Skip to content

Build AMI - Wazuh 4.9.0 Version - Launched by @Enaraque #47

Build AMI - Wazuh 4.9.0 Version - Launched by @Enaraque

Build AMI - Wazuh 4.9.0 Version - Launched by @Enaraque #47

run-name: Build AMI - Wazuh ${{ inputs.PACKAGE_VERSION }} Version - Launched by @${{ github.actor }}
name: Build AMI
on:
workflow_dispatch:
inputs:
PACKAGE_VERSION:
description: 'Wazuh version to build'
required: true
default: '4.10.0'
WAZUH_VIRTUAL_MACHINES_REFERENCE:
description: 'Branch or tag of the wazuh-virtual-machines repository where the workflow will be triggered'
required: true
default: '4.10.0'
WAZUH_AUTOMATION_REFERENCE:
description: 'Branch or tag of the wazuh-automation repository'
required: true
default: '4.10.0'
WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
description: 'Branch or tag of the wazuh-installation-assistant repository'
required: true
default: '4.10.0'
VERBOSITY:
description: 'Verbosity level on playbooks execution'
required: true
default: '-v'
type: choice
options:
- -v
- -vv
- -vvv
- -vvvv
SUFFIX_AMI:
description: 'Suffix to add to the AMI name, must begin with "_" without quotes. For pre-relase, use -1'
required: false
default: '-1'
DESTROY:
type: boolean
description: 'Destroy the base instance after the AMI is created'
required: false
default: true
env:
COMPOSITE_NAME: "linux-amazon-2-ami-amd64"
permissions:
id-token: write
contents: read
jobs:
Build_AMI:
runs-on: ubuntu-latest
steps:
- name: View parameters
run: echo "${{ toJson(inputs) }}"
- name: Checkout wazuh/wazuh-virtual-machines repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.WAZUH_VIRTUAL_MACHINES_REFERENCE }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.AWS_IAM_OVA_ROLE }}
aws-region: us-east-1
- name: Install Ansible
run: sudo apt-get update && sudo apt install -y python3 && python3 -m pip install --user ansible-core==2.16
- name: Ansible version
run: ansible --version
- name: Checkout wazuh/wazuh-automation repository
uses: actions/checkout@v4
with:
repository: wazuh/wazuh-automation
ref: ${{ inputs.WAZUH_AUTOMATION_REFERENCE }}
token: ${{ secrets.GH_CLONE_TOKEN }}
path: wazuh-automation
- name: Install and set allocator requirements
run: |
pip3 install -r wazuh-automation/deployability/deps/requirements.txt
- name: Execute allocator module that will create the base instance
id: alloc_vm_ami
run: |
python3 wazuh-automation/deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name ${{ env.COMPOSITE_NAME }} --working-dir /tmp/allocatorvm_ami \
--track-output /tmp/allocatorvm_ami/track.yml --inventory-output /tmp/allocatorvm_ami/inventory.yml --instance-name gha_${{ github.run_id }}_ami_build \
--label-team devops --label-termination-date 1d
sed 's/: */=/g' /tmp/allocatorvm_ami/inventory.yml > /tmp/allocatorvm_ami/inventory_mod.yml
sed -n 's/^identifier: \(.*\)$/identifier=\1/p' /tmp/allocatorvm_ami/track.yml >> /tmp/allocatorvm_ami/inventory_mod.yml
source /tmp/allocatorvm_ami/inventory_mod.yml
echo "::add-mask::$ansible_host"
echo "::add-mask::$ansible_port"
echo "::add-mask::$ansible_user"
echo "::add-mask::$ansible_ssh_private_key_file"
echo "::add-mask::$ansible_ssh_common_args"
echo "::add-mask::$identifier"
cat "/tmp/allocatorvm_ami/inventory_mod.yml" >> $GITHUB_ENV;
- name: Generate inventory
run: |
echo "[gha_instance]" > /tmp/allocatorvm_ami/inventory_ansible.ini
