wazuh-packages icon indicating copy to clipboard operation
wazuh-packages copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Fix and improve bump proccedure in wazuh-packages repository

Open DFolchA opened this issue 1 year ago • 7 comments

Wazuh version Install type Action performed Platform
X.Y.Z-rev Manager/API/Agent Install/Upgrade/Remove OS version

The current automatic bump procedure in Jenkins has some issues with the current structure of the SPECS directories and with the unattended installer, we need to fix it and improve it if possible.

Proposed solution

  1. Create a bash or python script that performs the bump to substitute the current proccedure
  2. Use GH actions or Jenkins to launch the script when necessary.

DFolchA avatar Jun 26 '23 10:06 DFolchA

Update

Created script that modifies the necessary files in the repository to bump to a new version: https://github.com/wazuh/wazuh-packages/blob/54368061338e4ce714827d6da74ce3cf9ce791f8/.github/workflows/bump-version.yml

dfolcha@pop-os:~/wazuh-packages$ python3 bump_version.py -h
usage: bump_version.py [-h] -v VERSION [-r REVISION] [-d DATE]

options:
  -h, --help            show this help message and exit
  -v VERSION, --version VERSION
                        Version to bump to
  -r REVISION, --revision REVISION
                        Revision to bump to. Default: 1
  -d DATE, --date DATE  Date to bump to. Format: m-d-Y. Default: today
dfolcha@pop-os:~/wazuh-packages$ python3 bump_version.py -v 4.30.0 -r 2 -d 08-15-2023
Bumping version in rpms/SPECS/wazuh-manager.spec
Bumping version in rpms/SPECS/wazuh-agent.spec
Bumping version in aix/SPECS/wazuh-agent-aix.spec
Bumping version in stack/dashboard/rpm/wazuh-dashboard.spec
Bumping version in stack/indexer/rpm/wazuh-indexer.spec
Bumping version in stack/dashboard/deb/debian/changelog
Bumping version in stack/indexer/deb/debian/changelog
Bumping version in debs/SPECS/wazuh-manager/debian/changelog
Bumping version in debs/SPECS/wazuh-agent/debian/changelog
Bumping version in stack/dashboard/deb/debian/copyright
Bumping version in stack/indexer/deb/debian/copyright
Bumping version in debs/SPECS/wazuh-manager/debian/copyright
Bumping version in debs/SPECS/wazuh-agent/debian/copyright
Bumping version in solaris/solaris10/pkginfo
Bumping version in macos/specs/wazuh-agent.pkgproj
Bumping version in tests/unattended/unit/suites/test-common.sh
Bumping version in tests/unattended/unit/suites/test-dashboard.sh
Bumping version in tests/unattended/unit/suites/test-installCommon.sh
Bumping version in tests/unattended/unit/suites/test-manager.sh
Bumping version in tests/unattended/unit/suites/test-filebeat.sh
Bumping version in tests/unattended/unit/suites/test-certFunctions.sh
Bumping version in tests/unattended/unit/suites/test-passwordsFunctions.sh
Bumping version in tests/unattended/unit/suites/test-indexer.sh
Bumping version in tests/unattended/unit/suites/test-checks.sh
Bumping version in unattended_installer/install_functions/installVariables.sh
Bumping version in CHANGELOG.md

Additionally, we have created a GitHub Action that can be used to automatically launch the script and open a PR with the changes.

https://github.com/wazuh/wazuh-packages/blob/54368061338e4ce714827d6da74ce3cf9ce791f8/.github/workflows/bump-version.yml

To execute the action go to the actions tab and look for the workflow named Bump version - wazuh-packages, https://github.com/wazuh/wazuh-packages/actions/workflows/bump-version.yml

Then click on Run Workflow and introduce the desired parameters: image

Here we can see a test execution of the workflow: https://github.com/wazuh/wazuh-packages/actions/runs/5555556933/jobs/10146881908

And the resulting pull request: https://github.com/wazuh/wazuh-packages/pull/2278

To Do

Add keys to sign the commits done in the GH action

DFolchA avatar Jul 14 '23 15:07 DFolchA

Update

Added GPG keys to sign commits with the GitHub action and added the necessary steps to the workflow.

We have encountered an issue where GnuPG returns the following error when signing the commit:

[GNUPG:] KEY_CONSIDERED 5B4D6AD25A24FE89F66A40D33785A9414A499558 2
[GNUPG:] BEGIN_SIGNING H10
[GNUPG:] PINENTRY_LAUNCHED 1843 curses 1.1.1 not a tty - - ? 1001/123 -
gpg: signing failed: No such file or directory
[GNUPG:] FAILURE sign 83918929
gpg: signing failed: No such file or directory

We are currently investigating the error.

DFolchA avatar Jul 24 '23 15:07 DFolchA

Removing ETA as we're prioritizing other issues.

vikman90 avatar Jul 28 '23 08:07 vikman90

Update

Located the cause of the signing problem, it seems that the GH actions machine does not have tty causing the signing process to fail.

DFolchA avatar Aug 08 '23 08:08 DFolchA

Removing ETA as we're prioritizing other issues.

DFolchA avatar Aug 08 '23 08:08 DFolchA

Update

After reviewing some related issue from different repositories: https://github.com/goreleaser/goreleaser-action/issues/201 https://github.com/robvanderleek/create-issue-branch/issues/338 https://github.com/actions/runner/issues/667 https://github.com/hashicorp/terraform-website/issues/1549 https://github.com/actions/runner/issues/241#issuecomment-556556163

We have found that the cause of the error in signing the commits seems to be related to the GPG version used to generate the GPG key.

As a possible solution, different sources recommend generating a key without a password or generating a key using GPG1.

DFolchA avatar Aug 30 '23 13:08 DFolchA

To be done as part of: https://github.com/wazuh/wazuh-qa/issues/4820

havidarou avatar Feb 23 '24 10:02 havidarou