Skip to content

Commit

Permalink
Add pipeline to generate release packages (#193)
Browse files Browse the repository at this point in the history
* Add script to get the version of OpenSearch

* Set revision to 0 by default.

- Reduce inputs for scripts.
- Add script to generate packages' naming convention.
- Make scripts self-aware of the OpenSearch version.

* Fix assemble

* Smoke test new pipeline to build packages

* Fix syntax errors

* Update build.yml

Signed-off-by: Álex Ruiz <[email protected]>

* Add workflow to build packages on push

* Run actionlint

* Fix jq argjson

* Fix set matrix output ?

* Try new approach using a single workflow

* Fix GITHUB_OUTPUT

* Fix baptizer invocation

* Add testing and upload to new approach

* Fix hard coded revision number on RPM assembly

* New attempt

* Skip upload unless specified

* Install plugins on RPM

* Promote new approach

Removes previous workflows to generate packages

* Fix workflow name

* Attempt to fix release package naming

* Fix build.sh invocation from workflow

* Use min package name in workflow

* Use min package name for release naming convention in workflow

* Attemtp to fix regex

* Upgrade to aws-actions/configure-aws-credentials@v4

Clean up

* Apply latest requirements

Add workflow with single matrix for QA use. Rename inputs. Add checksum input.

* Add checksum generation and upload

* Use choice as input types for system and architecture

* Invoke build single packages with upload option

* Add documentation and clean up

* Rename scripts folder to packaging_scripts

---------

Signed-off-by: Álex Ruiz <[email protected]>
  • Loading branch information
AlexRuiz7 committed Sep 9, 2024
1 parent 2a72c41 commit a9a22b9
Show file tree
Hide file tree
Showing 18 changed files with 876 additions and 779 deletions.
221 changes: 163 additions & 58 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,23 +1,68 @@
name: Build packages
name: Build packages (on demand)

# This workflow runs when any of the following occur:
# - Run manually
# - Invoked from another workflow
on:
push:
# Sequence of patterns matched against refs/heads
branches:
- "ci/*"
workflow_dispatch:
inputs:
revision:
description: "Revision"
type: string
required: true
default: "1"
default: "0"
upload:
description: "Upload ?"
type: bool
type: boolean
default: false
is_stage:
description: "Is stage ?"
type: boolean
default: false
distribution:
description: '[ "tar", "rpm", "deb" ]'
type: string
default: '[ "rpm", "deb" ]'
architecture:
description: '[ "x64", "arm64" ]'
type: string
default: '[ "x64" ]'
checksum:
description: "Checksum ?"
type: boolean
default: false
workflow_call:
inputs:
revision:
description: "Revision"
type: string
default: "0"
upload:
description: "Upload ?"
type: boolean
default: false
is_stage:
description: "Is stage ?"
type: boolean
default: false
distribution:
description: '[ "tar", "rpm", "deb" ]'
type: string
default: '[ "rpm", "deb" ]'
architecture:
description: '[ "x64", "arm64" ]'
type: string
default: '[ "x64" ]'
checksum:
description: "Checksum ?"
type: boolean
default: false
secrets:
CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY:
required: true
description: "AWS user access key"
CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY:
required: true
description: "AWS user secret key"

# ==========================
# Bibliography
Expand All @@ -33,57 +78,117 @@ on:
# | https://docs.github.com/en/actions/learn-github-actions/expressions#example

jobs:
version:
uses: ./.github/workflows/r_version.yml

commit_sha:
uses: ./.github/workflows/r_commit_sha.yml
matrix:
name: Set up matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.setup.outputs.matrix }}
steps:
- id: setup
run: |
matrix=$(jq -cn \
--argjson distribution '${{ inputs.distribution }}' \
--argjson architecture '${{ inputs.architecture }}' \
'{distribution: $distribution, architecture: $architecture}'
)
echo "matrix=$matrix" >> $GITHUB_OUTPUT
build:
needs: [version, commit_sha]
strategy:
matrix:
distribution: [tar, rpm, deb]
architecture: [x64, arm64]
uses: ./.github/workflows/r_build.yml
with:
architecture: ${{ matrix.architecture }}
distribution: ${{ matrix.distribution }}
revision: ${{ github.event_name == 'push' && '1' || inputs.revision }}
name: wazuh-indexer-min_${{ needs.version.outputs.version }}-${{ github.event_name == 'push' && '1' || inputs.revision }}-${{ matrix.architecture }}_${{ needs.commit_sha.outputs.commit_sha }}.${{ matrix.distribution }}

assemble:
needs: [version, commit_sha, build]
strategy:
matrix:
distribution: [tar, rpm, deb]
architecture: [x64, arm64]
exclude:
# skip arm64 until we have arm runners
- architecture: arm64
- distribution: tar

uses: ./.github/workflows/r_assemble.yml
with:
architecture: ${{ matrix.architecture }}
distribution: ${{ matrix.distribution }}
min: wazuh-indexer-min_${{ needs.version.outputs.version }}-${{ github.event_name == 'push' && '1' || inputs.revision }}-${{ matrix.architecture }}_${{ needs.commit_sha.outputs.commit_sha }}.${{ matrix.distribution }}

