From d7d65f4d9af159dd26bdcc7f53753f022c1f3bc4 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Tue, 9 Jan 2024 12:00:57 -0300 Subject: [PATCH 01/11] Build scripts and GH workflows artifacts naming fix --- .github/workflows/build.yml | 3 --- .github/workflows/r_assemble.yml | 11 +++++++++-- .github/workflows/r_build.yml | 6 +++--- scripts/assemble.sh | 20 +++++++++++++------- scripts/build.sh | 15 +++++++++++++-- 5 files changed, 38 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4b286884541c7..7cf2189f56a9e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,7 +36,6 @@ jobs: with: architecture: ${{ matrix.architecture }} distribution: ${{ matrix.distribution }} - name: wazuh-indexer-min_${{ needs.version.outputs.version }}-${{ inputs.revision }}-${{ matrix.architecture }}_${{ github.sha }}.${{ matrix.distribution }} # wazuh-indexer-min_4.8.0-rc1_x64_ff98475f.deb # TODO arm64 != amd64 (deb), x64 != x86_64 (rpm) # TODO use short SHA https://stackoverflow.com/a/59819441/13918537 @@ -56,5 +55,3 @@ jobs: with: architecture: ${{ matrix.architecture }} distribution: ${{ matrix.distribution }} - min: wazuh-indexer-min_${{ needs.version.outputs.version }}-${{ inputs.revision }}-${{ matrix.architecture }}_${{ github.sha }}.${{ matrix.distribution }} - name: wazuh-indexer_${{ needs.version.outputs.version }}-${{ inputs.revision }}-${{ matrix.architecture }}_${{ github.sha }}.${{ matrix.distribution }} diff --git a/.github/workflows/r_assemble.yml b/.github/workflows/r_assemble.yml index 6414729a1a635..7529ca9d8061b 100644 --- a/.github/workflows/r_assemble.yml +++ b/.github/workflows/r_assemble.yml @@ -33,10 +33,17 @@ jobs: contents: read steps: - uses: actions/checkout@v4 + # The -min package's name is stored in artifacts/artifact_min_name.txt. + + - name: Set min package name + id: get_min_name + run: | + echo "name=$(cat artifacts/artifact_min_name.txt)" >> $GITHUB_OUTPUT + - name: Download artifact uses: actions/download-artifact@v4 with: - name: ${{ inputs.min }} + name: ${{ steps.get_min_name.outputs.name }} path: artifacts/dist - name: Provision @@ -57,6 +64,6 @@ jobs: - name: Upload artifact uses: actions/upload-artifact@v4 with: - name: ${{ inputs.name }} + name: ${{ steps.get_name.outputs.name }} path: artifacts/dist/${{ steps.get_name.outputs.name }} if-no-files-found: error diff --git a/.github/workflows/r_build.yml b/.github/workflows/r_build.yml index 50ddb9a75ae76..9fb8367769b81 100644 --- a/.github/workflows/r_build.yml +++ b/.github/workflows/r_build.yml @@ -39,15 +39,15 @@ jobs: run: | bash scripts/build.sh -v ${{ vars.OPENSEARCH_VERSION }} -s false -p linux -a ${{ inputs.architecture }} -d ${{ inputs.distribution }} - # The package's name is stored in artifacts/artifact_name.txt. + # The package's name is stored in artifacts/artifact_min_name.txt. - name: Set package name id: get_name run: | - echo "name=$(cat artifacts/artifact_name.txt)" >> $GITHUB_OUTPUT + echo "name=$(cat artifacts/artifact_min_name.txt)" >> $GITHUB_OUTPUT - name: Upload artifact uses: actions/upload-artifact@v4 with: - name: ${{ inputs.name }} + name: ${{ steps.get_name.outputs.name }} path: artifacts/dist/${{ steps.get_name.outputs.name }} if-no-files-found: error diff --git a/scripts/assemble.sh b/scripts/assemble.sh index fa9205b00f931..906c10772b662 100755 --- a/scripts/assemble.sh +++ b/scripts/assemble.sh @@ -202,7 +202,7 @@ function clean() { rm -r "${OUTPUT}/tmp" echo "After execution, shell path is $(pwd)" # Store package's name to file. Used by GH Action. - echo "${package_name}" >"${OUTPUT}/artifact_name.txt" + echo "${ARTIFACT_PACKAGE_NAME}" >"${OUTPUT}/artifact_name.txt" } # ==== @@ -228,7 +228,7 @@ function assemble_tar() { cd .. tar -cvf "${archive_name}-${SUFFIX}.