-
Notifications
You must be signed in to change notification settings - Fork 5
147 lines (130 loc) · 7.5 KB
/
builder_installation_assistant.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
run-name: Build Installation Assistant ${{ inputs.id }} - Branch ${{ github.ref_name }} - Launched by @${{ github.actor }}
name: Build Installation Assistant
on:
workflow_dispatch:
inputs:
wazuh_installation_assistant_reference:
description: "Branch or tag of the wazuh-installation-assistant repository."
required: true
default: 4.12.0
is_stage:
description: "Is stage?"
type: boolean
default: false
add_last_stage:
description: "Add last stage? (alpha1, beta2, rc3, etc)"
type: boolean
default: false
checksum:
description: "Add checksum"
type: boolean
default: false
id:
description: "ID used to identify the workflow uniquely."
type: string
required: false
workflow_call:
inputs:
wazuh_installation_assistant_reference:
description: "Branch or tag of the wazuh-installation-assistant repository."
type: string
required: true
default: 4.12.0
is_stage:
description: "Is stage?"
type: boolean
default: false
checksum:
description: "Add checksum"
type: boolean
default: false
id:
type: string
required: false
env:
LAST_STAGE: $(echo ${{ inputs.wazuh_installation_assistant_reference }} | cut -d '-' -f 2)
S3_BUCKET: ${{ vars.AWS_S3_BUCKET }}
S3_REPOSITORY_PATH: "development/wazuh/4.x/secondary/installation-assistant"
BUILDER_PATH: "builder.sh"
WAZUH_INSTALL_NAME: "wazuh-install"
WAZUH_CERT_TOOL_NAME: "wazuh-certs-tool"
WAZUH_PASSWORD_TOOL_NAME: "wazuh-passwords-tool"
permissions:
id-token: write
contents: read
jobs:
Build_Installation_Assistant:
runs-on: ubuntu-22.04
steps:
- name: View parameters
run: echo "${{ toJson(inputs) }}"
- name: Checkout wazuh-installation-assistant repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.wazuh_installation_assistant_reference }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
aws-region: us-east-1
- name: Get short sha and wazuh version
run: |
COMMIT_SHORT_SHA=$(git rev-parse --short ${{ github.sha }})
WAZUH_VERSION=$(grep -oP '(?<=readonly wazuh_version=").*(?=")' ${{github.workspace}}/install_functions/installVariables.sh)
echo "WAZUH_VERSION=$WAZUH_VERSION" >> $GITHUB_ENV
echo "COMMIT_SHORT_SHA=$COMMIT_SHORT_SHA" >> $GITHUB_ENV
- name: Fill last_stage variable in wazuh-install.sh
if: ${{ inputs.add_last_stage == true }}
run: |
sed -i "s|last_stage=\"\"|last_stage=\"${{ env.LAST_STAGE }}\"|g" ${{ github.workspace }}/install_functions/installVariables.sh
- name: Change files name for stage build
if: ${{ inputs.is_stage == false }}
run: |
sed -i 's|${{ env.WAZUH_INSTALL_NAME }}.sh|${{ env.WAZUH_INSTALL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
sed -i 's|${{ env.WAZUH_CERT_TOOL_NAME }}.sh|${{ env.WAZUH_CERT_TOOL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
sed -i 's|${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sh|${{ env.WAZUH_PASSWORD_TOOL_NAME }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}"
- name: Build Installation Assistant packages
run: bash builder.sh -i -c -p
- name: Save files name
run: |
WAZUH_INSTALL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_INSTALL_NAME }}*.sh | xargs basename)
WAZUH_CERT_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_CERT_TOOL_NAME }}*.sh | xargs basename)
WAZUH_PASSWORD_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}*.sh | xargs basename)
echo "WAZUH_INSTALL_NAME=$WAZUH_INSTALL_NAME" >> $GITHUB_ENV
echo "WAZUH_CERT_TOOL_NAME=$WAZUH_CERT_TOOL_NAME" >> $GITHUB_ENV
echo "WAZUH_PASSWORD_TOOL_NAME=$WAZUH_PASSWORD_TOOL_NAME" >> $GITHUB_ENV
- name: Prepare files
run: |
mkdir -p ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
mv ${{ env.WAZUH_INSTALL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
mv ${{ env.WAZUH_CERT_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
mv ${{ env.WAZUH_PASSWORD_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }}
- name: Build packages checksum
if: ${{ inputs.checksum == true }}
run: |
sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512
sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512
sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512
- name: Upload files to S3
run: |
aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}"
echo "S3 wazuh-install URI: ${s3uri}"
aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}"
echo "S3 wazuh-certs-tool URI: ${s3uri}"
aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}"
echo "S3 wazuh-passwords-tool URI: ${s3uri}"
- name: Upload checksum files to S3
if: ${{ inputs.checksum == true }}
run: |
aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512"
echo "S3 sha512 wazuh-install checksum URI: ${s3uri}"
aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512"
echo "S3 sha512 wazuh-certs-tool checksum URI: ${s3uri}"
aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/
s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512"
echo "S3 sha512 wazuh-passwords-tool checksum URI: ${s3uri}"