wazuh-docker-mirror/.github/workflows/push.yml

name: Wazuh Docker pipeline

on: [pull_request, push]

jobs:
  build-stack:
    runs-on: ubuntu-latest
    steps:

    - name: Check out code
      uses: actions/checkout@v3

   # - name: Build Wazuh images
   #   run: build-docker-images/build-images.sh

    - name: Create enviroment variables
      run: cat .env > $GITHUB_ENV

   # - name: Install Goss
   #   uses: e1himself/goss-installation-action@v1.0.3
   #   with:
   #     version: v0.3.16

   # - name: Execute Goss tests (wazuh-manager)
   #   run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}
   #   env:
   #     GOSS_SLEEP: 30
   #     GOSS_FILE: .github/.goss.yaml

    - name: Create single node certficates
      run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator

    - name: Start single node stack
      run: docker-compose -f single-node/docker-compose.yml up -d

    - name: Check Wazuh indexer start
      run: |
       sleep 60
       status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
       if [[ $status_green -eq 1 ]]; then
        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
       else
        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
        exit 1
       fi
       status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
       status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`"
       if [[ $status_index_green -eq $status_index ]]; then
        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
       else
        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
        exit 1
       fi


    - name: Check Wazuh indexer nodes
      run: |
       nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
       if [[ $nodes -eq 1 ]]; then
        echo "Wazuh indexer nodes: ${nodes}"
       else
        echo "Wazuh indexer nodes: ${nodes}"
        exit 1
       fi

    - name: Check documents into wazuh-alerts index
      run: |
       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_doc/_search" -u admin:SecretPassword -k -s | jq -r ".hits.total.value"`"
       if [[ $docs -gt 100 ]]; then
        echo "wazuh-alerts index documents: ${docs}"
       else
        echo "wazuh-alerts index documents: ${docs}"
        exit 1
       fi

    - name: Check Wazuh templates
      run: |
       qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -E "wazuh ||wazuh-agent||wazuh-statistics" | wc -l`"
       templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -E "wazuh ||wazuh-agent||wazuh-statistics"`"
       if [[ $qty_templates -eq 3 ]]; then
        echo "wazuh templates:"
        echo "${templates}"
       else
        echo "wazuh templates:"
        echo "${templates}"
        exit 1
       fi

    - name: Check Wazuh manager start
      run: |
        services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
        if [[ $services -gt 9 ]]; then
          echo "Wazuh Manager Services: ${services}"
          echo "OK"
        else
          echo "Wazuh indexer nodes: ${nodes}"
          curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
          exit 1
        fi
      env:
        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

    - name: Check errors in ossec.log
      run: |
       docker exec single-node_wazuh.manager_1 sh -c 'cat /var/ossec/logs/ossec.log | grep -e "ERR" -e "CRIT" -e "WARN"'
       log=$(docker exec single-node_wazuh.manager_1 sh -c 'cat /var/ossec/logs/ossec.log | grep -e "ERR" -e "CRIT" -e "WARN"')
       if [[ -z "$log" ]]; then
        echo "No errors in master ossec.log"
       else
        echo "Errors in master ossec.log:"
        echo "${log}"
        exit 1
       fi

    - name: Check filebeat output
      run: |
       fbout1=$(docker exec single-node_wazuh.manager_1 sh -c 'filebeat test output')
       fbstatus=$(echo "${fbout}" | grep OK | wc -l)
       if [[ fbstatus -eq 7 ]]; then
        echo "No errors in master filebeat"
       else
        echo "Errors in master filebeat"
        echo "${fbout}"
        exit 1
       fi

    - name: Check Wazuh dashboard service URL
      run: |
       status=$(curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk  '{print $2}')
       if [[ $status -eq 200 ]]; then
        echo "Wazuh dashboard status: ${status}"
       else
        echo "Wazuh dashboard status: ${status}"
        exit 1
       fi

