mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-12-10 00:38:27 -06:00
Bring changes from PR #2054
This commit is contained in:
Victor Carlos Erenu
Jesus Garcia
parent
f42ec2ba7c
commit
32e655ecb7
160
.github/workflows/Procedure_push_docker_images.yml
vendored
160
.github/workflows/Procedure_push_docker_images.yml
vendored
@ -11,10 +11,6 @@ on:
|
||||
docker_reference:
|
||||
description: 'wazuh-docker reference'
|
||||
required: true
|
||||
products:
|
||||
description: 'Comma-separated list of the image names to build and push'
|
||||
default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
|
||||
required: true
|
||||
filebeat_module_version:
|
||||
description: 'Filebeat module version'
|
||||
default: '0.4'
|
||||
@ -23,11 +19,6 @@ on:
|
||||
description: 'Package revision'
|
||||
default: '1'
|
||||
required: true
|
||||
push_images:
|
||||
description: 'Push images'
|
||||
type: boolean
|
||||
default: true
|
||||
required: true
|
||||
id:
|
||||
description: "ID used to identify the workflow uniquely."
|
||||
type: string
|
||||
@ -48,11 +39,6 @@ on:
|
||||
description: 'wazuh-docker reference'
|
||||
required: false
|
||||
type: string
|
||||
products:
|
||||
description: 'Comma-separated list of the image names to build and push'
|
||||
default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
|
||||
required: true
|
||||
type: string
|
||||
filebeat_module_version:
|
||||
description: 'Filebeat module version'
|
||||
default: '0.4'
|
||||
@ -63,11 +49,6 @@ on:
|
||||
default: '1'
|
||||
required: true
|
||||
type: string
|
||||
push_images:
|
||||
description: 'Push images'
|
||||
type: boolean
|
||||
default: true
|
||||
required: true
|
||||
id:
|
||||
description: "ID used to identify the workflow uniquely."
|
||||
type: string
|
||||
@ -82,6 +63,16 @@ jobs:
|
||||
build-and-push:
|
||||
runs-on: ubuntu-22.04
|
||||
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: read
|
||||
|
||||
env:
|
||||
IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
|
||||
IMAGE_TAG: ${{ inputs.image_tag }}
|
||||
FILEBEAT_MODULE_VERSION: ${{ inputs.filebeat_module_version }}
|
||||
REVISION: ${{ inputs.revision }}
|
||||
|
||||
steps:
|
||||
- name: Print inputs
|
||||
run: |
|
||||
@ -96,10 +87,8 @@ jobs:
|
||||
echo "* id: ${{ inputs.id }}"
|
||||
echo "* image_tag: ${{ inputs.image_tag }}"
|
||||
echo "* docker_reference: ${{ inputs.docker_reference }}"
|
||||
echo "* products: ${{ inputs.products }}"
|
||||
echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
|
||||
echo "* revision: ${{ inputs.revision }}"
|
||||
echo "* push_images: ${{ inputs.push_images }}"
|
||||
echo "* dev: ${{ inputs.dev }}"
|
||||
echo "---------------------------------------------"
|
||||
|
||||
@ -108,7 +97,28 @@ jobs:
|
||||
with:
|
||||
ref: ${{ inputs.docker_reference }}
|
||||
|
||||
- name: free disk space
|
||||
uses: ./.github/free-disk-space
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Configure aws credentials
|
||||
if: ${{ inputs.dev == true }}
|
||||
uses: aws-actions/configure-aws-credentials@v4
|
||||
with:
|
||||
role-to-assume: ${{ secrets.AWS_IAM_DOCKER_ROLE }}
|
||||
aws-region: "${{ secrets.AWS_REGION }}"
|
||||
|
||||
- name: Log in to Amazon ECR
|
||||
if: ${{ inputs.dev == true }}
|
||||
uses: aws-actions/amazon-ecr-login@v2
|
||||
|
||||
- name: Log in to Docker Hub
|
||||
if: ${{ inputs.dev == false }}
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
@ -116,7 +126,7 @@ jobs:
|
||||
|
||||
- name: Build Wazuh images
|
||||
run: |
|
||||
IMAGE_TAG=${{ inputs.image_tag }}
|
||||
IMAGE_TAG="${{ inputs.image_tag }}"
|
||||
FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
|
||||
REVISION=${{ inputs.revision }}
|
||||
|
||||
@ -128,13 +138,13 @@ jobs:
|
||||
fi
|
||||
DEV_STAGE=${tokens[1]}
|
||||
WAZUH_VER=${tokens[0]}
|
||||
./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
|
||||
./build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION -rg $IMAGE_REGISTRY -m
|
||||
else
|
||||
./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
|
||||
./build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION -rg $IMAGE_REGISTRY -m
