Merge branch 'bugfix/10.5.20/update-agent-hostname' of https://github.com/utmstack/UTMStack into bugfix/10.5.20/update-agent-hostname

Author: javjodar

.github/workflows/alpha-deployment.yml

@@ -0,0 +1,63 @@
+name: "Alpha Deployment"
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_tag:
+        description: "Version to deploy."
+        required: true
+      event_processor_tag:
+        description: "Event processor version to use for this deployment."
+        required: true
+
+jobs:
+  validations:
+    name: Validate permissions
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check permissions
+        run: |
+          echo "Checking permissions..."
+          
+          if [[ "${{ github.event.inputs.version_tag }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-alpha\.[0-9]+$ ]]; then
+            echo "✅ Version tag format is correct."
+
+            if [[ "${ github.ref }" =~ ^refs/heads/(release/|feature/) ]]; then
+              echo "✅ Base branch ${ github.ref } is valid."
+            else
+              echo "⛔ ERROR: Base branch ${ github.ref } is not valid. It should be release/ or feature/."
+              exit 1
+            fi
+
+            echo "Validating user permissions..."
+            RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            -H "Accept: application/vnd.github.json" \
+            "https://api.github.com/orgs/utmstack/teams/integration-developers/memberships/${{ github.actor }}")
+
+            if echo "$RESPONSE" | grep -q '"state": "active"'; then
+              echo "✅ User ${{ github.actor }} is a member of the integration-developers team."
+            else
+              echo "⛔ ERROR: User ${{ github.actor }} is not a member of the integration-developers team."
+             exit 1
+            fi
+
+          else
+            echo "⛔ Version tag format is incorrect. It should be in the format vX.Y.Z-alpha.N."
+            exit 1          
+          fi
+
+  deploy:
+    name: Deploy
+    needs: validations
+    uses: ./.github/workflows/build.yml
+    with:
+      version_tag: ${{ github.event.inputs.version_tag }}
+      event_processor_tag: ${{ github.event.inputs.event_processor_tag }}
+      environment: alpha
+      ghcr_token: ${{ secrets.GITHUB_TOKEN }}
+      sign_cert: ${{ vars.SIGN_CERT }}
+      sign_key: ${{ secrets.SIGN_KEY }}
+      sign_container: ${{ secrets.SIGN_CONTAINER }}
+    env:
+      CM_AUTH: ${{ secrets.CM_AUTH_ALPHA }}
+    

.github/workflows/beta-deployment.yml

@@ -0,0 +1,63 @@
+name: "Beta Deployment"
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_tag:
+        description: "Version to deploy."
+        required: true
+      event_processor_tag:
+        description: "Event processor version to use for this deployment."
+        required: true
+
+jobs:
+  validations:
+    name: Validate permissions
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check permissions
+        run: |
+          echo "Checking permissions..."
+          
+          if [[ "${{ github.event.inputs.version_tag }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+$ ]]; then
+            echo "✅ Version tag format is correct."
+
+            if [[ "${ github.ref }" =~ ^refs/heads/(release/|feature/) ]]; then
+              echo "✅ Base branch ${ github.ref } is valid."
+            else
+              echo "⛔ ERROR: Base branch ${ github.ref } is not valid. It should be release/ or feature/."
+              exit 1
+            fi
+
+            echo "Validating user permissions..."
+            RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+            -H "Accept: application/vnd.github.json" \
+            "https://api.github.com/orgs/utmstack/teams/core-developers/memberships/${{ github.actor }}")
+
+            if echo "$RESPONSE" | grep -q '"state": "active"'; then
+              echo "✅ User ${{ github.actor }} is a member of the core-developers team."
+            else
+              echo "⛔ ERROR: User ${{ github.actor }} is not a member of the core-developers team."
+             exit 1
+            fi
+
+          else
+            echo "⛔ Version tag format is incorrect. It should be in the format vX.Y.Z-beta.N."
+            exit 1          
+          fi
+
+  deploy:
+    name: Deploy
+    needs: validations
+    uses: ./.github/workflows/build.yml
+    with:
+      version_tag: ${{ github.event.inputs.version_tag }}
+      event_processor_tag: ${{ github.event.inputs.event_processor_tag }}
+      environment: beta
+      ghcr_token: ${{ secrets.GITHUB_TOKEN }}
+      sign_cert: ${{ vars.SIGN_CERT }}
+      sign_key: ${{ secrets.SIGN_KEY }}
+      sign_container: ${{ secrets.SIGN_CONTAINER }}
+    env:
+      CM_AUTH: ${{ secrets.CM_AUTH_BETA }}
+    

