Pre-release for Wazuh agent v4.7.2-1 (#97)

* add wazuh agent test matrix

* added env for wazuh agent version

* check build for building and caching

* add re-use agent name

.github/workflows/clear-cache.yml

@@ -0,0 +1,26 @@
+name: "cleanup caches by a branch"
+on:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  cleanup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cleanup
+        run: |
+          gh extension install actions/gh-actions-cache
+          echo "Fetching list of cache key"
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
+          set +e
+          echo "Deleting caches..."
+          for cacheKey in $cacheKeysForPR
+          do
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge

.github/workflows/docker-hub-image-main.yml

@@ -1,19 +1,13 @@
 name: Build and push docker images for main branch
-
-# Controls when the workflow will run
 on:
   push:
     branches:
       - 'main'
-
-  # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 permissions:
   contents: read
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false

.github/workflows/tests-wazuh-docker.yml → .github/workflows/tests.yml

@@ -1,4 +1,4 @@
-name: Test Wazuh agent dockerfiles
+name: Tests
 
 on:
   workflow_run:
@@ -20,12 +20,64 @@ permissions:
   pull-requests: write
 
 jobs:
-  pyunit-tests:
+  test-docker-build:
+   runs-on: ubuntu-latest
+   strategy:
+      max-parallel: 6
+      matrix:
+        wazuh_agent_version: ['4.3.10-1','4.4.5-1', '4.5.4-1', '4.6.0-1', '4.7.1-1', '4.7.2-1']
+        include:
+          - dockerfile: ./Dockerfile
+            image: wazuh-agent-minideb
+            wazuh_cluster_version: '4.7.0'
+          - dockerfile: ./images/Dockerfile.amazonlinux
+            image: wazuh-agent-amazonlinux
+            wazuh_cluster_version: '4.7.0'
+          - dockerfile: ./images/Dockerfile.ubuntu
+            image: wazuh-agent-ubuntu
+            wazuh_cluster_version: '4.7.0'
 
-    runs-on: ubuntu-latest
+   steps:
+   - uses: actions/checkout@v3
+   - name: Expose GitHub Runtime
+     uses: crazy-max/ghaction-github-runtime@v3
+
+   - name: Set up QEMU
+     uses: docker/setup-qemu-action@v3
+
+   - name: Set up Docker Buildx
+     uses: docker/setup-buildx-action@v3
 
+   - name: Cache Docker images.
+     uses: ScribeMD/[email protected]
+     with:
+       key: docker-${{ matrix.wazuh_agent_version }}
+
+   - name: Build and Save Wazuh Agent base image
+     run: |
+        mkdir -p ${{ github.workspace }}/docker-images/
+        docker build -t  ${{ matrix.image }}:${{ matrix.wazuh_agent_version }} -f ${{ matrix.dockerfile }} --build-arg AGENT_VERSION=${{ matrix.wazuh_agent_version }} .
+        docker pull wazuh/wazuh-manager:${{ matrix.wazuh_cluster_version }}
+        docker pull wazuh/wazuh-indexer:${{ matrix.wazuh_cluster_version }}
+        docker pull wazuh/wazuh-dashboard:${{ matrix.wazuh_cluster_version }}
+
+  pyunit-tests:
+    runs-on: ubuntu-latest
+    needs: ["test-docker-build"]
+    strategy:
+      max-parallel: 6
+      matrix:
+        wazuh_agent_version: ['4.3.10-1','4.4.5-1', '4.5.4-1', '4.6.0-1', '4.7.1-1', '4.7.2-1']
+        include:
+          - image: wazuh-agent-minideb
+          - image: wazuh-agent-amazonlinux
+          - image: wazuh-agent-ubuntu
     steps:
     - uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - name: Expose GitHub Runtime
+      uses: crazy-max/ghaction-github-runtime@v3
     - name: Set up Python 3.9
       uses: actions/setup-python@v3
       with:
@@ -40,47 +92,75 @@ jobs:
       run: |
         flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
         flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+
     - name: Cache Docker images.
       uses: ScribeMD/[email protected]
       with:
-        key: docker-${{ runner.os }}
+        key: docker-${{ matrix.wazuh_agent_version }}
+
     - name: Test with pytest
       run: |
-        pytest -n auto -v --capture=sys -x --tb=long --junitxml=/tmp/test-results/wazuh-unittests.xml
+        pytest -n auto -v --capture=sys -x --tb=long --junitxml=/tmp/test-results/wazuh-unittests-${{ matrix.wazuh_agent_version }}.xml
+      env:
+        AGENT_VERSION: "${{ matrix.wazuh_agent_version }}"
+
     - name: Upload Artifact
       uses: actions/upload-artifact@v3
       with:
         name: wazuh-unittests
-        path: /tmp/test-results/wazuh-unittests.xml
-  docker-compose-tests:
-    needs: "pyunit-tests"
+        path: /tmp/test-results/wazuh-unittests-${{ matrix.wazuh_agent_version }}.xml
+
+  integrations-tests:
+    needs: ["pyunit-tests"]
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        wazuh_agent_version: ['4.3.10-1','4.4.5-1', '4.5.4-1','4.6.0-1','4.7.1-1','4.7.2-1']
+        wazuh_cluster_version: ['4.7.0']
+        include:
+          - image: wazuh-agent-minideb
+          - image: wazuh-agent-amazonlinux
+          - image: wazuh-agent-ubuntu
     steps:
     - uses: actions/checkout@v3
+
     - name: Set up Python 3.9
       uses: actions/setup-python@v3
       with:
         python-version: "3.9"
         cache: 'pip'
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
         if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
+        mkdir -p ${{ github.workspace }}/docker-images/
+
     - name: Cache Docker images.
-      if: always()
       uses: ScribeMD/[email protected]
       with:
-        key: docker-${{ runner.os }}
+        key: docker-${{ matrix.wazuh_agent_version }}
+
     - name: Download artifact from build job
       uses: actions/download-artifact@v3
       with:
         name: wazuh-unittests
         path: ${{ github.workspace }}/test-results/
+
     - name: Create single node certificates
       run: docker-compose -f tests/single-node/generate-indexer-certs.yml run --rm generator
 
