From 91cda37b1f7ad871ffd46f5c44956b126f5c9b68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 12 Nov 2025 12:15:37 -0300 Subject: [PATCH 01/11] GH notification changes for image publication --- .../Procedure_push_docker_images.yml | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 7947694e..8a957aaf 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -145,6 +145,30 @@ jobs: exit 1 fi + - name: Image exists validation + if: ${{ !inputs.push_images }} + id: validation + run: | + IMAGE_TAG=${{ inputs.image_tag }} + PURPOSE="" + + if [[ "$IMAGE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + if docker manifest inspect wazuh/wazuh-manager:$IMAGE_TAG > /dev/null 2>&1; then + PURPOSE="regeneration" + echo "Image wazuh/wazuh-manager:$IMAGE_TAG exists. Setting PURPOSE to 'regeneration'" + else + echo "Image wazuh/wazuh-manager:$IMAGE_TAG does NOT exist. Setting PURPOSE to 'new release'" + fi + echo "✅ Release tag: '$IMAGE_TAG'" + elif [[ "$IMAGE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+-(alpha|beta|rc)[0-9]+$ ]]; then + PURPOSE="new stage" + echo "✅ Stage tag: '$IMAGE_TAG'. Setting PURPOSE to 'new stage'" + else + echo "❌ No release or stage tag ('$IMAGE_TAG'), the GH issue will not be created" + fi + + echo "purpose=$PURPOSE" >> $GITHUB_OUTPUT + - name: Tag and Push Wazuh images if: ${{ inputs.push_images }} run: | @@ -157,3 +181,31 @@ jobs: echo "Pushing wazuh/$image:$IMAGE_TAG ..." docker push wazuh/$image:$IMAGE_TAG done + + - name: GH issue notification + if: ${{ inputs.push_images && steps.validation.outputs.purpose != '' }} + run: | + IMAGE_TAG=${{ inputs.image_tag }} + GH_MESSAGE="" + GH_TITLE="" + PURPOSE="${{ steps.validation.outputs.purpose }}"" + + GH_TITLE="Artifactory vulnerabilities update \`$IMAGE_TAG\`" + read -r -d '' GH_MESSAGE << EOF + ## Description + - [ ] Update the [Artifactory vulnerabilities](https://docs.google.com/spreadsheets/d/1ZtkyvmZ_CS9fa0nEmZf9sZb4a3o65_HoMP1g83XmlK0/edit?usp=sharing) sheet with the \`$IMAGE_TAG\` vulnerabilities. + + >[!NOTE] + >To update the \`Tentative Release\` column, follow these steps: + https://github.com/wazuh/wazuh-automation/issues/2049#issuecomment-2671590268 + EOF + + # Print the GH Variables content + echo "--- Variable Content ---" + echo "$GH_TITLE" + echo "------------------------" + + echo "--- Variable Content ---" + echo "$GH_MESSAGE" + echo "------------------------" + From 5103da8dabc84ad65b337144ebf685d4b9866182 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 12 Nov 2025 14:32:45 -0300 Subject: [PATCH 02/11] GH notification test change --- .github/workflows/Procedure_push_docker_images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 8a957aaf..f71fac52 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -183,7 +183,7 @@ jobs: done - name: GH issue notification - if: ${{ inputs.push_images && steps.validation.outputs.purpose != '' }} + if: ${{ !inputs.push_images && steps.validation.outputs.purpose != '' }} run: | IMAGE_TAG=${{ inputs.image_tag }} GH_MESSAGE="" From 16de0735a9831b0d3ba1408fe49b7746ef894c49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 12 Nov 2025 16:21:17 -0300 Subject: [PATCH 03/11] GH notification identation fix --- .github/workflows/Procedure_push_docker_images.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index f71fac52..58a83873 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -157,6 +157,7 @@ jobs: PURPOSE="regeneration" echo "Image wazuh/wazuh-manager:$IMAGE_TAG exists. Setting PURPOSE to 'regeneration'" else + PURPOSE="new release" echo "Image wazuh/wazuh-manager:$IMAGE_TAG does NOT exist. Setting PURPOSE to 'new release'" fi echo "✅ Release tag: '$IMAGE_TAG'" @@ -186,19 +187,22 @@ jobs: if: ${{ !inputs.push_images && steps.validation.outputs.purpose != '' }} run: | IMAGE_TAG=${{ inputs.image_tag }} - GH_MESSAGE="" GH_TITLE="" - PURPOSE="${{ steps.validation.outputs.purpose }}"" + GH_MESSAGE="" + PURPOSE="${{ steps.validation.outputs.purpose }}" - GH_TITLE="Artifactory vulnerabilities update \`$IMAGE_TAG\`" - read -r -d '' GH_MESSAGE << EOF - ## Description + + GH_TITLE="Artifactory vulnerabilities update \`v$IMAGE_TAG\`" + + GH_MESSAGE=$(cat <<- EOF | tr -d '\r' | sed 's/^[[:space:]]*//' + ### Description - [ ] Update the [Artifactory vulnerabilities](https://docs.google.com/spreadsheets/d/1ZtkyvmZ_CS9fa0nEmZf9sZb4a3o65_HoMP1g83XmlK0/edit?usp=sharing) sheet with the \`$IMAGE_TAG\` vulnerabilities. >[!NOTE] >To update the \`Tentative Release\` column, follow these steps: https://github.com/wazuh/wazuh-automation/issues/2049#issuecomment-2671590268 EOF + ) # Print the GH Variables content echo "--- Variable Content ---" From ecb486f6256b8155b9b46a39b06bb79dcfdc5d00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 12 Nov 2025 16:52:27 -0300 Subject: [PATCH 04/11] GH issue creation commands --- .../Procedure_push_docker_images.yml | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 58a83873..3b0518b9 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -191,13 +191,15 @@ jobs: GH_MESSAGE="" PURPOSE="${{ steps.validation.outputs.purpose }}" - + ## Setting GH issue title GH_TITLE="Artifactory vulnerabilities update \`v$IMAGE_TAG\`" + ## Setting GH issue body GH_MESSAGE=$(cat <<- EOF | tr -d '\r' | sed 's/^[[:space:]]*//' ### Description - - [ ] Update the [Artifactory vulnerabilities](https://docs.google.com/spreadsheets/d/1ZtkyvmZ_CS9fa0nEmZf9sZb4a3o65_HoMP1g83XmlK0/edit?usp=sharing) sheet with the \`$IMAGE_TAG\` vulnerabilities. + - [ ] Update the [Artifactory vulnerabilities](https://docs.google.com/spreadsheets/d/1ZtkyvmZ_CS9fa0nEmZf9sZb4a3o65_HoMP1g83XmlK0/edit?usp=sharing) sheet with the \`v$IMAGE_TAG\` vulnerabilities. + **Purpose**: $PURPOSE >[!NOTE] >To update the \`Tentative Release\` column, follow these steps: https://github.com/wazuh/wazuh-automation/issues/2049#issuecomment-2671590268 @@ -213,3 +215,20 @@ jobs: echo "$GH_MESSAGE" echo "------------------------" + ## GH issue creation + ISSUE_URL=$(gh issue create \ + -R wazuh/${{ secrets.NOTIFICATION_REPO }} \ + --title $GH_TITLE \ + --body $GH_MESSAGE \ + --label "level/task" \ + --label "type/maintenance" \ + --label "request/operational" \ + --json url -q .url) + + ## Adding the issue to the team project + gh project item-add \ + ${{ secrets.NOTIFICATION_PROJECT_ID }} \ + --url $ISSUE_URL + + env: + GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }} From 11c0ae91619588475bdba08c69d06954863b6149 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 13 Nov 2025 10:01:08 -0300 Subject: [PATCH 05/11] GH issue creation command fix --- .github/workflows/Procedure_push_docker_images.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 3b0518b9..22dd0ae4 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -218,17 +218,17 @@ jobs: ## GH issue creation ISSUE_URL=$(gh issue create \ -R wazuh/${{ secrets.NOTIFICATION_REPO }} \ - --title $GH_TITLE \ - --body $GH_MESSAGE \ + --title "$GH_TITLE" \ + --body "$GH_MESSAGE" \ --label "level/task" \ --label "type/maintenance" \ - --label "request/operational" \ - --json url -q .url) + --label "request/operational") ## Adding the issue to the team project gh project item-add \ ${{ secrets.NOTIFICATION_PROJECT_ID }} \ - --url $ISSUE_URL + --url $ISSUE_URL \ + --owner wazuh - env: - GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }} + env: + GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }} From 11b066ef257175af30c7eba0e2e66e65d0e650e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 13 Nov 2025 11:24:48 -0300 Subject: [PATCH 06/11] GH project variable assignment --- .github/workflows/Procedure_push_docker_images.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 22dd0ae4..2b9e0db9 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -225,10 +225,15 @@ jobs: --label "request/operational") ## Adding the issue to the team project - gh project item-add \ - ${{ secrets.NOTIFICATION_PROJECT_ID }} \ + PROJECT_ITEM_ID=$(gh project item-add \ + ${{ secrets.NOTIFICATION_PROJECT_NUMBER }} \ --url $ISSUE_URL \ - --owner wazuh + --owner wazuh \ + --format json \ + | jq -r '.id') + + ## Setting Objective + gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_OBJECTIVE_ID }} --text "Security scans" env: GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }} From 6a8d0d62882c5608035af05ee51b2a6a66a6ee8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 13 Nov 2025 11:35:03 -0300 Subject: [PATCH 07/11] GH project additional variable assignment --- .github/workflows/Procedure_push_docker_images.