From b6130cf9729267ff16b62754307adae389dee087 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= <teddytpc1@gmail.com>
Date: Tue, 24 Jan 2023 10:16:20 -0300
Subject: [PATCH] GH Actions AIO added

---
 .github/playbooks/aio-wazuh.yml               | 65 ++++++++++++++++
 .github/workflows/main.yml.bkp                | 70 +++++++++++++++++
 .github/workflows/main_aio.yml                | 75 +++++++++++++++++++
 .../workflows/{main.yml => main_wazuh.yml}    |  0
 4 files changed, 210 insertions(+)
 create mode 100644 .github/playbooks/aio-wazuh.yml
 create mode 100644 .github/workflows/main.yml.bkp
 create mode 100644 .github/workflows/main_aio.yml
 rename .github/workflows/{main.yml => main_wazuh.yml} (100%)

diff --git a/.github/playbooks/aio-wazuh.yml b/.github/playbooks/aio-wazuh.yml
new file mode 100644
index 00000000..e89efbcb
--- /dev/null
+++ b/.github/playbooks/aio-wazuh.yml
@@ -0,0 +1,65 @@
+- name: Generate certificates prior to converging
+  hosts: localhost
+  become: true
+  become_user: root
+  roles:
+    - role: ../../roles/wazuh/wazuh-indexer
+      vars:
+        generate_certs: true
+        perform_installation: false
+        instances:
+          node1:
+            name: wazuh-es01       # Important: must be equal to indexer_node_name.
+            ip: "127.0.0.1"   # When unzipping, the node will search for its node name folder to get the cert.
+            role: indexer
+          node3:
+            name: wazuh-mgr01
+            ip: "127.0.0.1"
+            role: wazuh
+            node_type: master
+          node5:
+            name: wazuh-dash01
+            ip: "127.0.0.1"
+            role: dashboard
+  pre_tasks:
+    - name: overview of cert configuration
+      debug:
+        var: wazuh_endpoint_list
+
+- name: Converge
+  hosts: localhost
+  become: true
+  become_user: root
+  roles:
+    # 1. Check packages
+    - role: ../../roles/wazuh/check-packages
+      become: no
+      delegate_to: localhost
+      run_once: true
+    # 2. Wazuh indexer
+    - role: ../../roles/wazuh/wazuh-indexer
+    # 3. Managers
+    - role: ../../roles/wazuh/ansible-wazuh-manager
+    - role: ../../roles/wazuh/ansible-filebeat-oss
+    # 4. Wazuh dashboard
+    - role: ../../roles/wazuh/wazuh-dashboard
+    # 5. Agents:
+#    - role: ../../roles/wazuh/ansible-wazuh-agent
+#      vars:
+#        wazuh_managers: '{{ wazuh_managers_list }}'
+#      when: inventory_hostname in groups['agents']
+  vars:
+    instances:
+      node1:
+        name: wazuh-es01       # Important: must be equal to indexer_node_name.
+        ip: "127.0.0.1"  # When unzipping, the node will search for its node name folder to get the cert.
+        role: indexer
+      node3:
+        name: wazuh-mgr01
+        ip: "127.0.0.1"
+        role: wazuh
+        node_type: master
+      node5:
+        name: wazuh-dash01
+        ip: "127.0.0.1"
+        role: dashboard
\ No newline at end of file
diff --git a/.github/workflows/main.yml.bkp b/.github/workflows/main.yml.bkp
new file mode 100644
index 00000000..ed4a151b
--- /dev/null
+++ b/.github/workflows/main.yml.bkp
@@ -0,0 +1,70 @@
+---
+name: do-the-job
+on: [push, pull_request, workflow_dispatch, release]
+jobs:
+  start-runner:
+    name: Start self-hosted EC2 runner
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.start-ec2-runner.outputs.label }}
+      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+      - name: Start EC2 runner
+        id: start-ec2-runner
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: start
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }}
+          ec2-instance-type: t3.small
+          subnet-id: ${{ secrets.SUBNET_ID }}
+          security-group-id: ${{ secrets.SG_ID }}
+          #iam-role-name: my-role-name # optional, requires additional permissions
+          aws-resource-tags: > # optional, requires additional permissions
+            [
+              {"Key": "Name", "Value": "ec2-github-runner"},
+              {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}
+            ]
+  do-the-job:
+    name: Do the job on the runner
+    needs: start-runner # required to start the main job when the runner is ready
+    runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+      - name: Hack to get setup-python to work on act. See act issue 251
+        run: |
+          if [ ! -f "/etc/lsb-release" ] ; then
+            echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
+          fi
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+  stop-runner:
+    name: Stop self-hosted EC2 runner
+    needs:
+      - start-runner # required to get output from the start-runner job
+      - do-the-job # required to wait when the main job is done
+    runs-on: ubuntu-latest
+    if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+      - name: Stop EC2 runner
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: stop
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          label: ${{ needs.start-runner.outputs.label }}
+          ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}
\ No newline at end of file
diff --git a/.github/workflows/main_aio.yml b/.github/workflows/main_aio.yml
new file mode 100644
index 00000000..31b4c3cf
--- /dev/null
+++ b/.github/workflows/main_aio.yml
@@ -0,0 +1,75 @@
+---
+name: do-the-job
+on: [push, pull_request, workflow_dispatch, release]
+jobs:
+  start-runner:
+    name: Start self-hosted EC2 runner
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.start-ec2-runner.outputs.label }}
+      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+      - name: Start EC2 runner
+        id: start-ec2-runner
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: start
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          ec2-image-id: ${{ secrets.CENTOS8_AMI_ID }}
+          ec2-instance-type: t3.small
+          subnet-id: ${{ secrets.SUBNET_ID }}
+          security-group-id: ${{ secrets.SG_ID }}
+          #iam-role-name: my-role-name # optional, requires additional permissions
+          aws-resource-tags: > # optional, requires additional permissions
+            [
+              {"Key": "Name", "Value": "ec2-github-runner"},
+              {"Key": "GitHubRepository", "Value": "${{ github.repository }}"}
+            ]
+  do-the-job:
+    name: Do the job on the runner
+    needs: start-runner # required to start the main job when the runner is ready
+    runs-on: ${{ needs.start-runner.outputs.label }} # run the job on the newly created runner
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v2
+      - name: Hack to get setup-python to work on act. See act issue 251
+        run: |
+          if [ ! -f "/etc/lsb-release" ] ; then
+            echo "DISTRIB_RELEASE=18.04" > /etc/lsb-release
+          fi
+      - name: Set up Python 3.
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+      - name: Ansible Playbook run Wazuh AIO
+        run: ansible-playbook ./.github/playbooks/aio-wazuh.yml
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+  stop-runner:
+    name: Stop self-hosted EC2 runner
+    needs:
+      - start-runner # required to get output from the start-runner job
+      - do-the-job # required to wait when the main job is done
+    runs-on: ubuntu-latest
+    if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+      - name: Stop EC2 runner
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: stop
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+          label: ${{ needs.start-runner.outputs.label }}
+          ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}
\ No newline at end of file
diff --git a/.github/workflows/main.yml b/.github/workflows/main_wazuh.yml
similarity index 100%
rename from .github/workflows/main.yml
rename to .github/workflows/main_wazuh.yml