Build AMI - Wazuh 4.9.0 Version - Launched by @Enaraque #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
run-name: Build AMI - Wazuh ${{ inputs.PACKAGE_VERSION }} Version - Launched by @${{ github.actor }} | |
name: Build AMI | |
on: | |
workflow_dispatch: | |
inputs: | |
PACKAGE_VERSION: | |
description: 'Wazuh version to build' | |
required: true | |
default: '4.10.0' | |
WAZUH_VIRTUAL_MACHINES_REFERENCE: | |
description: 'Branch or tag of the wazuh-virtual-machines repository where the workflow will be triggered' | |
required: true | |
default: '4.10.0' | |
WAZUH_AUTOMATION_REFERENCE: | |
description: 'Branch or tag of the wazuh-automation repository' | |
required: true | |
default: '4.10.0' | |
WAZUH_INSTALLATION_ASSISTANT_REFERENCE: | |
description: 'Branch or tag of the wazuh-installation-assistant repository' | |
required: true | |
default: '4.10.0' | |
VERBOSITY: | |
description: 'Verbosity level for the ansible-playbook command' | |
required: false | |
default: '-v' | |
SUFFIX_AMI: | |
description: 'Suffix to add to the AMI name, must begin with "_" without quotes. For pre-relase, use -1' | |
required: false | |
default: '-1' | |
DESTROY: | |
type: boolean | |
description: 'Destroy the base instance after the AMI is created' | |
required: false | |
default: true | |
env: | |
COMPOSITE_NAME: "linux-amazon-2-amd64" | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
Build_AMI: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: View parameters | |
run: echo "${{ toJson(inputs) }}" | |
- name: Checkout wazuh/wazuh-automation repository | |
uses: actions/checkout@v4 | |
with: | |
repository: wazuh/wazuh-automation | |
ref: ${{ inputs.WAZUH_AUTOMATION_REFERENCE }} | |
token: ${{ secrets.GH_CLONE_TOKEN }} | |
- name: Configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: ${{ secrets.AWS_IAM_OVA_ROLE }} | |
aws-region: us-east-1 | |
- name: Install Ansible | |
run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16 | |
- name: Ansible version | |
run: ansible --version | |
- name: Install and set allocator requirements | |
run: | | |
pip3 install -r deployability/deps/requirements.txt | |
- name: Execute allocator module that will create the base instance | |
id: alloc_vm_ami | |
run: | | |
python3 deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name ${{ env.COMPOSITE_NAME }} --working-dir /tmp/allocatorvm_ami \ | |
--track-output /tmp/allocatorvm_ami/track.yml --inventory-output /tmp/allocatorvm_ami/inventory.yml --instance-name gha_${{ github.run_id }}_ami_build \ | |
--label-team devops --label-termination-date 1d | |
sed 's/: */=/g' /tmp/allocatorvm_ami/inventory.yml > /tmp/allocatorvm_ami/inventory_mod.yml | |
sed -n 's/^identifier: \(.*\)$/identifier=\1/p' /tmp/allocatorvm_ami/track.yml >> /tmp/allocatorvm_ami/inventory_mod.yml | |
source /tmp/allocatorvm_ami/inventory_mod.yml | |
echo "::add-mask::$ansible_host" | |
echo "::add-mask::$ansible_port" | |
echo "::add-mask::$ansible_user" | |
echo "::add-mask::$ansible_ssh_private_key_file" | |
echo "::add-mask::$ansible_ssh_common_args" | |
echo "::add-mask::$identifier" | |
cat "/tmp/allocatorvm_ami/inventory_mod.yml" >> $GITHUB_ENV; | |
- name: Generate inventory | |
run: | | |
echo "[gha_instance]" > /tmp/allocatorvm_ami/inventory_ansible.ini | |
echo "${{ env.ansible_host }} ansible_port=${{ env.ansible_port }} ansible_user=${{ env.ansible_user }} ansible_ssh_private_key_file=${{ env.ansible_ssh_private_key_file }} ansible_ssh_common_args='${{ env.ansible_ssh_common_args }}'" >> /tmp/allocatorvm_ami/inventory_ansible.ini | |
- name: Checkout wazuh/wazuh-virtual-machines repository | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.WAZUH_VIRTUAL_MACHINES_REFERENCE }} | |
- name: Run Ansible playbook to configure wazuh-user user | |
run: | | |
ansible-playbook -i /tmp/allocatorvm_ami/inventory_ansible.ini .github/workflows/ansible_playbooks/wazuh_user_configuration.yaml | |
- name: Run Ansible playbook to install Wazuh components | |
run: | | |
ansible-playbook -i /tmp/allocatorvm_ami/inventory_ansible.ini ami/playbooks/build_ami_packages.yaml --extra-vars "installation_assistant_reference=${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }}" ${{ inputs.VERBOSITY }} | |
- name: Stop instance | |
run: | | |
aws ec2 stop-instances --instance-ids ${{ env.identifier }} | |
- name: Check EC2 instance status until stopped | |
id: check_status | |
run: | | |
TIMEOUT=120 | |
INTERVAL=2 | |
ELAPSED=0 | |
while [ $ELAPSED -lt $TIMEOUT ]; do | |
STATUS=$(aws ec2 describe-instances --instance-ids ${{ env.identifier }} --query 'Reservations[*].Instances[*].State.Name' --output text) | |
echo "Instance status: $STATUS" | |
if [ "$STATUS" == "stopped" ]; then | |
echo "Instance is stopped." | |
break | |
fi | |
echo "Waiting for instance to stop..." | |
sleep $INTERVAL | |
ELAPSED=$((ELAPSED + INTERVAL)) | |
done | |
if [ $ELAPSED -ge $TIMEOUT ]; then | |
echo "Timeout reached. The instance is still not stopped." | |
exit 1 | |
fi | |
- name: Build AMI from instance | |
if: success() | |
run: | | |
AMI_NAME="Wazuh_v${{ inputs.PACKAGE_VERSION }}-${{ inputs.SUFFIX_AMI }}" | |
aws ec2 create-image --instance-id ${{ env.identifier }} --name "$AMI_NAME" --no-reboot | |
echo "AMI creation started with name $AMI_NAME" | |
- name: Tag AMI | |
if: success() | |
run: | | |
AMI_ID=$(aws ec2 describe-images --filters "Name=name,Values=Wazuh_v${{ inputs.PACKAGE_VERSION }}${{ inputs.SUFFIX_AMI }}" --query 'Images[*].ImageId' --output text) | |
aws ec2 create-tags --resources $AMI_ID --tags Key=Name,Value="Wazuh_v${{ inputs.PACKAGE_VERSION }}${{ inputs.SUFFIX_AMI }}" | |
- name: Delete base instance | |
if: ${{ inputs.DESTROY }} | |
run: | | |
aws ec2 terminate-instances --instance-ids ${{ env.identifier }} | |
echo "Base instance terminated" |