mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-24 08:33:46 +00:00
Merge branch '4.14.0' into merge-4.14.0-into-main
This commit is contained in:
142
.github/workflows/4_bumper_repository.yml
vendored
Normal file
142
.github/workflows/4_bumper_repository.yml
vendored
Normal file
@@ -0,0 +1,142 @@
|
|||||||
|
name: Repository bumper
|
||||||
|
run-name: Bump ${{ github.ref_name }} (${{ inputs.id }})
|
||||||
|
|
||||||
|
on:
|
||||||
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
version:
|
||||||
|
description: 'Target version (e.g. 1.2.3)'
|
||||||
|
default: ''
|
||||||
|
required: false
|
||||||
|
type: string
|
||||||
|
stage:
|
||||||
|
description: 'Version stage (e.g. alpha0)'
|
||||||
|
default: ''
|
||||||
|
required: false
|
||||||
|
type: string
|
||||||
|
tag:
|
||||||
|
description: 'Change branches references to tag-like references (e.g. v4.12.0-alpha7)'
|
||||||
|
default: false
|
||||||
|
required: false
|
||||||
|
type: boolean
|
||||||
|
issue-link:
|
||||||
|
description: 'Issue link in format https://github.com/wazuh/<REPO>/issues/<ISSUE-NUMBER>'
|
||||||
|
required: true
|
||||||
|
type: string
|
||||||
|
id:
|
||||||
|
description: 'Optional identifier for the run'
|
||||||
|
required: false
|
||||||
|
type: string
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
bump:
|
||||||
|
name: Repository bumper
|
||||||
|
runs-on: ubuntu-22.04
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
pull-requests: write
|
||||||
|
|
||||||
|
env:
|
||||||
|
CI_COMMIT_AUTHOR: wazuhci
|
||||||
|
CI_COMMIT_EMAIL: 22834044+wazuhci@users.noreply.github.com
|
||||||
|
CI_GPG_PRIVATE_KEY: ${{ secrets.CI_WAZUHCI_GPG_PRIVATE }}
|
||||||
|
GH_TOKEN: ${{ secrets.CI_WAZUHCI_BUMPER_TOKEN }}
|
||||||
|
BUMP_SCRIPT_PATH: tools/repository_bumper.sh
|
||||||
|
BUMP_LOG_PATH: tools
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Dump event payload
|
||||||
|
run: |
|
||||||
|
cat $GITHUB_EVENT_PATH | jq '.inputs'
|
||||||
|
|
||||||
|
- name: Set up GPG key
|
||||||
|
id: signing_setup
|
||||||
|
run: |
|
||||||
|
echo "${{ env.CI_GPG_PRIVATE_KEY }}" | gpg --batch --import
|
||||||
|
KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec/ {print $5; exit}')
|
||||||
|
echo "gpg_key_id=$KEY_ID" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Set up git
|
||||||
|
run: |
|
||||||
|
git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
|
||||||
|
git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
|
||||||
|
git config --global commit.gpgsign true
|
||||||
|
git config --global user.signingkey "${{ steps.signing_setup.outputs.gpg_key_id }}"
|
||||||
|
echo "use-agent" >> ~/.gnupg/gpg.conf
|
||||||
|
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
|
||||||
|
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
|
||||||
|
echo RELOADAGENT | gpg-connect-agent
|
||||||
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
export GPG_TTY=$(tty)
|
||||||
|
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
# Using workflow-specific GITHUB_TOKEN because currently CI_WAZUHCI_BUMPER_TOKEN
|
||||||
|
# doesn't have all the necessary permissions
|
||||||
|
token: ${{ env.GH_TOKEN }}
|
||||||
|
|
||||||
|
- name: Determine branch name
|
||||||
|
id: vars
|
||||||
|
env:
|
||||||
|
VERSION: ${{ inputs.version }}
|
||||||
