Bump images to 4.14.4-rc1 #2073

Workflow file for this run

	name: Wazuh Docker pipeline

	on: [pull_request]

	jobs:
	build-docker-images:
	runs-on: ubuntu-22.04
	steps:

	- name: Check out code
	uses: actions/checkout@v4

	- name: Build Wazuh images
	run: ./build-images.sh
	working-directory: ./build-docker-images

	- name: Create enviroment variables
	run: cat .env > $GITHUB_ENV

	- name: Create backup Docker images
	run: \|
	mkdir -p /home/runner/work/wazuh-docker/wazuh-docker/docker-images/
	docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
	docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
	docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
	docker save wazuh/wazuh-agent:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar

	- name: Temporarily save Wazuh manager Docker image
	uses: actions/upload-artifact@v4
	with:
	name: docker-artifact-manager
	path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
	retention-days: 1

	- name: Temporarily save Wazuh indexer Docker image
	uses: actions/upload-artifact@v4
	with:
	name: docker-artifact-indexer
	path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
	retention-days: 1

	- name: Temporarily save Wazuh dashboard Docker image
	uses: actions/upload-artifact@v4
	with:
	name: docker-artifact-dashboard
	path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
	retention-days: 1

	- name: Temporarily save Wazuh agent Docker image
	uses: actions/upload-artifact@v4
	with:
	name: docker-artifact-agent
	path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar
	retention-days: 1

	- name: Install Goss
	uses: e1himself/goss-installation-action@v1.0.3
	with:
	version: v0.3.16

	- name: Execute Goss tests (wazuh-manager)
	run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}
	env:
	GOSS_SLEEP: 30
	GOSS_FILE: .github/.goss.yaml

	check-single-node:
	runs-on: ubuntu-22.04
	needs: build-docker-images
	steps:

	- name: Check out code
	uses: actions/checkout@v4

	- name: Create enviroment variables
	run: cat .env > $GITHUB_ENV

	- name: Retrieve saved Wazuh indexer Docker image
	uses: actions/download-artifact@v4
	with:
	name: docker-artifact-indexer

	- name: Retrieve saved Wazuh manager Docker image
	uses: actions/download-artifact@v4
	with:
	name: docker-artifact-manager

	- name: Retrieve saved Wazuh dashboard Docker image
	uses: actions/download-artifact@v4
	with:
	name: docker-artifact-dashboard

	- name: Retrieve saved Wazuh agent Docker image
	uses: actions/download-artifact@v4
	with:
	name: docker-artifact-agent

	- name: Docker load
	run: \|
	docker load --input ./wazuh-indexer.tar
	docker load --input ./wazuh-dashboard.tar
	docker load --input ./wazuh-manager.tar
	docker load --input ./wazuh-agent.tar

	- name: Create single node certficates
	run: docker compose -f single-node/generate-indexer-certs.yml run --rm generator

	- name: Start single node stack
	run: docker compose -f single-node/docker-compose.yml up -d

	- name: Check Wazuh indexer start
	run: \|
	sleep 60
	status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s \| grep green \| wc -l`"
	if [[ $status_green -eq 1 ]]; then
	curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
	else
	curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
	exit 1
	fi
	status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s \| wc -l`"
	status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s \| grep "green" \| wc -l`"
	if [[ $status_index_green -eq $status_index ]]; then
	curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
	else
	curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
	exit 1
	fi


	- name: Check Wazuh indexer nodes
	run: \|
	nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s \| grep -E "indexer" \| wc -l`"
	if [[ $nodes -eq 1 ]]; then
	echo "Wazuh indexer nodes: ${nodes}"
	else
	echo "Wazuh indexer nodes: ${nodes}"
	exit 1
	fi

	- name: Check documents into wazuh-alerts index
	run: \|
	sleep 120
	docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s \| jq -r ".count"`"
	if [[ $docs -gt 0 ]]; then
	echo "wazuh-alerts index documents: ${docs}"
	else
	echo "wazuh-alerts index documents: ${docs}"
	exit 1
	fi

	- name: Check Wazuh templates
	run: \|
	qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s \| grep -P "wazuh\|wazuh-agent\|wazuh-statistics" \| wc -l`"
	templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s \| grep -P "wazuh\|wazuh-agent\|wazuh-statistics"`"
	if [[ $qty_templates -gt 3 ]]; then
	echo "wazuh templates:"
	echo "${templates}"
	else
	echo "wazuh templates:"
	echo "${templates}"
	exit 1
	fi

	- name: Check Wazuh manager start
	run: \|
	services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" \| jq -r .data.affected_items \| grep running \| wc -l`"
	if [[ $services -gt 9 ]]; then
	echo "Wazuh Manager Services: ${services}"
	echo "OK"
	else
	echo "Wazuh indexer nodes: ${nodes}"
	curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" \| jq -r .data.affected_items
	exit 1
	fi
	env:
	TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

	- name: Check filebeat output
	run: ./.github/single-node-filebeat-check.sh

	- name: Check Wazuh dashboard service URL
	run: \|
	status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s \| grep -E "^HTTP" \| awk '{print $2}')
	if [[ $status -eq 200 ]]; then
	echo "Wazuh dashboard status: ${status}"
	else
	echo "Wazuh dashboard status: ${status}"
	exit 1
	fi

	- name: Modify Docker endpoint into Wazuh agent docker-compose.yml file
	run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 \| grep 'inet ' \| awk '{print $2}' \| cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml

	- name: Start Wazuh agent
	run: docker compose -f wazuh-agent/docker-compose.yml up -d

	- name: Check Wazuh agent enrollment
	run: \|
	sleep 20
	curl -k -s -X GET "https://localhost:55000/agents?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}"
	env:
	TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

	- name: Check errors in ossec.log for Wazuh manager
	run: ./.github/single-node-log-check.sh

	check-multi-node:
	runs-on: ubuntu-22.04
	needs: build-docker-images
	steps:

	- name: Check out code
	uses: actions/checkout@v4

	- name: Create enviroment variables
	run: cat .env > $GITHUB_ENV

	- name: free disk space
	uses: ./.github/free-disk-space

	- name: Retrieve saved Wazuh dashboard Docker image
	uses: actions/download-artifact@v4
	with:
	name: docker-artifact-dashboard

	- name: Retrieve saved Wazuh manager Docker image
	uses: actions/download-artifact@v4
	with:
	name: docker-artifact-manager

	- name: Retrieve saved Wazuh indexer Docker image
	uses: actions/download-artifact@v4
	with:
	name: docker-artifact-indexer

	- name: Retrieve saved Wazuh agent Docker image
	uses: actions/download-artifact@v4
	with:
	name: docker-artifact-agent

	- name: Docker load
	run: \|
	docker load --input ./wazuh-manager.tar
	docker load --input ./wazuh-indexer.tar
	docker load --input ./wazuh-dashboard.tar
	docker load --input ./wazuh-agent.tar
	rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-agent.tar

	- name: Create multi node certficates
	run: docker compose -f multi-node/generate-indexer-certs.yml run --rm generator

	- name: Start multi node stack
	run: docker compose -f multi-node/docker-compose.yml up -d

	- name: Check Wazuh indexer start
	run: \|
	until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s \| grep green \| wc -l` -eq 1 ]]
	do
	echo 'Waiting for Wazuh indexer start'
	free -m
	df -h
	sleep 120
	done
	status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s \| grep green \| wc -l`"
	if [[ $status_green -eq 1 ]]; then
	curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
	else
	curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
	exit 1
	fi
	status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s \| wc -l`"
	status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s \| grep -E "green" \| wc -l`"
	if [[ $status_index_green -eq $status_index ]]; then
	curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
	else
	curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
	exit 1
	fi

	- name: Check Wazuh indexer nodes
	run: \|
	nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s \| grep -E "indexer" \| wc -l`"
	if [[ $nodes -eq 3 ]]; then
	echo "Wazuh indexer nodes: ${nodes}"
	else
	echo "Wazuh indexer nodes: ${nodes}"
	exit 1
	fi

	- name: Check documents into wazuh-alerts index
	run: \|
	until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s \| jq -r ".count"``) -gt 0 ]]
	do
	echo 'Waiting for Wazuh indexer events'
	free -m
	df -h
	sleep 10
	done
	docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s \| jq -r ".count"`"
	if [[ $docs -gt 0 ]]; then
	echo "wazuh-alerts index documents: ${docs}"
	else
	echo "wazuh-alerts index documents: ${docs}"
	exit 1
	fi

	- name: Check Wazuh templates
	run: \|
	qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s \| grep "wazuh" \| wc -l`"
	templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s \| grep "wazuh"`"
	if [[ $qty_templates -gt 3 ]]; then
	echo "wazuh templates:"
	echo "${templates}"
	else
	echo "wazuh templates:"
	echo "${templates}"
	exit 1
	fi

	- name: Check Wazuh manager start
	run: \|
	services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" \| jq -r .data.affected_items \| grep running \| wc -l`"
	if [[ $services -gt 10 ]]; then
	echo "Wazuh Manager Services: ${services}"
	echo "OK"
	else
	echo "Wazuh indexer nodes: ${nodes}"
	curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" \| jq -r .data.affected_items
	exit 1
	fi
	nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" \| jq -r ".data.affected_items[].name" \| wc -l)
	if [[ $nodes -eq 2 ]]; then
	echo "Wazuh manager nodes: ${nodes}"
	else
	echo "Wazuh manager nodes: ${nodes}"
	exit 1
	fi
	env:
	TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

	- name: Check filebeat output
	run: ./.github/multi-node-filebeat-check.sh

	- name: Check Wazuh dashboard service URL
	run: \|
	status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I \| grep -E "^HTTP" \| awk '{print $2}')
	if [[ $status -eq 200 ]]; then
	echo "Wazuh dashboard status: ${status}"
	else
	echo "Wazuh dashboard status: ${status}"
	exit 1
	fi

	- name: Modify Docker endpoint into Wazuh agent docker-compose.yml file
	run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 \| grep 'inet ' \| awk '{print $2}' \| cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml

	- name: Start Wazuh agent
	run: docker compose -f wazuh-agent/docker-compose.yml up -d

	- name: Check Wazuh agent enrollment
	run: \|
	sleep 20
	curl -k -s -X GET "https://localhost:55000/agents?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}"
	env:
	TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

	- name: Check errors in ossec.log for Wazuh manager
	run: ./.github/multi-node-log-check.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump images to 4.14.4-rc1 #2073

Workflow file

Bump images to 4.14.4-rc1 #2073

Uh oh!

Workflow file for this run