wazuh
diff --git a/‎.github/actions/run-cypress-tests/action.yml
Lines changed: 4 additions & 4 deletions b/‎.github/actions/run-cypress-tests/action.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/5_builderpackage_on-update-tags.yml
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/5_builderpackage_on-update-tags.yml
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/5_builderpackage_security_plugin.yml
Lines changed: 44 additions & 0 deletions b/‎.github/workflows/5_builderpackage_security_plugin.yml
Lines changed: 44 additions & 0 deletions
diff --git a/‎.github/workflows/5_builderprecompiled_base-dev-environment.yml
Lines changed: 106 additions & 0 deletions b/‎.github/workflows/5_builderprecompiled_base-dev-environment.yml
Lines changed: 106 additions & 0 deletions
diff --git a/‎.github/workflows/5_codequality_codeql.yml
Lines changed: 88 additions & 0 deletions b/‎.github/workflows/5_codequality_codeql.yml
Lines changed: 88 additions & 0 deletions
diff --git a/‎.github/workflows/auto-release.yml
Lines changed: 6 additions & 3 deletions b/‎.github/workflows/auto-release.yml
Lines changed: 6 additions & 3 deletions
diff --git a/‎.github/workflows/backport.yml
Lines changed: 5 additions & 2 deletions b/‎.github/workflows/backport.yml
Lines changed: 5 additions & 2 deletions
diff --git a/‎.github/workflows/cypress-test-multiauth-e2e.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/cypress-test-multiauth-e2e.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/cypress-test-multidatasources-disabled-e2e.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/cypress-test-multidatasources-disabled-e2e.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/cypress-test-multidatasources-enabled-e2e.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/cypress-test-multidatasources-enabled-e2e.yml
Lines changed: 1 addition & 1 deletion
@@ -35,7 +35,7 @@ runs:
         plugin-name: ${{ env.PLUGIN_NAME }}
         plugin-version: ${{ env.PLUGIN_VERSION }}
         download-location: ${{ env.PLUGIN_NAME }}
-    
+
     - name: Run Opensearch with A Single Plugin
       uses: derek-ho/start-opensearch@v6
       with:
@@ -48,7 +48,7 @@ runs:
 
     # OSD bootstrap
     - name: Run Dashboard with Security Dashboards Plugin
-      uses: derek-ho/setup-opensearch-dashboards@v1
+      uses: derek-ho/setup-opensearch-dashboards@v3
       with:
         plugin_name: security-dashboards-plugin
         opensearch_dashboards_yml: ${{ inputs.dashboards_config_file }}
@@ -101,11 +101,11 @@ runs:
       shell: bash
 