${EXT}" "${archive_name}" cd ../../.. - cp "${TMP_DIR}/${archive_name}-${SUFFIX}.${EXT}" "${OUTPUT}/dist/" + cp "${TMP_DIR}/${archive_name}-${SUFFIX}.${EXT}" "${OUTPUT}/dist/$ARTIFACT_PACKAGE_NAME" clean } @@ -272,8 +272,10 @@ function assemble_rpm() { # Move to the root folder, copy the package and clean. cd ../../.. + package_name="wazuh-indexer-${version}-1.${SUFFIX}.${EXT}" - cp "${TMP_DIR}/RPMS/${SUFFIX}/${package_name}" "${OUTPUT}/dist/" + + cp "${TMP_DIR}/RPMS/${SUFFIX}/${package_name}" "${OUTPUT}/dist/$ARTIFACT_PACKAGE_NAME" clean } @@ -319,9 +321,9 @@ function assemble_deb() { # Move to the root folder, copy the package and clean. cd ../../.. - package_name="wazuh-indexer_${version}_${SUFFIX}.${EXT}" + package_name="wazuh-indexer_${version}_${SUFFIX}.${EXT}" # debmake creates the package one level above - cp "${TMP_DIR}/../${package_name}" "${OUTPUT}/dist/" + cp "${TMP_DIR}/../${package_name}" "${OUTPUT}/dist/$ARTIFACT_PACKAGE_NAME" clean } @@ -333,8 +335,12 @@ function main() { parse_args "${@}" echo "Assembling wazuh-indexer for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE" - # wazuh-indexer-min_4.9.0-1-x64_78fcc3db6a5b470294319e48b58c3d715bee39d1.rpm - ARTIFACT_BUILD_NAME=$(ls "${OUTPUT}/dist/" | grep "wazuh-indexer-min.*.$EXT") + + ARTIFACT_BUILD_NAME=$(ls "${OUTPUT}/dist/" | grep "wazuh-indexer-min_.*\.$EXT") + + ARTIFACT_PACKAGE_NAME=${ARTIFACT_BUILD_NAME/min_/} + + # Create temporal directory and copy the min package there for extraction TMP_DIR="${OUTPUT}/tmp/${TARGET}" diff --git a/scripts/build.sh b/scripts/build.sh index 55d9f96c1e838..05930700e90a8 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -162,8 +162,19 @@ echo "Building OpenSearch for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE" # Copy artifact to dist folder in bundle build output echo "Copying artifact to ${OUTPUT}/dist" # [[ "$SNAPSHOT" == "true" ]] && IDENTIFIER="-SNAPSHOT" + + ARTIFACT_BUILD_NAME=$(ls "distribution/$TYPE/$TARGET/build/distributions/" | grep "wazuh-indexer-min.*$SUFFIX.$EXT") + +GIT_COMMIT=$(git rev-parse --short HEAD) + +WI_VERSION=$( "$OUTPUT/artifact_name.txt" + +echo "$ARTIFACT_PACKAGE_NAME" > "$OUTPUT/artifact_min_name.txt" + mkdir -p "${OUTPUT}/dist" -cp "distribution/$TYPE/$TARGET/build/distributions/$ARTIFACT_BUILD_NAME" "${OUTPUT}/dist/$ARTIFACT_BUILD_NAME" +cp "distribution/$TYPE/$TARGET/build/distributions/$ARTIFACT_BUILD_NAME" "${OUTPUT}/dist/$ARTIFACT_PACKAGE_NAME" From fda25cac9a9477b1950a7c6e894778cbd716c4c5 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Tue, 9 Jan 2024 12:28:18 -0300 Subject: [PATCH 02/11] Add git to dev docker image --- docker/images/wi-dev.Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker/images/wi-dev.Dockerfile b/docker/images/wi-dev.Dockerfile index 7e7f16fbba42c..215b956d14a82 100644 --- a/docker/images/wi-dev.Dockerfile +++ b/docker/images/wi-dev.Dockerfile @@ -6,11 +6,13 @@ RUN gradle clean FROM eclipse-temurin:17-jdk-alpine -RUN addgroup -g 1000 wazuh-indexer && \ +RUN apk add git && \ + addgroup -g 1000 wazuh-indexer && \ adduser -u 1000 -G wazuh-indexer -D -h /home/wazuh-indexer wazuh-indexer && \ chmod 0775 /home/wazuh-indexer && \ chown -R 1000:0 /home/wazuh-indexer USER wazuh-indexer COPY --from=builder --chown=1000:0 /home/wazuh-indexer/app /home/wazuh-indexer/app WORKDIR /home/wazuh-indexer/app +RUN git config --global --add safe.directory /home/wazuh-indexer/app EXPOSE 9200 9300 From da008a823c233c0ae4f97cc075f6f0db296cce8d Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Tue, 