Delete service tag and modifiy docker-compose execution for a new version #1511
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Wazuh Docker pipeline | |
| on: [pull_request] | |
| jobs: | |
| build-docker-images: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Build Wazuh images | |
| run: build-docker-images/build-images.sh | |
| - name: Create enviroment variables | |
| run: cat .env > $GITHUB_ENV | |
| - name: Create backup Docker images | |
| run: | | |
| mkdir -p /home/runner/work/wazuh-docker/wazuh-docker/docker-images/ | |
| docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | |
| docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | |
| docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | |
| docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar | |
| - name: Temporarily save Wazuh manager Docker image | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: docker-artifact-manager | |
| path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | |
| retention-days: 1 | |
| - name: Temporarily save Wazuh indexer Docker image | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: docker-artifact-indexer | |
| path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | |
| retention-days: 1 | |
| - name: Temporarily save Wazuh dashboard Docker image | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: docker-artifact-dashboard | |
| path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | |
| retention-days: 1 | |
| - name: Temporarily save Wazuh Cert Tool Docker image | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: docker-artifact-cert-tool | |
| path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar | |
| retention-days: 1 | |
| - name: Install Goss | |
| uses: e1himself/[email protected] | |
| with: | |
| version: v0.3.16 | |
| - name: Execute Goss tests (wazuh-manager) | |
| run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} | |
| env: | |
| GOSS_SLEEP: 30 | |
| GOSS_FILE: .github/.goss.yaml | |
| check-single-node: | |
| runs-on: ubuntu-latest | |
| needs: build-docker-images | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Create enviroment variables | |
| run: cat .env > $GITHUB_ENV | |
| - name: Retrieve saved Wazuh indexer Docker image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact-indexer | |
| - name: Retrieve saved Wazuh manager Docker image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact-manager | |
| - name: Retrieve saved Wazuh dashboard Docker image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact-dashboard | |
| - name: Retrieve saved Wazuh Cert Tool Docker image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact-cert-tool | |
| - name: Docker load | |
| run: | | |
| docker load --input ./wazuh-indexer.tar | |
| docker load --input ./wazuh-dashboard.tar | |
| docker load --input ./wazuh-manager.tar | |
| docker load --input ./wazuh-cert-tool.tar | |
| rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar | |
| - name: Create single node certficates | |
| run: docker compose -f single-node/generate-certs.yml run --rm generator | |
| - name: Start single node stack | |
| run: docker compose -f single-node/docker-compose.yml up -d | |
| - name: Check Wazuh indexer start | |
| run: | | |
| sleep 60 | |
| status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" | |
| if [[ $status_green -eq 1 ]]; then | |
| curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | |
| else | |
| curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | |
| exit 1 | |
| fi | |
| status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" | |
| status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" | |
| if [[ $status_index_green -eq $status_index ]]; then | |
| curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | |
| else | |
| curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | |
| exit 1 | |
| fi | |
| - name: Check Wazuh indexer nodes | |
| run: | | |
| nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" | |
| if [[ $nodes -eq 1 ]]; then | |
| echo "Wazuh indexer nodes: ${nodes}" | |
| else | |
| echo "Wazuh indexer nodes: ${nodes}" | |
| exit 1 | |
| fi | |
| - name: Check documents into wazuh-alerts index | |
| run: | | |
| sleep 120 | |
| docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" | |
| if [[ $docs -gt 0 ]]; then | |
| echo "wazuh-alerts index documents: ${docs}" | |
| else | |
| echo "wazuh-alerts index documents: ${docs}" | |
| exit 1 | |
| fi | |
| - name: Check Wazuh templates | |
| run: | | |
| qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" | |
| templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" | |
| if [[ $qty_templates -gt 3 ]]; then | |
| echo "wazuh templates:" | |
| echo "${templates}" | |
| else | |
| echo "wazuh templates:" | |
| echo "${templates}" | |
| exit 1 | |
| fi | |
| - name: Check Wazuh manager start | |
| run: | | |
| services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" | |
| if [[ $services -gt 9 ]]; then | |
| echo "Wazuh Manager Services: ${services}" | |
| echo "OK" | |
| else | |
| echo "Wazuh indexer nodes: ${nodes}" | |
| curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | |
| exit 1 | |
| fi | |
| env: | |
| TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") | |
| - name: Check filebeat output | |
| run: ./.github/single-node-filebeat-check.sh | |
| - name: Check Wazuh dashboard service URL | |
| run: | | |
| status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') | |
| if [[ $status -eq 200 ]]; then | |
| echo "Wazuh dashboard status: ${status}" | |
| else | |
| echo "Wazuh dashboard status: ${status}" | |
| exit 1 | |
| fi | |
| - name: Check errors in ossec.log | |
| run: ./.github/single-node-log-check.sh | |
| check-multi-node: | |
| runs-on: ubuntu-latest | |
| needs: build-docker-images | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| - name: Create enviroment variables | |
| run: cat .env > $GITHUB_ENV | |
| - name: free disk space | |
| run: | | |
| sudo swapoff -a | |
| sudo rm -f /swapfile | |
| sudo apt clean | |
| docker rmi $(docker image ls -aq) | |
| df -h | |
| - name: Retrieve saved Wazuh dashboard Docker image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact-dashboard | |
| - name: Retrieve saved Wazuh manager Docker image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact-manager | |
| - name: Retrieve saved Wazuh indexer Docker image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact-indexer | |
| - name: Retrieve saved Wazuh Cert Tool Docker image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-artifact-cert-tool | |
| - name: Docker load | |
| run: | | |
| docker load --input ./wazuh-indexer.tar | |
| docker load --input ./wazuh-dashboard.tar | |
| docker load --input ./wazuh-manager.tar | |
| docker load --input ./wazuh-cert-tool.tar | |
| rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar | |
| - name: Create multi node certficates | |
| run: docker compose -f multi-node/generate-certs.yml run --rm generator | |
| - name: Start multi node stack | |
| run: docker compose -f multi-node/docker-compose.yml up -d | |
| - name: Check Wazuh indexer start | |
| run: | | |
| until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l` -eq 1 ]] | |
| do | |
| echo 'Waiting for Wazuh indexer start' | |
| free -m | |
| df -h | |
| sleep 120 | |
| done | |
| status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" | |
| if [[ $status_green -eq 1 ]]; then | |
| curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | |
| else | |
| curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | |
| exit 1 | |
| fi | |
| status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" | |
| status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`" | |
| if [[ $status_index_green -eq $status_index ]]; then | |
| curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | |
| else | |
| curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | |
| exit 1 | |
| fi | |
| - name: Check Wazuh indexer nodes | |
| run: | | |
| nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" | |
| if [[ $nodes -eq 3 ]]; then | |
| echo "Wazuh indexer nodes: ${nodes}" | |
| else | |
| echo "Wazuh indexer nodes: ${nodes}" | |
| exit 1 | |
| fi | |
| - name: Check documents into wazuh-alerts index | |
| run: | | |
| until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``) -gt 0 ]] | |
| do | |
| echo 'Waiting for Wazuh indexer events' | |
| free -m | |
| df -h | |
| sleep 10 | |
| done | |
| docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" | |
| if [[ $docs -gt 0 ]]; then | |
| echo "wazuh-alerts index documents: ${docs}" | |
| else | |
| echo "wazuh-alerts index documents: ${docs}" | |
| exit 1 | |
| fi | |
| - name: Check Wazuh templates | |
| run: | | |
| qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`" | |
| templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`" | |
| if [[ $qty_templates -gt 3 ]]; then | |
| echo "wazuh templates:" | |
| echo "${templates}" | |
| else | |
| echo "wazuh templates:" | |
| echo "${templates}" | |
| exit 1 | |
| fi | |
| - name: Check Wazuh manager start | |
| run: | | |
| services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" | |
| if [[ $services -gt 10 ]]; then | |
| echo "Wazuh Manager Services: ${services}" | |
| echo "OK" | |
| else | |
| echo "Wazuh indexer nodes: ${nodes}" | |
| curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | |
| exit 1 | |
| fi | |
| nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r ".data.affected_items[].name" | wc -l) | |
| if [[ $nodes -eq 2 ]]; then | |
| echo "Wazuh manager nodes: ${nodes}" | |
| else | |
| echo "Wazuh manager nodes: ${nodes}" | |
| exit 1 | |
| fi | |
| env: | |
| TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") | |
| - name: Check filebeat output | |
| run: ./.github/multi-node-filebeat-check.sh | |
| - name: Check Wazuh dashboard service URL | |
| run: | | |
| status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk '{print $2}') | |
| if [[ $status -eq 200 ]]; then | |
| echo "Wazuh dashboard status: ${status}" | |
| else | |
| echo "Wazuh dashboard status: ${status}" | |
| exit 1 | |
| fi | |
| - name: Check errors in ossec.log | |
| run: ./.github/multi-node-log-check.sh |