test:
needs: [version, commit_sha, assemble]
needs: [matrix]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
os: [{ suffix: "amd64", ext: "deb" }, { suffix: "x86_64", ext: "rpm" }]
uses: ./.github/workflows/r_test.yml
with:
package: wazuh-indexer-${{ needs.version.outputs.version }}-${{ github.event_name == 'push' && '1' || inputs.revision }}_${{ matrix.os.suffix }}_${{ needs.commit_sha.outputs.commit_sha }}.${{ matrix.os.ext }}

upload:
needs: [version, commit_sha, test]
# Upload only on 'workflow_dispatch' event and if 'upload=true'
if: ${{ github.event_name == 'push' && inputs.upload }}
uses: ./.github/workflows/r_upload.yml
with:
package: wazuh-indexer-${{ needs.version.outputs.version }}-${{ github.event_name == 'push' && '1' || inputs.revision }}_${{ matrix.os.suffix }}_${{ needs.commit_sha.outputs.commit_sha }}.${{ matrix.os.ext }}
secrets: inherit
matrix: ${{ fromJson(needs.matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 11

- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3

- name: Provision
if: ${{ matrix.distribution == 'deb' }}
run: |
sudo bash packaging_scripts/provision.sh
- name: Run `baptizer.sh` (min)
run: |
name=$(bash packaging_scripts/baptizer.sh -m \
-a ${{ matrix.architecture }} \
-d ${{ matrix.distribution }} \
-r ${{ inputs.revision }} \
${{ inputs.is_stage && '-x' || '' }} \
)
echo "name=$name" >> $GITHUB_OUTPUT
id: min_package

- name: Run `baptizer.sh`
run: |
name=$(bash packaging_scripts/baptizer.sh \
-a ${{ matrix.architecture }} \
-d ${{ matrix.distribution }} \
-r ${{ inputs.revision }} \
${{ inputs.is_stage && '-x' || '' }} \
)
echo "name=$name" >> $GITHUB_OUTPUT
id: package

- name: Run `build.sh`
run: |
bash packaging_scripts/build.sh \
-a ${{ matrix.architecture }} \
-d ${{ matrix.distribution }} \
-n ${{ steps.min_package.outputs.name }}
- name: Run `assemble.sh`
run: |
bash packaging_scripts/assemble.sh \
-a ${{ matrix.architecture }} \
-d ${{ matrix.distribution }} \
-r ${{ inputs.revision }}
- name: Test RPM package
if: ${{ matrix.distribution == 'rpm' }}
uses: addnab/docker-run-action@v3
with:
image: redhat/ubi9:latest
options: -v ${{ github.workspace }}/artifacts/dist:/artifacts/dist
run: |
yum localinstall "/artifacts/dist/${{ steps.package.outputs.name }}" -y
- name: Test DEB package
if: ${{ matrix.distribution == 'deb' }}
run: |
sudo dpkg -i "artifacts/dist/${{ steps.package.outputs.name }}"
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{ steps.package.outputs.name }}
path: artifacts/dist/${{ steps.package.outputs.name }}
if-no-files-found: error

- name: Set up AWS CLI
if: ${{ inputs.upload }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }}
aws-region: us-east-1

- name: Upload package to S3
if: ${{ inputs.upload }}
run: |
src="artifacts/dist/${{ steps.package.outputs.name }}"
dest="s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/"
aws s3 cp "$src" "$dest"
- name: Upload checksum to S3
if: ${{ inputs.upload && inputs.checksum }}
run: |
src="artifacts/dist/${{ steps.package.outputs.name }}.sha512"
dest="s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/"
aws s3 cp "$src" "$dest"
14 changes: 14 additions & 0 deletions .github/workflows/build_on_push.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: Build packages (on push)

# This workflow runs when any of the following occur:
# - On push to branches named after ci/*
on:
push:
# Sequence of patterns matched against refs/heads
branches:
- "ci/*"

jobs:
call-build-workflow:
uses: ./.github/workflows/build.yml
secrets: inherit
46 changes: 46 additions & 0 deletions .github/workflows/build_single.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: Build packages (single)

# This workflow runs when any of the following occur:
# - Run manually
on:
workflow_dispatch:
inputs:
revision:
description: "Revision"
type: string
default: "0"
checksum:
description: "Checksum ?"
type: boolean
default: false
is_stage:
description: "Is stage ?"
type: boolean
default: false
system:
description: "Package OS"
type: choice
options:
- rpm
- deb
default: deb
architecture:
description: "Package architecture"
type: choice
options:
- amd64
- x86_64
default: amd64

jobs:
call-build-workflow:
uses: ./.github/workflows/build.yml
with:
revision: ${{ inputs.revision }}
checksum: ${{ inputs.checksum }}
is_stage: ${{ inputs.is_stage }}
distribution: '[ "${{ inputs.system }}" ]'
upload: true
# Architecture is always 'x64', which is the default value in ./build.yml
# It is an input just for convenience and standardisation.
secrets: inherit
61 changes: 0 additions & 61 deletions .github/workflows/r_assemble.yml

This file was deleted.

Loading

0 comments on commit a9a22b9

Please sign in to comment.