wazuh
diff --git a/‎.github/ISSUE_TEMPLATE/compatibility_request.md
Lines changed: 23 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/compatibility_request.md
Lines changed: 23 additions & 0 deletions
diff --git a/‎.github/actions/run-cypress-tests/action.yml
Lines changed: 7 additions & 7 deletions b/‎.github/actions/run-cypress-tests/action.yml
Lines changed: 7 additions & 7 deletions
diff --git a/‎.github/workflows/4_builderpackage_security_plugin.yml
Lines changed: 45 additions & 0 deletions b/‎.github/workflows/4_builderpackage_security_plugin.yml
Lines changed: 45 additions & 0 deletions
diff --git a/‎.github/workflows/4_builderprecompiled_base-dev-environment.yml
Lines changed: 116 additions & 0 deletions b/‎.github/workflows/4_builderprecompiled_base-dev-environment.yml
Lines changed: 116 additions & 0 deletions
diff --git a/‎.github/workflows/4_bumper_repository.yml
Lines changed: 135 additions & 0 deletions b/‎.github/workflows/4_bumper_repository.yml
Lines changed: 135 additions & 0 deletions
@@ -0,0 +1,23 @@
+---
+name: Compatibility request
+about: Suggest supporting a new platform version OpenSearch
+title: 'Compatibility with OpenSearch (version)'
+labels: request/operational, level/task, type/maintenance
+assignees: ''
+---
+
+## Description
+
+We need to ensure the UI compatibility with the next version of OpenSearch vX.X.
+This update is still being discussed, but we need to be aware of potential issues.
+
+For that, we need to:
+
+- [ ] Review opensearch and opensearch-dashboard latest stable changelog.
+- [ ] Identify improvements and potential impact on the UI.
+- [ ] Create new tracking and development branches.
+- [ ] Develop a testing environment to verify our components would work under this new build.
+
+## Issues
+
+- _List here the detected issues_
@@ -17,7 +17,7 @@ inputs:
     default: ''
 
 runs:
-  using: "composite"
+  using: 'composite'
   steps:
     - name: Set env
       run: |
@@ -34,20 +34,20 @@ runs:
         plugin-name: ${{ env.PLUGIN_NAME }}
         plugin-version: ${{ env.PLUGIN_VERSION }}
         download-location: ${{ env.PLUGIN_NAME }}
-    
+
     - name: Run Opensearch with A Single Plugin
       uses: derek-ho/start-opensearch@v6
       with:
         opensearch-version: ${{ env.OPENSEARCH_VERSION }}
-        plugins: "file:$(pwd)/opensearch-security.zip"
+        plugins: 'file:$(pwd)/opensearch-security.zip'
         security-enabled: true
         admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
         security_config_file: ${{ inputs.security_config_file }}
         jdk-version: 21
 
     # OSD bootstrap
     - name: Run Dashboard with Security Dashboards Plugin
-      uses: derek-ho/setup-opensearch-dashboards@v1
+      uses: derek-ho/setup-opensearch-dashboards@v3
       with:
         plugin_name: security-dashboards-plugin
         opensearch_dashboards_yml: ${{ inputs.dashboards_config_file }}
@@ -81,7 +81,7 @@ runs:
       shell: bash
 
     # Check if OSD is ready with a max timeout of 600 seconds
-    - name : Check If OpenSearch Dashboards Is Ready
+    - name: Check If OpenSearch Dashboards Is Ready
       if: ${{ runner.os == 'Linux' }}
       run: |
         cd ./OpenSearch-Dashboards
@@ -100,11 +100,11 @@ runs:
       shell: bash
 
     - name: Run Cypress Tests with retry
-      uses: Wandalen/wretry.action@v3.3.0
+      uses: Wandalen/wretry.action@v3
       with:
         attempt_limit: 5
         attempt_delay: 2000
         command: |
           cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin
           yarn add cypress --save-dev
-          eval ${{ inputs.yarn_command }} 
+          eval ${{ inputs.yarn_command }}
@@ -0,0 +1,45 @@
+# 📝 Based on: `4_builderprecompiled_base-dev-environment.yml`
+#
+# 📦 Manual Build Workflow for Wazuh Security Dashboard Plugin
+#
+# ⚡ Overview:
+# This workflow builds and tests production-ready packages for Wazuh Security Dashboard Plugin,
+# either manually or triggered by other workflows.
+#
+# 🚀 Key Features:
+# - 🖇️ Manual or Automated Builds: Supports manual execution or invocation from other workflows,
+#   specifying any valid code reference (branch, tag, or commit SHA).
+# - 🏗️ Production-Ready Package Generation: Builds a production-ready package from the provided code reference.
+# - 🌐 Reusable Build Environment: Reuses a preconfigured build environment, ensuring consistency and easier maintenance.
+#
+
+name: (4.x) Build app package (on demand)
+on:
+  workflow_call:
+    inputs:
+      reference:
+        required: true
+        type: string
+        description: Source code reference (branch, tag or commit SHA)
+        default: 4.14.0
+  workflow_dispatch:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: 4.14.0
+        description: Source code reference (branch, tag or commit SHA)
+
+jobs:
+  # Build an app package from the given source code reference.
