From 95c8f62aa64282dd47c42aa32527c0e1baa5d4e4 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Wed, 11 Sep 2024 10:00:54 -0300
Subject: [PATCH 1/3] Add a new workflow for Puppet module Builder

---
 .github/workflows/Puppet_module_builder.yml | 79 +++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 .github/workflows/Puppet_module_builder.yml

diff --git a/.github/workflows/Puppet_module_builder.yml b/.github/workflows/Puppet_module_builder.yml
new file mode 100644
index 00000000..8c8e8211
--- /dev/null
+++ b/.github/workflows/Puppet_module_builder.yml
@@ -0,0 +1,79 @@
+run-name: Build Wazuh Puppet module ${{ inputs.BRANCH_NAME }}
+name: Puppet Module Builder
+
+on:
+  workflow_dispatch:
+    inputs:
+      BRANCH_NAME:
+        type: string
+        description: "Branch or tag name"
+        required: true
+        default: "v4.10.0"
+      UPLOAD_S3:
+        type: boolean
+        description: "Upload Puppet module to S3"
+        required: true
+        default: false
+      S3_REPOSITORY:
+        type: choice
+        description: "S3 Repository"
+        required: true
+        options:
+          - staging
+          - pre-release
+
+env:
+    BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET }}
+    AWS_REGION: ${{ secrets.AAWS_REGION }}
+
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
+jobs:
+  build_module:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.BRANCH_NAME }}
+
+      - name: Verify Tag name
+        run: |
+            WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/'  | cut -c 11- | grep ^${{ inputs.BRANCH_NAME }}$)
+            echo "WAZUH_TAG=$WAZUH_TAG" >> "$GITHUB_ENV"
+
+      - name: Install dependencies
+        run: |
+            curl -O https://apt.puppet.com/puppet-tools-release-noble.deb && \
+            dpkg -i puppet-tools-release-noble.deb && \
+            apt-get update && \
+            apt-get install pdk
+            pdk set config user.analytics.disabled false --type boolean --force
+
+      - name: Build Wazuh Puppet module
+        run: |
+            mkdir -p ${{ github.workspace }}/output
+            pdk build --force --target-dir=${{ github.workspace }}/output/
+
+      - name: Create Puppet module artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: Puppet module artifact
+          path: ${{ github.workspace }}/output/wazuh-wazuh-.tar.gz
+          retention-days: 1
+
+      - name: Configure aws credentials
+        if: ${{ env.WAZUH_TAG != '' && inputs.UPLOAD_S3 == true }}
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: ${{ secrets.AWS_IAM_PUPPET_ROLE }}
+          role-session-name: "Puppet module-Builder"
+          aws-region: "${{ env.AWS_REGION }}"
+          role-duration-seconds: 10800
+
+      - name: Upload Puppet module to S3
+        if: ${{ env.WAZUH_TAG != '' && inputs.UPLOAD_S3 == true }}
+        run: aws s3 cp ${{ github.workspace }}/output/*.tar.gz s3://${{ env.BUCKET_NAME }}/${{ inputs.S3_REPOSITORY }}/puppet-module/
+

From 633bda8bd0f44650fced816d1fc54ae89786542b Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Wed, 11 Sep 2024 10:03:27 -0300
Subject: [PATCH 2/3] Modify secret assign

---
 .github/workflows/Puppet_module_builder.yml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/Puppet_module_builder.yml b/.github/workflows/Puppet_module_builder.yml
index 8c8e8211..c176b7b6 100644
--- a/.github/workflows/Puppet_module_builder.yml
+++ b/.github/workflows/Puppet_module_builder.yml
@@ -22,10 +22,6 @@ on:
           - staging
           - pre-release
 
-env:
-    BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET }}
-    AWS_REGION: ${{ secrets.AAWS_REGION }}
-
 permissions:
   id-token: write   # This is required for requesting the JWT
   contents: read    # This is required for actions/checkout
@@ -70,10 +66,10 @@ jobs:
         with:
           role-to-assume: ${{ secrets.AWS_IAM_PUPPET_ROLE }}
           role-session-name: "Puppet module-Builder"
-          aws-region: "${{ env.AWS_REGION }}"
+          aws-region: "${{ secrets.AWS_REGION }}"
           role-duration-seconds: 10800
 
       - name: Upload Puppet module to S3
         if: ${{ env.WAZUH_TAG != '' && inputs.UPLOAD_S3 == true }}
-        run: aws s3 cp ${{ github.workspace }}/output/*.tar.gz s3://${{ env.BUCKET_NAME }}/${{ inputs.S3_REPOSITORY }}/puppet-module/
+        run: aws s3 cp ${{ github.workspace }}/output/*.tar.gz s3://${{ secrets.AWS_S3_BUCKET }}/${{ inputs.S3_REPOSITORY }}/puppet-module/
 

From ab51cc58dc6171ba88bcbb6d16ec8e2dcf31cd86 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Wed, 11 Sep 2024 11:02:58 -0300
Subject: [PATCH 3/3] Bump workflow version

---
 .github/workflows/Puppet_module_builder.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/Puppet_module_builder.yml b/.github/workflows/Puppet_module_builder.yml
index c176b7b6..2831e192 100644
--- a/.github/workflows/Puppet_module_builder.yml
+++ b/.github/workflows/Puppet_module_builder.yml
@@ -8,7 +8,7 @@ on:
         type: string
         description: "Branch or tag name"
         required: true
-        default: "v4.10.0"
+        default: "v5.0.0"
       UPLOAD_S3:
         type: boolean
         description: "Upload Puppet module to S3"