|
STAGE: ${{ inputs.stage }}
|
||||||
|
TAG: ${{ inputs.tag }}
|
||||||
|
run: |
|
||||||
|
script_params=""
|
||||||
|
version=${{ env.VERSION }}
|
||||||
|
stage=${{ env.STAGE }}
|
||||||
|
tag=${{ env.TAG }}
|
||||||
|
|
||||||
|
# Both version and stage provided
|
||||||
|
if [[ -n "$version" && -n "$stage" && "$tag" != "true" ]]; then
|
||||||
|
script_params="--version ${version} --stage ${stage}"
|
||||||
|
elif [[ -n "$version" && -n "$stage" && "$tag" == "true" ]]; then
|
||||||
|
script_params="--version ${version} --stage ${stage} --tag ${tag}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
issue_number=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}')
|
||||||
|
BRANCH_NAME="enhancement/wqa${issue_number}-bump-${{ github.ref_name }}"
|
||||||
|
echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
|
||||||
|
echo "script_params=${script_params}" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Create and switch to bump branch
|
||||||
|
run: |
|
||||||
|
git checkout -b ${{ steps.vars.outputs.branch_name }}
|
||||||
|
|
||||||
|
- name: Make version bump changes
|
||||||
|
run: |
|
||||||
|
echo "Running bump script"
|
||||||
|
bash ${{ env.BUMP_SCRIPT_PATH }} ${{ steps.vars.outputs.script_params }}
|
||||||
|
|
||||||
|
- name: Commit and push changes
|
||||||
|
run: |
|
||||||
|
git add .
|
||||||
|
git commit -m "feat: bump ${{ github.ref_name }}"
|
||||||
|
git push origin ${{ steps.vars.outputs.branch_name }}
|
||||||
|
|
||||||
|
- name: Create pull request
|
||||||
|
id: create_pr
|
||||||
|
run: |
|
||||||
|
gh auth setup-git
|
||||||
|
PR_URL=$(gh pr create \
|
||||||
|
--title "Bump ${{ github.ref_name }} branch" \
|
||||||
|
--body "Issue: ${{ inputs.issue-link }}" \
|
||||||
|
--base ${{ github.ref_name }} \
|
||||||
|
--head ${{ steps.vars.outputs.branch_name }})
|
||||||
|
|
||||||
|
echo "Pull request created: ${PR_URL}"
|
||||||
|
echo "pull_request_url=${PR_URL}" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Merge pull request
|
||||||
|
run: |
|
||||||
|
# Any checks for the PR are bypassed since the branch is expected to be functional (i.e. the bump process does not introduce any bugs)
|
||||||
|
gh pr merge "${{ steps.create_pr.outputs.pull_request_url }}" --merge
|
||||||
|
|
||||||
|
- name: Show logs
|
||||||
|
run: |
|
||||||
|
echo "Bump complete."
|
||||||
|
echo "Branch: ${{ steps.vars.outputs.branch_name }}"
|
||||||
|
echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}"
|
||||||
|
echo "Bumper scripts logs:"
|
||||||
|
cat ${BUMP_LOG_PATH}/repository_bumper*log
|
20
CHANGELOG.md
20
CHANGELOG.md
@@ -27,6 +27,24 @@ All notable changes to this project will be documented in this file.
|
|||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
- Change validation of existing certs tool in S3 buckets ([#1880](https://github.com/wazuh/wazuh-docker/pull/1880))
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
- None
|
||||||
|
|
||||||
|
### Deleted
|
||||||
|
|
||||||
|
- None
|
||||||
|
|
||||||
|
## [4.13.1]
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- None
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
- None
|
- None
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
@@ -41,6 +59,8 @@ All notable changes to this project will be documented in this file.
