Enhance and fix some GitHub actions workflows (#4680) (#4695)

AlexRuiz7 · Desvelao · web-flow · commit a69ab758b541 · 2022-10-17T16:44:52.000+02:00
- Create a reusable workflow that uses the prebuit Docker images of development mode to mount the plugin source code and run a command. - Create a workflow to build a package on demand - Create a workflow to check the unit test with jest. Enhanced to use the expected platform. - Create a wildcard workflow to run a command in a development mode * Remove .github/workflows/check-code-integrity.yml Co-authored-by: Alex Ruiz Becerra <alejandro.ruiz.becerra@wazuh.com> (cherry picked from commit abee739) Co-authored-by: Antonio <34042064+Desvelao@users.noreply.github.com>
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,27 @@
+# This workflow builds a production-ready package from the given Git reference.
+# Any branch, tag or commit SHA existing in the origin can be used.
+#
+# This workflow is based on the `dev-environment` workflow.
+
+name: Build
+
+on:
+  workflow_dispatch:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: master
+        description: Source code reference (branch, tag or commit SHA)
+
+jobs:
+  # Build an app package from the given source code reference.
+  build:
+    name: Build app package
+    uses: ./.github/workflows/dev-environment.yml
+    with:
+      reference: ${{ github.event.inputs.reference }}
+      command: 'yarn build'
+      archive_name: 'wazuh-package'
+      archive_path: './wazuh/build'
+    secrets: inherit
diff --git a/.github/workflows/create-wazuh-packages.yml b/.github/workflows/create-wazuh-packages.yml
diff --git a/.github/workflows/dev-environment.yml b/.github/workflows/dev-environment.yml
@@ -0,0 +1,102 @@
+# This workflow downloads the source code at the given git reference
+# (branch, tag or commit), an sets up an environment (Kibana or OpenSearch)
+# to run this code and a command (build, test, ...).
+#
+# This workflow is used as a base for other workflows.
+
+name: Base workflow - Environment
+
+on:
+  workflow_call:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: master
+        description: Source code reference (branch, tag or commit SHA).
+      command:
+        required: true
+        type: string
+        default: 'yarn build'
+        description: Command to run in the environment
+      docker_run_extra_args:
+        type: string
+        default: ''
+        description: Additional paramaters for the docker run command.
+        required: false
+      artifact_name:
+        type: string
+        default: ''
+        description: Artifact name (will be automatically suffixed with .zip)
+        required: false
+      artifact_path:
+        type: string
+        default: ''
+        description: Folder to include in the archive.
+        required: false
+      notify_jest_coverage_summary:
+        type: boolean
+        default: false
+        required: false
+
+jobs:
+  # Deploy the plugin in a development environment and run a command
+  # using a pre-built Docker image, hosted in Quay.io.
+  deploy_and_run_command:
+    name: Deploy and run command
+    runs-on: ubuntu-latest
+    steps:
+      - name: Step 01 - Download the plugin's source code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.reference }}
+          path: wazuh
+
+      # Fix source code ownership so the internal user of the Docker
+      # container is also owner.