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 2b9e0db9..1a5bb260 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -234,6 +234,12 @@ jobs: ## Setting Objective gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_OBJECTIVE_ID }} --text "Security scans" + ## Setting Priority + gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_ID }} --text "Very high" + ## Setting Size + gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_ID }} --text "Small" + ## Setting Subteam + gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_ID }} --text "Div 1" env: GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }} From af2e4589c0bcf0e14e9bc477e2ed9bb7168c08f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 13 Nov 2025 11:42:16 -0300 Subject: [PATCH 08/11] GH project additional variable assignment fix --- .github/workflows/Procedure_push_docker_images.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 1a5bb260..f4a4f4ae 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -235,11 +235,11 @@ jobs: ## Setting Objective gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_OBJECTIVE_ID }} --text "Security scans" ## Setting Priority - gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_ID }} --text "Very high" + gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_OPTION_ID }} ## Setting Size - gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_ID }} --text "Small" + gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_OPTION_ID }} ## Setting Subteam - gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_ID }} --text "Div 1" + gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_OPTION_ID }} env: GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }} From aa98d94f38bd552cade3d91b344a2594799b14a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 13 Nov 2025 11:50:18 -0300 Subject: [PATCH 09/11] Revert test changes --- .github/workflows/Procedure_push_docker_images.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index f4a4f4ae..1cf26332 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -146,7 +146,7 @@ jobs: fi - name: Image exists validation - if: ${{ !inputs.push_images }} + if: ${{ inputs.push_images }} id: validation run: | IMAGE_TAG=${{ inputs.image_tag }} @@ -184,7 +184,7 @@ jobs: done - name: GH issue notification - if: ${{ !inputs.push_images && steps.validation.outputs.purpose != '' }} + if: ${{ inputs.push_images && steps.validation.outputs.purpose != '' }} run: | IMAGE_TAG=${{ inputs.image_tag }} GH_TITLE="" From 415ddd72714087a0e938fdfdbc21fb864cc3725d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 13 Nov 2025 14:06:39 -0300 Subject: [PATCH 10/11] Replace secret variables --- .github/workflows/Procedure_push_docker_images.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 1cf26332..8831fec3 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -197,12 +197,12 @@ jobs: ## Setting GH issue body GH_MESSAGE=$(cat <<- EOF | tr -d '\r' | sed 's/^[[:space:]]*//' ### Description - - [ ] Update the [Artifactory vulnerabilities](https://docs.google.com/spreadsheets/d/1ZtkyvmZ_CS9fa0nEmZf9sZb4a3o65_HoMP1g83XmlK0/edit?usp=sharing) sheet with the \`v$IMAGE_TAG\` vulnerabilities. + - [ ] Update the [Artifactory vulnerabilities](${{ secrets.NOTIFICATION_SHEET_URL }}) sheet with the \`v$IMAGE_TAG\` vulnerabilities. **Purpose**: $PURPOSE >[!NOTE] >To update the \`Tentative Release\` column, follow these steps: - https://github.com/wazuh/wazuh-automation/issues/2049#issuecomment-2671590268 + https://github.com/wazuh/${{ secrets.NOTIFICATION_REPO }}/issues/2049#issuecomment-2671590268 EOF ) From e5d6ba55cc3280414c0c58aaeb77b343c64b82f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Thu, 13 Nov 2025 14:41:53 -0300 Subject: [PATCH 11/11] Changelog update --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1222070c..97c89afc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added -- None +- Artifactory vulnerabilities notification ([#2078](https://github.com/wazuh/wazuh-docker/pull/2078)) ### Changed