Build rpm wazuh-dashboard on aarch64 #45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| run-name: Build ${{ inputs.system }} wazuh-dashboard on ${{ inputs.architecture }} ${{ inputs.is_stage && '- is stage' || '' }} ${{ inputs.checksum && '- checksum' || '' }} ${{ inputs.id }} | |
| name: Build Wazuh dashboard with plugins | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| system: | |
| type: choice | |
| description: 'Package OS' | |
| required: true | |
| options: | |
| - deb | |
| - rpm | |
| default: 'deb' | |
| architecture: | |
| type: choice | |
| description: 'Package architecture' | |
| required: true | |
| options: | |
| - amd64 | |
| - x86_64 | |
| - aarch64 | |
| - arm64 | |
| default: amd64 | |
| revision: | |
| type: string | |
| description: 'Package revision' | |
| required: true | |
| default: '0' | |
| reference_security_plugins: | |
| type: string | |
| description: 'Branch/tag/commit of the wazuh-security-dashboards-plugin repository to build the security plugin' | |
| required: true | |
| default: 'main' | |
| reference_wazuh_plugins: | |
| type: string | |
| description: 'Branch/tag/commit of the wazuh-dashboard-plugins repository to build the main plugins' | |
| required: true | |
| default: 'main' | |
| is_stage: | |
| type: boolean | |
| description: 'Set production nomenclature' | |
| required: true | |
| default: false | |
| checksum: | |
| type: boolean | |
| description: 'Generate package checksum' | |
| required: true | |
| default: false | |
| id: | |
| description: 'ID used to identify the workflow uniquely.' | |
| type: string | |
| required: false | |
| workflow_call: | |
| inputs: | |
| system: | |
| type: string | |
| required: true | |
| default: 'deb' | |
| architecture: | |
| type: string | |
| required: true | |
| default: amd64 | |
| revision: | |
| type: string | |
| required: true | |
| default: '0' | |
| reference_security_plugins: | |
| type: string | |
| required: true | |
| default: 'main' | |
| reference_wazuh_plugins: | |
| type: string | |
| required: true | |
| default: 'main' | |
| is_stage: | |
| type: boolean | |
| required: true | |
| default: false | |
| checksum: | |
| type: boolean | |
| required: true | |
| default: false | |
| id: | |
| type: string | |
| required: false | |
| jobs: | |
| # setup-variables: | |
| # runs-on: ${{ (inputs.architecture == 'arm64' || inputs.architecture == 'aarch64') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} | |
| # name: Setup variables | |
| # outputs: | |
| # CURRENT_DIR: ${{ steps.setup-variables.outputs.CURRENT_DIR }} | |
| # VERSION: ${{ steps.setup-variables.outputs.VERSION }} | |
| # PREVIOUS: ${{ steps.setup-variables.outputs.PREVIOUS }} | |
| # REVISION: ${{ steps.setup-variables.outputs.REVISION }} | |
| # COMMIT_SHA: ${{ steps.setup-variables.outputs.COMMIT_SHA }} | |
| # PLUGINS_SHA: ${{ steps.setup-variables.outputs.PLUGINS_SHA }} | |
| # SECURITY_SHA: ${{ steps.setup-variables.outputs.SECURITY_SHA }} | |
| # PRODUCTION: ${{ steps.setup-variables.outputs.PRODUCTION }} | |
| # WAZUH_DASHBOARD_SLIM: ${{ steps.setup-variables.outputs.WAZUH_DASHBOARD_SLIM }} | |
| # WAZUH_SECURITY_PLUGIN: ${{ steps.setup-variables.outputs.WAZUH_SECURITY_PLUGIN }} | |
| # WAZUH_PLUGINS_WAZUH: ${{ steps.setup-variables.outputs.WAZUH_PLUGINS_WAZUH }} | |
| # WAZUH_PLUGINS_CORE: ${{ steps.setup-variables.outputs.WAZUH_PLUGINS_CORE }} | |