     - name: Start single node stack
       run: docker-compose -f docker-compose.yml up -d --build
+      env:
+        AGENT_VERSION: "${{ matrix.wazuh_agent_version }}"
+        WAZUH_CLUSTER_VERSION: "${{ matrix.wazuh_cluster_version }}"
 
     - name: Check Wazuh indexer start
       run: |
@@ -101,22 +181,26 @@ jobs:
         exit 1
        fi
 
-    - name: Tests agent containers
-      run: pytest  -v --capture=sys -x --tb=long .github/workflows/test_docker_compose.py --disable-warnings --junitxml=/tmp/test-results/wazuh-docker-compose.xml
+    - name: Integration test for Wazuh agent
+      run: pytest  -v --capture=sys -x --tb=long .github/workflows/test_docker_compose.py --disable-warnings --junitxml=/tmp/test-results/wazuh-docker-compose-${{ matrix.wazuh_agent_version }}.xml
+
     - name: Copy Test Results
       if: always()
       run: |
-        cp -Lpr  /tmp/test-results/wazuh-docker-compose.xml ${{ github.workspace }}/test-results/wazuh-docker-compose.xml
+        cp -Lpr  /tmp/test-results/wazuh-docker-compose-${{ matrix.wazuh_agent_version }}.xml ${{ github.workspace }}/test-results/wazuh-docker-compose-${{ matrix.wazuh_agent_version }}.xml
       shell: bash
+
     - name: Check results
       run: |
         ls -R ${{ github.workspace }}/test-results/
+
     - name: Publish Test Results
       uses: EnricoMi/publish-unit-test-result-action@v2
       if: always()
       with:
          files: |
            test-results/**/*.xml
-    - name: Stop containers
+
+    - name: Stop containers and destroy
       if: always()
       run: docker-compose -f docker-compose.yml down

.gitignore

@@ -14,3 +14,6 @@ tmp/
 wazuh_indexer_ssl_certs
 snyk-code.sarif
 .dccache
+.coverage*
+coverage.xml
+htmlcov

Dockerfile

@@ -21,7 +21,7 @@ RUN install_packages \
   curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
   echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
   install_packages wazuh-agent=${AGENT_VERSION}  && \
-  echo "deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free" >> /etc/apt/sources.list && \
+  echo "deb https://deb.debian.org/debian-security/ bullseye-security main contrib non-free" >> /etc/apt/sources.list && \
   mkdir -p /usr/share/man/man1 && \
   install_packages openjdk-11-jdk
 

Makefile

@@ -50,4 +50,7 @@ destroy: ## Destroy docker compose stack and cleanup
 	docker compose down --remove-orphans --rmi local -v
 	rm -rf tests/single-node/config/wazuh_indexer_ssl_certs/*
 test: ## Run unit tests
-	pytest  -v -n auto --capture=sys -x --tb=long
+	pytest  -v  --cov=. --cov-report xml --cov-report html -n auto --capture=sys -x --tb=long
+
+gh-actions:  ## Run github action locally
+	DOCKER_DEFAULT_PLATFORM= act --artifact-server-path=/tmp/wazuh

