mbuz/Zabbix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CHANGE: Big revork

Browse Source
This commit is contained in:
Maksym Buz
2025-09-03 15:04:39 +02:00
parent cfb5f0b4e6
commit c731d61550
9 changed files with 4 additions and 1228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

207
zabbix-alpine-builder/.gitea/workflows/build.yml
View File

@@ -1,207 +0,0 @@
name: Build Zabbix APK on New Release
# Trigger the workflow on schedule (daily at 2 AM UTC) and manual dispatch
on:
schedule:
- cron: '0 2 * * *' # Daily at 2 AM UTC
workflow_dispatch: # Allow manual triggering
jobs:
build:
name: Build Zabbix APK Packages
runs-on: ubuntu-latest
container:
image: alpine:latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
- name: Install dependencies
run: |
apk update
apk add --no-cache \
alpine-sdk \
git \
curl \
bash \
grep \
sed \
coreutils
- name: Check for new Zabbix version
id: version_check
run: |
echo "Checking for new Zabbix 7.4.x versions..."
# Install jq for JSON parsing
apk add --no-cache jq
# Fetch the latest stable version from Zabbix Bitbucket API (stable releases only)
LATEST_VERSION=$(curl -s "https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=100" | \
jq -r '.values[].displayId' | \
grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | \
grep -v 'rc\|beta\|alpha' | \
sort -V | \
tail -1)
# Validate version format
if [[ ! "$LATEST_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: Invalid version format detected: $LATEST_VERSION"
exit 1
fi
echo "Latest upstream version: $LATEST_VERSION"
# Extract current version from APKBUILD
CURRENT_VERSION=$(grep '^pkgver=' zabbix/APKBUILD | cut -d'=' -f2)
echo "Current package version: $CURRENT_VERSION"
# Compare versions
if [ "$LATEST_VERSION" = "$CURRENT_VERSION" ]; then
echo "No new version available. Current version $CURRENT_VERSION is up to date."
echo "new_version_available=false" >> $GITHUB_OUTPUT
else
echo "New version available: $LATEST_VERSION"
echo "new_version_available=true" >> $GITHUB_OUTPUT
echo "latest_version=$LATEST_VERSION" >> $GITHUB_OUTPUT
echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
fi
- name: Update APKBUILD with new version
if: steps.version_check.outputs.new_version_available == 'true'
run: |
echo "Updating APKBUILD with version ${{ steps.version_check.outputs.latest_version }}"
# Update package version in APKBUILD
sed -i "s/^pkgver=.*/pkgver=${{ steps.version_check.outputs.latest_version }}/" zabbix/APKBUILD
# Reset package release number for new version
sed -i "s/^pkgrel=.*/pkgrel=0/" zabbix/APKBUILD
echo "APKBUILD updated successfully"
- name: Create build user and setup environment
if: steps.version_check.outputs.new_version_available == 'true'
run: |
echo "Setting up build environment..."
# Create build user
adduser -D -s /bin/bash builder
addgroup builder abuild
# Setup abuild directories
mkdir -p /home/builder/.abuild
chown -R builder:builder /home/builder
# Generate signing key for builder user
su - builder -c "abuild-keygen -a -n"
# Copy project files to builder's workspace
cp -r /github/workspace /home/builder/workspace
chown -R builder:builder /home/builder/workspace
- name: Update checksums
if: steps.version_check.outputs.new_version_available == 'true'
run: |
echo "Updating checksums for new version..."
cd /home/builder/workspace/zabbix
# First, fetch the source to calculate checksums
su - builder -c "cd /home/builder/workspace/zabbix && abuild fetch"
# Update checksums in APKBUILD
su - builder -c "cd /home/builder/workspace/zabbix && abuild checksum"
# Copy updated APKBUILD back to workspace
cp /home/builder/workspace/zabbix/APKBUILD /github/workspace/zabbix/APKBUILD
echo "Checksums updated successfully"
- name: Build packages
if: steps.version_check.outputs.new_version_available == 'true'
run: |
echo "Building Zabbix packages..."
cd /home/builder/workspace
su - builder -c "cd /home/builder/workspace && ./build.sh"
- name: Collect build artifacts
if: steps.version_check.outputs.new_version_available == 'true'
run: |
echo "Collecting build artifacts..."
# Create artifacts directory
mkdir -p /github/workspace/artifacts
# Copy generated packages
if [ -d "/home/builder/packages" ]; then
find /home/builder/packages -name "zabbix*.apk" -type f -exec cp {} /github/workspace/artifacts/ \;
echo "Artifacts collected:"
ls -la /github/workspace/artifacts/
else
echo "No packages found in /home/builder/packages"
fi
- name: Archive build artifacts
if: steps.version_check.outputs.new_version_available == 'true'
uses: actions/upload-artifact@v4
with:
name: zabbix-apk-packages-${{ steps.version_check.outputs.latest_version }}
path: artifacts/*.apk
retention-days: 30
- name: Commit and push changes
if: steps.version_check.outputs.new_version_available == 'true'
run: |
echo "Committing and pushing changes..."
# Configure git
git config --global user.name "Zabbix APK Builder Bot"
git config --global user.email "builder@example.com"
git config --global --add safe.directory /github/workspace
# Add changes
git add zabbix/APKBUILD
# Check if there are changes to commit
if git diff --staged --quiet; then
echo "No changes to commit"
else
# Commit changes
git commit -m "Update Zabbix to version ${{ steps.version_check.outputs.latest_version }}
- Updated pkgver from ${{ steps.version_check.outputs.current_version }} to ${{ steps.version_check.outputs.latest_version }}
- Reset pkgrel to 0 for new version
- Updated checksums for new source package
Built packages:
- zabbix-agent-${{ steps.version_check.outputs.latest_version }}-r0.apk
- zabbix-proxy-${{ steps.version_check.outputs.latest_version }}-r0.apk"
# Push to test branch (create if doesn't exist)
git checkout -B test
git push origin test --force-with-lease
echo "Changes committed and pushed to test branch successfully"
fi
- name: Build summary
if: always()
run: |
echo "## Build Summary" >> $GITHUB_STEP_SUMMARY
if [ "${{ steps.version_check.outputs.new_version_available }}" = "true" ]; then
echo "✅ **New version detected and built successfully**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **Previous version:** ${{ steps.version_check.outputs.current_version }}" >> $GITHUB_STEP_SUMMARY
echo "- **New version:** ${{ steps.version_check.outputs.latest_version }}" >> $GITHUB_STEP_SUMMARY
echo "- **Build artifacts:** Available in workflow artifacts" >> $GITHUB_STEP_SUMMARY
echo "- **Repository:** Changes pushed to \`test\` branch" >> $GITHUB_STEP_SUMMARY
else
echo " **No new version available**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "The current version is up to date with the latest upstream release." >> $GITHUB_STEP_SUMMARY
fi

