Build [ "rpm", "deb" ] Wazuh Indexer on [ "x64", "arm64" ] | test-build #306
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
run-name: Build ${{ inputs.distribution }} Wazuh Indexer on ${{ inputs.architecture }} | ${{ inputs.id }} | |
name: Build packages (on demand) | |
# This workflow runs when any of the following occur: | |
# - Run manually | |
# - Invoked from another workflow | |
on: | |
workflow_dispatch: | |
inputs: | |
revision: | |
description: "Revision" | |
type: string | |
default: "0" | |
upload: | |
description: "Upload ?" | |
type: boolean | |
default: false | |
is_stage: | |
description: "Is stage ?" | |
type: boolean | |
default: false | |
distribution: | |
description: '[ "tar", "rpm", "deb" ]' | |
type: string | |
default: '[ "rpm", "deb" ]' | |
architecture: | |
description: '[ "x64", "arm64" ]' | |
type: string | |
default: '[ "x64", "arm64" ]' | |
checksum: | |
description: "Checksum ?" | |
type: boolean | |
default: false | |
id: | |
description: "ID used to identify the workflow uniquely." | |
type: string | |
required: false | |
wazuh_plugins_ref: | |
description: "Branch, commit or tag for the wazuh-indexer-plugins repository" | |
type: string | |
default: "master" | |
reporting_plugin_ref: | |
description: "Branch, commit or tag for the wazuh-indexer-reporting repository" | |
type: string | |
default: "master" | |
workflow_call: | |
inputs: | |
revision: | |
description: "Revision" | |
type: string | |
default: "0" | |
upload: | |
description: "Upload ?" | |
type: boolean | |
default: false | |
is_stage: | |
description: "Is stage ?" | |
type: boolean | |
default: false | |
distribution: | |
description: '[ "tar", "rpm", "deb" ]' | |
type: string | |
default: '[ "rpm", "deb" ]' | |
architecture: | |
description: '[ "x64", "arm64" ]' | |
type: string | |
default: '[ "x64", "arm64" ]' | |
checksum: | |
description: "Checksum ?" | |
type: boolean | |
default: false | |
id: | |
type: string | |
required: false | |
wazuh_plugins_ref: | |
description: "Branch, commit or tag for the wazuh-indexer-plugins repository" | |
type: string | |
default: "master" | |
reporting_plugin_ref: | |
description: "Branch, commit or tag for the wazuh-indexer-reporting repository" | |
type: string | |
default: "master" | |
secrets: | |
CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY: | |
required: true | |
description: "AWS user access key" | |
CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY: | |
required: true | |
description: "AWS user secret key" | |
# ========================== | |
# Bibliography | |
# ========================== | |
# | |
# * Reusable workflows: limitations | |
# | https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations | |
# * Using matrix in reusable workflows: | |
# | https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-a-matrix-strategy-with-a-reusable-workflow | |
# * Reading input from the called workflow | |
# | https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs | |
# * Ternary operator | |
# | https://docs.github.com/en/actions/learn-github-actions/expressions#example | |
jobs: | |
matrix: | |
name: Set up matrix | |
runs-on: ubuntu-22.04 | |
outputs: | |
matrix: ${{ steps.setup.outputs.matrix }} | |
steps: | |
- id: setup | |
run: | | |
matrix=$(jq -cn \ | |
--argjson distribution '${{ inputs.distribution }}' \ | |
--argjson architecture '${{ inputs.architecture }}' \ | |
'{distribution: $distribution, architecture: $architecture}' | |
) | |
echo "matrix=$matrix" >> $GITHUB_OUTPUT | |
build-wazuh-plugins: | |
if: ${{ inputs.wazuh_plugins_ref != '' }} | |
strategy: | |
fail-fast: false | |
matrix: | |
plugins: ["setup", "command-manager"] | |
runs-on: ubuntu-latest | |
env: | |
plugin_name: wazuh-indexer-${{ matrix.plugins }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: wazuh/wazuh-indexer-plugins | |
ref: ${{ inputs.wazuh_plugins_ref }} | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 21 | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Get version | |
id: version | |
run: echo "version=$(<VERSION)" >> "$GITHUB_OUTPUT" | |
- name: Build with Gradle | |
working-directory: ./plugins/${{ matrix.plugins }} | |
run: ./gradlew build -Dversion=${{ steps.version.outputs.version }} -Drevision=${{ inputs.revision }} | |
- run: ls -lR build/distributions | |
working-directory: ./plugins/${{ matrix.plugins }} | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.plugin_name }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip | |
path: "./plugins/${{ matrix.plugins }}/build/distributions/${{ env.plugin_name }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip" | |
if-no-files-found: error | |
build-reporting-plugin: | |
if: ${{ inputs.reporting_plugin_ref != '' }} | |
runs-on: ubuntu-latest | |
env: | |
plugin_name: wazuh-indexer-reports-scheduler | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: wazuh/wazuh-indexer-reporting | |
ref: ${{ inputs.reporting_plugin_ref }} | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 21 | |
- name: Setup Gradle # Used for caching | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Get version | |
id: version | |
run: echo "version=$(<VERSION)" >> "$GITHUB_OUTPUT" | |
- name: Build with Gradle | |
run: ./gradlew build -Dversion=${{ steps.version.outputs.version }} -Drevision=${{ inputs.revision }} | |
- run: ls -lR build/distributions | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.plugin_name }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip | |
path: build/distributions/${{ env.plugin_name }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip | |
if-no-files-found: error | |
build: | |
needs: [matrix, build-wazuh-plugins, build-reporting-plugin] | |
runs-on: ${{ matrix.architecture == 'arm64' && 'wz-linux-arm64' || 'ubuntu-22.04' }} | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.matrix.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
# Download plugins | |
- name: Download plugins | |
uses: actions/download-artifact@v4 | |
if: ${{ inputs.wazuh_plugins_ref != '' || inputs.reporting_plugin_ref != ''}} | |
with: | |
path: ./artifacts/plugins | |
merge-multiple: true | |
- name: Display structure of downloaded files | |
if: ${{ inputs.wazuh_plugins_ref != '' || inputs.reporting_plugin_ref != ''}} | |
run: ls -lR ./artifacts/plugins | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 21 | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v4 | |
- name: Provision | |
if: ${{ matrix.distribution == 'deb' }} | |
run: | | |
sudo bash build-scripts/provision.sh | |
- name: Run `baptizer.sh` (min) | |
run: | | |
name=$(bash build-scripts/baptizer.sh -m \ | |
-a ${{ matrix.architecture }} \ | |
-d ${{ matrix.distribution }} \ | |
-r ${{ inputs.revision }} \ | |
${{ inputs.is_stage && '-x' || '' }} \ | |
) | |
echo "name=$name" >> $GITHUB_OUTPUT | |
id: min_package | |
- name: Run `baptizer.sh` | |
run: | | |
name=$(bash build-scripts/baptizer.sh \ | |
-a ${{ matrix.architecture }} \ | |
-d ${{ matrix.distribution }} \ | |
-r ${{ inputs.revision }} \ | |
${{ inputs.is_stage && '-x' || '' }} \ | |
) | |
echo "name=$name" >> $GITHUB_OUTPUT | |
id: package | |
- name: Run `build.sh` | |
run: | | |
bash build-scripts/build.sh \ | |
-a ${{ matrix.architecture }} \ | |
-d ${{ matrix.distribution }} \ | |
-n ${{ steps.min_package.outputs.name }} | |
- name: Run `assemble.sh` | |
run: | | |
bash build-scripts/assemble.sh \ | |
-a ${{ matrix.architecture }} \ | |
-d ${{ matrix.distribution }} \ | |
-r ${{ inputs.revision }} | |
- name: Test RPM package | |
if: ${{ matrix.distribution == 'rpm' }} | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: redhat/ubi9:latest | |
options: -v ${{ github.workspace }}/artifacts/dist:/artifacts/dist | |
run: | | |
yum localinstall "/artifacts/dist/${{ steps.package.outputs.name }}" -y | |
- name: Test DEB package | |
if: ${{ matrix.distribution == 'deb' }} | |
run: | | |
sudo dpkg -i "artifacts/dist/${{ steps.package.outputs.name }}" | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ steps.package.outputs.name }} | |
path: artifacts/dist/${{ steps.package.outputs.name }} | |
if-no-files-found: error | |
- name: Set up AWS CLI | |
if: ${{ inputs.upload }} | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }} | |
aws-region: ${{ secrets.CI_AWS_REGION }} | |
- name: Upload package to S3 | |
if: ${{ inputs.upload }} | |
run: | | |
src="artifacts/dist/${{ steps.package.outputs.name }}" | |
dest="s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/" | |
aws s3 cp "$src" "$dest" | |
s3uri="${dest}${{ steps.package.outputs.name }}" | |
echo "S3 URI: ${s3uri}" | |
- name: Upload checksum to S3 | |
if: ${{ inputs.upload && inputs.checksum }} | |
run: | | |
src="artifacts/dist/${{ steps.package.outputs.name }}.sha512" | |
dest="s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/" | |
aws s3 cp "$src" "$dest" | |
s3uri="${dest}${{ steps.package.outputs.name }}.sha512" | |
echo "S3 sha512 URI: ${s3uri}" |