|
|||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
- Integrate bumper script via GitHub action. ([#1863](https://github.com/wazuh/wazuh-docker/pull/1863))
|
||||||
|
- Add missing malicious-ioc ruleset lists ([#1870](https://github.com/wazuh/wazuh-docker/pull/1870))
|
||||||
- Added repository_bumper script. ([#1781](https://github.com/wazuh/wazuh-docker/pull/1781))
|
- Added repository_bumper script. ([#1781](https://github.com/wazuh/wazuh-docker/pull/1781))
|
||||||
- Fix Warning message when migrating Docker compose v2 ([#1828](https://github.com/wazuh/wazuh-docker/pull/1828))
|
- Fix Warning message when migrating Docker compose v2 ([#1828](https://github.com/wazuh/wazuh-docker/pull/1828))
|
||||||
- Add technical documentation ([#1822](https://github.com/wazuh/wazuh-docker/pull/1822))
|
- Add technical documentation ([#1822](https://github.com/wazuh/wazuh-docker/pull/1822))
|
||||||
|
@@ -12,8 +12,8 @@ PACKAGES_URL=https://packages.wazuh.com/5.0/
|
|||||||
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
|
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
|
||||||
|
|
||||||
## Check if the cert tool exists in S3 buckets
|
## Check if the cert tool exists in S3 buckets
|
||||||
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
|
CERT_TOOL_PACKAGES=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_URL$CERT_TOOL")
|
||||||
CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
|
CERT_TOOL_PACKAGES_DEV=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_DEV_URL$CERT_TOOL")
|
||||||
|
|
||||||
## If cert tool exists in some bucket, download it, if not exit 1
|
## If cert tool exists in some bucket, download it, if not exit 1
|
||||||
if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
|
if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
|
||||||
|
@@ -257,6 +257,9 @@
|
|||||||
<list>etc/lists/audit-keys</list>
|
<list>etc/lists/audit-keys</list>
|
||||||
<list>etc/lists/amazon/aws-eventnames</list>
|
<list>etc/lists/amazon/aws-eventnames</list>
|
||||||
<list>etc/lists/security-eventchannel</list>
|
<list>etc/lists/security-eventchannel</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malicious-ip</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malicious-domains</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malware-hashes</list>
|
||||||
|
|
||||||
<!-- User-defined ruleset -->
|
<!-- User-defined ruleset -->
|
||||||
<decoder_dir>etc/decoders</decoder_dir>
|
<decoder_dir>etc/decoders</decoder_dir>
|
||||||
|
@@ -257,6 +257,9 @@
|
|||||||
<list>etc/lists/audit-keys</list>
|
<list>etc/lists/audit-keys</list>
|
||||||
<list>etc/lists/amazon/aws-eventnames</list>
|
<list>etc/lists/amazon/aws-eventnames</list>
|
||||||
<list>etc/lists/security-eventchannel</list>
|
<list>etc/lists/security-eventchannel</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malicious-ip</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malicious-domains</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malware-hashes</list>
|
||||||
|
|
||||||
<!-- User-defined ruleset -->
|
<!-- User-defined ruleset -->
|
||||||
<decoder_dir>etc/decoders</decoder_dir>
|
<decoder_dir>etc/decoders</decoder_dir>
|
||||||
|
@@ -255,6 +255,9 @@
|
|||||||
<list>etc/lists/audit-keys</list>
|
<list>etc/lists/audit-keys</list>
|
||||||
<list>etc/lists/amazon/aws-eventnames</list>
|
<list>etc/lists/amazon/aws-eventnames</list>
|
||||||
<list>etc/lists/security-eventchannel</list>
|
<list>etc/lists/security-eventchannel</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malicious-ip</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malicious-domains</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malware-hashes</list>
|
||||||
|
|
||||||
<!-- User-defined ruleset -->
|
<!-- User-defined ruleset -->
|
||||||
<decoder_dir>etc/decoders</decoder_dir>
|
<decoder_dir>etc/decoders</decoder_dir>
|
||||||
|
@@ -5,11 +5,12 @@
|
|||||||
# Usage: ./repository_bumper.sh <version>
|
# Usage: ./repository_bumper.sh <version>
|
||||||
|
|
||||||
# Global variables
|
# Global variables
|
||||||
DIR=$(dirname "$(pwd)")
|
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||||
LOG_FILE="${DIR}/tools/repository_bumper_$(date +"%Y-%m-%d_%H-%M-%S-%3N").log"
|
LOG_FILE="${DIR}/tools/repository_bumper_$(date +"%Y-%m-%d_%H-%M-%S-%3N").log"
|
||||||
VERSION=""
|
VERSION=""
|
||||||
STAGE=""
|
STAGE=""
|
||||||
FILES_EDITED=()
|
FILES_EDITED=()
|
||||||
|
FILES_EXCLUDED='--exclude="repository_bumper_*.log" --exclude="CHANGELOG.md" --exclude="repository_bumper.sh" --exclude="*_bumper_repository.yml"'
|
||||||
|
|
||||||
get_old_version_and_stage() {
|
get_old_version_and_stage() {
|
||||||
local VERSION_FILE="${DIR}/VERSION.json"
|
local VERSION_FILE="${DIR}/VERSION.json"