| # WAZUH_PLUGINS_CHECK_UPDATES: ${{ steps.setup-variables.outputs.WAZUH_PLUGINS_CHECK_UPDATES }} | |
| # PACKAGE_NAME: ${{ steps.setup-variables.outputs.PACKAGE_NAME }} | |
| # ARCHITECTURE_FLAG: ${{ steps.setup-variables.outputs.ARCHITECTURE_FLAG }} | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v4 | |
| # - name: Setup Node | |
| # uses: actions/setup-node@v4 | |
| # with: | |
| # node-version-file: '.nvmrc' | |
| # registry-url: 'https://registry.npmjs.org' | |
| # - name: Prepare environment | |
| # id: prepare-environment | |
| # run: | |
| # sudo curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && sudo chmod 644 /usr/share/keyrings/wazuh.gpg | |
| # sudo echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee -a /etc/apt/sources.list.d/wazuh.list | |
| # sudo apt-get update | |
| # - name: Get SHA of wazuh-dashboard-plugins | |
| # id: get-plugins-sha | |
| # run: | | |
| # git clone -b ${{ inputs.reference_wazuh_plugins }} --single-branch https://github.com/wazuh/wazuh-dashboard-plugins.git wzdp | |
| # cd wzdp | |
| # echo "WAZUH_PLUGINS_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| # - name: Get SHA of wazuh-security-dashboards-plugin | |
| # id: get-security-sha | |
| # run: | | |
| # git clone -b ${{ inputs.reference_security_plugins }} --single-branch https://github.com/wazuh/wazuh-security-dashboards-plugin.git wzsp | |
| # cd wzsp | |
| # echo "WAZUH_SECURITY_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| # - name: Setup variables | |
| # id: setup-variables | |
| # run: | | |
| # CURRENT_DIR=$(pwd -P) | |
| # VERSION=$(jq -r '.version' VERSION.json) | |
| # # Check the corresponding previous version to be used in the upgrade test | |
| # PREVIOUS=$(apt-cache madison wazuh-dashboard | grep -A 1 "$VERSION" | tail -1 | awk '{print $3}') | |
| # if [ -z "$PREVIOUS" ]; then | |
| # MAJOR_MINOR=$(echo "$VERSION" | cut -d '.' -f 1,2) | |
| # PREVIOUS=$(apt-cache madison wazuh-dashboard | grep "$MAJOR_MINOR" | head -1 | awk '{print $3}') | |
| # fi | |
| # if [ -z "$PREVIOUS" ]; then | |
| # PREVIOUS=$(apt-cache madison wazuh-dashboard | head -1 | awk '{print $3}') | |
| # fi | |
| # if [ -z "$PREVIOUS" ]; then | |
| # echo "::warning No previous version::No previous version found for this architecture. Upgrade test will be skipped." | |
| # fi | |
| # REVISION=$(yarn --silent wzd-revision) | |
| # COMMIT_SHA=$(git rev-parse --short HEAD) | |
| # PLUGINS_SHA=${{steps.get-plugins-sha.outputs.WAZUH_PLUGINS_SHA}} | |
| # SECURITY_SHA=${{steps.get-security-sha.outputs.WAZUH_SECURITY_SHA}} | |
| # if [ "${{ inputs.is_stage }}" = "true" ]; then | |
| # PRODUCTION=--production | |
| # else | |
| # PRODUCTION="" | |
| # fi | |
| # WAZUH_DASHBOARD_SLIM=wazuh-dashboard_${VERSION}-${REVISION}_${{ (inputs.ARCHITECTURE == 'x86_64' || inputs.ARCHITECTURE == 'amd64') && 'x64' || 'arm64' }}.tar.gz | |
| # WAZUH_SECURITY_PLUGIN=wazuh-security-dashboards-plugin_${VERSION}-${REVISION}_$(echo ${{ inputs.reference_security_plugins }} | sed 's/\//-/g').zip | |
| # WAZUH_PLUGINS_WAZUH=wazuh-dashboard-plugins_wazuh_${VERSION}-${REVISION}_$(echo ${{ inputs.reference_wazuh_plugins }} | sed 's/\//-/g').zip | |
| # WAZUH_PLUGINS_CORE=wazuh-dashboard-plugins_wazuh-core_${VERSION}-${REVISION}_$(echo ${{ inputs.reference_wazuh_plugins }} | sed 's/\//-/g').zip | |
| # WAZUH_PLUGINS_CHECK_UPDATES=wazuh-dashboard-plugins_wazuh-check-updates_${VERSION}-${REVISION}_$(echo ${{ inputs.reference_wazuh_plugins }} | sed 's/\//-/g').zip | |