|
||||
fi
|
||||
|
||||
# Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
|
||||
ENV_FILE_PATH=".env"
|
||||
ENV_FILE_PATH="../.env"
|
||||
|
||||
if [ -f $ENV_FILE_PATH ]; then
|
||||
while IFS= read -r line || [ -n "$line" ]; do
|
||||
@ -144,102 +154,4 @@ jobs:
|
||||
echo "The environment file $ENV_FILE_PATH does not exist!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Image exists validation
|
||||
if: ${{ inputs.push_images }}
|
||||
id: validation
|
||||
run: |
|
||||
IMAGE_TAG=${{ inputs.image_tag }}
|
||||
PURPOSE=""
|
||||
|
||||
if [[ "$IMAGE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
if docker manifest inspect wazuh/wazuh-manager:$IMAGE_TAG > /dev/null 2>&1; then
|
||||
PURPOSE="regeneration"
|
||||
echo "Image wazuh/wazuh-manager:$IMAGE_TAG exists. Setting PURPOSE to 'regeneration'"
|
||||
else
|
||||
PURPOSE="new release"
|
||||
echo "Image wazuh/wazuh-manager:$IMAGE_TAG does NOT exist. Setting PURPOSE to 'new release'"
|
||||
fi
|
||||
echo "✅ Release tag: '$IMAGE_TAG'"
|
||||
elif [[ "$IMAGE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+-(alpha|beta|rc)[0-9]+$ ]]; then
|
||||
PURPOSE="new stage"
|
||||
echo "✅ Stage tag: '$IMAGE_TAG'. Setting PURPOSE to 'new stage'"
|
||||
else
|
||||
echo "❌ No release or stage tag ('$IMAGE_TAG'), the GH issue will not be created"
|
||||
fi
|
||||
|
||||
echo "purpose=$PURPOSE" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Tag and Push Wazuh images
|
||||
if: ${{ inputs.push_images }}
|
||||
run: |
|
||||
IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
|
||||
IMAGE_NAMES=${{ inputs.products }}
|
||||
IFS=',' read -r -a images <<< "$IMAGE_NAMES"
|
||||
for image in "${images[@]}"; do
|
||||
echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
|
||||
docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
|
||||
echo "Pushing wazuh/$image:$IMAGE_TAG ..."
|
||||
docker push wazuh/$image:$IMAGE_TAG
|
||||
done
|
||||
|
||||
- name: GH issue notification
|
||||
if: ${{ inputs.push_images && steps.validation.outputs.purpose != '' }}
|
||||
run: |
|
||||
IMAGE_TAG=${{ inputs.image_tag }}
|
||||
GH_TITLE=""
|
||||
GH_MESSAGE=""
|
||||
PURPOSE="${{ steps.validation.outputs.purpose }}"
|
||||
|
||||
## Setting GH issue title
|
||||
GH_TITLE="Artifactory vulnerabilities update \`v$IMAGE_TAG\`"
|
||||
|
||||
## Setting GH issue body
|
||||
GH_MESSAGE=$(cat <<- EOF | tr -d '\r' | sed 's/^[[:space:]]*//'
|
||||
### Description
|
||||
- [ ] Update the [Artifactory vulnerabilities](${{ secrets.NOTIFICATION_SHEET_URL }}) sheet with the \`v$IMAGE_TAG\` vulnerabilities.
|
||||
|
||||
**Purpose**: $PURPOSE
|
||||
>[!NOTE]
|
||||
>To update the \`Tentative Release\` column, follow these steps:
|
||||
https://github.com/wazuh/${{ secrets.NOTIFICATION_REPO }}/issues/2049#issuecomment-2671590268
|
||||
EOF
|
||||
)
|
||||
|
||||
# Print the GH Variables content
|
||||
echo "--- Variable Content ---"
|
||||
echo "$GH_TITLE"
|
||||
echo "------------------------"
|
||||
|
||||
echo "--- Variable Content ---"
|
||||
echo "$GH_MESSAGE"
|
||||
echo "------------------------"
|
||||
|
||||
## GH issue creation
|
||||
ISSUE_URL=$(gh issue create \
|
||||
-R wazuh/${{ secrets.NOTIFICATION_REPO }} \
|
||||
--title "$GH_TITLE" \
|
||||
--body "$GH_MESSAGE" \
|
||||
--label "level/task" \
|
||||
--label "type/maintenance" \
|
||||
--label "request/operational")
|
||||
|
||||
## Adding the issue to the team project
|
||||
PROJECT_ITEM_ID=$(gh project item-add \
|
||||
${{ secrets.NOTIFICATION_PROJECT_NUMBER }} \
|
||||
--url $ISSUE_URL \
|
||||
--owner wazuh \
|
||||
--format json \
|
||||
| jq -r '.id')
|
||||
|
||||
## Setting Objective
|
||||
gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_OBJECTIVE_ID }} --text "Security scans"
|
||||
## Setting Priority
|
||||
gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_OPTION_ID }}
|
||||
## Setting Size
|
||||
gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_OPTION_ID }}
|
||||
## Setting Subteam
|
||||
gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_OPTION_ID }}
|
||||
|
||||
env:
