-package.zip \ | |
-s file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/security-package.zip \ | |
-b file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/dashboard-package.zip \ | |
-rp file://${{needs.setup-variables.outputs.CURRENT_DIR}}/artifacts/report-package.zip \ | |
${{ needs.setup-variables.outputs.PRODUCTION }} --${{ inputs.system }} --debug | |
- name: Test package | |
run: | | |
cd ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages | |
ls -laR ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output | |
cp ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/test-packages/${{ inputs.system }} | |
bash ./test-packages.sh \ | |
-p ${{needs.setup-variables.outputs.PACKAGE_NAME}} | |
- name: Set package final name | |
run: | | |
mv ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}} | |
- name: Set SHA final name | |
if: ${{ inputs.checksum }} | |
run: | | |
mv ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}}.sha512 ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}}.sha512 | |
- uses: actions/upload-artifact@v4 | |
if: success() | |
with: | |
name: ${{ needs.setup-variables.outputs.FINAL_NAME }} | |
path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}} | |
retention-days: 30 | |
- name: Set up AWS CLI | |
if: ${{ inputs.upload }} | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }} | |
aws-region: ${{ secrets.CI_AWS_REGION }} | |
- name: Upload package | |
if: ${{ inputs.upload }} | |
run: | | |
echo "Uploading package" | |
aws s3 cp ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}} s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/ | |
s3uri="s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/${{needs.setup-variables.outputs.FINAL_NAME}}" | |
echo "S3 URI: ${s3uri}" | |
- name: Upload SHA512 | |
if: ${{ inputs.checksum }} | |
run: | | |
echo "Uploading checksum" | |
aws s3 cp ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.FINAL_NAME}}.sha512 s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/ | |
s3uri="s3://packages-dev.internal.wazuh.com/development/wazuh/5.x/main/packages/${{needs.setup-variables.outputs.FINAL_NAME}}.sha512" | |
echo "S3 sha512 URI: ${s3uri}" |