[Backport 4.4-7.16] Enhance and fix some GitHub actions workflows (#4692)

Enhance and fix some GitHub actions workflows (#4680)

- Create a reusable workflow that uses the prebuit Docker images of
development mode to mount the plugin source code and run a command.
- Create a workflow to build a package on demand
- Create a workflow to check the unit test with jest. Enhanced to use the
expected platform.
- Create a wildcard workflow to run a command in a development mode

* Remove .github/workflows/check-code-integrity.yml

Co-authored-by: Alex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com>
(cherry picked from commit abee739)

Co-authored-by: Antonio <34042064+Desvelao@users.noreply.github.com>

Author: github-actions[bot]

.github/workflows/build.yml

@@ -0,0 +1,27 @@
+# This workflow builds a production-ready package from the given Git reference.
+# Any branch, tag or commit SHA existing in the origin can be used.
+#
+# This workflow is based on the `dev-environment` workflow.
+
+name: Build
+
+on:
+  workflow_dispatch:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: master
+        description: Source code reference (branch, tag or commit SHA)
+
+jobs:
+  # Build an app package from the given source code reference.
+  build:
+    name: Build app package
+    uses: ./.github/workflows/dev-environment.yml
+    with:
+      reference: ${{ github.event.inputs.reference }}
+      command: 'yarn build'
+      archive_name: 'wazuh-package'
+      archive_path: './wazuh/build'
+    secrets: inherit

.github/workflows/create-wazuh-packages.yml

@@ -0,0 +1,102 @@
+# This workflow downloads the source code at the given git reference
+# (branch, tag or commit), an sets up an environment (Kibana or OpenSearch)
+# to run this code and a command (build, test, ...).
+#
+# This workflow is used as a base for other workflows.
+
+name: Base workflow - Environment
+
+on:
+  workflow_call:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: master
+        description: Source code reference (branch, tag or commit SHA).
+      command:
+        required: true
+        type: string
+        default: 'yarn build'
+        description: Command to run in the environment
+      docker_run_extra_args:
+        type: string
+        default: ''
+        description: Additional paramaters for the docker run command.
+        required: false
+      artifact_name:
+        type: string
+        default: ''
+        description: Artifact name (will be automatically suffixed with .zip)
+        required: false
+      artifact_path:
+        type: string
+        default: ''
+        description: Folder to include in the archive.
+        required: false
+      notify_jest_coverage_summary:
+        type: boolean
+        default: false
+        required: false
+
+jobs:
+  # Deploy the plugin in a development environment and run a command
+  # using a pre-built Docker image, hosted in Quay.io.
+  deploy_and_run_command:
+    name: Deploy and run command
+    runs-on: ubuntu-latest
+    steps:
+      - name: Step 01 - Download the plugin's source code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.reference }}
+          path: wazuh
+
+      # Fix source code ownership so the internal user of the Docker
+      # container is also owner.
+      - name: Step 02 - Change code ownership
+        run: sudo chown 1000:1000 -R wazuh;
+
+      - name: Step 03 - Set up the environment and run the command
+        run: |
+          # Detect which platform to use from source code
+          platform=kbn;
+          echo "Detecting platform [kbn, osd]...";
+          find wazuh/opensearch_dashboards.json && { platform=osd; };
+          echo "Platform is $platform";
+
+          # Read the platform version from the package.json file
+          echo "Reading the platform version from the package.json...";
+          # Support plugins whose version is defined under pluginPlatform or Kibana properties
+          platform_version=$(jq -r '.pluginPlatform.version, .kibana.version | select(. != null)' wazuh/package.json);
+          echo "Plugin platform version: $platform_version";
+
+          # Set the environment variable to the correct platform
+          [ "$platform" = "kbn" ] && { docker_env_plugin_platform="KIBANA_VERSION"; };
+          [ "$platform" = "osd" ] && { docker_env_plugin_platform="OPENSEARCH_DASHBOARDS_VERSION"; };
+
+          # Up the environment and run the command
+          docker run -t --rm \
+            -e ${docker_env_plugin_platform}=${platform_version} \
+            -v `pwd`/wazuh:/home/node/kbn/plugins/wazuh \
+            ${{ inputs.docker_run_extra_args }} \
+            quay.io/wazuh/${platform}-dev:${platform_version} \
+            bash -c '
+              yarn config set registry https://registry.yarnpkg.com;
+              cd /home/node/kbn/plugins/wazuh && yarn && ${{ inputs.command }};
+            '
+
+      - name: Step 04 - Upload artifact to GitHub
+        if: ${{ inputs.artifact_name && inputs.artifact_path }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ inputs.artifact_name }}
+          path: ${{ inputs.artifact_path }}
+
+      - name: Step 05 - Upload coverage results to GitHub
+        if: ${{ inputs.notify_jest_coverage_summary && github.event_name == 'pull_request' }}
+        uses: AthleticNet/comment-test-coverage@1.2.2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          path: ./wazuh/target/test-coverage/coverage-summary.json
+          title: "Code coverage (Jest)"