.github/workflows/build.yml

@@ -0,0 +1,134 @@
+name: Build & Push Images
+
+on:
+  workflow_call:
+    inputs:
+      version_tag:
+        required: true
+        type: string
+      event_processor_tag:
+        required: true
+        type: string
+      environment:
+        required: true
+        type: string
+      ghcr_token:
+        required: true
+        type: string
+      sign_cert:
+        required: true
+        type: string
+      sign_key:
+        required: true
+        type: string
+      sign_container:
+        required: true
+        type: string
+
+jobs:
+  build_images:
+    name: Build Docker Images without dependencies
+    strategy:
+      fail-fast: false
+      matrix:
+        service: ['backend', 'frontend', 'user-auditor', 'web-pdf'] 
+    uses: ./.github/workflows/images-without-dependencies.yml
+    with:
+      microservice: ${{ matrix.service }}
+      tag: ${{ inputs.version_tag }}
+    secrets: inherit
+
+  build_images_with_dependencies:
+    name: Build & Push Images with dependencies
+    needs: 
+      - build_images
+    runs-on: signing
+    steps:
+      - name: Check out code into the right branch
+        uses: actions/checkout@v4
+
+      - name: Login to GitHub Container Registry
+        run: |
+          docker login ghcr.io -u utmstack -p ${{ inputs.ghcr_token }}
+          echo "Logged in to GitHub Container Registry"
+      
+      - name: Download base images
+        run: |
+          docker pull ghcr.io/threatwinds/eventprocessor/base:${{ inputs.event_processor_tag }}
+          echo "Downloaded base images"
+
+      - name: Build Agent
+        run: |
+          cd ${{ github.workspace }}/agent/service/config; (Get-Content const.go) | Foreach-Object { $_ -replace 'const REPLACE_KEY string = ""', 'const REPLACE_KEY string = "${{ secrets.AGENT_SECRET_PREFIX }}"' } | Set-Content const.go
+          
+          $env:GOOS = "linux"
+          $env:GOARCH = "amd64"
+          cd ${{ github.workspace }}/agent/service; go build -o utmstack_agent_service -v .
+          cd ${{ github.workspace }}/agent/installer; go build -o utmstack_agent_installer -v .
+          
+          $env:GOOS = "windows"
+          cd ${{ github.workspace }}/agent/service; go build -o utmstack_agent_service.exe -v .
+          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ inputs.sign_cert }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ inputs.sign_key }}}}]=${{ inputs.sign_container }}" "utmstack_agent_service.exe"
+          cd ${{ github.workspace }}/agent/installer; go build -o utmstack_agent_installer.exe -v .
+          signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ inputs.sign_cert }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ inputs.sign_key }}}}]=${{ inputs.sign_container }}" "utmstack_agent_installer.exe"
+
+          Copy-Item -Path "C:/dependencies/${{ inputs.environment }}/agent/*" -Destination "./dependencies/"
+
+          echo "Agent build completed"
+      
+      - name: Build Plugins
+        run: |
+          export GOOS=linux
+          export GOARCH=amd64
+          cd ${{ github.workspace }}/plugins
+          make build
+      
+      - name: Build Event Processor Image
+        run: |
+          New-Item -ItemType Directory -Force -Path "./geolocation/"
+          Copy-Item -Path "C:/dependencies/${{ inputs.environment }}/geolocation/*" -Destination "./geolocation/"
+
+          docker build -t ghcr.io/utmstack/utmstack/eventprocessor:${{ inputs.version_tag }}-community \
+            --build-arg BASE_IMAGE=ghcr.io/threatwinds/eventprocessor/base:${{ inputs.event_processor_tag }} \
+            -f ./event_processor.Dockerfile \
+            .
+          echo "Event Processor image built"
+
+      - name: Build Agent Manager Image
+        run: |
+          go build -o ./agent-manager/agent-manager -v ./agent-manager
+          docker build -t ghcr.io/utmstack/utmstack/agent-manager:${{ inputs.version_tag }}-community \
+            -f ./agent-manager/Dockerfile \
+            .
+          echo "Agent Manager image built"
+
+      - name: Push images with dependencies
+        run: |
+          docker push ghcr.io/utmstack/utmstack/eventprocessor:${{ inputs.version_tag }}-community
+          docker push ghcr.io/utmstack/utmstack/agent-manager:${{ inputs.version_tag }}-community
+          echo "Pushed images with dependencies"
+  
+      - name: Push new release
+        run: |
+          echo "Pushing new release..."
+          $changelog = Get-Content -Path "CHANGELOG.md" -Raw
+
+          $cmAuth = $env:CM_AUTH | ConvertFrom-Json
+
+          $body = @{
+              version   = ${{ inputs.version_tag }}
+              changelog = $changelog
+              images    = "ghcr.io/utmstack/utmstack/backend,ghcr.io/utmstack/utmstack/frontend,ghcr.io/utmstack/utmstack/user-auditor,ghcr.io/utmstack/utmstack/web-pdf,ghcr.io/utmstack/utmstack/eventprocessor,ghcr.io/utmstack/utmstack/agent-manager"
+              edition   = "community"
+          } | ConvertTo-Json -Depth 3
+
+          $response = Invoke-RestMethod -Method Post `
+              -Uri "https://customermanager.utmstack.com/${{ inputs.environment }}/api/v1/releases/register" `
+              -Headers @{
+                  id  = $cmAuth.id
+                  key = $cmAuth.key
+              } `
+              -Body $body `
+              -ContentType "application/json"
+
+          $response

