From 5186bdae5252e8f15f911a12b15c2fd116864f59 Mon Sep 17 00:00:00 2001
From: Jesus Garcia <jesusd.garcia@wazuh.com>
Date: Fri, 5 Dec 2025 13:59:53 -0500
Subject: [PATCH] Modify to build certs gen image

---
 .../Procedure_push_docker_images.yml          |  67 ++----------
 indexer-certs-creator/build-image.sh          | 100 ++++++++++++++++++
 indexer-certs-creator/build-image.yml         |   8 ++
 3 files changed, 117 insertions(+), 58 deletions(-)
 create mode 100644 indexer-certs-creator/build-image.sh
 create mode 100644 indexer-certs-creator/build-image.yml

diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml
index 1a0ca807..7600ad43 100644
--- a/.github/workflows/Procedure_push_docker_images.yml
+++ b/.github/workflows/Procedure_push_docker_images.yml
@@ -11,14 +11,6 @@ on:
       docker_reference:
         description: 'wazuh-docker reference'
         required: true
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
       id:
         description: "ID used to identify the workflow uniquely."
         type: string
@@ -39,16 +31,6 @@ on:
         description: 'wazuh-docker reference'
         required: false
         type: string
-      filebeat_module_version:
-        description: 'Filebeat module version'
-        default: '0.4'
-        required: true
-        type: string
-      revision:
-        description: 'Package revision'
-        default: '1'
-        required: true
-        type: string
       id:
         description: "ID used to identify the workflow uniquely."
         type: string
@@ -68,10 +50,8 @@ jobs:
       contents: read
 
     env:
-      IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
       IMAGE_TAG: ${{ inputs.image_tag }}
-      FILEBEAT_MODULE_VERSION: ${{ inputs.filebeat_module_version }}
-      REVISION: ${{ inputs.revision }}
+      IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
 
     steps:
     - name: Print inputs
@@ -87,8 +67,6 @@ jobs:
         echo "* id: ${{ inputs.id }}"
         echo "* image_tag: ${{ inputs.image_tag }}"
         echo "* docker_reference: ${{ inputs.docker_reference }}"
-        echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
-        echo "* revision: ${{ inputs.revision }}"
         echo "* dev: ${{ inputs.dev }}"
         echo "---------------------------------------------"
 
@@ -117,41 +95,14 @@ jobs:
       if: ${{ inputs.dev == true }}
       uses: aws-actions/amazon-ecr-login@v2
 
-    - name: Log in to Docker Hub
-      if: ${{ inputs.dev == false }}
-      uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_PASSWORD }}
+    # - name: Log in to Docker Hub
+    #   if: ${{ inputs.dev == false }}
+    #   uses: docker/login-action@v3
+    #   with:
+    #     username: ${{ secrets.DOCKERHUB_USERNAME }}
+    #     password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
     - name: Build Wazuh images
       run: |
-        IMAGE_TAG="${{ inputs.image_tag }}"
-        FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }}
-        REVISION=${{ inputs.revision }}
-
-        if [[ "$IMAGE_TAG" == *"-"* ]]; then
-          IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
-          if [ -z "${tokens[1]}" ]; then
-            echo "Invalid image tag: $IMAGE_TAG"
-            exit 1
-          fi
-          DEV_STAGE=${tokens[1]}
-          WAZUH_VER=${tokens[0]}
-          ./build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION -rg $IMAGE_REGISTRY -m
-        else
-          ./build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION -rg $IMAGE_REGISTRY -m
-        fi
-
-        # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
-        ENV_FILE_PATH="../.env"
-
-        if [ -f $ENV_FILE_PATH ]; then
-          while IFS= read -r line || [ -n "$line" ]; do
-            echo "$line" >> $GITHUB_ENV
-          done < $ENV_FILE_PATH
-        else
-          echo "The environment file $ENV_FILE_PATH does not exist!"
-          exit 1
-        fi
-      working-directory: ./build-docker-images
+        ./build-image.sh -v $IMAGE_TAG -m -rg $IMAGE_REGISTRY
+      working-directory: ./indexer-certs-creator
diff --git a/indexer-certs-creator/build-image.sh b/indexer-certs-creator/build-image.sh
new file mode 100644
index 00000000..3fd4c386
--- /dev/null
+++ b/indexer-certs-creator/build-image.sh
@@ -0,0 +1,100 @@
+#!/bin/bash
+
+# Wazuh package generator
+# Copyright (C) 2023, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+WAZUH_CERTS_IMAGE_VERSION="0.0.4"
+WAZUH_REGISTRY="docker.io"
+
+# -----------------------------------------------------------------------------
+
+trap ctrl_c INT
+
+clean() {
+    exit_code=$1
+    exit ${exit_code}
+}
+
+ctrl_c() {
+    clean 1
+}
+
+# -----------------------------------------------------------------------------
+
+build() {
+    IMAGE_TAG="${WAZUH_CERTS_IMAGE_VERSION}"
+
+    echo WAZUH_REGISTRY=$WAZUH_REGISTRY > .env
+    echo IMAGE_TAG=$IMAGE_TAG >> .env
+
+    set -a
+    source .env
+    set +a
+
+    if [ "${MULTIARCH}" ]; then
+        docker buildx bake --file build-image.yml --push --set *.platform=linux/amd64,linux/arm64 --no-cache || clean 1
+    else
+        docker buildx bake --file build-image.yml --no-cache || clean 1
+    fi
+    return 0
+}
+
+# -----------------------------------------------------------------------------
+
+help() {
+    echo
+    echo "Usage: $0 [OPTIONS]"
+    echo
+    echo "    -v, --version <ver>      [Optional] Set the image version. By default ${WAZUH_CERTS_IMAGE_VERSION}."
+    echo "    -rg, --registry <reg>    [Optional] Set the Docker registry to push the images."
+    echo "    -m, --multiarch          [Optional] Enable multi-architecture builds."
+    echo "    -h, --help               Show this help."
+    echo
+    exit $1
+}
+
+# -----------------------------------------------------------------------------
+
+main() {
+    while [ -n "${1}" ]
+    do
+        case "${1}" in
+        "-h"|"--help")
+            help 0
+            ;;
+        "-m"|"--multiarch")
+            MULTIARCH="true"
+            shift
+            ;;
+        "-rg"|"--registry")
+            if [ -n "${2}" ]; then
+                WAZUH_REGISTRY="${2}"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        "-v"|"--version")
+            if [ -n "$2" ]; then
+                WAZUH_CERTS_IMAGE_VERSION="$2"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        *)
+            help 1
+        esac
+    done
+
+    build || clean 1
+
+    clean 0
+}
+
+main "$@"
\ No newline at end of file
diff --git a/indexer-certs-creator/build-image.yml b/indexer-certs-creator/build-image.yml
new file mode 100644
index 00000000..58bb13cf
--- /dev/null
+++ b/indexer-certs-creator/build-image.yml
@@ -0,0 +1,8 @@
+# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+services:
+  wazuh.certs.generator:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: ${WAZUH_REGISTRY}/wazuh/wazuh-certs-generator:${IMAGE_TAG}
+    hostname: wazuh-certs-generator