echo "${{ env.ansible_host }} ansible_port=${{ env.ansible_port }} ansible_user=${{ env.ansible_user }} ansible_ssh_private_key_file=${{ env.ansible_ssh_private_key_file }} ansible_ssh_common_args='${{ env.ansible_ssh_common_args }}'" >> /tmp/allocatorvm_ami/inventory_ansible.ini
- name: Run Ansible playbook to install Wazuh components
run: |
ansible-playbook -i /tmp/allocatorvm_ami/inventory_ansible.ini ami/playbooks/build_ami_packages.yaml --extra-vars "installation_assistant_reference=${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }}" ${{ inputs.VERBOSITY }}
- name: Stop instance
run: |
aws ec2 stop-instances --instance-ids ${{ env.identifier }}
- name: Check EC2 instance status until stopped
id: check_status
run: |
TIMEOUT=120
INTERVAL=2
ELAPSED=0
while [ $ELAPSED -lt $TIMEOUT ]; do
STATUS=$(aws ec2 describe-instances --instance-ids ${{ env.identifier }} --query 'Reservations[*].Instances[*].State.Name' --output text)
echo "Instance status: $STATUS"
if [ "$STATUS" == "stopped" ]; then
echo "Instance is stopped."
break
fi
echo "Waiting for instance to stop..."
sleep $INTERVAL
ELAPSED=$((ELAPSED + INTERVAL))
done
if [ $ELAPSED -ge $TIMEOUT ]; then
echo "Timeout reached. The instance is still not stopped."
exit 1
fi
- name: Build AMI from instance
if: success()
run: |
AMI_NAME="Wazuh_v${{ inputs.PACKAGE_VERSION }}${{ inputs.SUFFIX_AMI }}"
aws ec2 create-image --instance-id ${{ env.identifier }} --name "$AMI_NAME" --no-reboot
AMI_ID=$(aws ec2 describe-images --filters "Name=name,Values=$AMI_NAME" --query 'Images[*].ImageId' --output text)
echo "AMI_ID=$AMI_ID" >> $GITHUB_ENV
echo "AMI creation started with name $AMI_NAME"
- name: Check AMI status until available
id: check_ami_status
run: |
TIMEOUT=1800
INTERVAL=30
ELAPSED=0
while [ $ELAPSED -lt $TIMEOUT ]; do
STATUS=$(aws ec2 describe-images --image-ids ${{ env.AMI_ID }} --query 'Images[*].State' --output text)
echo "AMI status: $STATUS"
if [ "$STATUS" == "available" ]; then
echo "AMI is available."
break
fi
echo "Waiting for AMI ${{ env.AMI_ID }} to be available..."
sleep $INTERVAL
ELAPSED=$((ELAPSED + INTERVAL))
done
if [ $ELAPSED -ge $TIMEOUT ]; then
echo "Timeout reached. The AMI ${{ env.AMI_ID }} is still not available."
exit 1
fi
- name: Tag AMI
if: success()
run: |
aws ec2 create-tags --resources ${{ env.AMI_ID }} --tags Key=Name,Value="Wazuh_v${{ inputs.PACKAGE_VERSION }}${{ inputs.SUFFIX_AMI }}"
- name: Delete allocated VM
if: always() && steps.alloc_vm_ami.outcome == 'success' && inputs.DESTROY == true
run: python3 wazuh-automation/deployability/modules/allocation/main.py --action delete --track-output /tmp/allocatorvm_ami/track.yml
- name: Generate directory for artifacts
id: generate_artifacts
if: always() && steps.alloc_vm_ami.outcome == 'success' && inputs.DESTROY == false
run: |
mkdir -p $GITHUB_WORKSPACE/instance_info
cp -r /tmp/allocatorvm_ami $GITHUB_WORKSPACE/instance_info
zip -r -P ${{ secrets.ZIP_ARTIFACTS_PASSWORD }} $GITHUB_WORKSPACE/instance_info.zip $GITHUB_WORKSPACE/instance_info
- name: List artifacts directory
if: always()
run: ls -la $GITHUB_WORKSPACE
- name: Upload artifacts
if: always() && steps.generate_artifacts.outcome == 'success'
uses: actions/upload-artifact@v4
with:
name: instance_info
path: $GITHUB_WORKSPACE/instance_info.zip