added auto adding agent to Wazuh group

fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-5595532 added buymeacoffee fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459 added support for amazon linux and ubuntu (#38) New images for agent (#39) * added support for amazon linux and ubuntu fix docker hub push for matrix (#40) * fix dockerhub push step * added cache for pytests * update pre-commit added tests for adding agents (#41) Bump pytest-testinfra from 8.1.0 to 10.0.0 (#54) Bumps [pytest-testinfra](https://github.com/pytest-dev/pytest-testinfra) from 8.1.0 to 10.0.0. - [Release notes](https://github.com/pytest-dev/pytest-testinfra/releases) - [Changelog](https://github.com/pytest-dev/pytest-testinfra/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest-testinfra@8.1.0...10.0.0) --- updated-dependencies: - dependency-name: pytest-testinfra dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Revert "Bump pytest-testinfra from 8.1.0 to 10.0.0 (#54)" (#60) This reverts commit 72997ef. Create SECURITY.md (#62) delete docker snyk (#63) Bump urllib3 from 1.26.18 to 2.1.0 (#58) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 2.1.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.18...2.1.0) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump markupsafe from 2.1.1 to 2.1.3 (#57) Bumps [markupsafe](https://github.com/pallets/markupsafe) from 2.1.1 to 2.1.3. - [Release notes](https://github.com/pallets/markupsafe/releases) - [Changelog](https://github.com/pallets/markupsafe/blob/main/CHANGES.rst) - [Commits](pallets/markupsafe@2.1.1...2.1.3) --- updated-dependencies: - dependency-name: markupsafe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump loguru from 0.6.0 to 0.7.2 (#55) Bumps [loguru](https://github.com/Delgan/loguru) from 0.6.0 to 0.7.2. - [Release notes](https://github.com/Delgan/loguru/releases) - [Changelog](https://github.com/Delgan/loguru/blob/master/CHANGELOG.rst) - [Commits](Delgan/loguru@0.6.0...0.7.2) --- updated-dependencies: - dependency-name: loguru dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump psutil from 5.8.0 to 5.9.7 (#56) Bumps [psutil](https://github.com/giampaolo/psutil) from 5.8.0 to 5.9.7. - [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst) - [Commits](giampaolo/psutil@release-5.8.0...release-5.9.7) --- updated-dependencies: - dependency-name: psutil dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jürgen <[email protected]> fix jinja2 templating with autoescape (#64) push to github based on github tag (#65) Update docker-hub-image.yml (#66) push to github based on github tag push to github based on github tag (#67) Add docker push based ongit tag (#68) * push to github based on github tag * push to github based on github tag Add docker push based ongit tag (#69) * push to github based on github tag * fix actions Add docker push based ongit tag (#70) * push to github based on github tag * push to github based on github tag * fix actions * fix actions fix actions (#71) Add docker push based ongit tag2 (#72) * fix actions * fix actions change actions for new docker push flow (#75) * change actions for new docker push flow * update python version to 3.9 Bump psutil from 5.8.0 to 5.9.7 (#73) Bumps [psutil](https://github.com/giampaolo/psutil) from 5.8.0 to 5.9.7. - [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst) - [Commits](giampaolo/psutil@release-5.8.0...release-5.9.7) --- updated-dependencies: - dependency-name: psutil dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Migration to tags (#76) * change actions for new docker push flow * update python version to 3.9 * change actions for new docker push flow Bump pytest-testinfra from 8.1.0 to 10.0.0 (#74) Bumps [pytest-testinfra](https://github.com/pytest-dev/pytest-testinfra) from 8.1.0 to 10.0.0. - [Release notes](https://github.com/pytest-dev/pytest-testinfra/releases) - [Changelog](https://github.com/pytest-dev/pytest-testinfra/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest-testinfra@8.1.0...10.0.0) --- updated-dependencies: - dependency-name: pytest-testinfra dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Migration to tags (#77) * change actions for new docker push flow * update python version to 3.9 * change actions for new docker push flow * added build arg for tag fix variable for build (#78) Checks all branches (#79) * run security check for all branches Update docker-hub-image-main.yml (#81) Update github actions (#82) * Update docker-hub-image-main.yml * Update docker-hub-image-tag.yml changes for agent version and docker tag (#85) fix ambiguous redirect (#86) clean history clean history
pyToshka · Jan 9, 2024 · ab6de40 · ab6de40
1 parent 90aac13
commit ab6de40
Show file tree