174
zabbix-alpine-builder/README.md
View File

@@ -1,174 +0,0 @@
# Zabbix 7.4 APK Builder for Alpine Linux
## Overview
This project provides an automated solution for building Zabbix Agent and Proxy packages (.apk files) for Alpine Linux. The system automatically monitors the official Zabbix repository for new 7.4.x releases and builds updated packages when new versions are detected.
The project creates two separate packages from a single APKBUILD:
- **zabbix-agent**: Lightweight monitoring agent for data collection
- **zabbix-proxy**: Monitoring proxy with SQLite 3 support for distributed monitoring
## File Structure
```
/home/mbuz/zabbix-git/zabbix-alpine-builder/
├── .gitea/
│ └── workflows/
│ └── build.yml # Gitea Actions CI/CD workflow
├── zabbix/
│ └── APKBUILD # Alpine package build specification
├── build.sh # Local build script for testing
├── test-version-check.sh # Version check validation script
└── README.md # This documentation file
```
## Prerequisites
For local building, you need the following Alpine Linux packages:
```bash
sudo apk add alpine-sdk git
```
The `alpine-sdk` package includes:
- `abuild` - Alpine package builder
- `build-base` - Essential build tools
- Development headers and libraries
## Manual Build
To build the packages locally for testing:
1. **Clone or navigate to the project directory:**
```bash
cd /home/mbuz/zabbix-git/zabbix-alpine-builder
```
2. **Run the build script:**
```bash
./build.sh
```
3. **The script will:**
- Check for required dependencies
- Set up the abuild environment (create signing keys if needed)
- Navigate to the `zabbix/` directory
- Download Zabbix source code
- Update checksums automatically
- Build both agent and proxy packages
- Create a local package repository
4. **Generated packages will be available in:**
```
~/packages/zabbix-agent-7.4.x-r0.apk
~/packages/zabbix-proxy-7.4.x-r0.apk
```
## Testing Version Check
To validate the version checking logic without running a full build:
```bash
./test-version-check.sh
```
This script tests the same version detection logic used by the CI/CD workflow and reports whether a build would be triggered.
## CI/CD Automation
The project includes automated package building through Gitea Actions:
### Workflow Configuration
The workflow file `.gitea/workflows/build.yml` provides:
- **Scheduled Execution**: Runs daily at 2:00 AM UTC to check for new versions
- **Manual Triggering**: Can be triggered manually via the Gitea Actions interface
- **Alpine Container**: Builds packages in a clean Alpine Linux environment
### Automated Process
1. **Version Detection**:
- Uses the Zabbix Bitbucket REST API for accurate version detection
- Filters out release candidates, beta, and alpha versions
- Only considers stable releases matching the pattern `X.Y.Z`
- Compares with the current version in `APKBUILD`
2. **Build Trigger**:
- Only proceeds if a newer version is detected
- Gracefully stops if no update is needed
3. **Package Building**:
- Updates `pkgver` in the `APKBUILD` file
- Fetches source code using `abuild fetch`
- Recalculates source checksums using `abuild checksum`
- Builds both agent and proxy packages
- Validates the build process
4. **Version Control**:
- Commits the updated `APKBUILD` with new version information
- Pushes changes to the `test` branch
- Includes detailed commit messages with version changes
5. **Artifact Management**:
- Archives generated `.apk` files as build artifacts
- Provides downloadable packages for 30 days
- Generates build summary reports
### Build Artifacts
Successful builds produce:
- `zabbix-agent-{version}-r0.apk` - Monitoring agent package
- `zabbix-proxy-{version}-r0.apk` - Monitoring proxy package with SQLite support
## Package Details
### Zabbix Agent Package
- **Binary**: `/usr/sbin/zabbix_agentd`
- **Configuration**: `/etc/zabbix/zabbix_agentd.conf`
- **Runtime Dependencies**: pcre2, libevent, openssl, net-snmp, curl
- **Log Directory**: `/var/log/zabbix/agent`
- **Data Directory**: `/var/lib/zabbix/agent`
### Zabbix Proxy Package
- **Binary**: `/usr/sbin/zabbix_proxy`
- **Configuration**: `/etc/zabbix/zabbix_proxy.conf`
- **Runtime Dependencies**: pcre2, libevent, openssl, net-snmp, curl, sqlite, libxml2
- **Database Support**: SQLite 3
- **Log Directory**: `/var/log/zabbix/proxy`
- **Data Directory**: `/var/lib/zabbix/proxy`
## Security Considerations
- Packages run under a dedicated `zabbix` user account
- Configuration files have restricted permissions (640)
- Service directories are owned by the zabbix user
- Signing keys are automatically generated for package integrity
## Troubleshooting
### Local Build Issues
1. **Missing dependencies**: Ensure `alpine-sdk` and `git` are installed
2. **Permission errors**: Don't run the build script as root
3. **Signing key errors**: The script will automatically generate keys on first run
4. **Network issues**: Ensure internet access for downloading Zabbix sources
### CI/CD Issues
1. **Build failures**: Check the workflow logs in Gitea Actions
2. **Version detection**: Verify access to the upstream Zabbix repository
3. **Push failures**: Ensure proper repository permissions for the bot account
## Contributing
To contribute to this project:
1. Test local builds before submitting changes
2. Update version numbers appropriately
3. Maintain compatibility with Alpine Linux packaging standards
4. Document any significant changes in commit messages
## License
This project follows the same licensing as Zabbix (AGPL-3.0-only for versions 7.0+) for package building scripts. The generated packages contain Zabbix software under its original license terms.