.github/workflows/images-without-dependencies.yml

@@ -0,0 +1,73 @@
+name: Runner
+on:
+  workflow_call:
+    inputs:
+      tag:
+        required: true
+        type: string
+      microservice:
+        required: true
+        type: string
+
+jobs:
+  prepare_deployment:
+    name: Prepare deployment - ${{inputs.microservice}}
+    runs-on: ubuntu-latest
+    outputs:
+      tech: ${{ steps.get_tech.outputs.tech }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Determine Tech
+        id: get_tech
+        run: |
+          service="${{inputs.microservice}}"
+          if [[ "$service" == "backend" ]]; then
+            tech="java-11"
+          elif [[ "$service" == "frontend" ]]; then
+            tech="frontend"
+          elif [[ "$service" == "user-auditor" || "web-pdf" ]]; then
+            tech="java"
+          else
+            tech="unknown"
+          fi
+          echo $tech
+          echo "::set-output name=tech::$tech"
+        shell: bash
+  
+  frontend_deployment:
+    name: Frontend deployment
+    needs: prepare_deployment
+    if: ${{ needs.prepare_deployment.outputs.tech == 'frontend' }}
+    uses: ./.github/workflows/used-docker-frontend.yml
+    with:
+      image_name: ${{ inputs.microservice }}
+      environment: ${{inputs.tag}}-community
+
+  golang_deployment:
+    name: Golang deployment
+    needs: prepare_deployment
+    if: ${{ needs.prepare_deployment.outputs.tech == 'golang' }}
+    uses: ./.github/workflows/used-docker-golang.yml
+    with:
+      image_name: ${{ inputs.microservice }}
+      environment: ${{inputs.tag}}-community
+
+  java_11_deployment:
+    name: Java 11 deployment
+    needs: prepare_deployment
+    if: ${{ needs.prepare_deployment.outputs.tech == 'java-11' }}
+    uses: ./.github/workflows/used-docker-java-11.yml
+    with:
+      image_name: ${{ inputs.microservice }}
+      tag: ${{inputs.tag}}-community
+      version: ${{inputs.tag}}
+
+  java_deployment:
+    name: Java deployment
+    needs: prepare_deployment
+    if: ${{ needs.prepare_deployment.outputs.tech == 'java' }}
+    uses: ./.github/workflows/used-docker-java.yml
+    with:
+      image_name: ${{ inputs.microservice }}
+      environment: ${{inputs.tag}}-community