diff --git a/.env b/.env index 0a4fe28d..7af5f540 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ -WAZUH_VERSION=4.12.2 -WAZUH_IMAGE_VERSION=4.12.2 +WAZUH_VERSION=4.13.0 +WAZUH_IMAGE_VERSION=4.13.0 WAZUH_TAG_REVISION=1 -FILEBEAT_TEMPLATE_BRANCH=4.12.2 +FILEBEAT_TEMPLATE_BRANCH=4.13.0 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz WAZUH_UI_REVISION=1 diff --git a/.github/.goss.yaml b/.github/.goss.yaml index 14f628f8..fcdc65e2 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -56,7 +56,7 @@ package: wazuh-manager: installed: true versions: - - 4.12.2 + - 4.13.0 port: tcp:1514: listening: true diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index bdb7a015..939cadc1 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -6,11 +6,10 @@ on: inputs: image_tag: description: 'Docker image tag' - default: '4.12.2' + default: '4.13.0' required: true docker_reference: description: 'wazuh-docker reference' - default: 'v4.12.2' required: true products: description: 'Comma-separated list of the image names to build and push' @@ -42,12 +41,11 @@ on: inputs: image_tag: description: 'Docker image tag' - default: '4.12.2' + default: '4.13.0' required: true type: string docker_reference: description: 'wazuh-docker reference' - default: 'v4.12.2' required: false type: string products: diff --git a/.github/workflows/trivy-dashboard.yml b/.github/workflows/trivy-dashboard.yml index 4150fa6f..5239d93c 100644 --- a/.github/workflows/trivy-dashboard.yml +++ b/.github/workflows/trivy-dashboard.yml @@ -11,8 +11,7 @@ on: - published pull_request: branches: - - master - - stable + - main schedule: - cron: '34 2 * * 1' workflow_dispatch: diff --git a/.github/workflows/trivy-indexer.yml b/.github/workflows/trivy-indexer.yml index fe41399e..6f69f206 100644 --- a/.github/workflows/trivy-indexer.yml +++ b/.github/workflows/trivy-indexer.yml @@ -11,8 +11,7 @@ on: - published pull_request: branches: - - master - - stable + - main schedule: - cron: '34 2 * * 1' workflow_dispatch: diff --git a/.github/workflows/trivy-manager.yml b/.github/workflows/trivy-manager.yml index 1c8308b3..da75bcc7 100644 --- a/.github/workflows/trivy-manager.yml +++ b/.github/workflows/trivy-manager.yml @@ -11,8 +11,7 @@ on: - published pull_request: branches: - - master - - stable + - main schedule: - cron: '34 2 * * 1' workflow_dispatch: diff --git a/.gitignore b/.gitignore index 6d7fadef..31bc423a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ single-node/config/wazuh_indexer_ssl_certs/*.pem single-node/config/wazuh_indexer_ssl_certs/*.key multi-node/config/wazuh_indexer_ssl_certs/*.pem -multi-node/config/wazuh_indexer_ssl_certs/*.key \ No newline at end of file +multi-node/config/wazuh_indexer_ssl_certs/*.key +*.log \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 120eae6e..154e2c80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,25 @@ # Change Log All notable changes to this project will be documented in this file. +## [4.13.0] + +### Added + +- Added repository_bumper script. ([#1781](https://github.com/wazuh/wazuh-docker/pull/1781)) + +### Changed + +- Modify wazuh-keystore use ([#1750](https://github.com/wazuh/wazuh-docker/pull/1750)) \- (wazuh-keystore) + +### Fixed + +- None + +### Deleted + +- Remove default docker reference version from workflow ([#1761](https://github.com/wazuh/wazuh-docker/pull/1761)) +- Remove 'stable' branch ocurrencies ([#1757](https://github.com/wazuh/wazuh-docker/pull/1757)) + ## [4.12.2] ### Added @@ -22,6 +41,7 @@ All notable changes to this project