    - name: Stop single node stack
      run: docker-compose -f single-node/docker-compose.yml down

    - name: Create multi node certficates
      run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator

    - name: Start multi node stack
      run: docker-compose -f multi-node/docker-compose.yml up -d

    - name: Check Wazuh indexer start
      run: |
       sleep 120
       status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
       if [[ $status_green -eq 1 ]]; then
        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
       else
        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
        exit 1
       fi
       status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
       status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`"
       if [[ $status_index_green -eq $status_index ]]; then
        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
       else
        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
        exit 1
       fi

    - name: Check Wazuh indexer nodes
      run: |
       nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
       if [[ $nodes -eq 3 ]]; then
        echo "Wazuh indexer nodes: ${nodes}"
       else
        echo "Wazuh indexer nodes: ${nodes}"
        exit 1
       fi

    - name: Check documents into wazuh-alerts index
      run: |
       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_doc/_search" -u admin:SecretPassword -k -s | jq -r ".hits.total.value"`"
       if [[ $docs -gt 200 ]]; then
        echo "wazuh-alerts index documents: ${docs}"
       else
        echo "wazuh-alerts index documents: ${docs}"
        exit 1
       fi

    - name: Check Wazuh templates
      run: |
       qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
       templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
       if [[ $qty_templates -gt 0 ]]; then
        echo "wazuh templates:"
        echo "${templates}"
       else
        echo "wazuh templates:"
        echo "${templates}"
        exit 1
       fi

    - name: Check Wazuh manager start
      run: |
        services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
        if [[ $services -gt 10 ]]; then
          echo "Wazuh Manager Services: ${services}"
          echo "OK"
        else
          echo "Wazuh indexer nodes: ${nodes}"
          curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
          exit 1
        fi
        nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r ".data.affected_items[].name" | wc -l)
        if [[ $nodes -eq 2 ]]; then
         echo "Wazuh manager nodes: ${nodes}"
        else
         echo "Wazuh manager nodes: ${nodes}"
         exit 1
        fi
      env:
        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

    - name: Check errors in ossec.log
      run: |
       log1=$(docker exec multi-node_wazuh.master_1 sh -c 'cat /var/ossec/logs/ossec.log | grep -E "ERR||WARN||CRIT"')
       if [[ -z "$log1" ]]; then
        echo "No errors in master ossec.log"
       else
        echo "Errors in master ossec.log:"
        echo "${log1}"
        exit 1
       fi
       log2=$(docker exec multi-node_wazuh.worker_1 sh -c 'cat /var/ossec/logs/ossec.log | grep -E "ERR||WARN||CRIT"')
       if [[ -z "${log2}" ]]; then
        echo "No errors in worker ossec.log"
       else
        echo "Errors in worker ossec.log:"
        echo "${log2}"
        exit 1
       fi

    - name: Check filebeat output
      run: |
       fbout1=$(docker exec multi-node_wazuh.master_1 sh -c 'filebeat test output')
       fbstatus1=$(echo "${fbout1}" | grep OK | wc -l)
       if [[ fbstatus1 -eq 7 ]]; then
        echo "No errors in master filebeat"
       else
        echo "Errors in master filebeat"
        echo "${fbout1}"
        exit 1
       fi
       fbout2=$(docker exec multi-node_wazuh.worker_1 sh -c 'filebeat test output')
       fbstatus2=$(echo "${fbout2}" | grep OK | wc -l)
       if [[ fbstatus2 -eq 7 ]]; then
        echo "No errors in master filebeat"
       else
        echo "Errors in master filebeat"
        echo "${fbout2}"
        exit 1
       fi

    - name: Check Wazuh dashboard service URL
      run: |
       status=$(curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk  '{print $2}')
       if [[ $status -eq 200 ]]; then
        echo "Wazuh dashboard status: ${status}"
       else
        echo "Wazuh dashboard status: ${status}"
        exit 1
       fi