added stage to install dockercompose #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Wazuh Docker pipeline | ||
| on: [pull_request] | ||
| jobs: | ||
| build-docker-images: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3 | ||
| - name: Install Docker & Docker Compose | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y docker-compose | ||
| - name: Build Wazuh images | ||
| run: build-docker-images/build-images.sh | ||
| - name: Check if Docker images exist before saving | ||
| run: | | ||
| if docker images | grep -q "wazuh/wazuh-manager"; then | ||
| docker save wazuh/wazuh-manager:4.7.2 -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | ||
| else | ||
| echo "Wazuh Manager image does not exist, skipping..." | ||
| fi | ||
| if docker images | grep -q "wazuh/wazuh-indexer"; then | ||
| docker save wazuh/wazuh-indexer:4.7.2 -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | ||
| else | ||
| echo "Wazuh Indexer image does not exist, skipping..." | ||
| fi | ||
| if docker images | grep -q "wazuh/wazuh-dashboard"; then | ||
| docker save wazuh/wazuh-dashboard:4.7.2 -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | ||
| else | ||
| echo "Wazuh Dashboard image does not exist, skipping..." | ||
| fi | ||
| - name: Create enviroment variables | ||
| run: cat .env > $GITHUB_ENV | ||
| - name: Create backup Docker images | ||
| run: | | ||
| mkdir -p /home/runner/work/wazuh-docker/wazuh-docker/docker-images/ | ||
| docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | ||
| docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | ||
| docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | ||
| - name: Temporarily save Wazuh manager Docker image | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: docker-artifact-manager | ||
| path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | ||
| retention-days: 1 | ||
| - name: Temporarily save Wazuh indexer Docker image | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: docker-artifact-indexer | ||
| path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | ||
| retention-days: 1 | ||
| - name: Temporarily save Wazuh dashboard Docker image | ||
| uses: actions/upload-artifact@v3 | ||
| with: | ||
| name: docker-artifact-dashboard | ||
| path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | ||
| retention-days: 1 | ||
| - name: Install Goss | ||
| uses: e1himself/[email protected] | ||
| with: | ||
| version: v0.3.16 | ||
| - name: Execute Goss tests (wazuh-manager) | ||
| run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} | ||
| env: | ||
| GOSS_SLEEP: 30 | ||
| GOSS_FILE: .github/.goss.yaml | ||
| check-single-node: | ||
| runs-on: ubuntu-latest | ||
| needs: build-docker-images | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3 | ||
| - name: Create enviroment variables | ||
| run: cat .env > $GITHUB_ENV | ||
| - name: Retrieve saved Wazuh indexer Docker image | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: docker-artifact-indexer | ||
| - name: Retrieve saved Wazuh manager Docker image | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: docker-artifact-manager | ||
| - name: Retrieve saved Wazuh dashboard Docker image | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: docker-artifact-dashboard | ||
| - name: Docker load | ||
| run: | | ||
| docker load --input ./wazuh-indexer.tar | ||
| docker load --input ./wazuh-dashboard.tar | ||
| docker load --input ./wazuh-manager.tar | ||
| - name: Create single node certficates | ||
| run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator | ||
| - name: Start single node stack | ||
| run: docker-compose -f single-node/docker-compose.yml up -d | ||
| - name: Check Wazuh indexer start | ||
| run: | | ||
| sleep 60 | ||
| status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" | ||
| if [[ $status_green -eq 1 ]]; then | ||
| curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | ||
| else | ||
| curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | ||
| exit 1 | ||
| fi | ||
| status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" | ||
| status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" | ||
| if [[ $status_index_green -eq $status_index ]]; then | ||
| curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | ||
| else | ||
| curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | ||
| exit 1 | ||
| fi | ||
| - name: Check Wazuh indexer nodes | ||
| run: | | ||
| nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" | ||
| if [[ $nodes -eq 1 ]]; then | ||
| echo "Wazuh indexer nodes: ${nodes}" | ||
| else | ||
| echo "Wazuh indexer nodes: ${nodes}" | ||
| exit 1 | ||
| fi | ||
| - name: Check documents into wazuh-alerts index | ||
| run: | | ||
| docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" | ||
| if [[ $docs -gt 100 ]]; then | ||
| echo "wazuh-alerts index documents: ${docs}" | ||
| else | ||
| echo "wazuh-alerts index documents: ${docs}" | ||
| exit 1 | ||
| fi | ||
| - name: Check Wazuh templates | ||
| run: | | ||
| qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" | ||
| templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" | ||
| if [[ $qty_templates -eq 3 ]]; then | ||
| echo "wazuh templates:" | ||
| echo "${templates}" | ||
| else | ||
| echo "wazuh templates:" | ||
| echo "${templates}" | ||
| exit 1 | ||
| fi | ||
| - name: Check Wazuh manager start | ||
| run: | | ||
| services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" | ||
| if [[ $services -gt 9 ]]; then | ||
| echo "Wazuh Manager Services: ${services}" | ||
| echo "OK" | ||
| else | ||
| echo "Wazuh indexer nodes: ${nodes}" | ||
| curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | ||
| exit 1 | ||
| fi | ||
| env: | ||
| TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") | ||
| - name: Check errors in ossec.log | ||
| run: ./.github/single-node-log-check.sh | ||
| - name: Check filebeat output | ||
| run: ./.github/single-node-filebeat-check.sh | ||
| - name: Check Wazuh dashboard service URL | ||
| run: | | ||
| status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') | ||
| if [[ $status -eq 200 ]]; then | ||
| echo "Wazuh dashboard status: ${status}" | ||
| else | ||
| echo "Wazuh dashboard status: ${status}" | ||
| exit 1 | ||
| fi | ||
| - name: Stop single node stack | ||
| run: docker-compose -f single-node/docker-compose.yml down | ||
| check-multi-node: | ||
| runs-on: ubuntu-latest | ||
| needs: build-docker-images | ||
| steps: | ||
| - name: Check out code | ||
| uses: actions/checkout@v3 | ||
| - name: Create enviroment variables | ||
| run: cat .env > $GITHUB_ENV | ||
| - name: Retrieve saved Wazuh dashboard Docker image | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: docker-artifact-dashboard | ||
| - name: Retrieve saved Wazuh manager Docker image | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: docker-artifact-manager | ||
| - name: Retrieve saved Wazuh indexer Docker image | ||
| uses: actions/download-artifact@v3 | ||
| with: | ||
| name: docker-artifact-indexer | ||
| - name: Docker load | ||
| run: | | ||
| docker load --input ./wazuh-manager.tar | ||
| docker load --input ./wazuh-indexer.tar | ||
| docker load --input ./wazuh-dashboard.tar | ||
| - name: Create multi node certficates | ||
| run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator | ||
| - name: Start multi node stack | ||
| run: docker-compose -f multi-node/docker-compose.yml up -d | ||
| - name: Check Wazuh indexer start | ||
| run: | | ||
| sleep 120 | ||
| status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" | ||
| if [[ $status_green -eq 1 ]]; then | ||
| curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | ||
| else | ||
| curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | ||
| exit 1 | ||
| fi | ||
| status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" | ||
| status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`" | ||
| if [[ $status_index_green -eq $status_index ]]; then | ||
| curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | ||
| else | ||
| curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | ||
| exit 1 | ||
| fi | ||
| - name: Check Wazuh indexer nodes | ||
| run: | | ||
| nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" | ||
| if [[ $nodes -eq 3 ]]; then | ||
| echo "Wazuh indexer nodes: ${nodes}" | ||
| else | ||
| echo "Wazuh indexer nodes: ${nodes}" | ||
| exit 1 | ||
| fi | ||
| - name: Check documents into wazuh-alerts index | ||
| run: | | ||
| docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" | ||
| if [[ $docs -gt 100 ]]; then | ||
| echo "wazuh-alerts index documents: ${docs}" | ||
| else | ||
| echo "wazuh-alerts index documents: ${docs}" | ||
| exit 1 | ||
| fi | ||
| - name: Check Wazuh templates | ||
| run: | | ||
| qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`" | ||
| templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`" | ||
| if [[ $qty_templates -eq 3 ]]; then | ||
| echo "wazuh templates:" | ||
| echo "${templates}" | ||
| else | ||
| echo "wazuh templates:" | ||
| echo "${templates}" | ||
| exit 1 | ||
| fi | ||
| - name: Check Wazuh manager start | ||
| run: | | ||
| services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" | ||
| if [[ $services -gt 10 ]]; then | ||
| echo "Wazuh Manager Services: ${services}" | ||
| echo "OK" | ||
| else | ||
| echo "Wazuh indexer nodes: ${nodes}" | ||
| curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | ||
| exit 1 | ||
| fi | ||
| nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r ".data.affected_items[].name" | wc -l) | ||
| if [[ $nodes -eq 2 ]]; then | ||
| echo "Wazuh manager nodes: ${nodes}" | ||
| else | ||
| echo "Wazuh manager nodes: ${nodes}" | ||
| exit 1 | ||
| fi | ||
| env: | ||
| TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") | ||
| - name: Check errors in ossec.log | ||
| run: ./.github/multi-node-log-check.sh | ||
| - name: Check filebeat output | ||
| run: ./.github/multi-node-filebeat-check.sh | ||
| - name: Check Wazuh dashboard service URL | ||
| run: | | ||
| status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk '{print $2}') | ||
| if [[ $status -eq 200 ]]; then | ||
| echo "Wazuh dashboard status: ${status}" | ||
| else | ||
| echo "Wazuh dashboard status: ${status}" | ||
| exit 1 | ||
| fi | ||