153
zabbix-alpine-builder/build.sh
View File

@@ -1,153 +0,0 @@
#!/bin/bash
# Zabbix APK Builder - Local Build Script
# This script performs a local build of the Zabbix packages for testing purposes
set -euo pipefail
# Script configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ZABBIX_DIR="$SCRIPT_DIR/zabbix"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Logging functions
log_info() {
echo -e "${GREEN}[INFO]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if we're running as root (required for abuild)
check_root() {
if [[ $EUID -eq 0 ]]; then
log_error "This script should not be run as root"
log_info "Please run as a regular user with sudo access"
exit 1
fi
}
# Check dependencies
check_dependencies() {
log_info "Checking build dependencies..."
if ! command -v abuild &> /dev/null; then
log_error "abuild not found. Please install alpine-sdk:"
log_info " sudo apk add alpine-sdk"
exit 1
fi
if ! command -v git &> /dev/null; then
log_error "git not found. Please install git:"
log_info " sudo apk add git"
exit 1
fi
log_info "Dependencies check passed"
}
# Setup abuild environment
setup_abuild() {
log_info "Setting up abuild environment..."
# Create abuild config if it doesn't exist
if [[ ! -f "$HOME/.abuild/abuild.conf" ]]; then
log_info "Creating abuild configuration..."
mkdir -p "$HOME/.abuild"
echo "PACKAGER_PRIVKEY=\"$HOME/.abuild/$(whoami)-$(date +%Y%m%d).rsa\"" > "$HOME/.abuild/abuild.conf"
fi
# Generate signing key if it doesn't exist
if [[ ! -f "$HOME/.abuild/$(whoami)-"*".rsa" ]]; then
log_info "Generating abuild signing key..."
abuild-keygen -a -i
fi
}
# Main build function
build_packages() {
log_info "Starting Zabbix package build..."
# Navigate to the zabbix directory containing APKBUILD
if [[ ! -d "$ZABBIX_DIR" ]]; then
log_error "Zabbix directory not found: $ZABBIX_DIR"
exit 1
fi
cd "$ZABBIX_DIR"
# Check if APKBUILD exists
if [[ ! -f "APKBUILD" ]]; then
log_error "APKBUILD file not found in $ZABBIX_DIR"
exit 1
fi
log_info "Building packages with abuild..."
# Clean any previous builds
abuild clean || true
# Fetch sources and verify checksums
log_info "Fetching sources..."
abuild fetch
# Update checksums if needed (important for new versions)
log_info "Updating checksums..."
abuild checksum
# Build the packages and create local repository index
# -r flag creates a local repository with package index
log_info "Building packages and creating repository index..."
abuild -r
if [[ $? -eq 0 ]]; then
log_info "Build completed successfully!"
log_info "Generated packages can be found in ~/packages/"
# List generated packages
if [[ -d "$HOME/packages" ]]; then
log_info "Generated APK files:"
find "$HOME/packages" -name "zabbix*.apk" -type f -exec basename {} \; | sort
fi
else
log_error "Build failed!"
exit 1
fi
}
# Cleanup function
cleanup() {
log_info "Cleaning up build artifacts..."
cd "$ZABBIX_DIR"
abuild clean || true
}
# Main execution
main() {
log_info "Zabbix APK Builder - Local Build Script"
log_info "========================================"
check_root
check_dependencies
setup_abuild
# Trap cleanup on exit
trap cleanup EXIT
build_packages
log_info "Build process completed!"
}
# Run main function
main "$@"

42
zabbix-alpine-builder/test-version-check.sh
View File

@@ -1,42 +0,0 @@
#!/bin/bash
# Test script for version checking logic
# This script simulates the version check workflow to ensure it works correctly
set -euo pipefail
echo "=== Zabbix Version Check Test ==="
# Test the API endpoint and version extraction
echo "Testing version check API..."
LATEST_VERSION=$(curl -s "https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=100" | \
jq -r '.values[].displayId' | \
grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | \
grep -v 'rc\|beta\|alpha' | \
sort -V | \
tail -1)
# Validate version format
if [[ ! "$LATEST_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "❌ Error: Invalid version format detected: $LATEST_VERSION"
exit 1
fi
echo "✅ Latest upstream version: $LATEST_VERSION"
# Extract current version from APKBUILD
CURRENT_VERSION=$(grep '^pkgver=' zabbix/APKBUILD | cut -d'=' -f2)
echo "✅ Current package version: $CURRENT_VERSION"
# Compare versions
if [ "$LATEST_VERSION" = "$CURRENT_VERSION" ]; then
echo "✅ No new version available. Current version $CURRENT_VERSION is up to date."
echo " Build would be skipped in CI/CD."
else
echo "🔄 New version available: $LATEST_VERSION"
echo " Build would be triggered in CI/CD."
fi
echo ""
echo "=== Test completed successfully ==="

