ironbank: support for heartbeat

[v1v]

🚧

Motivation/summary

Automate the docker context generation for the Heartbeat IronBank releases, this will allow us to move away from creating those docker context manually in a different repository, since the Platform Release team already provide the automation.

Implementation details

1. Support for mage ironbank
2. Support for mage validateIronbank

The CI will validate the Ironbank as part of the packaging-linux since it requires:

1. The heartbeat-xxxx.tar.gz file to be generated (as part of the mage package)
2. The dependencies to be downloaded (since ironbank requires all the dependencies to be listed in a YAML file)
3. Then verify the given heartbeat for a particular ElasticStack version can be started and a minimal smoke test responses with the right http code.

DoD build context content

As required the build context contains the following files:

• Dockerfile with specific requirements for DoD (registry args, no internet dependencies, healthcheck, ...)
• hardening_manifest.yaml with all required dependencies
• LICENSE specific for DoD
• README.md with specific content for DoD
• config/ (optional) directory containing all config files to include into the Docker image
• scripts/ directory containing all scripts to include into the Docker image (example: entrypoint...)

Why is it important?

No more manual post-release steps to generate the ironbank releases for heartbeat

Actions

• Generate the ironbank tar.gz docker context following the Unified Release requirements
• Generate hardening_manifest.yaml that includes all the dependencies.
• Validate the dependencies don't change on a PR basis, so we can discover those conflicts on a PR basis rather than on merge-commits.

Issues

A similar approach was done for other beats.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2022-07-26T17:05:18.195+0000

• Duration: 154 min 24 sec

Test stats 🧪

Test	Results
Failed	0
Passed	22533
Skipped	1937
Total	24470

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[v1v]

This stage is the one to validate the ironbank for heartbeat are compliance. If it fails then, look at the README.md in the ironbank folder that contains enough details to handle what's required to be done

[v1v]

Those dependencies are the ones defined in https://repo1.dso.mil/dsop/elastic/beats/heartbeat/-/blob/development/hardening_manifest.yaml (more precisely the ones defined in https://repo1.dso.mil/dsop/elastic/beats/heartbeat/-/merge_requests/43)

[v1v]

This PR won't be needed since the ironbank validation for the heartbeats will run somewhere else as agreed with @jlind23 and @cachedout

agree that the Ironbank context validation should not be done on a PR basis.
A weekly check for this context might be enough and it will limit the number of PR that may have break it.
Every failure on the DRA process must notify us indeed.

The above was discussed in an internal GitHub issue, so only elasticians have access and it's linked to this particular PR.

A new PR will be done shortly