soc/wazuh-docker/.github/workflows/push.yml

name: Wazuh Docker pipeline

on: [pull_request]

jobs:
  build-docker-images:
    runs-on: ubuntu-22.04
    steps:

    - name: Check out code
      uses: actions/checkout@v4

    - name: Build Wazuh images
      run: ./build-images.sh
      working-directory: ./build-docker-images

    - name: Create enviroment variables
      run: cat .env > $GITHUB_ENV

    - name: Create backup Docker images
      run: |
        mkdir -p /home/runner/work/wazuh-docker/wazuh-docker/docker-images/
        docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
        docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
        docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
        docker save wazuh/wazuh-agent:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar

    - name: Temporarily save Wazuh manager Docker image
      uses: actions/upload-artifact@v4
      with:
        name: docker-artifact-manager
        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar
        retention-days: 1

    - name: Temporarily save Wazuh indexer Docker image
      uses: actions/upload-artifact@v4
      with:
        name: docker-artifact-indexer
        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
        retention-days: 1

    - name: Temporarily save Wazuh dashboard Docker image
      uses: actions/upload-artifact@v4
      with:
        name: docker-artifact-dashboard
        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
        retention-days: 1

    - name: Temporarily save Wazuh agent Docker image
      uses: actions/upload-artifact@v4
      with:
        name: docker-artifact-agent
        path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar
        retention-days: 1

    - name: Install Goss
      uses: e1himself/goss-installation-action@v1.0.3
      with:
        version: v0.3.16

    - name: Execute Goss tests (wazuh-manager)
      run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}}
      env:
        GOSS_SLEEP: 30
        GOSS_FILE: .github/.goss.yaml

  check-single-node:
    runs-on: ubuntu-22.04
    needs: build-docker-images
    steps:

    - name: Check out code
      uses: actions/checkout@v4

    - name: Create enviroment variables
      run: cat .env > $GITHUB_ENV

    - name: Retrieve saved Wazuh indexer Docker image
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-indexer

    - name: Retrieve saved Wazuh manager Docker image
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-manager

    - name: Retrieve saved Wazuh dashboard Docker image
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-dashboard

    - name: Retrieve saved Wazuh agent Docker image
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-agent

    - name: Docker load
      run: |
        docker load --input ./wazuh-indexer.tar
        docker load --input ./wazuh-dashboard.tar
        docker load --input ./wazuh-manager.tar
        docker load --input ./wazuh-agent.tar

    - name: Create single node certficates
      run: docker compose -f single-node/generate-indexer-certs.yml run --rm generator

    - name: Start single node stack
      run: docker compose -f single-node/docker-compose.yml up -d

    - name: Check Wazuh indexer start
      run: |
       sleep 60
       status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
       if [[ $status_green -eq 1 ]]; then
        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
       else
        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
        exit 1
       fi
       status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
       status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`"
       if [[ $status_index_green -eq $status_index ]]; then
        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
       else
        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
        exit 1
       fi


    - name: Check Wazuh indexer nodes
      run: |
       nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
       if [[ $nodes -eq 1 ]]; then
        echo "Wazuh indexer nodes: ${nodes}"
       else
        echo "Wazuh indexer nodes: ${nodes}"
        exit 1
       fi

    - name: Check documents into wazuh-alerts index
      run: |
       sleep 120
       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
       if [[ $docs -gt 0 ]]; then
        echo "wazuh-alerts index documents: ${docs}"
       else
        echo "wazuh-alerts index documents: ${docs}"
        exit 1
       fi

    - name: Check Wazuh templates
      run: |
       qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
       templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
       if [[ $qty_templates -gt 3 ]]; then
        echo "wazuh templates:"
        echo "${templates}"
       else
        echo "wazuh templates:"
        echo "${templates}"
        exit 1
       fi

    - name: Check Wazuh manager start
      run: |
        services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
        if [[ $services -gt 9 ]]; then
          echo "Wazuh Manager Services: ${services}"
          echo "OK"
        else
          echo "Wazuh indexer nodes: ${nodes}"
          curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
          exit 1
        fi
      env:
        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

    - name: Check filebeat output
      run: ./.github/single-node-filebeat-check.sh

    - name: Check Wazuh dashboard service URL
      run: |
       status=$(curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk  '{print $2}')
       if [[ $status -eq 200 ]]; then
        echo "Wazuh dashboard status: ${status}"
       else
        echo "Wazuh dashboard status: ${status}"
        exit 1
       fi

    - name: Modify Docker endpoint into Wazuh agent docker-compose.yml file
      run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml

    - name: Start Wazuh agent
      run: docker compose -f wazuh-agent/docker-compose.yml up -d

    - name: Check Wazuh agent enrollment
      run: |
        sleep 20
        curl -k -s -X GET "https://localhost:55000/agents?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}"
      env:
        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

    - name: Check errors in ossec.log for Wazuh manager
      run: ./.github/single-node-log-check.sh

  check-multi-node:
    runs-on: ubuntu-22.04
    needs: build-docker-images
    steps:

    - name: Check out code
      uses: actions/checkout@v4

    - name: Create enviroment variables
      run: cat .env > $GITHUB_ENV

    - name: free disk space
      uses: ./.github/free-disk-space

    - name: Retrieve saved Wazuh dashboard Docker image
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-dashboard

    - name: Retrieve saved Wazuh manager Docker image
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-manager

    - name: Retrieve saved Wazuh indexer Docker image
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-indexer

    - name: Retrieve saved Wazuh agent Docker image
      uses: actions/download-artifact@v4
      with:
        name: docker-artifact-agent

    - name: Docker load
      run: |
        docker load --input ./wazuh-manager.tar
        docker load --input ./wazuh-indexer.tar
        docker load --input ./wazuh-dashboard.tar
        docker load --input ./wazuh-agent.tar
        rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-agent.tar

    - name: Create multi node certficates
      run: docker compose -f multi-node/generate-indexer-certs.yml run --rm generator

    - name: Start multi node stack
      run: docker compose -f multi-node/docker-compose.yml up -d

    - name: Check Wazuh indexer start
      run: |
       until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`  -eq 1 ]]
       do
         echo 'Waiting for Wazuh indexer start'
         free -m
         df -h
         sleep 120
       done
       status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
       if [[ $status_green -eq 1 ]]; then
        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
       else
        curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
        exit 1
       fi
       status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`"
       status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`"
       if [[ $status_index_green -eq $status_index ]]; then
        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
       else
        curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s
        exit 1
       fi

    - name: Check Wazuh indexer nodes
      run: |
       nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`"
       if [[ $nodes -eq 3 ]]; then
        echo "Wazuh indexer nodes: ${nodes}"
       else
        echo "Wazuh indexer nodes: ${nodes}"
        exit 1
       fi

    - name: Check documents into wazuh-alerts index
      run: |
       until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``)  -gt 0 ]]
       do
         echo 'Waiting for Wazuh indexer events'
         free -m
         df -h
         sleep 10
       done
       docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
       if [[ $docs -gt 0 ]]; then
        echo "wazuh-alerts index documents: ${docs}"
       else
        echo "wazuh-alerts index documents: ${docs}"
        exit 1
       fi

    - name: Check Wazuh templates
      run: |
       qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
       templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
       if [[ $qty_templates -gt 3 ]]; then
        echo "wazuh templates:"
        echo "${templates}"
       else
        echo "wazuh templates:"
        echo "${templates}"
        exit 1
       fi

    - name: Check Wazuh manager start
      run: |
        services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`"
        if [[ $services -gt 10 ]]; then
          echo "Wazuh Manager Services: ${services}"
          echo "OK"
        else
          echo "Wazuh indexer nodes: ${nodes}"
          curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items
          exit 1
        fi
        nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r ".data.affected_items[].name" | wc -l)
        if [[ $nodes -eq 2 ]]; then
         echo "Wazuh manager nodes: ${nodes}"
        else
         echo "Wazuh manager nodes: ${nodes}"
         exit 1
        fi
      env:
        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

    - name: Check filebeat output
      run: ./.github/multi-node-filebeat-check.sh

    - name: Check Wazuh dashboard service URL
      run: |
       status=$(curl -XGET --silent  https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk  '{print $2}')
       if [[ $status -eq 200 ]]; then
        echo "Wazuh dashboard status: ${status}"
       else
        echo "Wazuh dashboard status: ${status}"
        exit 1
       fi

    - name: Modify Docker endpoint into Wazuh agent docker-compose.yml file
      run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml

    - name: Start Wazuh agent
      run: docker compose -f wazuh-agent/docker-compose.yml up -d

    - name: Check Wazuh agent enrollment
      run: |
        sleep 20
        curl -k -s -X GET "https://localhost:55000/agents?pretty=true" -H  "Authorization: Bearer ${{env.TOKEN}}"
      env:
        TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")

    - name: Check errors in ossec.log for Wazuh manager
      run: ./.github/multi-node-log-check.sh