+      - name: Step 02 - Change code ownership
+        run: sudo chown 1000:1000 -R wazuh;
+
+      - name: Step 03 - Set up the environment and run the command
+        run: |
+          # Detect which platform to use from source code
+          platform=kbn;
+          echo "Detecting platform [kbn, osd]...";
+          find wazuh/opensearch_dashboards.json && { platform=osd; };
+          echo "Platform is $platform";
+
+          # Read the platform version from the package.json file
+          echo "Reading the platform version from the package.json...";
+          # Support plugins whose version is defined under pluginPlatform or Kibana properties
+          platform_version=$(jq -r '.pluginPlatform.version, .kibana.version | select(. != null)' wazuh/package.json);
+          echo "Plugin platform version: $platform_version";
+
+          # Set the environment variable to the correct platform
+          [ "$platform" = "kbn" ] && { docker_env_plugin_platform="KIBANA_VERSION"; };
+          [ "$platform" = "osd" ] && { docker_env_plugin_platform="OPENSEARCH_DASHBOARDS_VERSION"; };
+
+          # Up the environment and run the command
+          docker run -t --rm \
+            -e ${docker_env_plugin_platform}=${platform_version} \
+            -v `pwd`/wazuh:/home/node/kbn/plugins/wazuh \
+            ${{ inputs.docker_run_extra_args }} \
+            quay.io/wazuh/${platform}-dev:${platform_version} \
+            bash -c '
+              yarn config set registry https://registry.yarnpkg.com;
+              cd /home/node/kbn/plugins/wazuh && yarn && ${{ inputs.command }};
+            '
+
+      - name: Step 04 - Upload artifact to GitHub
+        if: ${{ inputs.artifact_name && inputs.artifact_path }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ inputs.artifact_name }}
+          path: ${{ inputs.artifact_path }}
+
+      - name: Step 05 - Upload coverage results to GitHub
+        if: ${{ inputs.notify_jest_coverage_summary && github.event_name == 'pull_request' }}
+        uses: AthleticNet/comment-test-coverage@1.2.2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          path: ./wazuh/target/test-coverage/coverage-summary.json
+          title: "Code coverage (Jest)"
diff --git a/.github/workflows/playground.yml b/.github/workflows/playground.yml
@@ -0,0 +1,48 @@
+# This workflow allows you to deploy a development environment and run any
+# npm / yarn available command for testing purposes.
+# Any branch, tag or commit SHA existing in the origin can be used.
+#
+# This workflow is based on the `dev-environment` workflow.
+
+name: Playground
+
+on:
+  workflow_dispatch:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: master
+        description: Source code reference (branch, tag or commit SHA).
+      command:
+        required: true
+        type: string
+        default: 'yarn test:jest'
+        description: Command to run in the environment
+      docker_run_extra_args:
+        type: string
+        default: ''
+        description: Additional paramaters for the docker run command.
+        required: false
+      artifact_name:
+        type: string
+        default: ''
+        description: Artifact name (will be automatically suffixed with .zip)
+        required: false
+      artifact_path:
+        type: string
+        default: ''
+        description: Folder to include in the archive.
+        required: false
+
+jobs:
+  deploy_and_run_command:
+    name: Deploy and run command
+    uses: ./.github/workflows/dev-environment.yml
+    with:
+      reference: ${{ github.event.inputs.reference }}
+      command: ${{ github.event.inputs.command }}
+      docker_run_extra_args: ${{ github.event.inputs.docker_run_extra_args }}
+      artifact_name: ${{ github.event.inputs.artifact_name }}
+      artifact_path: ${{ github.event.inputs.artifact_path }}
+    secrets: inherit
diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
@@ -0,0 +1,41 @@
+# This workflow run the unit tests of the app using Jest.
+# Any branch, tag or commit SHA existing in the origin can be used.
+#
+# This workflow is based on the `dev-environment` workflow.
+#
+# Jest is a third-party software https://jestjs.io/
+
+
+name: Run unit test
+
+on:
+  workflow_dispatch:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: master
+        description: Source code reference (branch, tag or commit SHA)
+      command:
+        required: true
+        type: choice
+        default: 'yarn test:jest'
+        description: Select the type of test to run.
+        options:
+        - 'yarn test:jest'
+  pull_request:
+    branches:
+      - 'master'
+      - '*.*-*.*'
+      - '*.*-*.*-wzd'
+
+jobs:
+  # Run unit tests with Jest
+  test:
+    name: Run unit tests
+    uses: ./.github/workflows/dev-environment.yml
+    with:
+      reference: ${{ github.event.inputs.reference }}
+      command: ${{ github.event.inputs.command || 'yarn test:jest' }}
+      notify_jest_coverage_summary: true
+    secrets: inherit
diff --git a/.github/workflows/wazuh-build-push-docker-action.yml b/.github/workflows/wazuh-build-push-docker-action.yml
@@ -0,0 +1,117 @@
+# This is a basic workflow that is manually triggered
+# @deprecated Official Wazuh images must be used instead: https://hub.docker.com/r/wazuh/wazuh
+
+name: Manual workflow build and push docker image
+
+# Controls when the action will run. Workflow runs when manually triggered using the UI
+# or API.