+  build:
+    name: Build app package
+    uses: ./.github/workflows/4_builderprecompiled_base-dev-environment.yml
+    permissions:
+      pull-requests: write
+    with:
+      reference: ${{ inputs.reference }}
+      command: 'yarn build'
+      artifact_name: 'wazuh-security-dashboards-plugin'
+      artifact_path: './wazuh-security-plugin/build'
+    secrets: inherit
@@ -0,0 +1,116 @@
+# 📚 Base Workflow - Environment Setup and Command Execution
+#
+# ⚡ Overview:
+# This workflow serves as a reusable base for other workflows, providing a
+# standardized environment to execute custom commands (e.g., `yarn build`, `yarn test`)
+# on source code fetched from a specified Git reference.
+#
+# 🚀 Key Features:
+# - 💻 Docker-Based Environment Setup: Prepares a Docker environment with OpenSearch Dashboards or Kibana.
+# - ⚙️ Custom Command Execution: Runs any specified command on the downloaded source code.
+# - 📦 Artifact and Coverage Upload: Uploads build artifacts and test coverage results to GitHub when configured.
+#
+# 🔗 Designed for: Easy integration and reuse by other workflows.
+
+name: (4.x) Base workflow - Environment
+
+on:
+  workflow_call:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: 4.14.0
+        description: Source code reference (branch, tag or commit SHA).
+      command:
+        required: true
+        type: string
+        default: 'yarn build'
+        description: Command to run in the environment
+      docker_run_extra_args:
+        type: string
+        default: ''
+        description: Additional paramaters for the docker run command.
+        required: false
+      artifact_name:
+        type: string
+        default: ''
+        description: Artifact name (will be automatically suffixed with .zip)
+        required: false
+      artifact_path:
+        type: string
+        default: ''
+        description: Folder to include in the archive.
+        required: false
+      notify_jest_coverage_summary:
+        type: boolean
+        default: false
+        required: false
+
+jobs:
+  # Deploy the plugin in a development environment and run a command
+  # using a pre-built Docker image, hosted in Quay.io.
+  deploy_and_run_command:
+    permissions:
+      pull-requests: write
+    name: Deploy and run command
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Step 01 - Download the plugin's source code
+        uses: actions/checkout@v4
+        with:
+          repository: wazuh/wazuh-security-dashboards-plugin
+          ref: ${{ inputs.reference }}
+          path: wazuh-security-plugin
+
+      # Fix source code ownership so the internal user of the Docker
+      # container is also owner.
+      - name: Step 02 - Change code ownership
+        run: sudo chown 1000:1000 -R wazuh-security-plugin;
+
+      - name: Step 03 - Set up the environment and run the command
+        run: |
+          # Read the platform version from the package.json file
+          echo "Reading the platform version from the package.json...";
+          platform_version=$(jq -r '.opensearchDashboards.version | select(. != null)' wazuh-security-plugin/package.json);
+          echo "Plugin platform version: $platform_version";
+
+          # Get Wazuh version and concatenate with platform version
+          wazuh_version=$(jq -r '.wazuh.version' wazuh-security-plugin/package.json);
+          echo "Wazuh version: $wazuh_version";
+
+          # Concatenate versions in format: <Opensearch version>-<Wazuh version>
+          combined_version="${platform_version}-${wazuh_version}";
+          echo "Combined platform version: $combined_version";
+
+          # Up the environment and run the command
+          docker run -t --rm \
+            -e OPENSEARCH_DASHBOARDS_VERSION=${combined_version} \
+            -v `pwd`/wazuh-security-plugin:/home/node/kbn/plugins/wazuh-security-plugin \
+            ${{ inputs.docker_run_extra_args }} \
+            quay.io/wazuh/osd-dev:${combined_version} \
+            bash -c '
+              yarn config set registry https://registry.yarnpkg.com;
+              cd /home/node/kbn/plugins/wazuh-security-plugin && yarn && ${{ inputs.command }};
+            '
+      - name: Get the plugin version and format reference name
+        run: |
+          echo "githubReference=$(echo ${{ inputs.reference }} | sed 's/\//-/g')" >> $GITHUB_ENV
+          echo "version=$(jq -r '.wazuh.version' $(pwd)/wazuh-security-plugin/package.json)" >> $GITHUB_ENV
+          echo "revision=$(jq -r '.wazuh.revision' $(pwd)/wazuh-security-plugin/package.json)" >> $GITHUB_ENV
+
+      - name: Step 04 - Upload artifact to GitHub
+        if: ${{ inputs.artifact_name && inputs.artifact_path }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_name }}_${{ env.version }}-${{ env.revision }}_${{ env.githubReference }}.zip
+          path: ${{ inputs.artifact_path }}
+          overwrite: true
+
+      - name: Step 05 - Upload coverage results to GitHub
+        if: ${{ inputs.notify_jest_coverage_summary && github.event_name == 'pull_request' }}
