diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml new file mode 100644 index 000000000..d9b9ccac6 --- /dev/null +++ b/.github/workflows/copilot-setup-steps.yml @@ -0,0 +1,114 @@ +name: "Copilot Setup Steps" + +# Automatically run the setup steps when they are changed to allow for easy validation, and +# allow manual testing through the repository's "Actions" tab +on: + workflow_dispatch: + push: + paths: + - .github/workflows/copilot-setup-steps.yml + pull_request: + paths: + - .github/workflows/copilot-setup-steps.yml + +jobs: + # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot. + copilot-setup-steps: + runs-on: ubuntu-latest + + # Set the permissions to the lowest permissions possible needed for your steps. + # Copilot will be given its own token for its operations. + permissions: + # If you want to clone the repository as part of your setup steps, for example to install dependencies, you'll need the `contents: read` permission. If you don't clone the repository in your setup steps, Copilot will do this for you automatically after the steps complete. + contents: read + env: + ELASTICSEARCH_ENDPOINTS: "http://localhost:9200" + ELASTICSEARCH_USERNAME: "elastic" + ELASTICSEARCH_PASSWORD: password + KIBANA_ENDPOINT: "http://localhost:5601" + KIBANA_USERNAME: "elastic" + KIBANA_PASSWORD: password + KIBANA_SYSTEM_USERNAME: kibana_system + KIBANA_SYSTEM_PASSWORD: password + TF_ACC: "1" + services: + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:9.0.3 + env: + discovery.type: single-node + xpack.security.enabled: true + xpack.security.authc.api_key.enabled: true + xpack.security.authc.token.enabled: true + xpack.watcher.enabled: true + xpack.license.self_generated.type: trial + repositories.url.allowed_urls: https://example.com/* + path.repo: /tmp + ELASTIC_PASSWORD: ${{ env.ELASTICSEARCH_PASSWORD }} + ports: + - 9200:9200 + options: --health-cmd="curl http://localhost:9200/_cluster/health" --health-interval=10s --health-timeout=5s --health-retries=10 + kibana: + image: docker.elastic.co/kibana/kibana:9.0.3 + env: + SERVER_NAME: kibana + ELASTICSEARCH_HOSTS: http://elasticsearch:9200 + ELASTICSEARCH_USERNAME: ${{ env.KIBANA_SYSTEM_USERNAME }} + ELASTICSEARCH_PASSWORD: ${{ env.KIBANA_SYSTEM_PASSWORD }} + XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: a7a6311933d3503b89bc2dbc36572c33a6c10925682e591bffcab6911c06786d + # LOGGING_ROOT_LEVEL: debug + ports: + - 5601:5601 + options: --health-cmd="curl http://localhost:5601/api/status" --health-interval=10s --health-timeout=5s --health-retries=10 + fleet: + image: docker.elastic.co/elastic-agent/elastic-agent:9.0.3 + env: + SERVER_NAME: fleet + FLEET_ENROLL: "1" + FLEET_URL: https://fleet:8220 + FLEET_INSECURE: "true" + FLEET_SERVER_ENABLE: "1" + FLEET_SERVER_POLICY_ID: fleet-server + FLEET_SERVER_ELASTICSEARCH_HOST: http://elasticsearch:9200 + FLEET_SERVER_ELASTICSEARCH_INSECURE: "true" + FLEET_SERVER_INSECURE_HTTP: "true" + KIBANA_HOST: http://kibana:5601 + KIBANA_FLEET_SETUP: "1" + KIBANA_FLEET_PASSWORD: ${{ env.ELASTICSEARCH_PASSWORD }} + ports: + - 8220:8220 + options: --restart="unless-stopped" + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + with: + go-version-file: 'go.mod' + cache: true + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 + with: + terraform_wrapper: false + + - name: Get dependencies + run: make setup + + - name: Setup Kibana user + run: make set-kibana-password + env: + ELASTICSEARCH_PASSWORD: ${{ env.ELASTICSEARCH_PASSWORD }} + KIBANA_SYSTEM_USERNAME: ${{ env.KIBANA_SYSTEM_USERNAME }} + KIBANA_SYSTEM_PASSWORD: ${{ env.KIBANA_SYSTEM_PASSWORD }} + + - id: get-api-key + name: Get ES API key + run: |- + echo "apikey=$(make create-es-api-key | jq -r .encoded)" >> "$GITHUB_OUTPUT" + env: + ELASTICSEARCH_PASSWORD: ${{ env.ELASTICSEARCH_PASSWORD }} + + - id: setup-fleet + name: Setup Fleet + run: |- + make setup-kibana-fleet + env: + ELASTICSEARCH_PASSWORD: ${{ env.ELASTICSEARCH_PASSWORD }} + FLEET_NAME: "fleet"