will be documented in this file. - None + ## [4.12.1] ### Added diff --git a/VERSION.json b/VERSION.json index 73d8ee41..dfee93c3 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1,4 +1,4 @@ { - "version": "4.12.2", + "version": "4.13.0", "stage": "alpha0" } diff --git a/build-docker-images/README.md b/build-docker-images/README.md index 58a7c734..a10e1e9b 100644 --- a/build-docker-images/README.md +++ b/build-docker-images/README.md @@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: ``` -$ build-docker-images/build-images.sh -v 4.12.2 +$ build-docker-images/build-images.sh -v 4.13.0 ``` To get all the available script options use the -h or --help option: @@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS] -d, --dev [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. -f, --filebeat-module [Optional] Set Filebeat module version. By default 0.4. -r, --revision [Optional] Package revision. By default 1 - -v, --version [Optional] Set the Wazuh version should be builded. By default, 4.12.2. + -v, --version [Optional] Set the Wazuh version should be builded. By default, 4.13.0. -h, --help Show this help. ``` \ No newline at end of file diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index fbe65829..ea8b7b7d 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,4 +1,4 @@ -WAZUH_IMAGE_VERSION=4.12.2 +WAZUH_IMAGE_VERSION=4.13.0 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_TAG_REVISION=1 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') @@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION} # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_IMAGE_VERSION="4.12.2" +WAZUH_IMAGE_VERSION="4.13.0" WAZUH_TAG_REVISION="1" WAZUH_DEV_STAGE="" FILEBEAT_MODULE_VERSION="0.4" diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 947cfea2..92dc9c2e 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.12/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.12/ +PACKAGES_URL=https://packages.wazuh.com/4.13/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.13/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index a8aca7f7..94d55d43 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.12/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.12/ +PACKAGES_URL=https://packages.wazuh.com/4.13/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.13/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager b/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager index 0bd90fd6..ff3e1fdd 100644 --- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager +++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager @@ -115,8 +115,8 @@ function_entrypoint_scripts() { function_configure_vulnerability_detection() { if [ "$INDEXER_PASSWORD" != "" ]; then >&2 echo "Configuring password." - /var/ossec/bin/wazuh-keystore -f indexer -k username -v $INDEXER_USERNAME - /var/ossec/bin/wazuh-keystore -f indexer -k password -v $INDEXER_PASSWORD + echo "$INDEXER_USERNAME" | /var/ossec/bin/wazuh-keystore -f indexer -k username + echo "$INDEXER_PASSWORD" | /var/ossec/bin/wazuh-keystore -f indexer -k password fi } diff --git a/indexer-certs-creator/config/entrypoint.sh b/indexer-certs-creator/config/entrypoint.sh index 562783b1..f9529b89 100644 --- a/indexer-certs-creator/config/entrypoint.sh +++ b/indexer-certs-creator/config/entrypoint.sh @@ -8,8 +8,8 @@ ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.12/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.12/ +PACKAGES_URL=https://packages.wazuh.com/4.13/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.13/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 637c7cb7..842c8cf1 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) services: wazuh.master: - image: wazuh/wazuh-manager:4.12.2 + image: wazuh/wazuh-manager:4.13.0 hostname: wazuh.master restart: always ulimits: @@ -43,7 +43,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:4.12.2 + image: wazuh/wazuh-manager:4.13.0 hostname: wazuh.worker restart: always ulimits: @@ -79,7 +79,7 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:4.12.2 + image: wazuh/wazuh-indexer:4.13.0 hostname: wazuh1.indexer restart: always ports: @@ -105,7 +105,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:4.12.2 + image: wazuh/wazuh-indexer:4.13.0 hostname: wazuh2.indexer restart: always environment: @@ -127,7 +127,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:4.12.2 + image: wazuh/wazuh-indexer:4.13.0 hostname: wazuh3.indexer restart: always environment: @@ -149,7 +149,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.12.2 + image: wazuh/wazuh-dashboard:4.13.0 hostname: wazuh.dashboard restart: always ports: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 1f3910d5..bdc86d1d 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) services: wazuh.manager: - image: wazuh/wazuh-manager:4.12.2 + image: wazuh/wazuh-manager:4.13.0 hostname: wazuh.manager restart: always ulimits: @@ -44,7 +44,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:4.12.2 + image: wazuh/wazuh-indexer:4.13.0 hostname: wazuh.indexer restart: always ports: @@ -69,7 +69,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.12.2 + image: wazuh/wazuh-dashboard:4.13.0 hostname: wazuh.dashboard restart: always ports: diff --git a/tools/repository_bumper.sh b/tools/repository_bumper.sh new file mode 100644 index 00000000..8223e54b --- /dev/null +++ b/tools/repository_bumper.sh @@ -0,0 +1,150 @@ +#!/bin/bash + +# This script is used to update the version of a repository in the specified files. +# It takes a version number as an argument and updates the version in the specified files. +# Usage: ./repository_bumper.sh + +# Global variables +DIR=$(dirname "$(pwd)") +LOG_FILE="${DIR}/tools/repository_bumper_$(date +"%Y-%m-%d_%H-%M-%S-%3N").log" +VERSION="" +STAGE="" +FILES_EDITED=() + +get_old_version_and_stage() { + local VERSION_FILE="${DIR}/VERSION.json" + + OLD_VERSION=$(jq -r '.version' "${VERSION_FILE}") + OLD_STAGE=$(jq -r '.stage' "${VERSION_FILE}") + echo "Old version: ${OLD_VERSION}" | tee -a "${LOG_FILE}" + echo "Old stage: ${OLD_STAGE}" | tee -a "${LOG_FILE}" +} + +grep_command() { + # This function is used to search for a specific string in the specified directory. + # It takes two arguments: the string to search for and the directory to search in. + # Usage: grep_command + eval grep -Rl "${1}" "${2}" --exclude-dir=".git" --exclude="repository_bumper_*.log" --exclude="CHANGELOG.md" "${3}" +} + +update_version_in_files() { + + local OLD_MAYOR="$(echo "${OLD_VERSION}" | cut -d '.' -f 1)" + local OLD_MINOR="$(echo "${OLD_VERSION}" | cut -d '.' -f 2)" + local OLD_PATCH="$(echo "${OLD_VERSION}" | cut -d '.' -f 3)" + local NEW_MAYOR="$(echo "${VERSION}" | cut -d '.' -f 1)" + local NEW_MINOR="$(echo "${VERSION}" | cut -d '.' -f 2)" + local NEW_PATCH="$(echo "${VERSION}" | cut -d '.' -f 3)" + m_m_p_files=( $(grep_command "${OLD_MAYOR}\.${OLD_MINOR}\.${OLD_PATCH}" "${DIR}") ) + for file in "${m_m_p_files[@]}"; do + sed -i "s/\bv${OLD_MAYOR}\.${OLD_MINOR}\.${OLD_PATCH}\b/v${NEW_MAYOR}\.${NEW_MINOR}\.${NEW_PATCH}/g; s/\b${OLD_MAYOR}\.${OLD_MINOR}\.${OLD_PATCH}/${NEW_MAYOR}\.${NEW_MINOR}\.${NEW_PATCH}/g" "${file}" + if [[ $(git diff --name-only "${file}") ]]; then + FILES_EDITED+=("${file}") + fi + done + m_m_files=( $(grep_command "${OLD_MAYOR}\.${OLD_MINOR}" "${DIR}") ) + for file in "${m_m_files[@]}"; do + sed -i -E "/[0-9]+\.[0-9]+\.[0-9]+/! s/(^|[^0-9.])(${OLD_MAYOR}\.${OLD_MINOR})([^0-9.]|$)/\1${NEW_MAYOR}.${NEW_MINOR}\3/g" "$file" + if [[ $(git diff --name-only "${file}") ]]; then + FILES_EDITED+=("${file}") + fi + done + m_x_files=( $(grep_command "${OLD_MAYOR}\.x" "${DIR}") ) + for file in "${m_x_files[@]}"; do + sed -i "s/\b${OLD_MAYOR}\.x\b/${NEW_MAYOR}\.x/g" "${file}" + if [[ $(git diff --name-only "${file}") ]]; then + FILES_EDITED+=("${file}") + fi + done + if ! sed -i "/^All notable changes to this project will be documented in this file.$/a \\\n## [${VERSION}]\\n\\n### Added\\n\\n- None\\n\\n### Changed\\n\\n- None\\n\\n### Fixed\\n\\n- None\\n\\n### Deleted\\n\\n- None" "${DIR}/CHANGELOG.md"; then + echo "Error: Failed to update CHANGELOG.md" | tee -a "${LOG_FILE}" + fi + if [[ $(git diff --name-only "${DIR}/CHANGELOG.md") ]]; then + FILES_EDITED+=("${DIR}/CHANGELOG.md") + fi +} + +update_stage_in_files() { + local OLD_STAGE="$(echo "${OLD_STAGE}")" + files=( $(grep_command "${OLD_STAGE}" "${DIR}" --exclude="README.md") ) + for file in "${files[@]}"; do + sed -i "s/${OLD_STAGE}/${STAGE}/g" "${file}" + if [[ $(git diff --name-only "${file}") ]]; then + FILES_EDITED+=("${file}") + fi + done +} + +main() { + + echo "Starting repository version bumping process..." | tee -a "${LOG_FILE}" + echo "Log file: ${LOG_FILE}" + # Parse arguments + while [[ $# -gt 0 ]]; do + case $1 in + --version) + VERSION="$2" + shift 2 + ;; + --stage) + STAGE="$2" + shift 2 + ;; + *) + echo "Unknown argument: $1" + exit 1 + ;; + esac + done + + # Validate arguments + if [[ -z "$VERSION" ]]; then + echo "Error: --version argument is required." | tee -a "${LOG_FILE}" + exit 1 + fi + + if [[ -z "$STAGE" ]]; then + echo "Error: --stage argument is required." | tee -a "${LOG_FILE}" + exit 1 + fi + + # Validate if version is in the correct format + if ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Error: Version must be in the format X.Y.Z (e.g., 1.2.3)." | tee -a "${LOG_FILE}" + exit 1 + fi + + # Validate if stage is in the correct format + STAGE=$(echo "$STAGE" | tr '[:upper:]' '[:lower:]') + if ! [[ "$STAGE" =~ ^(alpha[0-9]*|beta[0-9]*|rc[0-9]*|stable)$ ]]; then + echo "Error: Stage must be one of the following examples: alpha1, beta1, rc1, stable." | tee -a "${LOG_FILE}" + exit 1 + fi + + # Get old version and stage + get_old_version_and_stage + + if [[ "$OLD_VERSION" == "$VERSION" && "$OLD_STAGE" == "$STAGE" ]]; then + echo "Version and stage are already up to date." | tee -a "${LOG_FILE}" + echo "No changes needed." | tee -a "${LOG_FILE}" + exit 0 + fi + if [[ "$OLD_VERSION" != "$VERSION" ]]; then + echo "Updating version from $OLD_VERSION to $VERSION" | tee -a "${LOG_FILE}" + update_version_in_files "$VERSION" + fi + if [[ "$OLD_STAGE" != "$STAGE" ]]; then + echo "Updating stage from $OLD_STAGE to $STAGE" | tee -a "${LOG_FILE}" + update_stage_in_files "$STAGE" + fi + + echo "The following files were edited:" | tee -a "${LOG_FILE}" + for file in $(printf "%s\n" "${FILES_EDITED[@]}" | sort -u); do + echo "${file}" | tee -a "${LOG_FILE}" + done + + echo "Version and stage updated successfully." | tee -a "${LOG_FILE}" +} + +# Call the main method with all arguments +main "$@"