wazuh/wazuh-docker
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-12-10 00:38:27 -06:00
Code Issues Packages Projects Releases 118 Wiki Activity

Bring changes from PR #2054

Browse Source
This commit is contained in:
Victor Carlos Erenu 2025-10-28 01:09:49 +07:00 committed by Jesus Garcia
parent f42ec2ba7c
commit 32e655ecb7
No known key found for this signature in database
GPG Key ID: 8461CA78326C96C9
3 changed files with 84 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
.github/workflows/Procedure_push_docker_images.yml vendored
View File

@ -11,10 +11,6 @@ on:
docker_reference:
description: 'wazuh-docker reference'
required: true
products:
description: 'Comma-separated list of the image names to build and push'
default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
required: true
filebeat_module_version:
description: 'Filebeat module version'
default: '0.4'
@ -23,11 +19,6 @@ on:
description: 'Package revision'
default: '1'
required: true
push_images:
description: 'Push images'
type: boolean
default: true
required: true
id:
description: "ID used to identify the workflow uniquely."
type: string
@ -48,11 +39,6 @@ on:
description: 'wazuh-docker reference'
required: false
type: string
products:
description: 'Comma-separated list of the image names to build and push'
default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
required: true
type: string
filebeat_module_version:
description: 'Filebeat module version'
default: '0.4'
@ -63,11 +49,6 @@ on:
default: '1'
required: true
type: string
push_images:
description: 'Push images'
type: boolean
default: true
required: true
id:
description: "ID used to identify the workflow uniquely."
type: string
@ -82,6 +63,16 @@ jobs:
build-and-push:
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
env:
IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
IMAGE_TAG: ${{ inputs.image_tag }}
FILEBEAT_MODULE_VERSION: ${{ inputs.filebeat_module_version }}
REVISION: ${{ inputs.revision }}
steps:
- name: Print inputs
run: |
@ -96,10 +87,8 @@ jobs:
echo "* id: ${{ inputs.id }}"
echo "* image_tag: ${{ inputs.image_tag }}"
echo "* docker_reference: ${{ inputs.docker_reference }}"
echo "* products: ${{ inputs.products }}"
echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
echo "* revision: ${{ inputs.revision }}"
echo "* push_images: ${{ inputs.push_images }}"
echo "* dev: ${{ inputs.dev }}"
echo "---------------------------------------------"
@ -108,7 +97,28 @@ jobs:
with:
ref: ${{ inputs.docker_reference }}
- name: free disk space
uses: ./.github/free-disk-space
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure aws credentials
if: ${{ inputs.dev == true }}
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_DOCKER_ROLE }}
aws-region: "${{ secrets.AWS_REGION }}"
- name: Log in to Amazon ECR
if: ${{ inputs.dev == true }}
uses: aws-actions/amazon-ecr-login@v2
- name: Log in to Docker Hub
if: ${{ inputs.dev == false }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
@ -116,7 +126,7 @@ jobs:
- name: Build Wazuh images
run: |
IMAGE_TAG=${{ inputs.image_tag }}
IMAGE_TAG="${{ inputs.image_tag }}"
FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
REVISION=${{ inputs.revision }}
@ -128,13 +138,13 @@ jobs:
fi
DEV_STAGE=${tokens[1]}
WAZUH_VER=${tokens[0]}
./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION
./build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION -rg $IMAGE_REGISTRY -m
else
./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION
./build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION -rg $IMAGE_REGISTRY -m
fi
# Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
ENV_FILE_PATH=".env"
ENV_FILE_PATH="../.env"
if [ -f $ENV_FILE_PATH ]; then
while IFS= read -r line || [ -n "$line" ]; do
@ -144,102 +154,4 @@ jobs:
echo "The environment file $ENV_FILE_PATH does not exist!"
exit 1
fi
- name: Image exists validation
if: ${{ inputs.push_images }}
id: validation
run: |
IMAGE_TAG=${{ inputs.image_tag }}
PURPOSE=""
if [[ "$IMAGE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
if docker manifest inspect wazuh/wazuh-manager:$IMAGE_TAG > /dev/null 2>&1; then
PURPOSE="regeneration"
echo "Image wazuh/wazuh-manager:$IMAGE_TAG exists. Setting PURPOSE to 'regeneration'"
else
PURPOSE="new release"
echo "Image wazuh/wazuh-manager:$IMAGE_TAG does NOT exist. Setting PURPOSE to 'new release'"
fi
echo "✅ Release tag: '$IMAGE_TAG'"
elif [[ "$IMAGE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+-(alpha|beta|rc)[0-9]+$ ]]; then
PURPOSE="new stage"
echo "✅ Stage tag: '$IMAGE_TAG'. Setting PURPOSE to 'new stage'"
else
echo "❌ No release or stage tag ('$IMAGE_TAG'), the GH issue will not be created"
fi
echo "purpose=$PURPOSE" >> $GITHUB_OUTPUT
- name: Tag and Push Wazuh images
if: ${{ inputs.push_images }}
run: |
IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
IMAGE_NAMES=${{ inputs.products }}
IFS=',' read -r -a images <<< "$IMAGE_NAMES"
for image in "${images[@]}"; do
echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
echo "Pushing wazuh/$image:$IMAGE_TAG ..."
docker push wazuh/$image:$IMAGE_TAG
done
- name: GH issue notification
if: ${{ inputs.push_images && steps.validation.outputs.purpose != '' }}
run: |
IMAGE_TAG=${{ inputs.image_tag }}
GH_TITLE=""
GH_MESSAGE=""
PURPOSE="${{ steps.validation.outputs.purpose }}"
## Setting GH issue title
GH_TITLE="Artifactory vulnerabilities update \`v$IMAGE_TAG\`"
## Setting GH issue body
GH_MESSAGE=$(cat <<- EOF | tr -d '\r' | sed 's/^[[:space:]]*//'
### Description
- [ ] Update the [Artifactory vulnerabilities](${{ secrets.NOTIFICATION_SHEET_URL }}) sheet with the \`v$IMAGE_TAG\` vulnerabilities.
**Purpose**: $PURPOSE
>[!NOTE]
>To update the \`Tentative Release\` column, follow these steps:
https://github.com/wazuh/${{ secrets.NOTIFICATION_REPO }}/issues/2049#issuecomment-2671590268
EOF
)
# Print the GH Variables content
echo "--- Variable Content ---"
echo "$GH_TITLE"
echo "------------------------"
echo "--- Variable Content ---"
echo "$GH_MESSAGE"
echo "------------------------"
## GH issue creation
ISSUE_URL=$(gh issue create \
-R wazuh/${{ secrets.NOTIFICATION_REPO }} \
--title "$GH_TITLE" \
--body "$GH_MESSAGE" \
--label "level/task" \
--label "type/maintenance" \
--label "request/operational")
## Adding the issue to the team project
PROJECT_ITEM_ID=$(gh project item-add \
${{ secrets.NOTIFICATION_PROJECT_NUMBER }} \
--url $ISSUE_URL \
--owner wazuh \
--format json \
| jq -r '.id')
## Setting Objective
gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_OBJECTIVE_ID }} --text "Security scans"
## Setting Priority
gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_OPTION_ID }}
## Setting Size
gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_OPTION_ID }}
## Setting Subteam
gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_OPTION_ID }}
env:
GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }}
working-directory: ./build-docker-images

