Skip to content

Backported 1438 to 2.x #645

Backported 1438 to 2.x

Backported 1438 to 2.x #645

name: Security and knn tests
# This workflow is triggered on pull requests to main branch
on:
pull_request:
branches:
- '*'
push:
branches:
- '*'
jobs:
Get-CI-Image-Tag:
uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
with:
product: opensearch
req:
# Job name
name: plugin check
runs-on: ubuntu-latest
outputs:
isSecurityPluginAvailable: ${{ steps.plugin-availability-check.outputs.isSecurityPluginAvailable }}
isKnnPluginAvailable: ${{ steps.plugin-availability-check.outputs.isKnnPluginAvailable }}
steps:
# This step uses the checkout Github action: https://github.com/actions/checkout
- name: Checkout Branch
uses: actions/checkout@v2
- id: plugin-availability-check
name: "plugin check"
run: |
opensearch_version=$(grep "System.getProperty(\"opensearch.version\", \"" build.gradle | grep '\([0-9]\|[.]\)\{5\}' -o)
opensearch_version=$opensearch_version".0-SNAPSHOT"
# we publish build artifacts to the below url
sec_plugin_url="https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-security/"$opensearch_version"/"
sec_st=$(curl -s -o /dev/null -w "%{http_code}" $sec_plugin_url)
if [ "$sec_st" = "200" ]; then
echo "isSecurityPluginAvailable=True" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
else
echo "isSecurityPluginAvailable=False" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
fi
knn_plugin_url="https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-knn/"$opensearch_version"/"
knn_st=$(curl -s -o /dev/null -w "%{http_code}" $knn_plugin_url)
if [ "$knn_st" = "200" ]; then
echo "isKnnPluginAvailable=True" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
else
echo "isKnnPluginAvailable=False" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
fi
build-linux:
needs: [req, Get-CI-Image-Tag]
if: ${{ 'True' == needs.req.outputs.isSecurityPluginAvailable }}
# Job name
name: Build and Run Security tests
runs-on: ubuntu-latest
container:
# using the same image which is used by opensearch-build team to build the OpenSearch Distribution
# this image tag is subject to change as more dependencies and updates will arrive over time
image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
# need to switch to root so that github actions can install runner binary on container without permission issues.
options: --user root
steps:
# This step uses the setup-java Github action: https://github.com/actions/setup-java
- name: Set Up JDK 17
uses: actions/setup-java@v1
with:
java-version: 17
# This step uses the checkout Github action: https://github.com/actions/checkout
- name: Checkout Branch
uses: actions/checkout@v2
- name: Build and run Replication tests
run: |
chown -R 1000:1000 `pwd`
ls -al src/test/resources/security/plugin
su `id -un 1000` -c "whoami && java -version && ./gradlew --refresh-dependencies clean release -Dbuild.snapshot=true -Psecurity=true"
- name: Upload failed logs
uses: actions/upload-artifact@v2
if: failure()
with:
name: logs
path: |
build/testclusters/integTest-*/logs/*
build/testclusters/leaderCluster-*/logs/*
build/testclusters/followCluster-*/logs/*
- name: Create Artifact Path
run: |
mkdir -p cross-cluster-replication-artifacts
cp ./build/distributions/*.zip cross-cluster-replication-artifacts
- name: Uploads coverage
with:
fetch-depth: 2
uses: codecov/[email protected]
knn-build-linux:
needs: [req, Get-CI-Image-Tag]
if: ${{ 'True' == needs.req.outputs.isKnnPluginAvailable }}
# Job name
name: Build and Run Knn tests
runs-on: ubuntu-latest
container:
# using the same image which is used by opensearch-build team to build the OpenSearch Distribution
# this image tag is subject to change as more dependencies and updates will arrive over time
image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
# need to switch to root so that github actions can install runner binary on container without permission issues.
options: --user root
steps:
# This step uses the setup-java Github action: https://github.com/actions/setup-java
- name: Set Up JDK 17
uses: actions/setup-java@v1
with:
java-version: 17
# This step uses the checkout Github action: https://github.com/actions/checkout
- name: Checkout Branch
uses: actions/checkout@v2
- name: Build and run Replication tests
run: |
chown -R 1000:1000 `pwd`
su `id -un 1000` -c 'whoami && java -version && ./gradlew --refresh-dependencies clean release -Dbuild.snapshot=true -PnumNodes=1 -Dtests.class=org.opensearch.replication.BasicReplicationIT -Dtests.method="test knn index replication" -Pknn=true'
- name: Upload failed logs
uses: actions/upload-artifact@v2
if: failure()
with:
name: logs
path: |
build/testclusters/integTest-*/logs/*
build/testclusters/leaderCluster-*/logs/*
build/testclusters/followCluster-*/logs/*
- name: Create Artifact Path
run: |
mkdir -p cross-cluster-replication-artifacts
cp ./build/distributions/*.zip cross-cluster-replication-artifacts
- name: Uploads coverage
with:
fetch-depth: 2
uses: codecov/[email protected]