[PR]Ensure Github workflow runs on docker image used by Production Distribution Build #2123
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Security Test Workflow | |
# This workflow is triggered on pull requests and pushes to main or an OpenSearch release branch | |
on: | |
pull_request: | |
branches: | |
- "*" | |
push: | |
branches: | |
- "*" | |
jobs: | |
Get-CI-Image-Tag: | |
uses: ./.github/workflows/get-ci-image-tag.yml | |
with: | |
platform: centos7 | |
usage: opensearch | |
build-linux: | |
needs: Get-CI-Image-Tag | |
strategy: | |
matrix: | |
java: [ 11, 17 ] | |
# Job name | |
name: Build and test Alerting | |
# This job runs on Linux | |
runs-on: ubuntu-latest | |
container: | |
# using the same image which is used by opensearch-build team to build the OpenSearch Distribution | |
# this image tag is subject to change as more dependencies and updates will arrive over time | |
image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }} | |
# need to switch to root so that github actions can install runner binary on container without permission issues. | |
options: --user root | |
steps: | |
# This step uses the checkout Github action: https://github.com/actions/checkout | |
- name: Checkout Branch | |
uses: actions/checkout@v2 | |
# This step uses the setup-java Github action: https://github.com/actions/setup-java | |
- name: Set Up JDK ${{ matrix.java }} | |
uses: actions/setup-java@v1 | |
with: | |
java-version: ${{ matrix.java }} | |
- name: Build Alerting | |
# Only assembling since the full build is governed by other workflows | |
run: | | |
chown -R opensearch.opensearch `pwd` | |
su opensearch -c "whoami && java -version && ./gradlew assemble" | |
- name: Pull and Run Docker | |
run: | | |
plugin=`basename $(ls alerting/build/distributions/*.zip)` | |
list_of_files=`ls` | |
list_of_all_files=`ls alerting/build/distributions/` | |
version=`echo $plugin|awk -F- '{print $3}'| cut -d. -f 1-3` | |
plugin_version=`echo $plugin|awk -F- '{print $3}'| cut -d. -f 1-4` | |
qualifier=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-1` | |
candidate_version=`echo $plugin|awk -F- '{print $5}'| cut -d. -f 1-1` | |
if qualifier | |
then | |
docker_version=$version-$qualifier | |
else | |
docker_version=$version | |
fi | |
[[ -z $candidate_version ]] && candidate_version=$qualifier && qualifier="" | |
echo plugin version plugin_version qualifier candidate_version docker_version | |
echo "($plugin) ($version) ($plugin_version) ($qualifier) ($candidate_version) ($docker_version)" | |
echo $ls $list_of_all_files | |
if docker pull opensearchstaging/opensearch:$docker_version | |
then | |
echo "FROM opensearchstaging/opensearch:$docker_version" >> Dockerfile | |
echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-alerting ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-alerting; fi" >> Dockerfile | |
echo "ADD alerting/build/distributions/$plugin /tmp/" >> Dockerfile | |
echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin" >> Dockerfile | |
docker build -t opensearch-alerting:test . | |
echo "imagePresent=true" >> $GITHUB_ENV | |
else | |
echo "imagePresent=false" >> $GITHUB_ENV | |
fi | |
- name: Run Docker Image | |
if: env.imagePresent == 'true' | |
run: | | |
cd .. | |
docker run -p 9200:9200 -d -p 9600:9600 -e "discovery.type=single-node" opensearch-alerting:test | |
sleep 120 | |
- name: Run Alerting Test for security enabled test cases | |
if: env.imagePresent == 'true' | |
run: | | |
cluster_running=`curl -XGET https://localhost:9200/_cat/plugins -u admin:admin --insecure` | |
echo $cluster_running | |
security=`curl -XGET https://localhost:9200/_cat/plugins -u admin:admin --insecure |grep opensearch-security|wc -l` | |
echo $security | |
if [ $security -gt 0 ] | |
then | |
echo "Security plugin is available" | |
chown -R opensearch.opensearch `pwd` | |
su opensearch -c "whoami && java -version && ./gradlew :alerting:integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=admin" | |
else | |
echo "Security plugin is NOT available skipping this run as tests without security have already been run" | |
fi |