| # if [ "${{ inputs.system }}" = "deb" ]; then | |
| # if [ "${{ inputs.is_stage }}" = "true" ]; then | |
| # PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}.deb | |
| # else | |
| # PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}-${PLUGINS_SHA}-${SECURITY_SHA}.deb | |
| # fi | |
| # else | |
| # if [ "${{ inputs.is_stage }}" = "true" ]; then | |
| # PACKAGE_NAME=wazuh-dashboard-${VERSION}-${{ inputs.revision }}.${{ inputs.architecture }}.rpm | |
| # else | |
| # PACKAGE_NAME=wazuh-dashboard_${VERSION}-${{ inputs.revision }}_${{ inputs.architecture }}_${COMMIT_SHA}-${PLUGINS_SHA}-${SECURITY_SHA}.rpm | |
| # fi | |
| # fi | |
| # if [[ "${{ inputs.architecture }}" == "x86_64" || "${{ inputs.architecture }}" == "amd64" ]]; then | |
| # ARCHITECTURE_FLAG="" | |
| # else | |
| # ARCHITECTURE_FLAG=--arm | |
| # fi | |
| # echo "CURRENT_DIR=$CURRENT_DIR" >> $GITHUB_OUTPUT | |
| # echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
| # echo "PREVIOUS=$PREVIOUS" >> $GITHUB_OUTPUT | |
| # echo "REVISION=$REVISION" >> $GITHUB_OUTPUT | |
| # echo "COMMIT_SHA=$COMMIT_SHA" >> $GITHUB_OUTPUT | |
| # echo "PLUGINS_SHA=$PLUGINS_SHA" >> $GITHUB_OUTPUT | |
| # echo "SECURITY_SHA=$SECURITY_SHA" >> $GITHUB_OUTPUT | |
| # echo "PRODUCTION=$PRODUCTION" >> $GITHUB_OUTPUT | |
| # echo "WAZUH_DASHBOARD_SLIM=$WAZUH_DASHBOARD_SLIM" >> $GITHUB_OUTPUT | |
| # echo "WAZUH_SECURITY_PLUGIN=$WAZUH_SECURITY_PLUGIN" >> $GITHUB_OUTPUT | |
| # echo "WAZUH_PLUGINS_WAZUH=$WAZUH_PLUGINS_WAZUH" >> $GITHUB_OUTPUT | |
| # echo "WAZUH_PLUGINS_CORE=$WAZUH_PLUGINS_CORE" >> $GITHUB_OUTPUT | |
| # echo "WAZUH_PLUGINS_CHECK_UPDATES=$WAZUH_PLUGINS_CHECK_UPDATES" >> $GITHUB_OUTPUT | |
| # echo "PACKAGE_NAME=$PACKAGE_NAME" >> $GITHUB_OUTPUT | |
| # echo "ARCHITECTURE_FLAG=$ARCHITECTURE_FLAG" >> $GITHUB_OUTPUT | |
| # validate-job: | |
| # runs-on: ubuntu-24.04 | |
| # needs: setup-variables | |
| # name: Validate inputs | |
| # steps: | |
| # - name: Validate inputs | |
| # run: | | |
| # if [[ "${{ inputs.architecture }}" == "amd64" || "${{ inputs.architecture }}" == "arm64" ]] && [[ "${{ inputs.system }}" == "rpm" ]]; then | |
| # echo "Invalid combination of architecture and system" | |
| # exit 1 | |
| # fi | |
| # if [[ "${{ inputs.architecture }}" == "x86_64" || "${{ inputs.architecture }}" == "aarch64" ]] && [[ "${{ inputs.system }}" == "deb" ]]; then | |
| # echo "Invalid combination of architecture and system" | |
| # exit 1 | |
| # fi | |
| # build-package: | |
| # needs: [setup-variables] | |
| # runs-on: ${{ (inputs.architecture == 'arm64' || inputs.architecture == 'aarch64') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} | |
| # name: Generate packages | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v4 | |
| # - name: Setup Node | |
| # uses: actions/setup-node@v4 | |
| # with: | |
| # node-version-file: '.nvmrc' | |
| # registry-url: 'https://registry.npmjs.org' | |
| # - name: Build package | |
| # run: | | |
| # mkdir -p ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output | |
| # if [ "${{ inputs.system }}" = "deb" ]; then | |
| # curl -o ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-dashboard/wazuh-dashboard_4.11.2-1_amd64.deb | |
| # else | |
| # curl -o ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} https://packages.wazuh.com/4.x/yum/wazuh-dashboard-4.11.2-1.x86_64.rpm | |
