From 724d1fa1491ff9de931bfc0ca013606dcf3f53e1 Mon Sep 17 00:00:00 2001 From: Raul Del Pozo Moreno Date: Thu, 4 Apr 2024 00:39:33 +0200 Subject: [PATCH] Update build_wazuh_dashboard_with_plugins.yml Signed-off-by: Raul Del Pozo Moreno --- .../build_wazuh_dashboard_with_plugins.yml | 473 ++++++++++++------ 1 file changed, 315 insertions(+), 158 deletions(-) diff --git a/.github/workflows/build_wazuh_dashboard_with_plugins.yml b/.github/workflows/build_wazuh_dashboard_with_plugins.yml index 56b57ccf4bb5..3ecb44114979 100644 --- a/.github/workflows/build_wazuh_dashboard_with_plugins.yml +++ b/.github/workflows/build_wazuh_dashboard_with_plugins.yml @@ -1,187 +1,344 @@ -name: Build packages +name: Build main stage packages on: workflow_dispatch: inputs: - system: - type: choice - description: 'Package OS' - required: true - options: - - deb - - rpm - default: 'deb' - architecture: - type: choice - description: 'Package architecture' - required: true - options: - - amd64 - - x86_64 - default: amd64 - revision: - type: string - description: 'Package revision' - required: true - default: '0' - reference_security_plugins: + json_data: type: string - description: 'Branch/tag/commit of the wazuh-security-dashboards-plugin repository to build the security plugin' - required: true - default: 'master' - reference_wazuh_plugins: - type: string - description: 'Branch/tag/commit of the wazuh-dashboard-plugins repository to build the main plugins' - required: true - default: 'master' - is_stage: - type: boolean - description: 'Set production nomenclature' - required: true - default: false - checksum: - type: boolean - description: 'Generate package checksum' + description: JSON data encapsulated between '' required: true - default: false jobs: + validate-inputs: - runs-on: ubuntu-latest + runs-on: self-hosted name: Validate inputs + outputs: + github-reference: ${{ steps.step1.outputs.github-reference }} + + revision: ${{ steps.step1.outputs.revision }} + is_stage: ${{ steps.step1.outputs.is_stage }} + checksum: ${{ steps.step1.outputs.checksum }} + should_sign: ${{ steps.step1.outputs.should_sign }} + ca_cert: ${{ steps.step1.outputs.ca_cert }} + reference_security_plugins: ${{ steps.step1.outputs.reference_security_plugins }} + reference_wazuh_plugins: ${{ steps.step1.outputs.reference_wazuh_plugins }} + filebeat_module_revision: ${{ steps.step1.outputs.filebeat_module_revision }} + wpk_linux_reference: ${{ steps.step1.outputs.wpk_linux_reference }} + + build_manager_rpm_x86_64: ${{ steps.step1.outputs.build_manager_rpm_x86_64 }} + build_manager_rpm_aarch64: ${{ steps.step1.outputs.build_manager_rpm_aarch64 }} + build_manager_deb_amd64: ${{ steps.step1.outputs.build_manager_deb_amd64 }} + build_manager_deb_arm64: ${{ steps.step1.outputs.build_manager_deb_arm64 }} + build_agent_rpm_i386: ${{ steps.step1.outputs.build_agent_rpm_i386 }} + build_agent_rpm_x86_64: ${{ steps.step1.outputs.build_agent_rpm_x86_64 }} + build_agent_rpm_armv7hl: ${{ steps.step1.outputs.build_agent_rpm_armv7hl }} + build_agent_rpm_aarch64: ${{ steps.step1.outputs.build_agent_rpm_aarch64 }} + build_agent_deb_i386: ${{ steps.step1.outputs.build_agent_deb_i386 }} + build_agent_deb_x86_64: ${{ steps.step1.outputs.build_agent_deb_x86_64 }} + build_agent_deb_armhf: ${{ steps.step1.outputs.build_agent_deb_armhf }} + build_agent_deb_arm64: ${{ steps.step1.outputs.build_agent_deb_arm64 }} + build_agent_rpm5_i386: ${{ steps.step1.outputs.build_agent_rpm5_i386 }} + build_agent_rpm5_x86_64: ${{ steps.step1.outputs.build_agent_rpm5_x86_64 }} + build_agent_windows_i386: ${{ steps.step1.outputs.build_agent_windows_i386 }} + build_agent_macos_intel64: ${{ steps.step1.outputs.build_agent_macos_intel64 }} + build_agent_macos_arm64v8: ${{ steps.step1.outputs.build_agent_macos_arm64v8 }} + build_dashboard_deb_amd64: ${{ steps.step1.outputs.build_dashboard_deb_amd64 }} + build_dashboard_rpm_x86_64: ${{ steps.step1.outputs.build_dashboard_rpm_x86_64 }} + build_indexer_deb_amd64: ${{ steps.step1.outputs.build_indexer_deb_amd64 }} + build_indexer_rpm_x86_64: ${{ steps.step1.outputs.build_indexer_rpm_x86_64 }} + build_filebeat_module: ${{ steps.step1.outputs.build_filebeat_module }} + build_wpk_linux: ${{ steps.step1.outputs.build_wpk_linux }} + steps: - - name: Validate inputs + - name: Validate and parse inputs from JSON + id: step1 run: | - if [ "${{ inputs.architecture }}" = "amd64" ] && [ "${{ inputs.system }}" = "rpm" ]; then - echo "Invalid combination of architecture and system" - exit 1 - fi - if [ "${{ inputs.architecture }}" = "x86_64" ] && [ "${{ inputs.system }}" = "deb" ]; then - echo "Invalid combination of architecture and system" + + # Get workflow github reference https://stackoverflow.com/a/58035262/20563646 + echo "github-reference=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT + echo $github-reference + # Validate JSON input + ## JSON input should be encapsulated between '' + json=${{ inputs.json_data }} + if jq -e . >/dev/null 2>&1 <<<$json; then + echo "Valid JSON" + else + echo "Invalid JSON" exit 1 fi - build-base: - needs: [validate-inputs] - name: Build dashboard - uses: wazuh/wazuh-dashboard/.github/workflows/build_base.yml@modify-package-generation-actions + # Manage inputs + echo "revision=$(echo -n "$json" | jq -r '.inputs.revision')" >> "$GITHUB_OUTPUT" + echo "is_stage=$(echo -n "$json" | jq -r '.inputs.is_stage')" >> "$GITHUB_OUTPUT" + echo "checksum=$(echo -n "$json" | jq -r '.inputs.checksum')" >> "$GITHUB_OUTPUT" + echo "should_sign=$(echo -n "$json" | jq -r '.inputs.should_sign')" >> "$GITHUB_OUTPUT" + echo "ca_cert=$(echo -n "$json" | jq -r '.inputs.ca_cert')" >> "$GITHUB_OUTPUT" + echo "reference_security_plugins=$(echo -n "$json" | jq -r '.inputs.reference_security_plugins')" >> "$GITHUB_OUTPUT" + echo "reference_wazuh_plugins=$(echo -n "$json" | jq -r '.inputs.reference_wazuh_plugins')" >> "$GITHUB_OUTPUT" + echo "filebeat_module_revision=$(echo -n "$json" | jq -r '.inputs.filebeat_module_revision')" >> "$GITHUB_OUTPUT" + echo "wpk_linux_reference=$(echo -n "$json" | jq -r '.inputs.wpk_linux_reference')" >> "$GITHUB_OUTPUT" + + targets=($(echo -n "$json" | jq -r '.inputs.targets[]')) + for target in ${targets[@]}; do + echo " - $target" + IFS='-' read -ra items <<< "$target" + for item in ${items[@]}; do + echo "$item: true" >> "$GITHUB_OUTPUT" + done + done + + + + build-manager-rpm-x86_64: + needs: validate-inputs + if: ${{ build_manager_rpm_x86_64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main with: - CHECKOUT_TO: ${{ github.head_ref || github.ref_name }} + architecture: 'x86_64' + system: 'rpm' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} - build-main-plugins: - needs: [validate-inputs] - name: Build plugins - uses: wazuh/wazuh-dashboard-plugins/.github/workflows/manual-build.yml@master + build-manager-rpm-aarch64: + needs: validate-inputs + if: ${{ build_manager_rpm_aarch64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main with: - reference: ${{ inputs.reference_wazuh_plugins }} + architecture: 'aarch64' + system: 'rpm' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} - build-security-plugin: - needs: [validate-inputs] - name: Build security plugin - uses: wazuh/wazuh-security-dashboards-plugin/.github/workflows/manual-build.yml@4.9.0 + build-manager-deb-amd64: + needs: validate-inputs + if: ${{ build_manager_deb_amd64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main with: - reference: ${{ inputs.reference_security_plugins }} + architecture: 'amd64' + system: 'deb' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} - build-and-test-package: - needs: [build-main-plugins, build-base, build-security-plugin] - runs-on: ubuntu-latest - name: Generate packages - steps: - - name: Checkout code - uses: actions/checkout@v4 + build-manager-deb-arm64: + needs: validate-inputs + if: ${{ build_manager_deb_arm64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'arm64' + system: 'deb' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} - - name: Setup Node - uses: actions/setup-node@v3 - with: - node-version-file: '.nvmrc' - registry-url: 'https://registry.npmjs.org' + build-agent-rpm-i386: + needs: validate-inputs + if: ${{ build_agent_rpm_i386 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'i386' + system: 'rpm' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} - - name: Setup variables - run: | - echo "CURRENT_DIR=$(pwd -P)" >> $GITHUB_ENV - echo "VERSION=$(tail -c +2 VERSION)" >> $GITHUB_ENV - echo "REVISION=$(yarn --silent wzd-revision)" >> $GITHUB_ENV - echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - if [ "${{ inputs.is_stage }}" = "true" ]; then - echo "PRODUCTION=--production" >> $GITHUB_ENV - fi + build-agent-rpm-x86_64: + needs: validate-inputs + if: ${{ build_agent_rpm_x86_64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'x86_64' + system: 'rpm' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} - - name: Setup packages names - run: | - echo "WAZUH_DASHBOARD_SLIM=wazuh-dashboard_${{ env.VERSION }}-${{ env.REVISION }}_x64_${{ github.head_ref || github.ref_name }}.tar.gz" >> $GITHUB_ENV - echo "WAZUH_SECURITY_PLUGIN=wazuh-security-dashboards-plugin_${{ env.VERSION }}-${{ env.REVISION }}_${{ inputs.reference_security_plugins }}.zip" >> $GITHUB_ENV - echo "WAZUH_PLUGINS=wazuh-dashboard-plugins_${{ env.VERSION }}-${{ env.REVISION }}_${{ inputs.reference_wazuh_plugins }}.zip" >> $GITHUB_ENV - if [ "${{ inputs.system }}" = "deb" ]; then - if [ "${{ inputs.is_stage }}" = "true" ]; then - echo "PACKAGE_NAME=wazuh-dashboard_${{ env.VERSION }}-${{ inputs.revision }}_${{ inputs.architecture }}.deb" >> $GITHUB_ENV - else - echo "PACKAGE_NAME=wazuh-dashboard_${{ env.VERSION }}-${{ inputs.revision }}_${{ inputs.architecture }}_${{ env.COMMIT_SHA}}.deb" >> $GITHUB_ENV - fi - else - if [ "${{ inputs.is_stage }}" = "true" ]; then - echo "PACKAGE_NAME=wazuh-dashboard-${{ env.VERSION }}-${{ inputs.revision }}.${{ inputs.architecture }}.rpm" >> $GITHUB_ENV - else - echo "PACKAGE_NAME=wazuh-dashboard_${{ env.VERSION }}-${{ inputs.revision }}_${{ inputs.architecture }}_${{ env.COMMIT_SHA}}.rpm" >> $GITHUB_ENV - fi - fi + build-agent-rpm-armv7hl: + needs: validate-inputs + if: ${{ build_agent_rpm_armv7hl }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'armv7hl' + system: 'rpm' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} - - name: Download dashboard artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.WAZUH_DASHBOARD_SLIM }} - path: ${{ env.CURRENT_DIR }}/artifacts/dashboard - - - name: Download security plugin artifact - uses: actions/download-artifact@v3 - with: - name: ${{ env.WAZUH_SECURITY_PLUGIN }} - path: ${{ env.CURRENT_DIR }}/artifacts/security-plugin - - - name: Download plugins artifacts - uses: actions/download-artifact@v3 - with: - name: ${{ env.WAZUH_PLUGINS }} - path: ${{ env.CURRENT_DIR }}/artifacts/plugins - - - name: Zip plugins - run: | - zip -r -j ${{ env.CURRENT_DIR }}/artifacts/wazuh-package.zip ${{ env.CURRENT_DIR }}/artifacts/plugins - zip -r -j ${{ env.CURRENT_DIR }}/artifacts/security-package.zip ${{ env.CURRENT_DIR }}/artifacts/security-plugin - zip -r -j ${{ env.CURRENT_DIR }}/artifacts/dashboard-package.zip ${{ env.CURRENT_DIR }}/artifacts/dashboard/${{ env.WAZUH_DASHBOARD_SLIM }} + build-agent-rpm-aarch64: + needs: validate-inputs + if: ${{ build_agent_rpm_aarch64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'aarch64' + system: 'rpm' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} - - name: Build package - run: | - cd ${{ env.CURRENT_DIR }}/dev-tools/build-packages - bash ./build-packages.sh \ - -v ${{ env.VERSION }} \ - -r ${{ inputs.revision }} \ - -a file://${{env.CURRENT_DIR}}/artifacts/wazuh-package.zip \ - -s file://${{env.CURRENT_DIR}}/artifacts/security-package.zip \ - -b file://${{env.CURRENT_DIR}}/artifacts/dashboard-package.zip \ - --${{ inputs.system }} ${{ env.PRODUCTION }} + build-agent-deb-i386: + needs: validate-inputs + if: ${{ build_agent_deb_i386 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'i386' + system: 'deb' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + build-agent-deb-x86_64: + needs: validate-inputs + if: ${{ build_agent_deb_x86_64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'x86_64' + system: 'deb' - - name: Test package - run: | - cd ${{ env.CURRENT_DIR }}/dev-tools/test-packages - ls -la ${{ env.CURRENT_DIR }}/dev-tools/build-packages/output/${{ inputs.system }} - cp ${{ env.CURRENT_DIR }}/dev-tools/build-packages/output/${{ inputs.system }}/${{env.PACKAGE_NAME}} ${{ env.CURRENT_DIR }}/dev-tools/test-packages/${{ inputs.system }} - bash ./test-packages.sh \ - -p ${{env.PACKAGE_NAME}} - - - name: Set up AWS CLI - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.CI_INTERNAL_DEVELOPMENT_BUCKET_USER_SECRET_KEY }} - aws-region: us-east-1 - - - name: Upload package - run: | - echo "Uploading package" - aws s3 cp ${{ env.CURRENT_DIR }}/dev-tools/build-packages/output/${{ inputs.system }}/${{env.PACKAGE_NAME}} s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/ - if [ "${{ inputs.checksum }}" = "true" ]; then - echo "Uploading checksum" - aws s3 cp ${{ env.CURRENT_DIR }}/dev-tools/build-packages/output/${{ inputs.system }}/${{env.PACKAGE_NAME}}.sha512 s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/ - fi + build-agent-deb-armhf: + needs: validate-inputs + if: ${{ build_agent_deb_armhf }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'armhf' + system: 'deb' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-agent-deb-arm64: + needs: validate-inputs + if: ${{ build_agent_deb_arm64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'arm64' + system: 'deb' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-agent-rpm5-i386: + needs: validate-inputs + if: ${{ build_agent_rpm5_i386 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'i386' + system: 'rpm' + legacy: true + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-agent-rpm5-x86_64: + needs: validate-inputs + if: ${{ build_agent_rpm5_x86_64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'x86_64' + system: 'rpm' + legacy: true + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-agent-windows-i386: + needs: validate-inputs + if: ${{ build_agent_windows_i386 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'i386' + ca_name: ${{ needs.validate-inputs.outputs.ca_name }} + should_sign: ${{ needs.validate-inputs.outputs.should_sign }} + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-agent-macos-intel64: + needs: validate-inputs + if: ${{ build_agent_macos_intel64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'intel64' + should_sign: ${{ needs.validate-inputs.outputs.should_sign }} + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-agent-macos-arm64v8: + needs: validate-inputs + if: ${{ build_agent_macos_arm64v8 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'arm64v8' + should_sign: ${{ needs.validate-inputs.outputs.should_sign }} + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-dashboard-deb-amd64: + needs: validate-inputs + if: ${{ build_dashboard_deb_amd64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'amd64' + system: 'deb' + reference_security_plugins: ${{ needs.validate-inputs.outputs.reference_security_plugins }} + reference_wazuh_plugins: ${{ needs.validate-inputs.outputs.reference_wazuh_plugins }} + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-dashboard-rpm-x86_64: + needs: validate-inputs + if: ${{ build_dashboard_rpm_x86_64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'x86_64' + system: 'rpm' + reference_security_plugins: ${{ needs.validate-inputs.outputs.reference_security_plugins }} + reference_wazuh_plugins: ${{ needs.validate-inputs.outputs.reference_wazuh_plugins }} + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-indexer-deb-amd64: + needs: validate-inputs + if: ${{ build_indexer_deb_amd64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'amd64' + system: 'deb' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-indexer-rpm-x86_64: + needs: validate-inputs + if: ${{ build_indexer_rpm_x86_64 }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + architecture: 'x86_64' + system: 'rpm' + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }} + + build-filebeat-module: + needs: validate-inputs + if: ${{ build_filebeat_module }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + revision: ${{ needs.validate-inputs.outputs.filebeat_module_revision }} + + build-wpk-linux: + needs: validate-inputs + if: ${{ build_wpk_linux }} + uses: rauldpm/workflow_test_2/.github/workflows/builder.yaml@main + with: + linux_reference: ${{ needs.validate-inputs.outputs.wpk_linux_reference}} + is_stage: ${{ needs.validate-inputs.outputs.is_stage }} + checksum: ${{ needs.validate-inputs.outputs.checksum }} + revision: ${{ needs.validate-inputs.outputs.revision }}