53
build-docker-images/build-images.sh
View File

@ -1,8 +1,6 @@
WAZUH_IMAGE_VERSION=4.14.3
WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
WAZUH_TAG_REVISION=1
IMAGE_TAG=4.14.3
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
WAZUH_REGISTRY=docker.io
# Wazuh package generator
# Copyright (C) 2023, Wazuh Inc.
@ -58,15 +56,25 @@ build() {
fi
fi
echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env
echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env
echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env
echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env
echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
docker compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > ../.env
echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> ../.env
echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> ../.env
echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> ../.env
echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> ../.env
echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> ../.env
echo WAZUH_REGISTRY=$WAZUH_REGISTRY >> ../.env
echo IMAGE_TAG=$IMAGE_TAG >> ../.env
set -a
source ../.env
set +a
if [ "${MULTIARCH}" ];then
docker buildx bake --file build-images.yml --push --set *.platform=linux/amd64,linux/arm64 --no-cache || clean 1
else
docker buildx bake --file build-images.yml --no-cache|| clean 1
fi
return 0
}
@ -79,7 +87,10 @@ help() {
echo " -d, --dev <ref> [Optional] Set the development stage you want to build, example alpha0 or beta1, not used by default."
echo " -f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
echo " -r, --revision <rev> [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
echo " -ref, --reference <ref> [Optional] Set the Wazuh reference to build development images. By default, the latest stable release."
echo " -rg, --registry <reg> [Optional] Set the Docker registry to push the images."
echo " -v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
echo " -m, --multiarch [Optional] Enable multi-architecture builds."
echo " -h, --help Show this help."
echo
exit $1
@ -110,6 +121,10 @@ main() {
help 1
fi
;;
"-m"|"--multiarch")
MULTIARCH="true"
shift
;;
"-r"|"--revision")
if [ -n "${2}" ]; then
WAZUH_TAG_REVISION="${2}"
@ -118,6 +133,22 @@ main() {
help 1
fi
;;
"-ref"|"--reference")
if [ -n "${2}" ]; then
WAZUH_TAG_REFERENCE="${2}"
shift 2
else
help 1
fi
;;
"-rg"|"--registry")
if [ -n "${2}" ]; then
WAZUH_REGISTRY="${2}"
shift 2
else
help 1
fi
;;
"-v"|"--version")
if [ -n "$2" ]; then
WAZUH_IMAGE_VERSION="$2"

8
build-docker-images/build-images.yml
View File

@ -8,7 +8,7 @@ services:
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH}
WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE}
image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION}
image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG}
hostname: wazuh.manager
restart: always
ports:
@ -40,7 +40,7 @@ services:
args:
WAZUH_VERSION: ${WAZUH_VERSION}
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
image: wazuh/wazuh-agent:${WAZUH_IMAGE_VERSION}
image: ${WAZUH_REGISTRY}/wazuh/wazuh-agent:${IMAGE_TAG}
hostname: wazuh.agent
restart: always
@ -50,7 +50,7 @@ services:
args:
WAZUH_VERSION: ${WAZUH_VERSION}
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
image: wazuh/wazuh-indexer:${WAZUH_IMAGE_VERSION}
image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG}
hostname: wazuh.indexer
restart: always
ports:
@ -72,7 +72,7 @@ services:
WAZUH_VERSION: ${WAZUH_VERSION}
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION}
image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG}
hostname: wazuh.dashboard
restart: always
ports: