wazuh/wazuh-indexer-plugins
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-indexer-plugins.git synced 2025-12-10 00:28:51 -06:00
Code Issues Packages Projects Releases Wiki Activity

New workflows names and triggers (#291)

Browse Source 
* Workflows renamed according to the convention and deleted extras

* Workflos trigger fixed

* Fixed test workflow trigger

* Used the new VERSION.json and fixed it to work with push

* Changed the default inputs work in push events

* Include a new linck checker workflow

* Modifies names and adds useful workflows and needed files (CHANGELOG.md)

* Deleted extra workflow files

* Corrects build docs execution

* Fixes link

* Updates codeql-action to v3 and limits scan to /plugins

* Updates ubuntu, lychee-action and checkout versions

* Adds paths to avoid innecesary workflow execution

* Deletes  statements

These statements, without the ci build, inserted the default values to avoid workflow failure. We go back to use build on push

* Updates ubuntu version

* Fixes adding default to the plugins builder values by calling it with an onpush workflow

* Apply suggestions from code review

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>

* Format and renaming

* Fix broken links

* More renaming

* Exclude gnu links

* Add .editorconfig

* Add id to build on push

---------

Signed-off-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
Co-authored-by: abbonno <abbogonluq@gmail.com>
Co-authored-by: Álex Ruiz <alejandro.ruiz.becerra@wazuh.com>
This commit is contained in:
Jorge Sánchez 2025-03-04 16:48:13 +01:00 committed by GitHub
parent 3223522318
commit 877477e59c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
16 changed files with 344 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.editorconfig Normal file
View File

@ -0,0 +1,33 @@
# EditorConfig: http://editorconfig.org/
root = true
[*]
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = space
[*.gradle]
indent_size = 2
[*.groovy]
indent_size = 4
[*.java]
indent_size = 4
[*.json]
indent_size = 2
[*.py]
indent_size = 2
[*.sh]
indent_size = 2
[*.{yml,yaml}]
indent_size = 2
[*.{xsd,xml}]
indent_size = 4

14
.github/workflows/deploy-docs.yml → .github/workflows/5_builderpackage_docs.yml vendored
View File

@ -1,26 +1,26 @@
name: deploy-gh-pages
name: Deploy GH pages
# From https://github.com/rust-lang/mdBook/wiki/Automated-Deployment%3A-GitHub-Actions#GitHub-Pages-Deploy
on:
workflow_dispatch:
push:
branches:
- main
workflow_dispatch:
paths:
- "docs/**"
jobs:
deploy:
runs-on: ubuntu-24.04
permissions:
contents: write # To push a branch
pages: write # To push to a GitHub Pages site
contents: write # To push a branch
pages: write # To push to a GitHub Pages site
id-token: write # To update the deployment status
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup mdBook
uses: jontze/action-mdbook@v3
with:
@ -35,7 +35,7 @@ jobs:
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: 'docs/book'
path: "docs/book"
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4

76
.github/workflows/5_builderpackage_plugins.yml vendored Normal file
View File

@ -0,0 +1,76 @@
run-name: Build ${{ inputs.plugin }} plugin | ${{ inputs.id }}
name: Build packages
# This workflow runs when any of the following occur:
# - Run manually
# - Invoked from another workflow
on:
workflow_dispatch:
inputs:
revision:
description: "Revision"
type: string
default: "0"
plugin:
description: "Name of the plugin to build"
type: string
default: "setup"
id:
description: "ID used to identify the workflow uniquely."
type: string
required: false
workflow_call:
inputs:
revision:
description: "Revision"
type: string
default: "0"
plugin:
description: "Name of the plugin to build"
type: string
default: "setup"
id:
description: "ID used to identify the workflow uniquely."
type: string
required: false
# ==========================
# Bibliography
# ==========================
#
# * Reusable workflows: limitations
# | https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations
# * Using matrix in reusable workflows:
# | https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-a-matrix-strategy-with-a-reusable-workflow
# * Reading input from the called workflow
# | https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs
# * Ternary operator
# | https://docs.github.com/en/actions/learn-github-actions/expressions#example
jobs:
build:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
- name: Setup Gradle # Used for caching
uses: gradle/actions/setup-gradle@v4
- name: Get version
id: version
run: echo "version=$(jq -r .version<VERSION.json)" >> "$GITHUB_OUTPUT"
- name: Build with Gradle
working-directory: ./plugins/${{ inputs.plugin }}
run: ./gradlew build -Dversion=${{ steps.version.outputs.version }} -Drevision=${{ inputs.revision }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.plugin }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip
path: plugins/${{ inputs.plugin }}/build/distributions/wazuh-indexer-${{ inputs.plugin }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip
if-no-files-found: error