+        uses: AthleticNet/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          path: ./wazuh-security-plugin/target/test-coverage/coverage-summary.json
+          title: 'Code coverage (Jest)'
@@ -0,0 +1,135 @@
+name: Repository bumper
+run-name: Bump ${{ github.ref_name }} (${{ inputs.id }})
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Target version (e.g. 1.2.3)'
+        default: ''
+        required: false
+        type: string
+      stage:
+        description: 'Version stage (e.g. alpha0)'
+        default: ''
+        required: false
+        type: string
+      issue-link:
+        description: 'Issue link in format https://github.com/wazuh/<REPO>/issues/<ISSUE-NUMBER>'
+        required: true
+        type: string
+      id:
+        description: 'Optional identifier for the run'
+        required: false
+        type: string
+
+jobs:
+  bump:
+    name: Repository bumper
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+      pull-requests: write
+
+    env:
+      CI_COMMIT_AUTHOR: wazuhci
+      CI_COMMIT_EMAIL: [email protected]
+      CI_GPG_PRIVATE_KEY: ${{ secrets.CI_WAZUHCI_GPG_PRIVATE }}
+      GH_TOKEN: ${{ secrets.CI_WAZUHCI_BUMPER_TOKEN }}
+      BUMP_SCRIPT_PATH: tools/repository_bumper.sh
+      BUMP_LOG_PATH: tools/
+
+    steps:
+      - name: Dump event payload
+        run: |
+          cat $GITHUB_EVENT_PATH | jq '.inputs'
+
+      - name: Set up GPG key
+        id: signing_setup
+        run: |
+          echo "${{ env.CI_GPG_PRIVATE_KEY }}" | gpg --batch --import
+          KEY_ID=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec/ {print $5; exit}')
+          echo "gpg_key_id=$KEY_ID" >> $GITHUB_OUTPUT
+
+      - name: Set up git
+        run: |
+          git config --global user.name "${{ env.CI_COMMIT_AUTHOR }}"
+          git config --global user.email "${{ env.CI_COMMIT_EMAIL }}"
+          git config --global commit.gpgsign true
+          git config --global user.signingkey "${{ steps.signing_setup.outputs.gpg_key_id }}"
+          echo "use-agent" >> ~/.gnupg/gpg.conf
+          echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
+          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
+          echo RELOADAGENT | gpg-connect-agent
+          export DEBIAN_FRONTEND=noninteractive
+          export GPG_TTY=$(tty)
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # Using workflow-specific GITHUB_TOKEN because currently CI_WAZUHCI_BUMPER_TOKEN
+          # doesn't have all the necessary permissions
+          token: ${{ env.GH_TOKEN }}
+
+      - name: Determine branch name
+        id: vars
+        env:
+          VERSION: ${{ inputs.version }}
+          STAGE: ${{ inputs.stage }}
+        run: |
+          script_params=""
+          version=${{ env.VERSION }}
+          stage=${{ env.STAGE }}
+
+          # Both version and stage provided
+          if [[ -n "$version" && -n "$stage" ]]; then
+            script_params="--version ${version} --stage ${stage}"
+          elif [[ -z "$version" && -n "$stage" ]]; then
+            script_params="--stage ${stage}"
+          fi
+
+          issue_number=$(echo "${{ inputs.issue-link }}" | awk -F'/' '{print $NF}')
+          BRANCH_NAME="enhancement/wqa${issue_number}-bump-${{ github.ref_name }}"
+          echo "branch_name=$BRANCH_NAME" >> $GITHUB_OUTPUT
+          echo "script_params=${script_params}" >> $GITHUB_OUTPUT
+
+      - name: Create and switch to bump branch
+        run: |
+          git checkout -b ${{ steps.vars.outputs.branch_name }}
+
+      - name: Make version bump changes
+        run: |
+          echo "Running bump script"
+          bash ${{ env.BUMP_SCRIPT_PATH }} ${{ steps.vars.outputs.script_params }}
+
+      - name: Commit and push changes
+        run: |
+          git add .
+          git commit -m "feat: bump ${{ github.ref_name }}"
+          git push origin ${{ steps.vars.outputs.branch_name }}
+
+      - name: Create pull request
+        id: create_pr
+        run: |
+          gh auth setup-git
+          PR_URL=$(gh pr create \
+            --title "Bump ${{ github.ref_name }} branch" \
+            --body "Issue: ${{ inputs.issue-link }}" \
+            --base ${{ github.ref_name }} \
+            --head ${{ steps.vars.outputs.branch_name }})
+
+          echo "Pull request created: ${PR_URL}"
+          echo "pull_request_url=${PR_URL}" >> $GITHUB_OUTPUT
+
+      - name: Merge pull request
+        run: |
+          # Any checks for the PR are bypassed since the branch is expected to be functional (i.e. the bump process does not introduce any bugs)
+          gh pr merge "${{ steps.create_pr.outputs.pull_request_url }}" --merge --admin
+
+      - name: Show logs
+        run: |
+          echo "Bump complete."
+          echo "Branch: ${{ steps.vars.outputs.branch_name }}"
+          echo "PR: ${{ steps.create_pr.outputs.pull_request_url }}"
+          echo "Bumper scripts logs:"
+          cat ${BUMP_LOG_PATH}/repository_bumper*log