| # fi; | |
| # - name: Upload artifact | |
| # uses: actions/upload-artifact@v4 | |
| # if: success() | |
| # with: | |
| # name: ${{needs.setup-variables.outputs.PACKAGE_NAME}} | |
| # path: ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} | |
| # retention-days: 30 | |
| # overwrite: true | |
| # test-package-deb: | |
| # needs: [setup-variables,build-package] | |
| # runs-on: ${{ inputs.architecture == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }} | |
| # if: ${{ inputs.system == 'deb' }} | |
| # name: Test DEB package | |
| # steps: | |
| # - name: Download artifact | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: ${{needs.setup-variables.outputs.PACKAGE_NAME}} | |
| # path: ./ | |
| # - name: Test package install/uninstall | |
| # run: | | |
| # sudo dpkg -i ./${{needs.setup-variables.outputs.PACKAGE_NAME}} | |
| # if dpkg-query -W -f='${Status}' wazuh-dashboard 2>/dev/null | grep -q "install ok installed"; then | |
| # echo "Package installed" | |
| # else | |
| # echo "Package not installed" | |
| # exit 1 | |
| # fi | |
| # sudo systemctl daemon-reload | |
| # sudo systemctl enable wazuh-dashboard | |
| # sudo systemctl start wazuh-dashboard | |
| # if sudo systemctl status wazuh-dashboard | grep -q "active (running)"; then | |
| # echo "Service running" | |
| # else | |
| # echo "Service not running" | |
| # exit 1 | |
| # fi | |
| # sudo apt-get remove --purge wazuh-dashboard -y | |
| # if dpkg-query -W -f='${Status}' wazuh-dashboard 2>/dev/null | grep -q "install ok installed"; then | |
| # echo "Package not uninstalled" | |
| # exit 1 | |
| # else | |
| # echo "Package uninstalled" | |
| # fi | |
| # - name: Test package upgrade | |
| # if: ${{ needs.setup-variables.outputs.PREVIOUS != '' }} | |
| # run: | | |
| # sudo apt-get install debhelper tar curl libcap2-bin #debhelper version 9 or later | |
| # sudo apt-get install gnupg apt-transport-https | |
| # sudo curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && sudo chmod 644 /usr/share/keyrings/wazuh.gpg | |
| # sudo echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | sudo tee -a /etc/apt/sources.list.d/wazuh.list | |
| # sudo apt-get update | |
| # sudo apt-get -y install wazuh-dashboard=${{needs.setup-variables.outputs.PREVIOUS}} | |
| # sudo systemctl daemon-reload | |
| # sudo systemctl enable wazuh-dashboard | |
| # sudo systemctl start wazuh-dashboard | |
| # sudo dpkg -i ./${{needs.setup-variables.outputs.PACKAGE_NAME}} | |
| # sudo systemctl restart wazuh-dashboard | |
| # if dpkg -s wazuh-dashboard | grep '^Version:' | grep -q "${{needs.setup-variables.outputs.VERSION}}"; then | |
| # echo "Package upgraded" | |
| # else | |
| # echo "Package not upgraded" | |
| # exit 1 | |
| # fi | |
| # if sudo systemctl status wazuh-dashboard | grep -q "active (running)"; then | |
| # echo "Service running" | |
| # else | |
| # echo "Service not running" | |
| # exit 1 | |
| # fi | |
| test-package-rpm: | |
| # needs: [setup-variables] | |
| runs-on: ${{ inputs.architecture == 'aarch64' && 'macos-15' || 'macos-13' }} | |
| if: ${{ inputs.system == 'rpm' }} | |
| name: Test RPM packages | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{needs.setup-variables.outputs.PACKAGE_NAME}} | |
| path: ./ | |
| - name: Prepare environment | |
| run: | | |
| brew install qemu | |
| brew tap hashicorp/tap | |
| brew install hashicorp/tap/hashicorp-vagrant | |
