Merge pull request #2078 from wazuh/change/3494-docker-notification

Artifactory vulnerabilities notification
Changelog update
2025-11-14 02:47:40 +00:00 · 2025-11-13 15:45:45 -03:00 · 2025-11-13 14:41:53 -03:00 · 2025-11-13 14:06:39 -03:00 · 2025-11-13 11:50:18 -03:00 · 2025-11-13 11:42:16 -03:00
2 changed files with 87 additions and 1 deletions
--- a/.github/workflows/Procedure_push_docker_images.yml
+++ b/.github/workflows/Procedure_push_docker_images.yml
@@ -145,6 +145,31 @@ jobs:
          exit 1
        fi

+    - name: Image exists validation
+      if: ${{ inputs.push_images }}
+      id: validation
+      run: |
+        IMAGE_TAG=${{ inputs.image_tag }}
+        PURPOSE=""
+
+        if [[ "$IMAGE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+          if docker manifest inspect wazuh/wazuh-manager:$IMAGE_TAG > /dev/null 2>&1; then
+            PURPOSE="regeneration"
+            echo "Image  wazuh/wazuh-manager:$IMAGE_TAG exists. Setting PURPOSE to 'regeneration'"
+          else
+            PURPOSE="new release"
+            echo "Image wazuh/wazuh-manager:$IMAGE_TAG does NOT exist. Setting PURPOSE to 'new release'"
+          fi
+          echo "✅ Release tag: '$IMAGE_TAG'"
+        elif [[ "$IMAGE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+-(alpha|beta|rc)[0-9]+$ ]]; then
+          PURPOSE="new stage"
+          echo "✅ Stage tag: '$IMAGE_TAG'. Setting PURPOSE to 'new stage'"
+        else
+          echo "❌ No release or stage tag ('$IMAGE_TAG'), the GH issue will not be created"
+        fi
+
+        echo "purpose=$PURPOSE" >> $GITHUB_OUTPUT
+
    - name: Tag and Push Wazuh images
      if: ${{ inputs.push_images }}
      run: |
@@ -157,3 +182,64 @@ jobs:
          echo "Pushing wazuh/$image:$IMAGE_TAG ..."
          docker push wazuh/$image:$IMAGE_TAG
        done
+
+    - name: GH issue notification
+      if: ${{ inputs.push_images && steps.validation.outputs.purpose != '' }}
+      run: |
+        IMAGE_TAG=${{ inputs.image_tag }}
+        GH_TITLE=""
+        GH_MESSAGE=""
+        PURPOSE="${{ steps.validation.outputs.purpose }}"
+
+        ## Setting GH issue title
+        GH_TITLE="Artifactory vulnerabilities update \`v$IMAGE_TAG\`"
+
+        ## Setting GH issue body
+        GH_MESSAGE=$(cat <<- EOF | tr -d '\r' | sed 's/^[[:space:]]*//'
+        ### Description
+        - [ ] Update the [Artifactory vulnerabilities](${{ secrets.NOTIFICATION_SHEET_URL }}) sheet with the \`v$IMAGE_TAG\` vulnerabilities.
+
+        **Purpose**: $PURPOSE
+        >[!NOTE]
+        >To update the \`Tentative Release\` column, follow these steps:
+        https://github.com/wazuh/${{ secrets.NOTIFICATION_REPO }}/issues/2049#issuecomment-2671590268
+        EOF
+        )
+
+        # Print the GH Variables content
+        echo "--- Variable Content ---"
+        echo "$GH_TITLE"
+        echo "------------------------"
+
+        echo "--- Variable Content ---"
+        echo "$GH_MESSAGE"
+        echo "------------------------"
+
+        ## GH issue creation
+        ISSUE_URL=$(gh issue create \
+          -R wazuh/${{ secrets.NOTIFICATION_REPO }} \
+          --title "$GH_TITLE" \
+          --body "$GH_MESSAGE" \
+          --label "level/task" \
+          --label "type/maintenance" \
+          --label "request/operational")
+
+        ## Adding the issue to the team project
+        PROJECT_ITEM_ID=$(gh project item-add \
+          ${{ secrets.NOTIFICATION_PROJECT_NUMBER }} \
+          --url $ISSUE_URL \
+          --owner wazuh \
+          --format json \
+          | jq -r '.id')
+
+          ## Setting Objective
+          gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_OBJECTIVE_ID }} --text  "Security scans"
+          ## Setting Priority
+          gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_PRIORITY_OPTION_ID }}
+          ## Setting Size
+          gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_SIZE_OPTION_ID }}
+          ## Setting Subteam
+          gh project item-edit --id $PROJECT_ITEM_ID --project-id ${{ secrets.NOTIFICATION_PROJECT_ID }} --field-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_ID }} --single-select-option-id ${{ secrets.NOTIFICATION_PROJECT_SUBTEAM_OPTION_ID }}
+
+      env:
+        GH_TOKEN: ${{ secrets.NOTIFICATION_GH_ARTIFACT_TOKEN }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.

 ### Added

- None
+- Artifactory vulnerabilities notification ([#2078](https://github.com/wazuh/wazuh-docker/pull/2078))

 ### Changed
Author	SHA1	Message	Date
Gonzalo Acuña	d52c076e62	Merge pull request #2078 from wazuh/change/3494-docker-notification Artifactory vulnerabilities notification	2025-11-13 15:45:45 -03:00
Gonzalo Acuña	e5d6ba55cc	Changelog update	2025-11-13 14:41:53 -03:00
Gonzalo Acuña	415ddd7271	Replace secret variables	2025-11-13 14:06:39 -03:00
Gonzalo Acuña	aa98d94f38	Revert test changes	2025-11-13 11:50:18 -03:00
Gonzalo Acuña	af2e4589c0	GH project additional variable assignment fix	2025-11-13 11:42:16 -03:00
Gonzalo Acuña	6a8d0d6288	GH project additional variable assignment	2025-11-13 11:35:03 -03:00
Gonzalo Acuña	11b066ef25	GH project variable assignment	2025-11-13 11:24:48 -03:00
Gonzalo Acuña	11c0ae9161	GH issue creation command fix	2025-11-13 10:01:08 -03:00
Gonzalo Acuña	ecb486f625	GH issue creation commands	2025-11-12 16:52:27 -03:00
Gonzalo Acuña	16de0735a9	GH notification identation fix	2025-11-12 16:21:17 -03:00
Gonzalo Acuña	5103da8dab	GH notification test change	2025-11-12 14:32:45 -03:00
Gonzalo Acuña	91cda37b1f	GH notification changes for image publication	2025-11-12 12:15:37 -03:00