wazuh · AlexRuiz7 · Dec 13, 2023 · Dec 13, 2023 · Dec 14, 2023 · Dec 14, 2023
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,19 +1,38 @@
-name: Build slim packages
+name: Build packages
 
 # This workflow runs when any of the following occur:
-  # - Run manually
+# - Run manually
 on:
   workflow_dispatch:
+    # TODO dynamic matrix or filtering complete matrix based on inputs
+    # inputs:
+    #   distribution:
+    #     description: 'One of [ "tar", "rpm", "deb", "all" ]'
+    #     default: 'all'
+    #     required: false
+    #     type: string
+    #   architecture:
+    #     description: 'One of [ "x64", "arm64", "all" ]'
+    #     default: 'x64'
+    #     required: true
+    #     type: string
 
+# TODO para que esto funcione con reusable workflows hay que moverlos a variables
+# TODO para pasar el nombre del paquete del stage build al stage assemble hay que usar outputs
 
-# Used to run locally using https://github.com/nektos/act
-env:
-  ACT: 
-  VERSION: 2.11.0
-  SNAPSHOT: false
-  PLATFORM: linux
-  BUILD: bash scripts/build.sh
+# ==========================
+# Bibliography
+# ==========================
+#
+# * Reusable workflows: limitations
+#   | https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations
+# * Using matrix in reusable workflows:
+#   | https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-a-matrix-strategy-with-a-reusable-workflow
+#  * Reading input from the called workflow
+#   | https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs
 
+env:
+  ACT: # Used to run locally using https://github.com/nektos/act
 
 jobs:
   build:
@@ -23,40 +42,78 @@ jobs:
       packages: write
       contents: read
     strategy:
-        matrix:
-          # act is resource-heavy. Avoid running parallel builds with it:
-          # DISTRIBUTION: [ rpm ]
-          # ARCHITECTURE: [ x64 ]
-          DISTRIBUTION: [ tar, rpm, deb ]
-          ARCHITECTURE: [ x64, arm64 ]
+      # For use with act
+      # max-parallel: 1
+      # matrix:
+      #   DISTRIBUTION: [rpm, tar]
+      #   ARCHITECTURE: [x64]
+      matrix:
+        DISTRIBUTION: [tar, rpm, deb]
+        ARCHITECTURE: [x64, arm64]
+    outputs:
+      package: ${{ steps.r_build.outputs.package }}
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-java@v3
-      with:
-        distribution: temurin
-        java-version: 11
-
-    - name: Setup Gradle
-      uses: gradle/[email protected]
-
-    - name: Execute build script
-      run: |
-        $BUILD -v $VERSION -s $SNAPSHOT -p $PLATFORM -a ${{ matrix.ARCHITECTURE }} -d ${{ matrix.DISTRIBUTION }}
-
-    # The package name is stored in the artifacts/artifact_name.txt file
-    - name: Read package name
-      id: package_name
-      run: |
-        echo $(ls -la)
-        echo "package_name=$(cat artifacts/artifact_name.txt)" >> $GITHUB_OUTPUT
-        echo "$(cat artifacts/artifact_name.txt)"
-
-    - name: Upload artifact
-      uses: actions/upload-artifact@v3
-      with:
-        name: ${{ steps.package_name.outputs.package_name }}
-        path: artifacts/dist/${{ steps.package_name.outputs.package_name }}
-        if-no-files-found: error
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 11
+
+      - name: Setup Gradle
+        uses: gradle/[email protected]
+
+      - name: Run `build.sh`
+        id: r_build
+        uses: ./.github/workflows/r_build.yml
+        with:
+          architecture: ${{ matrix.ARCHITECTURE }}
+          distribution: ${{ matrix.DISTRIBUTION }}
+
+      - name: Run `assemble.sh`
+        uses: ./.github/workflows/r_assemble.yml
+        with:
+          architecture: ${{ matrix.ARCHITECTURE }}
+          distribution: ${{ matrix.DISTRIBUTION }}
+          package: ${{ needs.build.outputs.package }}
+          # TODO comprobar si usa la misma máquina y hay acceso a ./artifacts/dist
 