+on:
+  workflow_dispatch:
+    # Inputs the workflow accepts.
+    inputs:
+      build-manager-image:
+        type: boolean
+        description: 'Build manager image'
+        required: false
+      wazuh-manager-version:
+        description: 'Wazuh manager version'
+        default: 'v4.3.8'
+        required: false
+      elastic-manager-version:
+        description: 'Elastic manager version'
+        default: '7.17.0'
+        required: false
+
+      build-agent-image:
+        type: boolean
+        description: 'Build agent image'
+        required: false
+      wazuh-agent-version:
+        description: 'Wazuh agent version'
+        default: 'v4.3.8'
+        required: false
+      elastic-agent-version:
+        description: 'Elastic manager version'
+        default: '7.17.0'
+        required: false
+
+      build-cypress-image:
+        type: boolean
+        description: 'Build cypress image'
+        required: false
+      ubuntu-cypress-branch:
+        description: 'Ubuntu cypress branch: Branch in which the image will be created, this branch must correspond to the wazuh-kibana-app project. It will take the tests written in the wazuh-kibana-app/test/cypress directory.'
+        default: 'main'
+        required: false
+      image-cypress-version:
+        description: 'Image cypress version'
+        default: '3.0.0'
+        required: false
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  job-build-manager-image:
+    if: ${{ github.event.inputs.build-manager-image == 'true' }}
+    name: Run build and push manager image
+    runs-on: ubuntu-latest
+    steps:
+     - name: Step 01 - Download wazuh-kibana-app
+       uses: actions/checkout@v2
+       with:
+          path: wazuh-kibana-app
+     - name: Step 02 - Login to quay.io
+       run: |
+        docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+     - name: Step 03 - Build image
+       run: |
+        cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_manager_filebeat_sources_cmake
+        docker build -t quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }} \
+        --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-manager-version }} \
+        --build-arg FILEBEAT_VERSION=${{ github.event.inputs.elastic-manager-version }} \
+        --build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \
+        --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz .
+     - name: Step 04 - Push image to quay.io
+       run: |
+        docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }}
+
+  job-build-agent-image:
+    if: ${{ github.event.inputs.build-agent-image == 'true' }}
+    name: Run build and push agent image
+    runs-on: ubuntu-latest
+    steps:
+     - name: Step 01 - Download wazuh-kibana-app
+       uses: actions/checkout@v2
+       with:
+          path: wazuh-kibana-app
+     - name: Step 02 - Login to quay.io
+       run: |
+        docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+     - name: Step 03 - Build image
+       run: |
+        cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_agent_ubuntu_sources_cmake
+        docker build -t quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }} \
+        --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-agent-version }} .
+     - name: Step 04 - Push image to quay.io
+       run: |
+        docker push quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }}
+
+  job-build-cypress-image:
+    if: ${{ github.event.inputs.build-cypress-image == 'true' }}
+    name: Run build and push cypress image
+    runs-on: ubuntu-latest
+    steps:
+     - name: Step 01 - Download wazuh-kibana-app
+       uses: actions/checkout@v2
+       with:
+          path: wazuh-kibana-app
+     - name: Step 02 - Login to quay.io
+       run: |
+        docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+     - name: Step 03 - Build image
+       run: |
+        cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/ubuntu-cypress
+        docker build -t quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }} \
+        --build-arg UBUNTU_CYPRESS_BRANCH=${{ github.event.inputs.ubuntu-cypress-branch }} .
+     - name: Step 04 - Push image to quay.io
+       run: |
+        docker push quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }}
diff --git a/.github/workflows/wazuh-unit-test.yml b/.github/workflows/wazuh-unit-test.yml