9 Jan 2024 14:53:21 -0300 Subject: [PATCH 03/11] Fixing jobs' inputs and outputs --- .github/workflows/build.yml | 1 + .github/workflows/r_assemble.yml | 9 +-------- .github/workflows/r_build.yml | 4 ++++ 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7cf2189f56a9e..5ef01680f89c3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,3 +55,4 @@ jobs: with: architecture: ${{ matrix.architecture }} distribution: ${{ matrix.distribution }} + min: ${{ needs.build.outputs.artifact_name }} diff --git a/.github/workflows/r_assemble.yml b/.github/workflows/r_assemble.yml index 7529ca9d8061b..c762fe2a88294 100644 --- a/.github/workflows/r_assemble.yml +++ b/.github/workflows/r_assemble.yml @@ -33,17 +33,10 @@ jobs: contents: read steps: - uses: actions/checkout@v4 - # The -min package's name is stored in artifacts/artifact_min_name.txt. - - - name: Set min package name - id: get_min_name - run: | - echo "name=$(cat artifacts/artifact_min_name.txt)" >> $GITHUB_OUTPUT - - name: Download artifact uses: actions/download-artifact@v4 with: - name: ${{ steps.get_min_name.outputs.name }} + name: ${{ inputs.min }} path: artifacts/dist - name: Provision diff --git a/.github/workflows/r_build.yml b/.github/workflows/r_build.yml index 9fb8367769b81..b9e93b207291c 100644 --- a/.github/workflows/r_build.yml +++ b/.github/workflows/r_build.yml @@ -17,6 +17,10 @@ on: type: string name: type: string + outputs: + artifact_name: + description: "Returns the build artifact's filename" + value: ${{ jobs.r_build.outputs.get_name }} jobs: r_build: From d05c5c8b9476e4226cc5626e264b565065eebf49 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Tue, 9 Jan 2024 14:59:01 -0300 Subject: [PATCH 04/11] remove name input from r_assemble.yml --- .github/workflows/r_assemble.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/r_assemble.yml b/.github/workflows/r_assemble.yml index c762fe2a88294..82bfe9d0fe5a8 100644 --- a/.github/workflows/r_assemble.yml +++ b/.github/workflows/r_assemble.yml @@ -19,10 +19,6 @@ on: description: The name of the package to download. required: true type: string - name: - description: The name of the package to upload. - required: true - type: string jobs: r_assemble: From bbf1c7f66ac85d54d2fdd64bed9deaa698d00a43 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Tue, 9 Jan 2024 16:31:32 -0300 Subject: [PATCH 05/11] Setting qualifier to 1 when not specified --- scripts/build.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/build.sh b/scripts/build.sh index 05930700e90a8..429a26bffd15e 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -91,6 +91,7 @@ cp -r ./build/local-test-repo/org/opensearch "${OUTPUT}"/maven/org [ -z "$PLATFORM" ] && PLATFORM=$(uname -s | awk '{print tolower($0)}') [ -z "$ARCHITECTURE" ] && ARCHITECTURE=$(uname -m) [ -z "$DISTRIBUTION" ] && DISTRIBUTION="tar" +[ -z "$QUALIFIER" ] && QUALIFIER="1" case $PLATFORM-$DISTRIBUTION-$ARCHITECTURE in linux-tar-x64|darwin-tar-x64) @@ -170,6 +171,7 @@ GIT_COMMIT=$(git rev-parse --short HEAD) WI_VERSION=$( Date: Wed, 10 Jan 2024 08:50:22 -0300 Subject: [PATCH 06/11] Add revision flag to scripts and workflow --- .github/workflows/build.yml | 1 + .github/workflows/r_build.yml | 4 ++-- scripts/build.sh | 10 +++++++--- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5ef01680f89c3..5ed6e4bf455e5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -36,6 +36,7 @@ jobs: with: architecture: ${{ matrix.architecture }} distribution: ${{ matrix.distribution }} + revision: ${{ inputs.revision }} # wazuh-indexer-min_4.8.0-rc1_x64_ff98475f.deb # TODO