Fixes base64 encoded hardcoded admin credentials #501
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Security and knn tests | |
# This workflow is triggered on pull requests to main branch | |
on: | |
pull_request: | |
branches: | |
- '*' | |
push: | |
branches: | |
- '*' | |
jobs: | |
Get-CI-Image-Tag: | |
uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main | |
with: | |
product: opensearch | |
req: | |
# Job name | |
name: plugin check | |
runs-on: ubuntu-latest | |
outputs: | |
isSecurityPluginAvailable: ${{ steps.plugin-availability-check.outputs.isSecurityPluginAvailable }} | |
isKnnPluginAvailable: ${{ steps.plugin-availability-check.outputs.isKnnPluginAvailable }} | |
steps: | |
# This step uses the checkout Github action: https://github.com/actions/checkout | |
- name: Checkout Branch | |
uses: actions/checkout@v2 | |
- id: plugin-availability-check | |
name: "plugin check" | |
run: | | |
opensearch_version=$(grep "System.getProperty(\"opensearch.version\", \"" build.gradle | grep '\([0-9]\|[.]\)\{5\}' -o) | |
opensearch_version=$opensearch_version".0-SNAPSHOT" | |
# we publish build artifacts to the below url | |
sec_plugin_url="https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-security/"$opensearch_version"/" | |
sec_st=$(curl -s -o /dev/null -w "%{http_code}" $sec_plugin_url) | |
if [ "$sec_st" = "200" ]; then | |
echo "isSecurityPluginAvailable=True" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
else | |
echo "isSecurityPluginAvailable=False" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
fi | |
knn_plugin_url="https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-knn/"$opensearch_version"/" | |
knn_st=$(curl -s -o /dev/null -w "%{http_code}" $knn_plugin_url) | |
if [ "$knn_st" = "200" ]; then | |
echo "isKnnPluginAvailable=True" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
else | |
echo "isKnnPluginAvailable=False" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
fi | |
build-linux: | |
needs: [req, Get-CI-Image-Tag] | |
if: ${{ 'True' == needs.req.outputs.isSecurityPluginAvailable }} | |
# Job name | |
name: Build and Run Security tests | |
runs-on: ubuntu-latest | |
container: | |
# using the same image which is used by opensearch-build team to build the OpenSearch Distribution | |
# this image tag is subject to change as more dependencies and updates will arrive over time | |
image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }} | |
# need to switch to root so that github actions can install runner binary on container without permission issues. | |
options: --user root | |
steps: | |
# This step uses the setup-java Github action: https://github.com/actions/setup-java | |
- name: Set Up JDK 17 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 17 | |
# This step uses the checkout Github action: https://github.com/actions/checkout | |
- name: Checkout Branch | |
uses: actions/checkout@v2 | |
- name: Build and run Replication tests | |
run: | | |
chown -R 1000:1000 `pwd` | |
ls -al src/test/resources/security/plugin | |
su `id -un 1000` -c "whoami && java -version && ./gradlew --refresh-dependencies clean release -Dbuild.snapshot=true -Psecurity=true" | |
- name: Upload failed logs | |
uses: actions/upload-artifact@v2 | |
if: failure() | |
with: | |
name: logs | |
path: | | |
build/testclusters/integTest-*/logs/* | |
build/testclusters/leaderCluster-*/logs/* | |
build/testclusters/followCluster-*/logs/* | |
- name: Create Artifact Path | |
run: | | |
mkdir -p cross-cluster-replication-artifacts | |
cp ./build/distributions/*.zip cross-cluster-replication-artifacts | |
- name: Uploads coverage | |
with: | |
fetch-depth: 2 | |
uses: codecov/[email protected] | |
knn-build-linux: | |
needs: [req, Get-CI-Image-Tag] | |
if: ${{ 'True' == needs.req.outputs.isKnnPluginAvailable }} | |
# Job name | |
name: Build and Run Knn tests | |
runs-on: ubuntu-latest | |
container: | |
# using the same image which is used by opensearch-build team to build the OpenSearch Distribution | |
# this image tag is subject to change as more dependencies and updates will arrive over time | |
image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }} | |
# need to switch to root so that github actions can install runner binary on container without permission issues. | |
options: --user root | |
steps: | |
# This step uses the setup-java Github action: https://github.com/actions/setup-java | |
- name: Set Up JDK 17 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 17 | |
# This step uses the checkout Github action: https://github.com/actions/checkout | |
- name: Checkout Branch | |
uses: actions/checkout@v2 | |
- name: Build and run Replication tests | |
run: | | |
chown -R 1000:1000 `pwd` | |
su `id -un 1000` -c 'whoami && java -version && ./gradlew --refresh-dependencies clean release -Dbuild.snapshot=true -PnumNodes=1 -Dtests.class=org.opensearch.replication.BasicReplicationIT -Dtests.method="test knn index replication" -Pknn=true' | |
- name: Upload failed logs | |
uses: actions/upload-artifact@v2 | |
if: failure() | |
with: | |
name: logs | |
path: | | |
build/testclusters/integTest-*/logs/* | |
build/testclusters/leaderCluster-*/logs/* | |
build/testclusters/followCluster-*/logs/* | |
- name: Create Artifact Path | |
run: | | |
mkdir -p cross-cluster-replication-artifacts | |
cp ./build/distributions/*.zip cross-cluster-replication-artifacts | |
- name: Uploads coverage | |
with: | |
fetch-depth: 2 | |
uses: codecov/[email protected] |