|
||||||
@@ -24,7 +25,7 @@ grep_command() {
|
|||||||
# This function is used to search for a specific string in the specified directory.
|
# This function is used to search for a specific string in the specified directory.
|
||||||
# It takes two arguments: the string to search for and the directory to search in.
|
# It takes two arguments: the string to search for and the directory to search in.
|
||||||
# Usage: grep_command <string> <directory>
|
# Usage: grep_command <string> <directory>
|
||||||
eval grep -Rl "${1}" "${2}" --exclude-dir=".git" --exclude="repository_bumper_*.log" --exclude="CHANGELOG.md" "${3}"
|
eval grep -Rl "${1}" "${2}" --exclude-dir=".git" $FILES_EXCLUDED "${3}"
|
||||||
}
|
}
|
||||||
|
|
||||||
update_version_in_files() {
|
update_version_in_files() {
|
||||||
@@ -75,6 +76,17 @@ update_stage_in_files() {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
update_docker_images_tag() {
|
||||||
|
local NEW_TAG="$1"
|
||||||
|
local DOCKERFILES=( $(grep_command "wazuh/wazuh-[a-zA-Z0-9._-]*" "${DIR}" "--exclude="README.md" --exclude="generate-indexer-certs.yml"") )
|
||||||
|
for file in "${DOCKERFILES[@]}"; do
|
||||||
|
sed -i -E "s/(wazuh\/wazuh-[a-zA-Z0-9._-]*):[a-zA-Z0-9._-]+/\1:${NEW_TAG}/g" "${file}"
|
||||||
|
if [[ $(git diff --name-only "${file}") ]]; then
|
||||||
|
FILES_EDITED+=("${file}")
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
|
|
||||||
echo "Starting repository version bumping process..." | tee -a "${LOG_FILE}"
|
echo "Starting repository version bumping process..." | tee -a "${LOG_FILE}"
|
||||||
@@ -90,6 +102,10 @@ main() {
|
|||||||
STAGE="$2"
|
STAGE="$2"
|
||||||
shift 2
|
shift 2
|
||||||
;;
|
;;
|
||||||
|
--tag)
|
||||||
|
TAG="$2"
|
||||||
|
shift 2
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Unknown argument: $1"
|
echo "Unknown argument: $1"
|
||||||
exit 1
|
exit 1
|
||||||
@@ -98,46 +114,59 @@ main() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
# Validate arguments
|
# Validate arguments
|
||||||
if [[ -z "$VERSION" ]]; then
|
if [[ -z "${VERSION}" ]]; then
|
||||||
echo "Error: --version argument is required." | tee -a "${LOG_FILE}"
|
echo "Error: --version argument is required." | tee -a "${LOG_FILE}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -z "$STAGE" ]]; then
|
if [[ -z "${STAGE}" ]]; then
|
||||||
echo "Error: --stage argument is required." | tee -a "${LOG_FILE}"
|
echo "Error: --stage argument is required." | tee -a "${LOG_FILE}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Validate if version is in the correct format
|
# Validate if version is in the correct format
|
||||||
if ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
if ! [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||||
echo "Error: Version must be in the format X.Y.Z (e.g., 1.2.3)." | tee -a "${LOG_FILE}"
|
echo "Error: Version must be in the format X.Y.Z (e.g., 1.2.3)." | tee -a "${LOG_FILE}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Validate if stage is in the correct format
|
# Validate if stage is in the correct format
|
||||||
STAGE=$(echo "$STAGE" | tr '[:upper:]' '[:lower:]')
|
STAGE=$(echo "${STAGE}" | tr '[:upper:]' '[:lower:]')
|
||||||
if ! [[ "$STAGE" =~ ^(alpha[0-9]*|beta[0-9]*|rc[0-9]*|stable)$ ]]; then
|
if ! [[ "${STAGE}" =~ ^(alpha[0-9]*|beta[0-9]*|rc[0-9]*|stable)$ ]]; then
|
||||||
echo "Error: Stage must be one of the following examples: alpha1, beta1, rc1, stable." | tee -a "${LOG_FILE}"
|
echo "Error: Stage must be one of the following examples: alpha1, beta1, rc1, stable." | tee -a "${LOG_FILE}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Validate if tag is true or false
|
||||||
|
if [[ -n "${TAG}" && ! "${TAG}" =~ ^(true|false)$ ]]; then
|
||||||
|
echo "Error: --tag must be either true or false." | tee -a "${LOG_FILE}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# Get old version and stage
|
# Get old version and stage
|
||||||
get_old_version_and_stage
|
get_old_version_and_stage
|
||||||
|
|
||||||
if [[ "$OLD_VERSION" == "$VERSION" && "$OLD_STAGE" == "$STAGE" ]]; then
|
if [[ "${OLD_VERSION}" == "${VERSION}" && "${OLD_STAGE}" == "${STAGE}" ]]; then
|
||||||
echo "Version and stage are already up to date." | tee -a "${LOG_FILE}"
|
echo "Version and stage are already up to date." | tee -a "${LOG_FILE}"
|
||||||
echo "No changes needed." | tee -a "${LOG_FILE}"
|
echo "No changes needed." | tee -a "${LOG_FILE}"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
if [[ "$OLD_VERSION" != "$VERSION" ]]; then
|
if [[ "${OLD_VERSION}" != "${VERSION}" ]]; then
|
||||||
echo "Updating version from $OLD_VERSION to $VERSION" | tee -a "${LOG_FILE}"
|
echo "Updating version from ${OLD_VERSION} to ${VERSION}" | tee -a "${LOG_FILE}"
|
||||||
update_version_in_files "$VERSION"
|
update_version_in_files "${VERSION}"
|
||||||
fi
|
fi
|
||||||
if [[ "$OLD_STAGE" != "$STAGE" ]]; then
|
if [[ "${OLD_STAGE}" != "${STAGE}" ]]; then
|
||||||
echo "Updating stage from $OLD_STAGE to $STAGE" | tee -a "${LOG_FILE}"
|
echo "Updating stage from ${OLD_STAGE} to ${STAGE}" | tee -a "${LOG_FILE}"
|
||||||
update_stage_in_files "$STAGE"
|
update_stage_in_files "${STAGE}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Update Docker images tag if tag is true
|
||||||
|
if [[ "${TAG}" == "true" ]]; then
|
||||||
|
echo "Updating Docker images tag to ${VERSION}-${STAGE}" | tee -a "${LOG_FILE}"
|
||||||
|
update_docker_images_tag "${VERSION}-${STAGE}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
echo "The following files were edited:" | tee -a "${LOG_FILE}"
|
echo "The following files were edited:" | tee -a "${LOG_FILE}"
|
||||||
for file in $(printf "%s\n" "${FILES_EDITED[@]}" | sort -u); do
|
for file in $(printf "%s\n" "${FILES_EDITED[@]}" | sort -u); do
|
||||||
echo "${file}" | tee -a "${LOG_FILE}"
|
echo "${file}" | tee -a "${LOG_FILE}"
|
||||||
|
Reference in New Issue
Block a user