137
zabbix-alpine-builder/zabbix/APKBUILD
View File

@@ -1,137 +0,0 @@
# Maintainer: Zabbix APK Builder <support@example.com>
pkgname=zabbix
pkgver=7.4.2
pkgrel=0
pkgdesc="An enterprise-class open source distributed monitoring solution"
url="https://www.zabbix.com/"
arch="all"
license="AGPL-3.0-only"
makedepends="
alpine-sdk
autoconf
automake
libtool
pcre2-dev
libevent-dev
openssl-dev
net-snmp-dev
curl-dev
sqlite-dev
unixodbc-dev
postgresql-dev
mysql-dev
libxml2-dev
zlib-dev
"
subpackages="$pkgname-agent $pkgname-proxy"
source="https://cdn.zabbix.com/zabbix/sources/stable/7.4/zabbix-$pkgver.tar.gz"
# User and group for Zabbix
_zabbix_user="zabbix"
_zabbix_group="zabbix"
prepare() {
default_prepare
autoreconf -fiv
}
build() {
# Common configuration options
local _common_config="
--prefix=/usr
--sysconfdir=/etc/zabbix
--localstatedir=/var
--enable-ipv6
--with-libcurl
--with-libxml2
--with-net-snmp
--with-openssl
--with-pcre2
"
# Build agent
./configure $_common_config \
--enable-agent \
--disable-server \
--disable-proxy
make
# Save agent binary
mv src/zabbix_agentd/zabbix_agentd zabbix_agentd.built
# Clean for proxy build
make clean
# Build proxy
./configure $_common_config \
--disable-agent \
--disable-server \
--enable-proxy \
--with-sqlite3
make
# Save proxy binary
mv src/zabbix_proxy/zabbix_proxy zabbix_proxy.built
}
package() {
# Main package - create zabbix user
addgroup -S $_zabbix_group
adduser -S -D -H -h /var/lib/zabbix -s /sbin/nologin -G $_zabbix_group $_zabbix_user
# Create common directories
install -d -m755 -o $_zabbix_user -g $_zabbix_group \
"$pkgdir"/var/lib/zabbix \
"$pkgdir"/var/log/zabbix \
"$pkgdir"/var/run/zabbix
# Install common configuration files
install -d -m755 "$pkgdir"/etc/zabbix
}
agent() {
pkgdesc="Zabbix monitoring agent"
depends="pcre2 libevent openssl net-snmp curl"
# Install agent binary
install -d -m755 "$subpkgdir"/usr/sbin
install -m755 "$builddir"/zabbix_agentd.built "$subpkgdir"/usr/sbin/zabbix_agentd
# Install agent configuration
install -d -m755 "$subpkgdir"/etc/zabbix
install -m640 -o root -g $_zabbix_group \
"$builddir"/conf/zabbix_agentd.conf "$subpkgdir"/etc/zabbix/
# Create agent-specific directories
install -d -m755 -o $_zabbix_user -g $_zabbix_group \
"$subpkgdir"/var/lib/zabbix/agent \
"$subpkgdir"/var/log/zabbix/agent
# Install init script placeholder (to be created separately)
install -d -m755 "$subpkgdir"/etc/init.d
}
proxy() {
pkgdesc="Zabbix monitoring proxy with SQLite support"
depends="pcre2 libevent openssl net-snmp curl sqlite libxml2"
# Install proxy binary
install -d -m755 "$subpkgdir"/usr/sbin
install -m755 "$builddir"/zabbix_proxy.built "$subpkgdir"/usr/sbin/zabbix_proxy
# Install proxy configuration
install -d -m755 "$subpkgdir"/etc/zabbix
install -m640 -o root -g $_zabbix_group \
"$builddir"/conf/zabbix_proxy.conf "$subpkgdir"/etc/zabbix/
# Create proxy-specific directories
install -d -m755 -o $_zabbix_user -g $_zabbix_group \
"$subpkgdir"/var/lib/zabbix/proxy \
"$subpkgdir"/var/log/zabbix/proxy
# Install init script placeholder (to be created separately)
install -d -m755 "$subpkgdir"/etc/init.d
}
# Checksums will be updated by CI/CD workflow
sha512sums="SKIP"

22
zabbix-apk-builder/.github/workflows/build.yml → zabbix-apk-builder/.gitea/workflows/build.yml
View File

@@ -134,29 +134,7 @@ jobs:
path: packages/*.apk
retention-days: 30
- name: Create release
if: github.ref == 'refs/heads/main'
uses: softprops/action-gh-release@v1
with:
tag_name: "v${{ needs.check-version.outputs.latest_version }}"
name: "Zabbix ${{ needs.check-version.outputs.latest_version }} APK Packages"
body: |
Automated build of Zabbix ${{ needs.check-version.outputs.latest_version }} packages for Alpine Linux.
## Packages
- `zabbix-agent-${{ needs.check-version.outputs.latest_version }}-r0.apk` - Monitoring agent
- `zabbix-proxy-${{ needs.check-version.outputs.latest_version }}-r0.apk` - Network proxy
- `zabbix-${{ needs.check-version.outputs.latest_version }}-r0.apk` - Meta package
## Installation
```bash
apk add --allow-untrusted zabbix-agent-${{ needs.check-version.outputs.latest_version }}-r0.apk
rc-update add zabbix-agent default
rc-service zabbix-agent start
```
files: packages/*.apk
draft: false
prerelease: false
publish-to-gitea:
needs: [check-version, build-packages]