   # assemble:
+  #   # needs: [build]
+  #   runs-on: ubuntu-latest
+  #   # Permissions to upload the package
+  #   permissions:
+  #     packages: write
+  #     contents: read
+  #   strategy:
+  #     # For use with act
+  #     max-parallel: 1
+  #     matrix:
+  #       DISTRIBUTION: [rpm]
+  #       ARCHITECTURE: [x64]
+  #     # matrix:
+  #     #   DISTRIBUTION: [ tar, rpm, deb ]
+  #     #   ARCHITECTURE: [ x64, arm64 ]
+  #   steps:
+  #     - name: Download artifact
+  #       uses: actions/download-artifact@v4
+  #       with:
+  #         name: wazuh-indexer-*${{ matrix.ARCHITECTURE }}*${{ matrix.DISTRIBUTION }}
+  #         # name: ${{ needs.build.outputs.package_name }}
+  #         # path: artifacts/dist/${{ needs.build.outputs.package_name }}
+
+  #     - name: Output package name
+  #       run: |
+  #         echo "Assembly jobs for ${{ matrix.ARCHITECTURE }} ${{ matrix.DISTRIBUTION }}"
+  #         echo "package_name=${{ needs.build.outputs.package_name }}"
+
+  #     - name: Install dependencies
+  #       run: |
+  #         apt-get update
+  #         apt-get install -y rpm2cpio rpm cpio
+
+  #     - uses: actions/checkout@v4
+  #     - name: Run `assemble.sh`
+  #       run: |
+  #         $ASSEMBLE -v $VERSION -p $PLATFORM -a ${{ matrix.ARCHITECTURE }} -d ${{ matrix.DISTRIBUTION }}
+
   # release:
diff --git a/.github/workflows/r_assemble.yml b/.github/workflows/r_assemble.yml
@@ -0,0 +1,69 @@
+name: Assemble (reusable)
+
+# This workflow runs when any of the following occur:
+# - Run from another workflow
+on:
+  workflow_call:
+    inputs:
+      distribution:
+        description: 'One of [ "tar", "rpm", "deb" ]'
+        default: 'rpm'
+        required: false
+        type: string
+      architecture:
+        description: 'One of [ "x64", "arm64" ]'
+        default: 'x64'
+        required: false
+        type: string
+      package:
+        required: true
+        type: string
+    # outputs:
+    #   package:
+    #     description: "The package's name"
+    #     value: ${{ jobs.build.outputs.package }}
+
+
+jobs:
+  build:
+    # runs-on: ${{ inputs.architecture }}
+    runs-on: ubuntu-latest
+    # Permissions to upload the package
+    permissions:
+      packages: write
+      contents: read
+    # outputs:
+    #   package: ${{ steps.get_name.outputs.name }}
+    steps:
+      - name: Read artifacts
+        run: |
+          ls -l ./artifacts/dist
+
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.package }}
+          path: ${{ inputs.architecture }}/${{ inputs.distribution }}
+
+      # - name: Run `assemble.sh`
+      #   run: |
+      #     bash scripts/assemble.sh -v ${{ vars.OPENSEARCH_VERSION }} -p linux -a ${{ inputs.architecture }} -d ${{ inputs.distribution }}
+
+      # # The package name is stored in the artifacts/artifact_name.txt file.
+      # # The variable name is generated dynamically: rpm_x64
+      # - name: Set package name
+      #   id: get_name
+      #   run: |
+      #     echo $(ls -la)
+      #     # ${{ inputs.distribution }}_${{ inputs.architecture }}
+      #     echo "name=$(cat artifacts/artifact_name.txt)" >> $GITHUB_OUTPUT
+      #     echo "$(cat artifacts/artifact_name.txt)"
+
+      # - name: Upload artifact
+      #   uses: actions/upload-artifact@v4
+      #   with:
+          # name: ${{ steps.get_name.outputs.name }}
+          # path: ${{ inputs.architecture }}/${{ inputs.distribution }}
+      #     if-no-files-found: error
+
+
diff --git a/.github/workflows/r_build.yml b/.github/workflows/r_build.yml
@@ -0,0 +1,65 @@
+name: Build (reusable)
+
+# This workflow runs when any of the following occur:
+# - Run from another workflow
+on:
+  workflow_call:
+    inputs:
+      distribution:
+        description: 'One of [ "tar", "rpm", "deb" ]'
+        default: 'rpm'
+        required: false
+        type: string
+      architecture:
+        description: 'One of [ "x64", "arm64" ]'
+        default: 'x64'
+        required: false
+        type: string
+    outputs:
+      package:
+        description: "The package's name"
+        value: ${{ jobs.build.outputs.package }}
+
+# TODO version must to be read from the VERSION file
+# TODO revision must be an input
+env:
+  version: 4.9.0
+  revision: 1
+
+jobs:
+  build:
+    # runs-on: ${{ inputs.architecture }}
+    runs-on: ubuntu-latest
+    # Permissions to upload the package
+    permissions:
+      packages: write
+      contents: read
+    outputs:
+      package: ${{ steps.get_name.outputs.name }}
+    steps:
+      - name: Run `build.sh`
+        run: |
+          bash scripts/build.sh -v ${{ vars.OPENSEARCH_VERSION }} -s false -p linux -a ${{ inputs.architecture }} -d ${{ inputs.distribution }}
+
+      # The package name is stored in the artifacts/artifact_name.txt file.
+      # The variable name is generated dynamically: rpm_x64
+      - name: Set package name
+        id: get_name
+        run: |
+          echo $(ls -la)
+          # ${{ inputs.distribution }}_${{ inputs.architecture }}
+          echo "name=$(cat artifacts/artifact_name.txt)" >> $GITHUB_OUTPUT
+          echo "$(cat artifacts/artifact_name.txt)"
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          # name: wazuh-indexer-min_${{ env.version }}-${{ env.revision }}_${{ inputs.architecture }}_${{ github.sha }}.${{ inputs.distribution }}
+          # example: x64/deb/wazuh-indexer_4.8.0-rc1_x64_ff98475f.deb
+          # TODO x64 -> deb: amd64, rpm: x86_64 
+          name: ${{ steps.get_name.outputs.name }}
+          path: ${{ inputs.architecture }}/${{ inputs.distribution }}
+          if-no-files-found: error
+
+
+
diff --git a/distribution/packages/build.gradle b/distribution/packages/build.gradle
@@ -298,13 +298,13 @@ apply plugin: 'com.netflix.nebula.ospackage-base'
 