Hide file tree

Showing 47 changed files with 2,261 additions and 374 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,30 +1,13 @@
 .idea/
-__pycache__/
-*.py[cod]
-*$py.class
-.Python
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-share/python-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
 Makefile
 Dockerfile
 README.md
 docker-compose.yaml
-entrypoint.sh
-test.py
-register_agent.py__
-wazuh-daemonset.yaml
+tmp/
+.git/
+.github
+images/Dockerfie.*
+tests
+.pytest_cache
+.tfcache
+ .dccache
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "pip" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -13,10 +13,11 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - '**'
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
+    branches:
+       - '**'
   schedule:
     - cron: '45 10 * * 5'
 
@@ -48,11 +49,11 @@ jobs:
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
-        
+
         # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
-        
+
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
@@ -61,7 +62,7 @@ jobs:
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
     #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
     # - run: |

diff --git a/.github/workflows/docker-hub-image-main.yml b/.github/workflows/docker-hub-image-main.yml
@@ -0,0 +1,67 @@
+name: Build and push docker images for main branch
+
+# Controls when the workflow will run
+on:
+  push:
+    branches:
+      - 'main'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+permissions:
+  contents: read
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./Dockerfile
+            image: kennyopennix/wazuh-agent
+          - dockerfile: ./images/Dockerfie.amazonlinux
+            image: kennyopennix/wazuh-agent-amazonlinux
+          - dockerfile: ./images/Dockerfie.ubuntu
+            image: kennyopennix/wazuh-agent-ubuntu
+          - dockerfile: ./Dockerfile
+            image: opennix/wazuh-agent
+          - dockerfile: ./images/Dockerfie.amazonlinux
+            image: opennix/wazuh-agent-amazonlinux
+          - dockerfile: ./images/Dockerfie.ubuntu
+            image: opennix/wazuh-agent-ubuntu
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        if: github.event_name != 'pull_request'
+        continue-on-error: true
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        continue-on-error: true
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/docker-hub-image-tag.yml b/.github/workflows/docker-hub-image-tag.yml
@@ -0,0 +1,76 @@
+name: Build and push docker images for git tag
+
+# Controls when the workflow will run
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+permissions:
+  contents: read
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./Dockerfile
+            image: kennyopennix/wazuh-agent
+          - dockerfile: ./images/Dockerfie.amazonlinux
+            image: kennyopennix/wazuh-agent-amazonlinux
+          - dockerfile: ./images/Dockerfie.ubuntu
+            image: kennyopennix/wazuh-agent-ubuntu
+          - dockerfile: ./Dockerfile
+            image: opennix/wazuh-agent
+          - dockerfile: ./images/Dockerfie.amazonlinux
+            image: opennix/wazuh-agent-amazonlinux
+          - dockerfile: ./images/Dockerfie.ubuntu
+            image: opennix/wazuh-agent-ubuntu
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Set Agent version
+        shell: bash
+        run: echo "AGENT_VERSION=$(echo ${GITHUB_REF##*/} | sed 's/v//g')" >> $GITHUB_ENV
+
+      - name: Set Docker tag
+        shell: bash
+        run: echo "TAG_NAME=$(echo ${GITHUB_REF##*/} | sed 's/v//g'|sed 's/-1//g')" >> $GITHUB_ENV
+
+      - name: Docker tag and agent version
+        run: |
+          echo "All envs ${{ env }}"
+          echo "New docker image tag ${{ env.TAG_NAME }}"
+          echo "Wazuh agent version ${{ env.AGENT_VERSION }}"
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        continue-on-error: true
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ matrix.image }}:${{ env.TAG_NAME }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+              AGENT_VERSION=${{ env.AGENT_VERSION }}
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '39 20 * * 0'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        with:
+          sarif_file: results.sarif