258
zabbix-apk-builder/CI-CD-DOCS.md
View File

@@ -1,258 +0,0 @@
# CI/CD Pipeline Documentation
## Overview
This CI/CD pipeline automates the entire Zabbix APK package lifecycle from version detection to deployment. It's designed to work with your Gitea repository and provides both automated and manual build capabilities.
## Pipeline Architecture
```
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Version Check │ -> │ Update APKBUILD │ -> │ Build Packages │
│ (Zabbix Git) │ │ (Auto-commit) │ │ (Docker) │
└─────────────────┘ └──────────────────┘ └─────────────────┘
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Deploy Test │ <- │ Publish to Gitea │ <- │ Create Release │
│ (Alpine Test) │ │ (Package Repo) │ │ (GitHub) │
└─────────────────┘ └──────────────────┘ └─────────────────┘
```
## Version Detection Strategy
### Primary Method: Zabbix Bitbucket API
- **Endpoint**: `https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags`
- **Process**:
1. Fetches all tags from Zabbix official repository
2. Filters for stable releases (excludes rc, beta, alpha)
3. Sorts versions and selects the latest
- **Advantages**:
- Official Zabbix repository
- Real-time release information
- Includes all release types for filtering
### Fallback Options
If the Bitbucket API fails:
1. **CDN Scraping**: Parse `https://cdn.zabbix.com/zabbix/sources/stable/`
2. **RSS Feed**: Monitor Zabbix blog/announcements
3. **Manual Trigger**: Force build via GitHub Actions
## Jobs Breakdown
### 1. **check-version**
- **Purpose**: Monitors Zabbix releases for new versions
- **Method**: Queries Zabbix Bitbucket API for latest stable release
- **Logic**:
```bash
# Filters tags to stable releases only
grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' |
grep -v 'rc\|beta\|alpha' |
sort -V | tail -1
```
- **Output**: Determines if build is needed and provides version info
### 2. **update-version**
- **Purpose**: Automatically updates APKBUILD when new version found
- **Actions**:
- Updates `pkgver` to latest version
- Resets `pkgrel` to 0
- Clears checksums (regenerated during build)
- Commits and pushes changes
### 3. **build-packages**
- **Purpose**: Builds APK packages using Docker
- **Process**:
- Sets up Docker Buildx
- Runs `./build.sh`
- Uploads packages as artifacts
- Creates GitHub release (main branch only)
### 4. **publish-to-gitea**
- **Purpose**: Publishes packages to your Gitea repository
- **Process**:
- Downloads built packages
- Clones Gitea repo using SSH
- Organizes packages in Alpine repository structure
- Updates package index
- Commits and pushes to Gitea
### 5. **deploy-test**
- **Purpose**: Tests package installation (test branch only)
- **Process**:
- Downloads packages
- Tests installation in fresh Alpine containers
- Verifies binaries work correctly
## Trigger Conditions
### Automatic Triggers
- **Daily Check**: Runs at 6 AM UTC to check for new Zabbix versions
- **Code Changes**: Triggers on pushes to main/test branches when relevant files change
### Manual Triggers
- **Workflow Dispatch**: Manual trigger with optional force build
- **Use Case**: Emergency builds or testing
## Configuration Requirements
### GitHub Secrets
You need to configure these secrets in your GitHub repository:
```bash
# For Gitea repository access
GITEA_SSH_KEY # Private SSH key for gitea-repo access
```
### Repository Setup
1. **Branch Strategy**:
- `main`: Production releases
- `test`: Testing and validation
2. **File Structure**:
```
.github/workflows/build.yml # Main pipeline