 // this is package indepdendent configuration
 ospackage {
-  maintainer 'OpenSearch Team <opensearch@amazon.com>'
+  maintainer 'Wazuh, Inc <info@wazuh.com>'
   summary 'Distributed RESTful search engine built for the cloud'
   packageDescription '''
     Reference documentation can be found at
-    https://github.com/opensearch-project/OpenSearch
+    https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
   '''.stripIndent().trim()
-  url 'https://github.com/opensearch-project/OpenSearch'
+  url 'https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html'
 
   // signing setup
   if (project.hasProperty('signing.password') && BuildParams.isSnapshotBuild() == false) {

diff --git a/distribution/packages/src/rpm/wazuh-indexer-performance-analyzer.service b/distribution/packages/src/rpm/wazuh-indexer-performance-analyzer.service
@@ -0,0 +1,21 @@
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+[Unit]
+Description=wazuh-indexer Performance Analyzer
+
+[Service]
+Type=simple
+ExecStart=/usr/share/wazuh-indexer/bin/wazuh-indexer-performance-analyzer/performance-analyzer-agent-cli
+Restart=on-failure
+User=wazuh-indexer
+Group=wazuh-indexer
+EnvironmentFile=-/etc/sysconfig/wazuh-indexer
+WorkingDirectory=/usr/share/wazuh-indexer
+
+[Install]
+WantedBy=multi-user.target