arm64 != amd64 (deb), x64 != x86_64 (rpm) # TODO use short SHA https://stackoverflow.com/a/59819441/13918537 diff --git a/.github/workflows/r_build.yml b/.github/workflows/r_build.yml index b9e93b207291c..479792b6feee3 100644 --- a/.github/workflows/r_build.yml +++ b/.github/workflows/r_build.yml @@ -15,7 +15,7 @@ on: default: "x64" required: false type: string - name: + revision: type: string outputs: artifact_name: @@ -41,7 +41,7 @@ jobs: - name: Run `build.sh` run: | - bash scripts/build.sh -v ${{ vars.OPENSEARCH_VERSION }} -s false -p linux -a ${{ inputs.architecture }} -d ${{ inputs.distribution }} + bash scripts/build.sh -v ${{ vars.OPENSEARCH_VERSION }} -s false -p linux -a ${{ inputs.architecture }} -d ${{ inputs.distribution }} -r ${{ inputs.revision }} # The package's name is stored in artifacts/artifact_min_name.txt. - name: Set package name diff --git a/scripts/build.sh b/scripts/build.sh index 429a26bffd15e..92e1995e57e04 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -19,11 +19,12 @@ function usage() { echo -e "-p PLATFORM\t[Optional] Platform, default is 'uname -s'." echo -e "-a ARCHITECTURE\t[Optional] Build architecture, default is 'uname -m'." echo -e "-d DISTRIBUTION\t[Optional] Distribution, default is 'tar'." + echo -e "-d REVISION\t[Optional] Package revision, default is '1'." echo -e "-o OUTPUT\t[Optional] Output path, default is 'artifacts'." echo -e "-h help" } -while getopts ":h:v:q:s:o:p:a:d:" arg; do +while getopts ":h:v:q:s:o:p:a:d:r:" arg; do case $arg in h) usage @@ -50,6 +51,9 @@ while getopts ":h:v:q:s:o:p:a:d:" arg; do d) DISTRIBUTION=$OPTARG ;; + r) + REVISION=$OPTARG + ;; :) echo "Error: -${OPTARG} requires an argument" usage @@ -91,7 +95,7 @@ cp -r ./build/local-test-repo/org/opensearch "${OUTPUT}"/maven/org [ -z "$PLATFORM" ] && PLATFORM=$(uname -s | awk '{print tolower($0)}') [ -z "$ARCHITECTURE" ] && ARCHITECTURE=$(uname -m) [ -z "$DISTRIBUTION" ] && DISTRIBUTION="tar" -[ -z "$QUALIFIER" ] && QUALIFIER="1" +[ -z "$REVISION" ] && REVISION="1" case $PLATFORM-$DISTRIBUTION-$ARCHITECTURE in linux-tar-x64|darwin-tar-x64) @@ -172,7 +176,7 @@ GIT_COMMIT=$(git rev-parse --short HEAD) WI_VERSION=$( Date: Wed, 10 Jan 2024 09:14:22 -0300 Subject: [PATCH 07/11] Fix copying of packages at assemble.sh --- scripts/assemble.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/assemble.sh b/scripts/assemble.sh index 906c10772b662..175c966c655b9 100755 --- a/scripts/assemble.sh +++ b/scripts/assemble.sh @@ -336,7 +336,7 @@ function main() { echo "Assembling wazuh-indexer for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE" - ARTIFACT_BUILD_NAME=$(ls "${OUTPUT}/dist/" | grep "wazuh-indexer-min_.*\.$EXT") + ARTIFACT_BUILD_NAME=$(ls "${OUTPUT}/dist/" | grep "wazuh-indexer-min_.*$ARCHITECTURE.*\.$EXT") ARTIFACT_PACKAGE_NAME=${ARTIFACT_BUILD_NAME/min_/} From e2122ea92a55034f4f8d0404ec75a89c429b13d0 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Wed, 10 Jan 2024 09:30:19 -0300 Subject: [PATCH 08/11] Use suffix variable instead of architecture --- scripts/assemble.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/assemble.sh b/scripts/assemble.sh index 175c966c655b9..67c8842f85226 100755 --- a/scripts/assemble.sh +++ b/scripts/assemble.sh @@ -336,7 +336,7 @@ function main() { echo "Assembling wazuh-indexer for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE" - ARTIFACT_BUILD_NAME=$(ls "${OUTPUT}/dist/" | grep "wazuh-indexer-min_.*$ARCHITECTURE.*\.$EXT") + ARTIFACT_BUILD_NAME=$(ls "${OUTPUT}/dist/" | grep "wazuh-indexer-min_.*$SUFFIX.*\.