Build Installation Assistant - Branch enhancement/571-ensure-the-artifacts-contain-the-version-to-the-patch-and-revision-level - Launched by @Enaraque #377
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| run-name: Build Installation Assistant ${{ inputs.id }} - Branch ${{ github.ref_name }} - Launched by @${{ github.actor }} | |
| name: Build Installation Assistant | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| wazuh_installation_assistant_reference: | |
| description: "Branch or tag of the wazuh-installation-assistant repository." | |
| required: true | |
| default: 5.0.0 | |
| is_stage: | |
| description: "Is stage?" | |
| type: boolean | |
| default: false | |
| add_last_stage: | |
| description: "Add last stage? (alpha1, beta1, rc2, etc)" | |
| type: boolean | |
| default: false | |
| file_revision: | |
| description: "Version revision (only when is stage, else it will use the commit SHA)." | |
| type: string | |
| required: false | |
| default: "1" | |
| checksum: | |
| description: "Add checksum" | |
| type: boolean | |
| default: false | |
| id: | |
| description: "ID used to identify the workflow uniquely." | |
| type: string | |
| required: false | |
| workflow_call: | |
| inputs: | |
| wazuh_installation_assistant_reference: | |
| description: "Branch or tag of the wazuh-installation-assistant repository." | |
| type: string | |
| required: true | |
| default: 5.0.0 | |
| is_stage: | |
| description: "Is stage?" | |
| type: boolean | |
| default: false | |
| add_last_stage: | |
| description: "Add last stage? (alpha1, beta1, rc2, etc)" | |
| type: boolean | |
| default: false | |
| file_revision: | |
| description: "Version revision (only when is stage, else it will use the commit SHA)." | |
| type: string | |
| required: false | |
| default: "1" | |
| checksum: | |
| description: "Add checksum" | |
| type: boolean | |
| default: false | |
| id: | |
| type: string | |
| required: false | |
| env: | |
| LAST_STAGE: $(echo ${{ inputs.wazuh_installation_assistant_reference }} | cut -d '-' -f 2) | |
| S3_BUCKET: ${{ vars.AWS_S3_BUCKET }} | |
| BUILDER_PATH: "builder.sh" | |
| WAZUH_INSTALL_NAME: "wazuh-install" | |
| WAZUH_CERT_TOOL_NAME: "wazuh-certs-tool" | |
| WAZUH_PASSWORD_TOOL_NAME: "wazuh-passwords-tool" | |
| CONFIG_FILE_PATH: "documentation-templates/wazuh/config.yml" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| Build_Installation_Assistant: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: View parameters | |
| run: echo "${{ toJson(inputs) }}" | |
| - name: Checkout wazuh-installation-assistant repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.wazuh_installation_assistant_reference }} | |
| - name: Configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_IAM_ROLE }} | |
| aws-region: us-east-1 | |
| - name: Get version from VERSION.json and set dynamic paths | |
| run: | | |
| VERSION=$(jq -r '.version' VERSION.json) | |
| MAJOR=$(echo $VERSION | cut -d '.' -f 1) | |
| MINOR=$(echo $VERSION | cut -d '.' -f 2) | |
| PATCH=$(echo $VERSION | cut -d '.' -f 3) | |
| S3_REPOSITORY_PATH="development/wazuh/${MAJOR}.x/secondary/installation-assistant/${MAJOR}.${MINOR}.${PATCH}" | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "MAJOR=$MAJOR" >> $GITHUB_ENV | |
| echo "MINOR=$MINOR" >> $GITHUB_ENV | |
| echo "PATCH=$PATCH" >> $GITHUB_ENV | |
| echo "S3_REPOSITORY_PATH=$S3_REPOSITORY_PATH" >> $GITHUB_ENV | |
| echo "Version: $VERSION" | |
| echo "S3 Path: $S3_REPOSITORY_PATH" | |
| - name: Get short sha and wazuh version | |
| run: | | |
| COMMIT_SHORT_SHA=$(git rev-parse --short ${{ github.sha }}) | |
| WAZUH_VERSION=$(grep -oP '(?<=readonly wazuh_version=").*(?=")' ${{github.workspace}}/install_functions/installVariables.sh) | |
| echo "WAZUH_VERSION=$WAZUH_VERSION" >> $GITHUB_ENV | |
| echo "COMMIT_SHORT_SHA=$COMMIT_SHORT_SHA" >> $GITHUB_ENV | |
| - name: Fill last_stage variable in wazuh-install.sh | |
| if: ${{ inputs.add_last_stage == true }} | |
| run: | | |
| sed -i "s|last_stage=\"\"|last_stage=\"${{ env.LAST_STAGE }}\"|g" ${{ github.workspace }}/install_functions/installVariables.sh | |