13
.github/workflows/5_builderpackage_plugins_onpush.yml vendored Normal file
View File

@ -0,0 +1,13 @@
name: Build packages (on push)
# This workflow runs when any of the following occur:
# - On push
on:
push:
jobs:
call-build-workflow:
uses: ./.github/workflows/5_builderpackage_plugins.yml
secrets: inherit
with:
id: ${{ github.ref }}

1
.github/workflows/generate-ecs-mappings.yml → .github/workflows/5_builderpackage_templates.yml vendored
View File

@ -5,7 +5,6 @@ on:
paths:
- "ecs/**/*.json"
- "ecs/**/*.yml"
jobs:
run-ecs-generator:
if: github.repository == 'wazuh/wazuh-indexer-plugins'

20
.github/workflows/5_codequality_changelog.yml vendored Normal file
View File

@ -0,0 +1,20 @@
name: "Changelog Verifier"
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled]
jobs:
# Enforces the update of a changelog file on every pull request
verify-changelog:
if: github.repository == 'wazuh/wazuh-indexer-plugins'
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
ref: ${{ github.event.pull_request.head.sha }}
- uses: dangoslen/changelog-enforcer@v3
id: verify-changelog
with:
skipLabels: "autocut, skip-changelog"
changeLogPath: "CHANGELOG.md"

77
.github/workflows/5_codequality_codeql.yml vendored Normal file
View File

@ -0,0 +1,77 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
paths:
- "plugins/**"
jobs:
analyze:
name: Analyze
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners
# Consider using larger runners for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-24.04' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["java"]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
# Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

19
.github/workflows/5_codequality_links.yml vendored Normal file
View File

@ -0,0 +1,19 @@
name: Link Checker
on:
push:
jobs:
linkchecker:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: lychee Link Checker
id: lychee
uses: lycheeverse/lychee-action@v2
with:
args: --accept=200,403,429 "./**/*.md" "./**/*.txt" --exclude-all-private --insecure --exclude "https://www.gnu.org/licenses"
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Fail if there were link errors
run: exit ${{ steps.lychee.outputs.exit_code }}

66
.github/workflows/5_testintegration_gradlecheck.yml vendored Normal file
View File