|
||||
GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }}
|
||||
working-directory: ./build-docker-images
|
||||
|
||||
@ -1,8 +1,6 @@
|
||||
WAZUH_IMAGE_VERSION=4.14.3
|
||||
WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
|
||||
WAZUH_TAG_REVISION=1
|
||||
IMAGE_TAG=4.14.3
|
||||
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
|
||||
IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
|
||||
WAZUH_REGISTRY=docker.io
|
||||
|
||||
# Wazuh package generator
|
||||
# Copyright (C) 2023, Wazuh Inc.
|
||||
@ -44,7 +42,7 @@ build() {
|
||||
if [ "${WAZUH_DEV_STAGE}" ];then
|
||||
FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}"
|
||||
if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
|
||||
echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
|
||||
echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}"
|
||||
clean 1
|
||||
fi
|
||||
else
|
||||
@ -58,15 +56,25 @@ build() {
|
||||
fi
|
||||
fi
|
||||
|
||||
echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
|
||||
echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env
|
||||
echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
|
||||
echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env
|
||||
echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
|
||||
echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
|
||||
|
||||
docker compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
|
||||
echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > ../.env
|
||||
echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> ../.env
|
||||
echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> ../.env
|
||||
echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> ../.env
|
||||
echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> ../.env
|
||||
echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> ../.env
|
||||
echo WAZUH_REGISTRY=$WAZUH_REGISTRY >> ../.env
|
||||
echo IMAGE_TAG=$IMAGE_TAG >> ../.env
|
||||
|
||||
set -a
|
||||
source ../.env
|
||||
set +a
|
||||
|
||||
if [ "${MULTIARCH}" ];then
|
||||
docker buildx bake --file build-images.yml --push --set *.platform=linux/amd64,linux/arm64 --no-cache || clean 1
|
||||
else
|
||||
docker buildx bake --file build-images.yml --no-cache|| clean 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
@ -79,7 +87,10 @@ help() {
|
||||
echo " -d, --dev <ref> [Optional] Set the development stage you want to build, example alpha0 or beta1, not used by default."
|
||||
echo " -f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
|
||||
echo " -r, --revision <rev> [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
|
||||
echo " -ref, --reference <ref> [Optional] Set the Wazuh reference to build development images. By default, the latest stable release."
|
||||
echo " -rg, --registry <reg> [Optional] Set the Docker registry to push the images."
|
||||
echo " -v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
|
||||
echo " -m, --multiarch [Optional] Enable multi-architecture builds."
|
||||
echo " -h, --help Show this help."
|
||||
echo
|
||||
exit $1
|
||||
@ -110,6 +121,10 @@ main() {
|
||||
help 1
|
||||
fi
|
||||
;;
|
||||
"-m"|"--multiarch")
|
||||
MULTIARCH="true"
|
||||
shift
|
||||
;;
|
||||
"-r"|"--revision")
|
||||
if [ -n "${2}" ]; then
|
||||
WAZUH_TAG_REVISION="${2}"
|
||||
@ -118,6 +133,22 @@ main() {
|
||||
help 1
|
||||
fi
|
||||
;;
|
||||
"-ref"|"--reference")
|
||||
if [ -n "${2}" ]; then
|
||||
WAZUH_TAG_REFERENCE="${2}"
|
||||
shift 2
|
||||
else
|
||||
help 1
|
||||
fi
|
||||
;;
|
||||
"-rg"|"--registry")
|
||||
if [ -n "${2}" ]; then
|
||||
WAZUH_REGISTRY="${2}"
|
||||
shift 2
|
||||
else
|
||||
help 1
|
||||
fi
|
||||
;;
|
||||
"-v"|"--version")
|
||||
if [ -n "$2" ]; then
|
||||
WAZUH_IMAGE_VERSION="$2"
|
||||
@ -136,4 +167,4 @@ main() {
|
||||
clean 0
|
||||
}
|
||||
|
||||
main "$@"
|
||||
main "$@"
|
||||
@ -8,7 +8,7 @@ services:
|
||||
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
|
||||
FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH}
|
||||
WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE}
|
||||
image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION}
|
||||
image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG}
|
||||
hostname: wazuh.manager
|
||||
restart: always
|
||||
ports:
|
||||
@ -40,7 +40,7 @@ services:
|
||||
args:
|
||||
WAZUH_VERSION: ${WAZUH_VERSION}
|
||||
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
|
||||
image: wazuh/wazuh-agent:${WAZUH_IMAGE_VERSION}
|
||||
image: ${WAZUH_REGISTRY}/wazuh/wazuh-agent:${IMAGE_TAG}
|
||||
hostname: wazuh.agent
|
||||
restart: always
|
||||
|
||||
@ -50,7 +50,7 @@ services:
|
||||
args:
|
||||
WAZUH_VERSION: ${WAZUH_VERSION}
|
||||
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
|
||||
image: wazuh/wazuh-indexer:${WAZUH_IMAGE_VERSION}
|
||||
image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG}
|
||||
hostname: wazuh.indexer
|
||||
restart: always
|
||||
ports:
|
||||
@ -72,7 +72,7 @@ services:
|
||||
WAZUH_VERSION: ${WAZUH_VERSION}
|
||||
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
|
||||
WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
|
||||
image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
|
||||
image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG}
|
||||
hostname: wazuh.dashboard
|
||||
restart: always
|
||||
ports:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user