| - name: Change files name for stage build adding version and commit sha | |
| if: ${{ inputs.is_stage == false }} | |
| run: | | |
| sed -i 's|${{ env.WAZUH_INSTALL_NAME }}.sh|${{ env.WAZUH_INSTALL_NAME }}-${{ env.VERSION }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}" | |
| sed -i 's|${{ env.WAZUH_CERT_TOOL_NAME }}.sh|${{ env.WAZUH_CERT_TOOL_NAME }}-${{ env.VERSION }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}" | |
| sed -i 's|${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sh|${{ env.WAZUH_PASSWORD_TOOL_NAME }}-${{ env.VERSION }}-${{ env.COMMIT_SHORT_SHA }}.sh|g' "${{ env.BUILDER_PATH }}" | |
| cp ${{ env.CONFIG_FILE_PATH }} ${{ github.workspace }}/config-${{ env.VERSION }}-${{ env.COMMIT_SHORT_SHA }}.yml | |
| - name: Change files name for non-stage build adding version and file_revision | |
| if: ${{ inputs.is_stage == true }} | |
| run: | | |
| sed -i 's|${{ env.WAZUH_INSTALL_NAME }}.sh|${{ env.WAZUH_INSTALL_NAME }}-${{ env.VERSION }}-${{ inputs.file_revision }}.sh|g' "${{ env.BUILDER_PATH }}" | |
| sed -i 's|${{ env.WAZUH_CERT_TOOL_NAME }}.sh|${{ env.WAZUH_CERT_TOOL_NAME }}-${{ env.VERSION }}-${{ inputs.file_revision }}.sh|g' "${{ env.BUILDER_PATH }}" | |
| sed -i 's|${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sh|${{ env.WAZUH_PASSWORD_TOOL_NAME }}-${{ env.VERSION }}-${{ inputs.file_revision }}.sh|g' "${{ env.BUILDER_PATH }}" | |
| cp ${{ env.CONFIG_FILE_PATH }} ${{ github.workspace }}/config-${{ env.VERSION }}-${{ inputs.file_revision }}.yml | |
| - name: Build Installation Assistant packages | |
| run: bash builder.sh -i -c -p | |
| - name: Copy config file for stage build | |
| if: ${{ inputs.is_stage == true }} | |
| run: | | |
| cp ${{ env.CONFIG_FILE_PATH }} ${{ github.workspace }}/config.yml | |
| - name: Save files name | |
| run: | | |
| WAZUH_INSTALL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_INSTALL_NAME }}*.sh | xargs basename) | |
| WAZUH_CERT_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_CERT_TOOL_NAME }}*.sh | xargs basename) | |
| WAZUH_PASSWORD_TOOL_NAME=$(ls ${{ github.workspace }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}*.sh | xargs basename) | |
| CONFIG_FILE_NAME=$(ls ${{ github.workspace }}/config*.yml | xargs basename) | |
| echo "WAZUH_INSTALL_NAME=$WAZUH_INSTALL_NAME" >> $GITHUB_ENV | |
| echo "WAZUH_CERT_TOOL_NAME=$WAZUH_CERT_TOOL_NAME" >> $GITHUB_ENV | |
| echo "WAZUH_PASSWORD_TOOL_NAME=$WAZUH_PASSWORD_TOOL_NAME" >> $GITHUB_ENV | |
| echo "CONFIG_FILE_NAME=$CONFIG_FILE_NAME" >> $GITHUB_ENV | |
| - name: Prepare files | |
| run: | | |
| mkdir -p ${{ github.workspace }}/${{ env.WAZUH_VERSION }} | |
| mv ${{ env.WAZUH_INSTALL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }} | |
| mv ${{ env.WAZUH_CERT_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }} | |
| mv ${{ env.WAZUH_PASSWORD_TOOL_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }} | |
| mv ${{ env.CONFIG_FILE_NAME }} ${{ github.workspace }}/${{ env.WAZUH_VERSION }} | |
| - name: Build packages checksum | |
| if: ${{ inputs.checksum == true }} | |
| run: | | |
| sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512 | |
| sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512 | |
| sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512 | |
| sha512sum ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.CONFIG_FILE_NAME }} > ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.CONFIG_FILE_NAME }}.sha512 | |
| - name: Upload files to S3 | |
| run: | | |
| aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/ | |
| s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_INSTALL_NAME }}" | |
| echo "S3 wazuh-install URI: ${s3uri}" | |
| aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/ | |
| s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_CERT_TOOL_NAME }}" | |
| echo "S3 wazuh-certs-tool URI: ${s3uri}" | |
| aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/ | |
| s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}" | |
| echo "S3 wazuh-passwords-tool URI: ${s3uri}" | |
| aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.CONFIG_FILE_NAME }} s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/ | |
| s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.CONFIG_FILE_NAME }}" | |
| echo "S3 config.yml URI: ${s3uri}" | |
| - name: Upload checksum files to S3 | |
| if: ${{ inputs.checksum == true }} | |
| run: | | |
| aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_INSTALL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/ | |
| s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_INSTALL_NAME }}.sha512" | |
| echo "S3 sha512 wazuh-install checksum URI: ${s3uri}" | |
| aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/ | |
| s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512" | |
| echo "S3 sha512 wazuh-certs-tool checksum URI: ${s3uri}" | |
| aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/ | |
| s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512" | |
| echo "S3 sha512 wazuh-passwords-tool checksum URI: ${s3uri}" | |
| aws s3 cp ${{ github.workspace }}/${{ env.WAZUH_VERSION }}/${{ env.CONFIG_FILE_NAME }}.sha512 s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/ | |
| s3uri="s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.CONFIG_FILE_NAME }}.sha512" | |
| echo "S3 sha512 config.yml checksum URI: ${s3uri}" | |
| - name: Generate Job Summary | |
| if: always() | |
| run: | | |
| echo "## 📦 Build Installation Assistant - Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### Build Information" >> $GITHUB_STEP_SUMMARY | |
| echo "| Parameter | Value |" >> $GITHUB_STEP_SUMMARY | |
| echo "|-----------|-------|" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Wazuh Version** | ${{ env.WAZUH_VERSION }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Version (from VERSION.json)** | ${{ env.VERSION }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Reference** | ${{ inputs.wazuh_installation_assistant_reference }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Commit SHA** | ${{ env.COMMIT_SHORT_SHA }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Is Stage** | ${{ inputs.is_stage }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Add Last Stage** | ${{ inputs.add_last_stage }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "| **Checksum Generated** | ${{ inputs.checksum }} |" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### 📁 Generated Files" >> $GITHUB_STEP_SUMMARY | |
| echo "| File | Name |" >> $GITHUB_STEP_SUMMARY | |
| echo "|------|------|" >> $GITHUB_STEP_SUMMARY | |
| echo "| Installation Assistant | \`${{ env.WAZUH_INSTALL_NAME }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Certificates Tool | \`${{ env.WAZUH_CERT_TOOL_NAME }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Passwords Tool | \`${{ env.WAZUH_PASSWORD_TOOL_NAME }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "| Config File | \`${{ env.CONFIG_FILE_NAME }}\` |" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### 🗂️ S3 Repository Path" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| echo "s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "### 🔗 S3 URIs" >> $GITHUB_STEP_SUMMARY | |
| echo "**Installation Files:**" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_INSTALL_NAME }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_CERT_TOOL_NAME }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.CONFIG_FILE_NAME }}\`" >> $GITHUB_STEP_SUMMARY | |
| if [ "${{ inputs.checksum }}" == "true" ]; then | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Checksum Files:**" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_INSTALL_NAME }}.sha512\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_CERT_TOOL_NAME }}.sha512\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.WAZUH_PASSWORD_TOOL_NAME }}.sha512\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- \`s3://${{ env.S3_BUCKET }}/${{ env.S3_REPOSITORY_PATH }}/${{ env.CONFIG_FILE_NAME }}.sha512\`" >> $GITHUB_STEP_SUMMARY | |
| fi | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "---" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ Build completed successfully!" >> $GITHUB_STEP_SUMMARY |