@ -0,0 +1,66 @@
name: Gradle check
on:
pull_request:
paths:
- "plugins/**/*.java" # Match changes in Java files.
- "plugins/**/*.gradle" # Match changes in Gradle configuration.
jobs:
ci:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
# Step to fetch the base branch for comparison
- name: Fetch base branch
run: |
# Fetch the base branch (e.g., main or develop) to compare against
git fetch origin ${{ github.event.pull_request.base.ref }}:refs/remotes/origin/${{ github.event.pull_request.base.ref }}
# Step to find which project folder contains modified files
- name: Detect modified plugins
id: detect_changes
run: |
# Compare the changes between the current branch and the base branch
CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }})
echo $CHANGED_FILES
# Check if any files are modified in wazuh-indexer-setup
if echo "$CHANGED_FILES" | grep -q "^plugins/setup/"; then
echo "setup" >> affected_projects.txt
fi
# Check if any files are modified in wazuh-command-manager
if echo "$CHANGED_FILES" | grep -q "^plugins/command-manager/"; then
echo "command-manager" >> affected_projects.txt
fi
# Output the list of affected projects
if [ -f affected_projects.txt ]; then
echo "projects=$(cat affected_projects.txt | paste -sd,)" >> $GITHUB_OUTPUT
else
echo "projects=none" >> $GITHUB_OUTPUT
fi
# Run tests for affected projects
- name: Run tests for affected projects
run: |
if [[ "${{ steps.detect_changes.outputs.projects }}" != "none" ]]; then
for project in $(echo "${{ steps.detect_changes.outputs.projects }}" | tr ',' ' '); do
echo "Running tests for $project"
cd plugins/$project
./gradlew check
cd - # Go back to the root folder
done
else
echo "No changes in Java or Gradle files to test."
fi

76
.github/workflows/build.yml vendored
View File

@ -1,76 +0,0 @@
run-name: Build ${{ inputs.plugin }} plugin | ${{ inputs.id }}
name: Build packages
# This workflow runs when any of the following occur:
# - Run manually
# - Invoked from another workflow
on:
workflow_dispatch:
inputs:
revision:
description: "Revision"
type: string
default: "0"
plugin:
description: "Name of the plugin to build"
type: string
default: "setup"
id:
description: "ID used to identify the workflow uniquely."
type: string
required: false
workflow_call:
inputs:
revision:
description: "Revision"
type: string
default: "0"
plugin:
description: "Name of the plugin to build"
type: string
default: "setup"
id:
description: "ID used to identify the workflow uniquely."
type: string
required: false
# ==========================
# Bibliography
# ==========================
#
# * Reusable workflows: limitations
# | https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations
# * Using matrix in reusable workflows:
# | https://docs.github.com/en/actions/using-workflows/reusing-workflows#using-a-matrix-strategy-with-a-reusable-workflow
# * Reading input from the called workflow
# | https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs
# * Ternary operator
# | https://docs.github.com/en/actions/learn-github-actions/expressions#example
jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
- name: Setup Gradle # Used for caching
uses: gradle/actions/setup-gradle@v4
- name: Get version
id: version
run: echo "version=$(jq -r .version<VERSION.json)" >> "$GITHUB_OUTPUT"
- name: Build with Gradle
working-directory: ./plugins/${{ inputs.plugin }}
run: ./gradlew build -Dversion=${{ steps.version.outputs.version }} -Drevision=${{ inputs.revision }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.plugin }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip
path: plugins/${{ inputs.plugin }}/build/distributions/wazuh-indexer-${{ inputs.plugin }}-${{ steps.version.outputs.version }}.${{ inputs.revision }}.zip
if-no-files-found: error

14
.github/workflows/build_on_push.yml vendored
View File

@ -1,14 +0,0 @@
name: Build packages (on push)
# This workflow runs when any of the following occur:
# - On push to branches named after ci/*
on:
push:
# Sequence of patterns matched against refs/heads
branches:
- "ci/*"
jobs:
call-build-workflow:
uses: ./.github/workflows/build.yml
secrets: inherit

17
.github/workflows/ci.yml vendored
View File

@ -1,17 +0,0 @@
name: CI
# This workflow runs when any of the following occur:
# - On push to branches named after ci/*
on:
pull_request:
# Sequence of patterns matched against refs/heads
branches:
- "migrate-*"
- "ci/*"
jobs:
call-test-workflow:
uses: ./.github/workflows/test.yml
call-build-workflow:
uses: ./.github/workflows/build.yml
secrets: inherit

66
.github/workflows/test.yml vendored
View File

@ -1,66 +0,0 @@
name: Test
on:
pull_request:
paths:
- "plugins/**/*.java" # Match changes in Java files.
- "plugins/**/*.gradle" # Match changes in Gradle configuration.
jobs:
ci:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
# Step to fetch the base branch for comparison
- name: Fetch base branch
run: |
# Fetch the base branch (e.g., main or develop) to compare against
git fetch origin ${{ github.event.pull_request.base.ref }}:refs/remotes/origin/${{ github.event.pull_request.base.ref }}
# Step to find which project folder contains modified files
- name: Detect modified plugins
id: detect_changes
run: |
# Compare the changes between the current branch and the base branch
CHANGED_FILES=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }})
echo $CHANGED_FILES
# Check if any files are modified in wazuh-indexer-setup
if echo "$CHANGED_FILES" | grep -q "^plugins/setup/"; then
echo "setup" >> affected_projects.txt
fi
# Check if any files are modified in wazuh-command-manager
if echo "$CHANGED_FILES" | grep -q "^plugins/command-manager/"; then
echo "command-manager" >> affected_projects.txt
fi
# Output the list of affected projects
if [ -f affected_projects.txt ]; then
echo "projects=$(cat affected_projects.txt | paste -sd,)" >> $GITHUB_OUTPUT
else
echo "projects=none" >> $GITHUB_OUTPUT
fi
# Run tests for affected projects
- name: Run tests for affected projects
run: |
if [[ "${{ steps.detect_changes.outputs.projects }}" != "none" ]]; then
for project in $(echo "${{ steps.detect_changes.outputs.projects }}" | tr ',' ' '); do
echo "Running tests for $project"
cd plugins/$project
./gradlew check
cd - # Go back to the root folder
done
else
echo "No changes in Java or Gradle files to test."
fi

23
CHANGELOG.md Normal file
View File

@ -0,0 +1,23 @@
# CHANGELOG
All notable changes to this project are documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). See the [CONTRIBUTING guide](./CONTRIBUTING.md#Changelog) for instructions on how to add changelog entries.
## [Unreleased 5.0.x]
### Added
### Dependencies
### Changed
### Deprecated
### Removed
### Fixed
### Security
[Unreleased 5.0.x]: https://github.com/wazuh/wazuh-indexer-plugins/compare/main...main

18
ecs/docs/README.md
View File

@ -2,18 +2,18 @@
The Wazuh Common Schema is a derivation of the [Elastic Common Schema](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) (ECS) providing a common data schema for the different central components of Wazuh.
- [agent](./agent.md)
- [agent](agents.md)
- [alerts](alerts.md)
- [command](commands.md)
- [states-fim](states-fim.md)
- [states-inventory-hardware](states-inventory-hardware.md)
- [states-inventory-hotfixes](states-inventory-hotfixes.md)
- [states-inventory-networks](states-inventory-networks.md)
- [states-inventory-packages](states-inventory-packages.md)
- [states-inventory-ports](states-inventory-ports.md)
- [states-inventory-processes](states-inventory-processes.md)
- [states-inventory-system](states-inventory-system.md)
- [states-vulnerabilities](states-vulnerabilities.md)
- [states-inventory-hardware](inventory-hardware.md)
- [states-inventory-hotfixes](inventory-hotfixes.md)
- [states-inventory-networks](inventory-networks.md)
- [states-inventory-packages](inventory-packages.md)
- [states-inventory-ports](inventory-ports.md)
- [states-inventory-processes](inventory-processes.md)
- [states-inventory-system](inventory-system.md)
- [states-vulnerabilities](states-vulnerability.md)
---

4
ecs/docs/states-vulnerability.md
View File

@ -2,9 +2,7 @@
### Fields summary
The fields are based on https://github.com/wazuh/wazuh-indexer/blob/4.9.0/ecs/vulnerability-detector
Based on ECS:
The fields are based on the ECS:
- [Agent Fields](https://www.elastic.co/guide/en/ecs/current/ecs-agent.html).
- [Package Fields](https://www.elastic.co/guide/en/ecs/current/ecs-package.html).