APKBUILD # Package definition
build.sh # Build script
Dockerfile # Build environment
*.initd, *.confd # Service files
```
## API Endpoints Used
### Zabbix Version Detection
```bash
# Primary endpoint - Zabbix Bitbucket API
https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=100
# Response format:
{
"values": [
{
"displayId": "7.4.2",
"type": "TAG"
}
]
}
```
### Version Processing
```bash
# Extract stable versions only
curl -s "https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=100" | \
jq -r '.values[].displayId' | \
grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | \
grep -v 'rc\|beta\|alpha' | \
sort -V | \
tail -1
```
## Package Repository Structure
Your Gitea repository will follow Alpine Linux repository format:
```
alpine/
v3.18/
main/
x86_64/
zabbix-agent-X.Y.Z-r0.apk
zabbix-proxy-X.Y.Z-r0.apk
zabbix-X.Y.Z-r0.apk
PACKAGES.txt
```
## Deployment Flow
### Development Workflow
1. **Code Changes** → Push to `test` branch
2. **Pipeline Runs** → Builds and tests packages
3. **Testing** → Verify in Alpine containers
4. **Merge** → To `main` branch for release
### Production Workflow
1. **New Zabbix Release** → Detected by daily check
2. **Auto-Update** → APKBUILD updated and committed
3. **Build** → Packages built and tested
4. **Release** → GitHub release created
5. **Publish** → Packages pushed to Gitea repository
## Monitoring and Notifications
### Success Indicators
- ✅ Version check completes
- ✅ APKBUILD updated correctly
- ✅ Packages build successfully
- ✅ Tests pass in Alpine containers
- ✅ Packages published to Gitea
### Failure Handling
- 🚨 Build failures create GitHub issues
- 🚨 Failed deployments stop the pipeline
- 🚨 Version detection errors logged
## Usage Examples
### Manual Build
```bash
# Trigger manual build via GitHub Actions UI
# OR via GitHub CLI:
gh workflow run build.yml -f force_build=true
```
### Emergency Version Update
```bash
# Update version manually and push
sed -i 's/pkgver=.*/pkgver=7.4.3/' APKBUILD
git add APKBUILD
git commit -m "Emergency update to 7.4.3"
git push
```
### Using Built Packages
```bash
# Add your Gitea repository
echo "http://gitea-repo/mbuz/Zabbix/raw/branch/main/alpine/v3.18/main" >> /etc/apk/repositories
# Install packages
apk update
apk add zabbix-agent zabbix-proxy
```
## Testing the Version Detection
You can test the version detection logic locally:
```bash
# Get latest stable version
curl -s "https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=100" | \
jq -r '.values[].displayId' | \
grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | \
grep -v 'rc\|beta\|alpha' | \
sort -V | \
tail -1
# Should output: 7.4.2 (or latest version)
```
## Maintenance
### Regular Tasks
- Monitor pipeline runs
- Update Alpine Linux version in repository structure
- Rotate SSH keys periodically
- Review and update dependencies
### Troubleshooting
- Check GitHub Actions logs for failures
- Verify SSH key access to Gitea
- Ensure Docker builds work locally
- Test package installation manually
- Verify Zabbix API connectivity
## Security Considerations
1. **SSH Keys**: Use dedicated deploy keys with minimal permissions
2. **Secrets**: Store sensitive data in GitHub Secrets
3. **API Access**: Monitor for API rate limits or authentication changes
4. **Package Signing**: Consider implementing APK package signing
This pipeline provides a fully automated solution for maintaining up-to-date Zabbix packages while ensuring quality through testing and proper repository management.