| vagrant plugin install vagrant-qemu | |
| vagrant init rockylinux/9 | |
| vagrant up --provider=qemu | |
| - name: Test package install/uninstall | |
| run: | | |
| echo "Package uninstalled" | |
| - name: Test package upgrade | |
| if: ${{ needs.setup-variables.outputs.PREVIOUS != '' }} | |
| run: | | |
| echo "Service not running" | |
| # - name: Setup RPM environment | |
| # if: ${{ inputs.system == 'rpm' }} | |
| # run: | | |
| # sudo apt-get install software-properties-common | |
| # sudo apt-add-repository -y ppa:rael-gc/rvm | |
| # sudo apt-get update | |
| # sudo apt-get install rvm | |
| # sudo usermod -a -G rvm $USER | |
| # echo 'source "/etc/profile.d/rvm.sh"' >> ~/.bashrc | |
| # source ~/.bashrc | |
| # rvm install 3.4 | |
| # git clone https://github.com/hashicorp/vagrant.git | |
| # cd vagrant | |
| # sudo bundle install | |
| # # wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg | |
| # # echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
| # # sudo apt update && sudo apt install vagrant | |
| # sudo apt install virtualbox | |
| # bundle exec vagrant init rockylinux/9 | |
| # bundle exec vagrant up | |
| # bundle exec vagrant upload ${{ needs.setup-variables.outputs.CURRENT_DIR }}/dev-tools/build-packages/output/${{needs.setup-variables.outputs.PACKAGE_NAME}} | |
| # bundle exec vagrant ssh -c "cat /etc/os-release" | |
| # bundle exec vagrant ssh -c "sudo rpm -i ${{needs.setup-variables.outputs.PACKAGE_NAME}}; \ | |
| # if rpm -q wazuh-dashboard &>/dev/null; then \ | |
| # echo 'Package installed'; \ | |
| # else \ | |
| # echo 'Package not installed'; \ | |
| # exit 1; \ | |
| # fi; \ | |
| # sudo systemctl daemon-reload;\ | |
| # sudo systemctl enable wazuh-dashboard;\ | |
| # sudo systemctl start wazuh-dashboard;\ | |
| # if sudo systemctl status wazuh-dashboard | grep -q 'active (running)'; then \ | |
| # echo 'Service running'; \ | |
| # else \ | |
| # echo 'Service not running' ;\ | |
| # exit 1 ;\ | |
| # fi; \ | |
| # sudo yum remove wazuh-dashboard -y ;\ | |
| # sudo rm -rf /var/lib/wazuh-dashboard/ ; \ | |
| # sudo rm -rf /usr/share/wazuh-dashboard/ ; \ | |
| # sudo rm -rf /etc/wazuh-dashboard/; \ | |
| # if rpm -q wazuh-dashboard &>/dev/null; then \ | |
| # echo 'Package not uninstalled'; \ | |
| # exit 1; \ | |
| # else \ | |
| # echo 'Package uninstalled'; \ | |
| # fi | |
| # " | |
| # else | |
| # bundle exec vagrant ssh -c "sudo yum install libcap; \ | |
| # sudo rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH; \ | |
| # sudo echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | sudo tee /etc/yum.repos.d/wazuh.repo; \ | |
| # sudo yum install -y wazuh-dashboard-${{needs.setup-variables.outputs.PREVIOUS}}; \ | |
| # sudo systemctl daemon-reload; \ | |
| # sudo systemctl enable wazuh-dashboard; \ | |
| # sudo systemctl start wazuh-dashboard; \ | |
| # sudo yum install -y ${{needs.setup-variables.outputs.PACKAGE_NAME}}; \ | |
| # sudo systemctl restart wazuh-dashboard; \ | |
| # if rpm -q wazuh-dashboard | grep -q '${{needs.setup-variables.outputs.VERSION}}'; then \ | |
| # echo 'Package upgraded'; \ | |
| # else \ | |
| # echo 'Package not upgraded'; \ | |
| # exit 1; \ | |
| # fi; \ | |
| # if sudo systemctl status wazuh-dashboard | grep -q 'active (running)'; then \ | |
| # echo 'Service running'; \ | |
| # else \ | |
| # echo 'Service not running'; \ | |
| # exit 1; \ | |
| # fi | |
| # " | |
| # fi; |