-
Notifications
You must be signed in to change notification settings - Fork 186
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enhance and fix some GitHub actions workflows (#4680)
- Create a reusable workflow that uses the prebuit Docker images of development mode to mount the plugin source code and run a command. - Create a workflow to build a package on demand - Create a workflow to check the unit test with jest. Enhanced to use the expected platform. - Create a wildcard workflow to run a command in a development mode * Remove .github/workflows/check-code-integrity.yml Co-authored-by: Alex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com> (cherry picked from commit abee739)
- Loading branch information
Showing
7 changed files
with
335 additions
and
117 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# This workflow builds a production-ready package from the given Git reference. | ||
# Any branch, tag or commit SHA existing in the origin can be used. | ||
# | ||
# This workflow is based on the `dev-environment` workflow. | ||
|
||
name: Build | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
reference: | ||
required: true | ||
type: string | ||
default: master | ||
description: Source code reference (branch, tag or commit SHA) | ||
|
||
jobs: | ||
# Build an app package from the given source code reference. | ||
build: | ||
name: Build app package | ||
uses: ./.github/workflows/dev-environment.yml | ||
with: | ||
reference: ${{ github.event.inputs.reference }} | ||
command: 'yarn build' | ||
archive_name: 'wazuh-package' | ||
archive_path: './wazuh/build' | ||
secrets: inherit |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
# This workflow downloads the source code at the given git reference | ||
# (branch, tag or commit), an sets up an environment (Kibana or OpenSearch) | ||
# to run this code and a command (build, test, ...). | ||
# | ||
# This workflow is used as a base for other workflows. | ||
|
||
name: Base workflow - Environment | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
reference: | ||
required: true | ||
type: string | ||
default: master | ||
description: Source code reference (branch, tag or commit SHA). | ||
command: | ||
required: true | ||
type: string | ||
default: 'yarn build' | ||
description: Command to run in the environment | ||
docker_run_extra_args: | ||
type: string | ||
default: '' | ||
description: Additional paramaters for the docker run command. | ||
required: false | ||
artifact_name: | ||
type: string | ||
default: '' | ||
description: Artifact name (will be automatically suffixed with .zip) | ||
required: false | ||
artifact_path: | ||
type: string | ||
default: '' | ||
description: Folder to include in the archive. | ||
required: false | ||
notify_jest_coverage_summary: | ||
type: boolean | ||
default: false | ||
required: false | ||
|
||
jobs: | ||
# Deploy the plugin in a development environment and run a command | ||
# using a pre-built Docker image, hosted in Quay.io. | ||
deploy_and_run_command: | ||
name: Deploy and run command | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Step 01 - Download the plugin's source code | ||
uses: actions/checkout@v3 | ||
with: | ||
ref: ${{ inputs.reference }} | ||
path: wazuh | ||
|
||
# Fix source code ownership so the internal user of the Docker | ||
# container is also owner. | ||
- name: Step 02 - Change code ownership | ||
run: sudo chown 1000:1000 -R wazuh; | ||
|
||
- name: Step 03 - Set up the environment and run the command | ||
run: | | ||
# Detect which platform to use from source code | ||
platform=kbn; | ||
echo "Detecting platform [kbn, osd]..."; | ||
find wazuh/opensearch_dashboards.json && { platform=osd; }; | ||
echo "Platform is $platform"; | ||
# Read the platform version from the package.json file | ||
echo "Reading the platform version from the package.json..."; | ||
# Support plugins whose version is defined under pluginPlatform or Kibana properties | ||
platform_version=$(jq -r '.pluginPlatform.version, .kibana.version | select(. != null)' wazuh/package.json); | ||
echo "Plugin platform version: $platform_version"; | ||
# Set the environment variable to the correct platform | ||
[ "$platform" = "kbn" ] && { docker_env_plugin_platform="KIBANA_VERSION"; }; | ||
[ "$platform" = "osd" ] && { docker_env_plugin_platform="OPENSEARCH_DASHBOARDS_VERSION"; }; | ||
# Up the environment and run the command | ||
docker run -t --rm \ | ||
-e ${docker_env_plugin_platform}=${platform_version} \ | ||
-v `pwd`/wazuh:/home/node/kbn/plugins/wazuh \ | ||
${{ inputs.docker_run_extra_args }} \ | ||
quay.io/wazuh/${platform}-dev:${platform_version} \ | ||
bash -c ' | ||
yarn config set registry https://registry.yarnpkg.com; | ||
cd /home/node/kbn/plugins/wazuh && yarn && ${{ inputs.command }}; | ||
' | ||
- name: Step 04 - Upload artifact to GitHub | ||
if: ${{ inputs.artifact_name && inputs.artifact_path }} | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: ${{ inputs.artifact_name }} | ||
path: ${{ inputs.artifact_path }} | ||
|
||
- name: Step 05 - Upload coverage results to GitHub | ||
if: ${{ inputs.notify_jest_coverage_summary && github.event_name == 'pull_request' }} | ||
uses: AthleticNet/comment-test-coverage@1.2.2 | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
path: ./wazuh/target/test-coverage/coverage-summary.json | ||
title: "Code coverage (Jest)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# This workflow allows you to deploy a development environment and run any | ||
# npm / yarn available command for testing purposes. | ||
# Any branch, tag or commit SHA existing in the origin can be used. | ||
# | ||
# This workflow is based on the `dev-environment` workflow. | ||
|
||
name: Playground | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
reference: | ||
required: true | ||
type: string | ||
default: master | ||
description: Source code reference (branch, tag or commit SHA). | ||
command: | ||
required: true | ||
type: string | ||
default: 'yarn test:jest' | ||
description: Command to run in the environment | ||
docker_run_extra_args: | ||
type: string | ||
default: '' | ||
description: Additional paramaters for the docker run command. | ||
required: false | ||
artifact_name: | ||
type: string | ||
default: '' | ||
description: Artifact name (will be automatically suffixed with .zip) | ||
required: false | ||
artifact_path: | ||
type: string | ||
default: '' | ||
description: Folder to include in the archive. | ||
required: false | ||
|
||
jobs: | ||
deploy_and_run_command: | ||
name: Deploy and run command | ||
uses: ./.github/workflows/dev-environment.yml | ||
with: | ||
reference: ${{ github.event.inputs.reference }} | ||
command: ${{ github.event.inputs.command }} | ||
docker_run_extra_args: ${{ github.event.inputs.docker_run_extra_args }} | ||
artifact_name: ${{ github.event.inputs.artifact_name }} | ||
artifact_path: ${{ github.event.inputs.artifact_path }} | ||
secrets: inherit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# This workflow run the unit tests of the app using Jest. | ||
# Any branch, tag or commit SHA existing in the origin can be used. | ||
# | ||
# This workflow is based on the `dev-environment` workflow. | ||
# | ||
# Jest is a third-party software https://jestjs.io/ | ||
|
||
|
||
name: Run unit test | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
reference: | ||
required: true | ||
type: string | ||
default: master | ||
description: Source code reference (branch, tag or commit SHA) | ||
command: | ||
required: true | ||
type: choice | ||
default: 'yarn test:jest' | ||
description: Select the type of test to run. | ||
options: | ||
- 'yarn test:jest' | ||
pull_request: | ||
branches: | ||
- 'master' | ||
- '*.*-*.*' | ||
- '*.*-*.*-wzd' | ||
|
||
jobs: | ||
# Run unit tests with Jest | ||
test: | ||
name: Run unit tests | ||
uses: ./.github/workflows/dev-environment.yml | ||
with: | ||
reference: ${{ github.event.inputs.reference }} | ||
command: ${{ github.event.inputs.command || 'yarn test:jest' }} | ||
notify_jest_coverage_summary: true | ||
secrets: inherit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
# This is a basic workflow that is manually triggered | ||
# @deprecated Official Wazuh images must be used instead: https://hub.docker.com/r/wazuh/wazuh | ||
|
||
name: Manual workflow build and push docker image | ||
|
||
# Controls when the action will run. Workflow runs when manually triggered using the UI | ||
# or API. | ||
on: | ||
workflow_dispatch: | ||
# Inputs the workflow accepts. | ||
inputs: | ||
build-manager-image: | ||
type: boolean | ||
description: 'Build manager image' | ||
required: false | ||
wazuh-manager-version: | ||
description: 'Wazuh manager version' | ||
default: 'v4.3.8' | ||
required: false | ||
elastic-manager-version: | ||
description: 'Elastic manager version' | ||
default: '7.17.0' | ||
required: false | ||
|
||
build-agent-image: | ||
type: boolean | ||
description: 'Build agent image' | ||
required: false | ||
wazuh-agent-version: | ||
description: 'Wazuh agent version' | ||
default: 'v4.3.8' | ||
required: false | ||
elastic-agent-version: | ||
description: 'Elastic manager version' | ||
default: '7.17.0' | ||
required: false | ||
|
||
build-cypress-image: | ||
type: boolean | ||
description: 'Build cypress image' | ||
required: false | ||
ubuntu-cypress-branch: | ||
description: 'Ubuntu cypress branch: Branch in which the image will be created, this branch must correspond to the wazuh-kibana-app project. It will take the tests written in the wazuh-kibana-app/test/cypress directory.' | ||
default: 'main' | ||
required: false | ||
image-cypress-version: | ||
description: 'Image cypress version' | ||
default: '3.0.0' | ||
required: false | ||
|
||
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | ||
jobs: | ||
job-build-manager-image: | ||
if: ${{ github.event.inputs.build-manager-image == 'true' }} | ||
name: Run build and push manager image | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Step 01 - Download wazuh-kibana-app | ||
uses: actions/checkout@v2 | ||
with: | ||
path: wazuh-kibana-app | ||
- name: Step 02 - Login to quay.io | ||
run: | | ||
docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io | ||
- name: Step 03 - Build image | ||
run: | | ||
cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_manager_filebeat_sources_cmake | ||
docker build -t quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }} \ | ||
--build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-manager-version }} \ | ||
--build-arg FILEBEAT_VERSION=${{ github.event.inputs.elastic-manager-version }} \ | ||
--build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \ | ||
--build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz . | ||
- name: Step 04 - Push image to quay.io | ||
run: | | ||
docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }} | ||
job-build-agent-image: | ||
if: ${{ github.event.inputs.build-agent-image == 'true' }} | ||
name: Run build and push agent image | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Step 01 - Download wazuh-kibana-app | ||
uses: actions/checkout@v2 | ||
with: | ||
path: wazuh-kibana-app | ||
- name: Step 02 - Login to quay.io | ||
run: | | ||
docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io | ||
- name: Step 03 - Build image | ||
run: | | ||
cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_agent_ubuntu_sources_cmake | ||
docker build -t quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }} \ | ||
--build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-agent-version }} . | ||
- name: Step 04 - Push image to quay.io | ||
run: | | ||
docker push quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }} | ||
job-build-cypress-image: | ||
if: ${{ github.event.inputs.build-cypress-image == 'true' }} | ||
name: Run build and push cypress image | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Step 01 - Download wazuh-kibana-app | ||
uses: actions/checkout@v2 | ||
with: | ||
path: wazuh-kibana-app | ||
- name: Step 02 - Login to quay.io | ||
run: | | ||
docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io | ||
- name: Step 03 - Build image | ||
run: | | ||
cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/ubuntu-cypress | ||
docker build -t quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }} \ | ||
--build-arg UBUNTU_CYPRESS_BRANCH=${{ github.event.inputs.ubuntu-cypress-branch }} . | ||
- name: Step 04 - Push image to quay.io | ||
run: | | ||
docker push quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }} |
Oops, something went wrong.