4
zabbix-apk-builder/README.md
View File

@@ -1,3 +1,4 @@
<!-- Test commit to trigger CI/CD -->
# Zabbix APK Builder
Automated Alpine Linux package builder for Zabbix Agent and Proxy with CI/CD pipeline integration.
@@ -186,7 +187,8 @@ cd /build && ./build.sh
# Test API manually
curl -s "https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=100" | \
jq -r '.values[].displayId' | \
grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | \
grep -E '^[0-9]+\.[0-9]+\.[0-9]+
| \
sort -V | tail -1
```

233
zabbix-apk-builder/setup-cicd.sh
View File

@@ -1,233 +0,0 @@
#!/bin/bash
# Zabbix APK Builder CI/CD Setup Script
set -e
echo "🚀 Zabbix APK Builder CI/CD Setup"
echo "=================================="
echo
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored output
print_step() {
echo -e "${BLUE}[STEP]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check if we're in a git repository
print_step "Checking Git repository status..."
if ! git rev-parse --git-dir > /dev/null 2>&1; then
print_error "Not in a Git repository. Please initialize git first:"
echo " git init"
echo " git add ."
echo " git commit -m 'Initial commit'"
echo " git remote add origin <your-github-repo>"
exit 1
fi
# Check if we have required files
print_step "Verifying required files..."
required_files=("APKBUILD" "build.sh" "Dockerfile" ".github/workflows/build.yml")
for file in "${required_files[@]}"; do
if [[ ! -f "$file" ]]; then
print_error "Required file missing: $file"
exit 1
fi
done
print_success "All required files present"
# Test version detection API
print_step "Testing Zabbix version detection API..."
if ! curl -s --connect-timeout 10 "https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=5" | grep -q "displayId"; then
print_warning "Could not reach Zabbix API. Pipeline will work but version detection may fail."
else
latest_version=$(curl -s "https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=100" | \
grep -o '"displayId":"[^"]*"' | cut -d'"' -f4 | \
grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -1)
print_success "API working. Latest Zabbix version: $latest_version"
fi
# Check if GitHub CLI is available
print_step "Checking GitHub CLI availability..."
if command -v gh &> /dev/null; then
if gh auth status &> /dev/null; then
print_success "GitHub CLI authenticated"
GITHUB_CLI_AVAILABLE=true
else
print_warning "GitHub CLI not authenticated. Manual secret configuration needed."
GITHUB_CLI_AVAILABLE=false
fi
else
print_warning "GitHub CLI not installed. Manual secret configuration needed."
GITHUB_CLI_AVAILABLE=false
fi
# SSH Key Setup
print_step "Setting up SSH key for Gitea access..."
echo
echo "You need an SSH key for the CI/CD pipeline to push packages to your Gitea repository."
echo
# Check if user has SSH keys
if [[ -f ~/.ssh/id_rsa ]] || [[ -f ~/.ssh/id_ed25519 ]]; then
echo "Existing SSH keys found:"
ls -la ~/.ssh/id_* 2>/dev/null | grep -v .pub || true
echo
read -p "Use existing SSH key? (y/N): " use_existing
if [[ $use_existing =~ ^[Yy]$ ]]; then
if [[ -f ~/.ssh/id_ed25519 ]]; then
SSH_KEY_PATH=~/.ssh/id_ed25519
elif [[ -f ~/.ssh/id_rsa ]]; then
SSH_KEY_PATH=~/.ssh/id_rsa
fi
print_success "Using existing SSH key: $SSH_KEY_PATH"
else
create_new_key=true
fi
else
create_new_key=true
fi
if [[ $create_new_key == true ]]; then
print_step "Creating new SSH key for CI/CD..."
ssh-keygen -t ed25519 -f ~/.ssh/zabbix_cicd -N "" -C "zabbix-cicd@$(hostname)"
SSH_KEY_PATH=~/.ssh/zabbix_cicd
print_success "Created new SSH key: $SSH_KEY_PATH"