     - name: Run Cypress Tests with retry
-      uses: Wandalen/wretry.action@v3.3.0
+      uses: Wandalen/wretry.action@v3
       with:
         attempt_limit: 5
         attempt_delay: 2000
         command: |
           cd ./OpenSearch-Dashboards/plugins/security-dashboards-plugin
           yarn add cypress --save-dev
-          eval ${{ inputs.yarn_command }} 
+          eval ${{ inputs.yarn_command }}
@@ -0,0 +1,25 @@
+# This workflow is based on the `5_builderprecompiled_base-dev-environment` workflow.
+#
+# This workflow is designed to build a production-ready package whenever a tag is created in the repository (e.g., a tag like `v1.0.0`).
+#
+# This workflow:
+# - Listens for tag creation (e.g., `v1.0.0`).
+# - Builds the application using `yarn build`.
+# - Names the generated artifact according to the tag.
+# - Generates the production-ready package.
+
+name: Build app package (on tag creation)
+
+on:
+  push:
+    tags:
+      - 'v*'
+jobs:
+  build:
+    name: Build app package (auto)
+    uses: ./.github/workflows/5_builderprecompiled_base-dev-environment.yml
+    with:
+      reference: ${{ github.ref_name }}
+      command: 'yarn build'
+      artifact_name: 'wazuh-security-dashboards-plugin-${{ github.ref_name }}'
+      artifact_path: './wazuh-security-plugin/build'
@@ -0,0 +1,44 @@
+# 📝 Based on: `5_builderprecompiled_base-dev-environment.yml`
+#
+# 📦 Manual Build Workflow for Wazuh Security Dashboard Plugin
+#
+# ⚡ Overview:
+# This workflow builds and tests production-ready packages for Wazuh Security Dashboard Plugin,
+# either manually or triggered by other workflows.
+#
+# 🚀 Key Features:
+# - 🖇️ Manual or Automated Builds: Supports manual execution or invocation from other workflows,
+#   specifying any valid code reference (branch, tag, or commit SHA).
+# - 🏗️ Production-Ready Package Generation: Builds a production-ready package from the provided code reference.
+# - 🌐 Reusable Build Environment: Reuses a preconfigured build environment, ensuring consistency and easier maintenance.
+#
+
+name: Build app package (on demand)
+
+on:
+  workflow_call:
+    inputs:
+      reference:
+        required: true
+        type: string
+        description: Git reference (branch, tag, or commit SHA) to build from.
+        default: main
+  workflow_dispatch:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: main
+        description: Git reference (branch, tag, or commit SHA) to build from.
+
+jobs:
+  # Build an app package from the given source code reference.
+  build:
+    name: Build app package
+    uses: ./.github/workflows/5_builderprecompiled_base-dev-environment.yml
+    with:
+      reference: ${{ inputs.reference }}
+      command: 'yarn build'
+      artifact_name: 'wazuh-security-dashboards-plugin'
+      artifact_path: './wazuh-security-plugin/build'
+    secrets: inherit
@@ -0,0 +1,106 @@
+# 📚 Base Workflow - Environment Setup and Command Execution
+#
+# ⚡ Overview:
+# This workflow serves as a reusable base for other workflows, providing a
+# standardized environment to execute custom commands (e.g., `yarn build`, `yarn test`)
+# on source code fetched from a specified Git reference.
+#
+# 🚀 Key Features:
+# - 💻 Docker-Based Environment Setup: Prepares a Docker environment with OpenSearch Dashboards or Kibana.
+# - ⚙️ Custom Command Execution: Runs any specified command on the downloaded source code.
+# - 📦 Artifact and Coverage Upload: Uploads build artifacts and test coverage results to GitHub when configured.
+#
+# 🔗 Designed for: Easy integration and reuse by other workflows.
+
+name: Base workflow - Environment
+
+on:
+  workflow_call:
+    inputs:
+      reference:
+        required: true
+        type: string
+        default: main
+        description: Git reference (branch, tag, or commit SHA) to build from.
+      command:
+        required: true
+        type: string
+        default: 'yarn build'
+        description: Command to run in the environment.
+      docker_run_extra_args:
+        type: string
+        default: ''
+        description: Additional parameters for the docker run command.
+        required: false
+      artifact_name:
+        type: string
+        default: ''
+        description: Artifact name (will be automatically suffixed with .zip).
+        required: false
+      artifact_path:
+        type: string
+        default: ''
+        description: Folder to include in the archive.
+        required: false
+      notify_jest_coverage_summary:
+        type: boolean
+        default: false
+        required: false
+
+jobs:
+  # Deploy the plugin in a development environment and run a command
+  # using a pre-built Docker image, hosted in Quay.io.
+  deploy_and_run_command:
+    name: Deploy and run command
+    runs-on: ubuntu-latest
+    steps:
+      - name: Step 01 - Download the plugin's source code
+        uses: actions/checkout@v4
+        with:
+          repository: wazuh/wazuh-security-dashboards-plugin
+          ref: ${{ inputs.reference }}
+          path: wazuh-security-plugin
+
+      # Fix source code ownership so the internal user of the Docker
+      # container is also owner.
+      - name: Step 02 - Change code ownership
+        run: sudo chown 1000:1000 -R wazuh-security-plugin;
+