$EXT") ARTIFACT_PACKAGE_NAME=${ARTIFACT_BUILD_NAME/min_/} From e60d911ab1a71ca8dbe72d08da5fd272bfe74911 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Wed, 10 Jan 2024 10:42:39 -0300 Subject: [PATCH 09/11] Fix suffix name in assemble.sh --- .github/workflows/r_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/r_build.yml b/.github/workflows/r_build.yml index 479792b6feee3..982aa33dd9bd5 100644 --- a/.github/workflows/r_build.yml +++ b/.github/workflows/r_build.yml @@ -20,7 +20,7 @@ on: outputs: artifact_name: description: "Returns the build artifact's filename" - value: ${{ jobs.r_build.outputs.get_name }} + value: ${{ jobs.r_build.outputs.get_name.name }} jobs: r_build: From 281eafb84649fde9efc6fe2cf96a2c2b6b86554c Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Wed, 10 Jan 2024 13:56:34 -0300 Subject: [PATCH 10/11] add remove files function to assemble.sh --- scripts/assemble.sh | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/scripts/assemble.sh b/scripts/assemble.sh index 67c8842f85226..7ec5c34b1deaa 100755 --- a/scripts/assemble.sh +++ b/scripts/assemble.sh @@ -165,6 +165,30 @@ function add_configuration_files() { find . -name "*.bat" -exec rm -rf {} \; } +# ==== +# Remove unneeded files +# ==== +function remove_unneeded_files() { + rm $PATH_PLUGINS/opensearch-security/tools/install_demo_configuration.sh +} + +# ==== +# Set up configuration files +# ==== +function add_configuration_files() { + # swap configuration files + cp $PATH_CONF/security/* $PATH_CONF/opensearch-security/ + cp $PATH_CONF/jvm.prod.options $PATH_CONF/jvm.options + cp $PATH_CONF/opensearch.prod.yml $PATH_CONF/opensearch.yml + + rm -r $PATH_CONF/security + rm $PATH_CONF/jvm.prod.options $PATH_CONF/opensearch.prod.yml + + # Remove symbolic links and bat files + find . -type l -exec rm -rf {} \; + find . -name "*.bat" -exec rm -rf {} \; +} + # ==== # Copy performance analyzer service file # ==== @@ -246,6 +270,7 @@ function assemble_rpm() { local src_path="./usr/share/wazuh-indexer" PATH_CONF="./etc/wazuh-indexer" PATH_BIN="${src_path}/bin" + PATH_PLUGINS="${src_path}/plugins" # Extract min-package. Creates usr/, etc/ and var/ in the current directory echo "Extract ${ARTIFACT_BUILD_NAME} archive" @@ -257,6 +282,8 @@ function assemble_rpm() { # Swap configuration files add_configuration_files + remove_unneeded_files + # Generate final package local topdir local version @@ -295,6 +322,7 @@ function assemble_deb() { local src_path="./usr/share/wazuh-indexer" PATH_CONF="./etc/wazuh-indexer" PATH_BIN="${src_path}/bin" + PATH_PLUGINS="${src_path}/plugins" # Extract min-package. Creates usr/, etc/ and var/ in the current directory echo "Extract ${ARTIFACT_BUILD_NAME} archive" @@ -307,6 +335,8 @@ function assemble_deb() { # Swap configuration files add_configuration_files + remove_unneeded_files + # Generate final package local version version=$(cat ./usr/share/wazuh-indexer/VERSION) From 048e52824cb0075183eb7077b6c4c746fc365a36 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Wed, 10 Jan 2024 14:39:39 -0300 Subject: [PATCH 11/11] Remove unneeded files on assembled tar packages --- scripts/assemble.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/assemble.sh b/scripts/assemble.sh index 7ec5c34b1deaa..635d8a5fccdbe 100755 --- a/scripts/assemble.sh +++ b/scripts/assemble.sh @@ -236,6 +236,7 @@ function assemble_tar() { cd "${TMP_DIR}" PATH_CONF="./config" PATH_BIN="./bin" + PATH_BIN="./plugins" # Extract echo "Extract ${ARTIFACT_BUILD_NAME} archive" @@ -247,6 +248,8 @@ function assemble_tar() { # Swap configuration files add_configuration_files + remove_unneeded_files + # Pack archive_name="wazuh-indexer-$(cat VERSION)" cd ..