From 800e067912edd6a3e05e8f31791e972c8a4a592b Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Wed, 24 Jul 2024 18:56:09 -0700 Subject: [PATCH] Add github action for security enabled integ tests (#48) (#50) (cherry picked from commit 2efd7aef9f6c33cf0a6ef1d14212ec41c3e326ea) Signed-off-by: Chenyang Ji Signed-off-by: github-actions[bot] Co-authored-by: github-actions[bot] --- .../workflows/integ-tests-with-security.yml | 90 +++++++++++++++++++ build.gradle | 5 +- 2 files changed, 92 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/integ-tests-with-security.yml diff --git a/.github/workflows/integ-tests-with-security.yml b/.github/workflows/integ-tests-with-security.yml new file mode 100644 index 00000000..8bd90edc --- /dev/null +++ b/.github/workflows/integ-tests-with-security.yml @@ -0,0 +1,90 @@ +name: Security Plugin IT + +on: + pull_request: + push: + branches-ignore: + - 'dependabot/**' + paths: + - 'integ-test/**' + - '.github/workflows/integ-tests-with-security.yml' + +jobs: + Get-CI-Image-Tag: + uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main + with: + product: opensearch + + security-it-linux: + needs: Get-CI-Image-Tag + strategy: + fail-fast: false + matrix: + java: [ 11, 17, 21 ] + env: + ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true + runs-on: ubuntu-latest + container: + # using the same image which is used by opensearch-build team to build the OpenSearch Distribution + # this image tag is subject to change as more dependencies and updates will arrive over time + image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }} + # need to switch to root so that github actions can install runner binary on container without permission issues. + options: --user root + + steps: + - uses: actions/checkout@v3 + + - name: Set up JDK ${{ matrix.java }} + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: ${{ matrix.java }} + + - name: Build with Gradle + run: | + chown -R 1000:1000 `pwd` + su `id -un 1000` -c "./gradlew integTestWithSecurity" + + - name: Upload test reports + if: ${{ always() }} + uses: actions/upload-artifact@v2 + continue-on-error: true + with: + name: test-reports-${{ matrix.os }}-${{ matrix.java }} + path: | + integ-test/build/reports/** + integ-test/build/testclusters/*/logs/* + integ-test/build/testclusters/*/config/* + + security-it-windows-macos: + strategy: + fail-fast: false + matrix: + os: [ windows-latest, macos-13 ] + java: [ 11, 17, 21 ] + + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v3 + + - name: Set up JDK ${{ matrix.java }} + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: ${{ matrix.java }} + + - name: Build with Gradle + run: ./gradlew integTestWithSecurity + + - name: Upload test reports + if: ${{ always() }} + uses: actions/upload-artifact@v2 + continue-on-error: true + with: + name: test-reports-${{ matrix.os }}-${{ matrix.java }} + path: | + integ-test/build/reports/** + integ-test/build/testclusters/*/logs/* + integ-test/build/testclusters/*/config/* + diff --git a/build.gradle b/build.gradle index d3427b30..ed6214a3 100644 --- a/build.gradle +++ b/build.gradle @@ -198,6 +198,7 @@ test { tasks.named("check").configure { dependsOn(integTest) } integTest { + useCluster testClusters.integTest // The --debug-jvm command-line option makes the cluster debuggable; this makes the tests debuggable if (System.getProperty("test.debug") != null) { jvmArgs '-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005' @@ -243,15 +244,13 @@ integTest { filter { includeTestsMatching 'org.opensearch.plugin.insights.rules.resthandler.top_queries.TopQueriesRestIT' } + if (System.getProperty("security.enabled") == "true") { - useCluster testClusters.integTestWithSecurity getClusters().forEach { cluster -> configureSecurityPlugin(cluster) } systemProperty "user", "admin" systemProperty "password", "admin" - } else { - useCluster testClusters.integTest } }