Skip to content

Build AMI - Wazuh 4.9.0 Version - Launched by @Enaraque #38

Build AMI - Wazuh 4.9.0 Version - Launched by @Enaraque

Build AMI - Wazuh 4.9.0 Version - Launched by @Enaraque #38

run-name: Build AMI - Wazuh ${{ inputs.PACKAGE_VERSION }} Version - Launched by @${{ github.actor }}
name: Build AMI
on:
workflow_dispatch:
inputs:
PACKAGE_VERSION:
description: 'Wazuh version to build'
required: true
default: '4.10.0'
WAZUH_VIRTUAL_MACHINES_REFERENCE:
description: 'Branch or tag of the wazuh-virtual-machines repository where the workflow will be triggered'
required: true
default: '4.10.0'
WAZUH_AUTOMATION_REFERENCE:
description: 'Branch or tag of the wazuh-automation repository'
required: true
default: '4.10.0'
WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
description: 'Branch or tag of the wazuh-installation-assistant repository'
required: true
default: '4.10.0'
VERBOSITY:
description: 'Verbosity level for the ansible-playbook command'
required: false
default: '-v'
SUFFIX_AMI:
description: 'Suffix to add to the AMI name, must begin with "_" without quotes. For pre-relase, use -1'
required: false
default: '-1'
DESTROY:
type: boolean
description: 'Destroy the base instance after the AMI is created'
required: false
default: true
env:
COMPOSITE_NAME: "linux-amazon-2-amd64"
permissions:
id-token: write
contents: read
jobs:
Build_AMI:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: View parameters
run: echo "${{ toJson(inputs) }}"
- name: Checkout wazuh/wazuh-automation repository
uses: actions/checkout@v4
with:
repository: wazuh/wazuh-automation
ref: ${{ inputs.WAZUH_AUTOMATION_REFERENCE }}
token: ${{ secrets.GH_CLONE_TOKEN }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.AWS_IAM_OVA_ROLE }}
aws-region: us-east-1
- name: Install Ansible
run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16
- name: Ansible version
run: ansible --version
- name: Install and set allocator requirements
run: |
pip3 install -r deployability/deps/requirements.txt
- name: Execute allocator module that will create the base instance
id: alloc_vm_ami
run: |
python3 deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name ${{ env.COMPOSITE_NAME }} --working-dir /tmp/allocatorvm_ami \
--track-output /tmp/allocatorvm_ami/track.yml --inventory-output /tmp/allocatorvm_ami/inventory.yml --instance-name gha_${{ github.run_id }}_ami_build \
--label-team devops --label-termination-date 1d
sed 's/: */=/g' /tmp/allocatorvm_ami/inventory.yml > /tmp/allocatorvm_ami/inventory_mod.yml
sed -n 's/^identifier: \(.*\)$/identifier=\1/p' /tmp/allocatorvm_ami/track.yml >> /tmp/allocatorvm_ami/inventory_mod.yml
source /tmp/allocatorvm_ami/inventory_mod.yml
echo "::add-mask::$ansible_host"
echo "::add-mask::$ansible_port"
echo "::add-mask::$ansible_user"
echo "::add-mask::$ansible_ssh_private_key_file"
echo "::add-mask::$ansible_ssh_common_args"
echo "::add-mask::$identifier"
cat "/tmp/allocatorvm_ami/inventory_mod.yml" >> $GITHUB_ENV;
- name: Generate inventory
run: |
echo "[gha_instance]" > /tmp/allocatorvm_ami/inventory_ansible.ini
echo "${{ env.ansible_host }} ansible_port=${{ env.ansible_port }} ansible_user=${{ env.ansible_user }} ansible_ssh_private_key_file=${{ env.ansible_ssh_private_key_file }} ansible_ssh_common_args='${{ env.ansible_ssh_common_args }}'" >> /tmp/allocatorvm_ami/inventory_ansible.ini
- name: Checkout wazuh/wazuh-virtual-machines repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.WAZUH_VIRTUAL_MACHINES_REFERENCE }}
- name: Run Ansible playbook to configure wazuh-user user
run: |
ansible-playbook -i /tmp/allocatorvm_ami/inventory_ansible.ini .github/workflows/ansible_playbooks/wazuh_user_configuration.yaml
- name: Run Ansible playbook to install Wazuh components
run: |
ansible-playbook -i /tmp/allocatorvm_ami/inventory_ansible.ini ami/playbooks/build_ami_packages.yaml --extra-vars "installation_assistant_reference=${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }}" ${{ inputs.VERBOSITY }}
- name: Stop instance
run: |
aws ec2 stop-instances --instance-ids ${{ env.identifier }}
- name: Check EC2 instance status until stopped
id: check_status
run: |
TIMEOUT=120
INTERVAL=2
ELAPSED=0
while [ $ELAPSED -lt $TIMEOUT ]; do
STATUS=$(aws ec2 describe-instances --instance-ids ${{ env.identifier }} --query 'Reservations[*].Instances[*].State.Name' --output text)
echo "Instance status: $STATUS"
if [ "$STATUS" == "stopped" ]; then
echo "Instance is stopped."
break
fi
echo "Waiting for instance to stop..."
sleep $INTERVAL
ELAPSED=$((ELAPSED + INTERVAL))
done
if [ $ELAPSED -ge $TIMEOUT ]; then
echo "Timeout reached. The instance is still not stopped."
exit 1
fi
- name: Build AMI from instance
if: success()
run: |
AMI_NAME="Wazuh_v${{ inputs.PACKAGE_VERSION }}-${{ inputs.SUFFIX_AMI }}"
aws ec2 create-image --instance-id ${{ env.identifier }} --name "$AMI_NAME" --no-reboot
echo "AMI creation started with name $AMI_NAME"
- name: Tag AMI
if: success()
run: |
AMI_ID=$(aws ec2 describe-images --filters "Name=name,Values=Wazuh_v${{ inputs.PACKAGE_VERSION }}${{ inputs.SUFFIX_AMI }}" --query 'Images[*].ImageId' --output text)
aws ec2 create-tags --resources $AMI_ID --tags Key=Name,Value="Wazuh_v${{ inputs.PACKAGE_VERSION }}${{ inputs.SUFFIX_AMI }}"
- name: Delete base instance
if: ${{ inputs.DESTROY }}
run: |
aws ec2 terminate-instances --instance-ids ${{ env.identifier }}
echo "Base instance terminated"