fi
# Display public key
echo
echo "📋 Public key to add to your Gitea repository:"
echo "=============================================="
cat "$SSH_KEY_PATH.pub"
echo "=============================================="
echo
print_warning "IMPORTANT: Add this public key to your Gitea repository with write access!"
echo "1. Go to your Gitea repository settings"
echo "2. Navigate to Deploy Keys section"
echo "3. Add the public key above"
echo "4. Enable write access for the key"
echo
read -p "Press Enter after adding the public key to Gitea..."
# Configure GitHub Secrets
print_step "Configuring GitHub repository secrets..."
echo
if [[ $GITHUB_CLI_AVAILABLE == true ]]; then
echo "Setting up GitHub secrets using GitHub CLI..."
# Set SSH key secret
if gh secret set GITEA_SSH_KEY < "$SSH_KEY_PATH"; then
print_success "SSH key secret configured"
else
print_error "Failed to set SSH key secret"
exit 1
fi
else
echo "Manual secret configuration required:"
echo
echo "1. Go to your GitHub repository"
echo "2. Navigate to Settings → Secrets and variables → Actions"
echo "3. Add the following secret:"
echo
echo " Name: GITEA_SSH_KEY"
echo " Value: (paste the private key below)"
echo
echo "📋 Private key content:"
echo "======================"
cat "$SSH_KEY_PATH"
echo "======================"
echo
read -p "Press Enter after configuring the GitHub secret..."
fi
# Test build locally
print_step "Testing local build..."
if [[ -x ./build.sh ]]; then
echo "Running test build (this may take a few minutes)..."
if ./build.sh; then
print_success "Local build test successful"
if [[ -d packages ]] && [[ $(ls packages/*.apk 2>/dev/null | wc -l) -gt 0 ]]; then
echo "Built packages:"
ls -la packages/*.apk
fi
else
print_warning "Local build test failed, but CI/CD setup continues"
fi
else
print_error "build.sh is not executable"
chmod +x build.sh
print_success "Fixed build.sh permissions"
fi
# Repository setup verification
print_step "Verifying repository configuration..."
# Check remote URL
remote_url=$(git remote get-url origin 2>/dev/null || echo "")
if [[ -z "$remote_url" ]]; then
print_error "No Git remote 'origin' configured"
echo "Please add your GitHub repository as remote:"
echo " git remote add origin https://github.com/username/repo.git"
exit 1
else
print_success "Git remote configured: $remote_url"
fi
# Check if we're on main or test branch
current_branch=$(git branch --show-current)
if [[ "$current_branch" != "main" ]] && [[ "$current_branch" != "test" ]]; then
print_warning "Not on main or test branch (current: $current_branch)"
echo "CI/CD pipeline triggers on main/test branches"
fi
# Final steps
echo
print_step "Final setup steps..."
echo
echo "✅ CI/CD Setup Complete!"
echo
echo "📋 Next Steps:"
echo "1. Commit and push your changes:"
echo " git add ."
echo " git commit -m 'Add CI/CD pipeline'"
echo " git push origin main"
echo
echo "2. Check GitHub Actions tab in your repository"
echo "3. The pipeline will:"
echo " - Check for new Zabbix versions daily"
echo " - Build packages automatically"
echo " - Publish to your Gitea repository"
echo
echo "📖 Documentation:"
echo "- CI-CD-DOCS.md: Comprehensive pipeline documentation"
echo "- README.md: Usage and setup guide"
echo
echo "🔧 Manual Operations:"
echo "- Force build: Go to Actions tab → Zabbix APK Builder → Run workflow"
echo "- Test build: ./build.sh"
echo "- Check version: curl -s 'https://git.zabbix.com/rest/api/1.0/projects/ZBX/repos/zabbix/tags?limit=5'"
echo
print_success "Setup completed successfully! 🎉"