+      - name: Step 03 - Set up the environment and run the command
+        run: |
+          # Read the platform version from the package.json file
+          echo "Reading the platform version from the package.json...";
+          platform_version=$(jq -r '.opensearchDashboards.version | select(. != null)' wazuh-security-plugin/package.json);
+          echo "Plugin platform version: $platform_version";
+
+          # Up the environment and run the command
+          docker run -t --rm \
+            -e OPENSEARCH_DASHBOARDS_VERSION=${platform_version} \
+            -v `pwd`/wazuh-security-plugin:/home/node/kbn/plugins/wazuh-security-plugin \
+            ${{ inputs.docker_run_extra_args }} \
+            quay.io/wazuh/osd-dev:${platform_version} \
+            bash -c '
+              yarn config set registry https://registry.yarnpkg.com;
+              cd /home/node/kbn/plugins/wazuh-security-plugin && yarn && ${{ inputs.command }};
+            '
+      - name: Get the plugin version and format reference name
+        run: |
+          echo "githubReference=$(echo ${{ inputs.reference }} | sed 's/\//-/g')" >> $GITHUB_ENV
+          echo "version=$(jq -r '.wazuh.version' $(pwd)/wazuh-security-plugin/package.json)" >> $GITHUB_ENV
+          echo "revision=$(jq -r '.wazuh.revision' $(pwd)/wazuh-security-plugin/package.json)" >> $GITHUB_ENV
+
+      - name: Step 04 - Upload artifact to GitHub
+        if: ${{ inputs.artifact_name && inputs.artifact_path }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_name }}_${{ env.version }}-${{ env.revision }}_${{ env.githubReference }}.zip
+          path: ${{ inputs.artifact_path }}
+          overwrite: true
+
+      - name: Step 05 - Upload coverage results to GitHub
+        if: ${{ inputs.notify_jest_coverage_summary && github.event_name == 'pull_request' }}
+        uses: AthleticNet/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          path: ./wazuh-security-plugin/target/test-coverage/coverage-summary.json
+          title: 'Code coverage (Jest)'
@@ -0,0 +1,88 @@
+# CodeQL Workflow Configuration
+#
+# This workflow file will work for most projects without modifications; simply
+# commit it to your repository.
+#
+# ## Optional Customization
+# You may modify this file to:
+# - Adjust the set of analyzed languages.
+# - Add custom queries.
+# - Include custom build logic.
+#
+# ## ⚠️ Important Note
+# An attempt has been made to automatically detect the languages in your
+# repository. Please review the `language` matrix defined below to ensure it
+# includes the correct set of supported CodeQL languages.
+#
+# This workflow is used to perform code analysis with CodeQL:
+#
+# - 📅 Weekly analysis of code for vulnerabilities.
+# - 🔐 Applies static security analysis using CodeQL for JavaScript and
+#   TypeScript.
+
+name: Code analysis
+
+on:
+  push:
+    branches: [ "main", "[0-9].[0-9]", "[0-9].x" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '00 8 * * 5'
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"
@@ -14,15 +14,18 @@ jobs:
     steps:
       - name: GitHub App token
         id: github_app_token
-        uses: tibdex/github-app-token@v1.5.0
+        uses: tibdex/github-app-token@v2.1.0
         with:
           app_id: ${{ secrets.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
-          installation_id: 22958780
+          # https://github.com/tibdex/github-app-token/releases/tag/v2.0.0
+          # https://github.com/tibdex/github-app-token/compare/v1.5.0...v2.1.0#diff-1243c5424efaaa19bd8e813c5e6f6da46316e63761421b3e5f5c8ced9a36e6b6R11-R30
+          installation_retrieval_mode: id
+          installation_retrieval_payload: 22958780
       - name: Get tag
         id: tag
         uses: dawidd6/action-get-tag@v1
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - uses: ncipollo/release-action@v1
         with:
           github_token: ${{ steps.github_app_token.outputs.token }}
 
@@ -20,10 +20,13 @@ jobs:
         with:
           app_id: ${{ secrets.APP_ID }}
           private_key: ${{ secrets.APP_PRIVATE_KEY }}
-          installation_id: 22958780
+          # https://github.com/tibdex/github-app-token/releases/tag/v2.0.0
+          # https://github.com/tibdex/github-app-token/compare/v1.5.0...v2.1.0#diff-1243c5424efaaa19bd8e813c5e6f6da46316e63761421b3e5f5c8ced9a36e6b6R11-R30
+          installation_retrieval_mode: id
+          installation_retrieval_payload: 22958780
 
       - name: Backport
-        uses: VachaShah/backport@v2.2.0
+        uses: VachaShah/backport@v2
         with:
           github_token: ${{ steps.github_app_token.outputs.token }}
           head_template: backport/backport-<%= number %>-to-<%= base %>
 
@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Checkout Branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Add SAML Configuration
       - name: Injecting SAML Configuration for Linux
 
@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout Branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Configure the Dashboard for multi datasources disabled (default)
       - name: Create OpenSearch Dashboards Config
 
@@ -21,7 +21,7 @@ jobs:
 
     steps:
       - name: Checkout Branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set env
         run: |