.github/workflows/dev-environment.yml

@@ -0,0 +1,48 @@
+# This workflow allows you to deploy a development environment and run any
+# npm / yarn available command for testing purposes.
+# Any branch, tag or commit SHA existing in the origin can be used.
+#
+# This workflow is based on the `dev-environment` workflow.
+
+name: Playground
+
+on:
+  workflow_dispatch:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: master
+        description: Source code reference (branch, tag or commit SHA).
+      command:
+        required: true
+        type: string
+        default: 'yarn test:jest'
+        description: Command to run in the environment
+      docker_run_extra_args:
+        type: string
+        default: ''
+        description: Additional paramaters for the docker run command.
+        required: false
+      artifact_name:
+        type: string
+        default: ''
+        description: Artifact name (will be automatically suffixed with .zip)
+        required: false
+      artifact_path:
+        type: string
+        default: ''
+        description: Folder to include in the archive.
+        required: false
+
+jobs:
+  deploy_and_run_command:
+    name: Deploy and run command
+    uses: ./.github/workflows/dev-environment.yml
+    with:
+      reference: ${{ github.event.inputs.reference }}
+      command: ${{ github.event.inputs.command }}
+      docker_run_extra_args: ${{ github.event.inputs.docker_run_extra_args }}
+      artifact_name: ${{ github.event.inputs.artifact_name }}
+      artifact_path: ${{ github.event.inputs.artifact_path }}
+    secrets: inherit

.github/workflows/playground.yml

@@ -0,0 +1,41 @@
+# This workflow run the unit tests of the app using Jest.
+# Any branch, tag or commit SHA existing in the origin can be used.
+#
+# This workflow is based on the `dev-environment` workflow.
+#
+# Jest is a third-party software https://jestjs.io/
+
+
+name: Run unit test
+
+on:
+  workflow_dispatch:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: master
+        description: Source code reference (branch, tag or commit SHA)
+      command:
+        required: true
+        type: choice
+        default: 'yarn test:jest'
+        description: Select the type of test to run.
+        options:
+        - 'yarn test:jest'
+  pull_request:
+    branches:
+      - 'master'
+      - '*.*-*.*'
+      - '*.*-*.*-wzd'
+
+jobs:
+  # Run unit tests with Jest
+  test:
+    name: Run unit tests
+    uses: ./.github/workflows/dev-environment.yml
+    with:
+      reference: ${{ github.event.inputs.reference }}
+      command: ${{ github.event.inputs.command || 'yarn test:jest' }}
+      notify_jest_coverage_summary: true
+    secrets: inherit

.github/workflows/unit-test.yml

@@ -1,4 +1,5 @@
 # This is a basic workflow that is manually triggered
+# @deprecated Official Wazuh images must be used instead: https://hub.docker.com/r/wazuh/wazuh
 
 name: Manual workflow build and push docker image
 
@@ -12,24 +13,24 @@ on:
         type: boolean
         description: 'Build manager image'
         required: false
-      wazuh-manager-version: 
+      wazuh-manager-version:
         description: 'Wazuh manager version'
         default: 'v4.3.8'
         required: false
-      elastic-manager-version: 
+      elastic-manager-version:
         description: 'Elastic manager version'
         default: '7.17.0'
-        required: false   
-     
+        required: false
+
       build-agent-image:
         type: boolean
         description: 'Build agent image'
         required: false
-      wazuh-agent-version: 
+      wazuh-agent-version:
         description: 'Wazuh agent version'
         default: 'v4.3.8'
         required: false
-      elastic-agent-version: 
+      elastic-agent-version:
         description: 'Elastic manager version'
         default: '7.17.0'
         required: false
@@ -38,11 +39,11 @@ on:
         type: boolean
         description: 'Build cypress image'
         required: false
-      ubuntu-cypress-branch: 
+      ubuntu-cypress-branch:
         description: 'Ubuntu cypress branch: Branch in which the image will be created, this branch must correspond to the wazuh-kibana-app project. It will take the tests written in the wazuh-kibana-app/test/cypress directory.'
         default: 'main'
         required: false
-      image-cypress-version: 
+      image-cypress-version:
         description: 'Image cypress version'
         default: '3.0.0'
         required: false
@@ -58,7 +59,7 @@ jobs:
        uses: actions/checkout@v2
        with:
           path: wazuh-kibana-app
-     - name: Step 02 - Login to quay.io 
+     - name: Step 02 - Login to quay.io
        run: |
         docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
      - name: Step 03 - Build image
@@ -70,7 +71,7 @@ jobs:
         --build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \
         --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz .
      - name: Step 04 - Push image to quay.io
-       run: | 
+       run: |
         docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }}
 
   job-build-agent-image:
@@ -91,7 +92,7 @@ jobs:
         docker build -t quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }} \
         --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-agent-version }} .
      - name: Step 04 - Push image to quay.io
-       run: | 
+       run: |
         docker push quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }}
 
   job-build-cypress-image:
@@ -112,5 +113,5 @@ jobs:
         docker build -t quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }} \
         --build-arg UBUNTU_CYPRESS_BRANCH=${{ github.event.inputs.ubuntu-cypress-branch }} .
      - name: Step 04 - Push image to quay.io
-       run: | 
+       run: |
         docker push quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }}