Add the first workflow version and the needed playbook

wazuh · Aug 27, 2024 · a9b60ec · a9b60ec
1 parent 57aa238
commit a9b60ec
Show file tree

Hide file tree

Showing 2 changed files with 472 additions and 0 deletions.
diff --git a/.github/workflows/packages_builder_ami.yaml b/.github/workflows/packages_builder_ami.yaml
@@ -16,3 +16,134 @@ on:
         description: 'Branch or tag of the wazuh-automation repository'
         required: true
         default: '4.10.0'
+      WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
+        description: 'Branch or tag of the wazuh-installation-assistant repository'
+        required: true
+        default: '4.10.0'
+      SUFFIX-AMI:
+        description: 'Suffix to add to the AMI name, must begin with "_" without quotes. For pre-relase, use -1'
+        required: false
+      DESTROY:
+        type: boolean
+        description: 'Destroy the base instance after the AMI is created'
+        required: false
+        default: true
+
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  Build_AMI:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+         uses: actions/checkout@v4
+
+      - name: View parameters
+        run: echo "${{ toJson(inputs) }}"
+
+      - name: Checkout wazuh/wazuh-automation repository
+        uses: actions/checkout@v4
+        with:
+          repository: wazuh/wazuh-automation
+          ref: ${{ inputs.WAZUH_AUTOMATION_REFERENCE }}
+          token: ${{ secrets.GH_CLONE_TOKEN }}
+
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: ${{ secrets.AWS_IAM_OVA_ROLE }}
+          aws-region: us-east-1
+
+      - name: Install Ansible
+        run: |
+          sudo apt update
+          sudo apt-add-repository ppa:ansible/ansible
+          sudo apt install -y ansible
+
+      - name: Install and set allocator requirements
+        run: |
+          pip3 install -r deployability/deps/requirements.txt
+
+      - name: Execute allocator module that will create the base instance
+        id: alloc_vm_ami
+        run: |
+          python3 deployability/modules/allocation/main.py --action create --provider aws --size large --composite-name linux-amazon-2-amd64 --working-dir /tmp/allocatorvm_ami \
+            --track-output /tmp/allocatorvm_ami/track.yml --inventory-output /tmp/allocatorvm_ami/inventory.yml --instance-name gha_${{ github.run_id }}_ami_build
+          sed 's/: */=/g' /tmp/allocatorvm_ami/inventory.yml > /tmp/allocatorvm_ami/inventory_mod.yml
+          sed -n 's/^identifier: \(.*\)$/identifier=\1/p' track.yml >> /tmp/allocatorvm_ami/inventory_mod.yml
+          echo "::add-mask::$ansible_host"
+          echo "::add-mask::$ansible_port"
+          echo "::add-mask::$ansible_user"
+          echo "::add-mask::$ansible_ssh_private_key_file"
+          echo "::add-mask::$ansible_ssh_common_args"
+          echo "::add-mask::$identifier"
+          cat "/tmp/allocatorvm_ami/inventory_mod.yml" >> $GITHUB_ENV;
+      
+      - name: Generate inventory
+        run: |
+          echo "[gha_instance]" > tmp/allocatorvm_ami/inventory_ansible.ini
+          echo "$ansible_host ansible_port=$ansible_port >> tmp/allocatorvm_ami/inventory_ansible.ini
+          echo ansible_user=$ansible_user >> tmp/allocatorvm_ami/inventory_ansible.ini 
+          echo ansible_ssh_private_key_file=$ansible_ssh_private_key_file >> tmp/allocatorvm_ami/inventory_ansible.ini
+          echo ansible_ssh_common_args='$ansible_ssh_common_args'" >> tmp/allocatorvm_ami/inventory_ansible.ini
+      
+      - name: Checkout wazuh/wazuh-virtual-machines repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.WAZUH_VIRTUAL_MACHINES_REFERENCE }}
+
+      - name: Run Ansible playbook to install Wazuh components
+        run: |
+          ansible-playbook -i /tmp/allocatorvm_ami/inventory.json ami/playbooks/build_ami_packages.yaml --extra-vars "wazuh_installation_assistant=${{ inputs.WAZUH_INSTALLATION_ASSISTANT_REFERENCE }}"
+
+      - name: Stop instance
+        run: |
+          aws ec2 stop-instances --instance-ids ${{ env.identifier }}
+
+       - name: Check EC2 instance status until stopped
+        id: check_status
+        run: |
+          TIMEOUT=120
+          INTERVAL=2
+          ELAPSED=0
+
+          while [ $ELAPSED -lt $TIMEOUT ]; do
+            STATUS=$(aws ec2 describe-instances --instance-ids ${{ env.identifier }} --query 'Reservations[*].Instances[*].State.Name' --output text)
+            echo "Instance status: $STATUS"
+            
+            if [ "$STATUS" == "stopped" ]; then
+              echo "Instance is stopped."
+              break
+            fi
+
+            echo "Waiting for instance to stop..."
+            sleep $INTERVAL
+            ELAPSED=$((ELAPSED + INTERVAL))
+          done
+
+          if [ $ELAPSED -ge $TIMEOUT ]; then
+            echo "Timeout reached. The instance is still not stopped."
+            exit 1
+          fi
+
+      - name: Build AMI from instance
+        if: success()
+        run: |
+          AMI_NAME="Wazuh_v${{ inputs.PACKAGE_VERSION }}-${{ inputs.SUFFIX_AMI }}"
+          aws ec2 create-image --instance-id ${{ env.identifier }} --name "$AMI_NAME" --no-reboot
+          echo "AMI creation started with name $AMI_NAME"
+
+      - name: Tag AMI
+        if: success()
+        run: |
+          AMI_ID=$(aws ec2 describe-images --filters "Name=name,Values=Wazuh_v${{ inputs.PACKAGE_VERSION }}-${{ inputs.SUFFIX_AMI }}" --query 'Images[*].ImageId' --output text)
+          aws ec2 create-tags --resources $AMI_ID --tags Key=Name,Value="Wazuh_v${{ inputs.PACKAGE_VERSION }}-${{ inputs.SUFFIX_AMI }}"
+
+      - name: Delete base instance
+        if: ${{ inputs.DESTROY }}
+        run: |
+          aws ec2 terminate-instances --instance-ids ${{ env.identifier }}
+          echo "Base instance terminated"