README.md

@@ -40,13 +40,24 @@ This implementation offers a seamless and adaptable solution for incorporating W
 
 ## Wazuh agent version
 
-| GitHub branch/tag | Wazuh Agent version | Docker image tag |
-|-------------------|---------------------|------------------|
-| main              | v4.3.10             | lates            |
-| v4.7.1-1          | v4.7.1-1            | 4.7.1            |
-| v4.6.0-1          | v4.6.0-1            | 4.6.0            |
-| v4.5.4-1          | v4.5.4-1            | 4.5.4            |
-| v4.4.5-1          | v4.4.5-1            | 4.4.5            |
+### Braking changes
+
+*Wazuh agent v4.3.10* will reach its end of life (EOL) and the cessation of support on February 1, 2024.
+
+
+>> Commencing on February 1, 2024, the main branch will incorporate the latest code.
+>>
+>> Exercise caution, as potential bugs may exist in this branch. It is crucial to migrate all your deployments to Docker image tags listed below for reference.
+
+
+| GitHub branch/tag | Wazuh Agent version | EOL                | Docker image tag |
+|-------------------|---------------------|--------------------|------------------|
+| main              | v4.3.10             | v4.3.10 01.02.2024 | latest           |
+| v4.7.2-1          | v4.7.2-1            | LTS                | 4.7.1            |
+| v4.7.1-1          | v4.7.1-1            | LTS                | 4.7.1            |
+| v4.6.0-1          | v4.6.0-1            | LTS                | 4.6.0            |
+| v4.5.4-1          | v4.5.4-1            | LTS                | 4.5.4            |
+| v4.4.5-1          | v4.4.5-1            | LTS                | 4.4.5            |
 
 ## DockerHub images
 

docker-compose.yml

@@ -5,7 +5,11 @@ services:
     build:
       context: .
       dockerfile: ./Dockerfile
-    image: wazuh-agent:minideb
+      args:
+        AGENT_VERSION: ${AGENT_VERSION:-4.3.10-1}
+    image: wazuh-agent-minideb:${AGENT_VERSION:-4.3.10-1}
+    volumes:
+       - ./register_agent.py:/var/ossec/register_agent.py
     hostname: wazuh-agent-minideb
     deploy:
       replicas: ${LOCAL_DEV:-1}
@@ -22,7 +26,9 @@ services:
     build:
       context: .
       dockerfile: ./images/Dockerfile.amazonlinux
-    image: wazuh-agent:amazonlinux
+      args:
+        AGENT_VERSION: ${AGENT_VERSION:-4.3.10-1}
+    image: wazuh-agent-amazonlinux:${AGENT_VERSION:-4.3.10-1}
     deploy:
       replicas: ${AGENT_REPLICAS:-1}
     restart: always
@@ -42,7 +48,9 @@ services:
     build:
       context: .
       dockerfile: ./images/Dockerfile.ubuntu
-    image: wazuh-agent:ubuntu
+      args:
+        AGENT_VERSION: ${AGENT_VERSION:-4.3.10-1}
+    image: wazuh-agent-ubuntu:${AGENT_VERSION:-4.3.10-1}
     deploy:
       replicas: ${AGENT_REPLICAS:-1}
     hostname: wazuh-agent-ubuntu
@@ -59,7 +67,7 @@ services:
         - wazuh.manager
         - wazuh.indexer
   wazuh.manager:
-    image: wazuh/wazuh-manager:4.7.0
+    image: wazuh/wazuh-manager:${WAZUH_CLUSTER_VERSION:-4.7.0}
     hostname: wazuh.manager
     restart: always
     ulimits:
@@ -106,7 +114,7 @@ services:
       timeout: 10s
       retries: 10
   wazuh.indexer:
-    image: wazuh/wazuh-indexer:4.7.0
+    image: wazuh/wazuh-indexer:${WAZUH_CLUSTER_VERSION:-4.7.0}
     hostname: wazuh.indexer
     restart: always
     ports:
@@ -131,7 +139,7 @@ services:
       - ./tests/single-node/config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
 
   wazuh.dashboard:
-    image: wazuh/wazuh-dashboard:4.7.0
+    image: wazuh/wazuh-dashboard:${WAZUH_CLUSTER_VERSION:-4.7.0}
     hostname: wazuh.dashboard
     restart: always
     ports: