diff --git a/.github/workflows/CI-workflow.yml b/.github/workflows/CI-workflow.yml index 4f8b27e272..c9012ef6a2 100644 --- a/.github/workflows/CI-workflow.yml +++ b/.github/workflows/CI-workflow.yml @@ -7,6 +7,11 @@ on: push: branches: - "*" + +permissions: + id-token: write + contents: read + jobs: Build-ml: strategy: @@ -14,6 +19,8 @@ jobs: java: [11, 17, 20] name: Build and Test MLCommons Plugin + if: github.repository == 'opensearch-project/ml-commons' + environment: ml-commons-cicd-env runs-on: ubuntu-latest steps: @@ -22,6 +29,11 @@ jobs: with: java-version: ${{ matrix.java }} + - uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.ML_ROLE }} + aws-region: us-west-2 + # ml-commons - name: Checkout MLCommons uses: actions/checkout@v2 @@ -34,7 +46,12 @@ jobs: ./gradlew publishToMavenLocal - name: Multi Nodes Integration Testing run: | + export OPENAI_KEY=$(aws secretsmanager get-secret-value --secret-id github_openai_key --query SecretString --output text) + export COHERE_KEY=$(aws secretsmanager get-secret-value --secret-id github_cohere_key --query SecretString --output text) + echo "::add-mask::$OPENAI_KEY" + echo "::add-mask::$COHERE_KEY" ./gradlew integTest -PnumNodes=3 + - name: Pull and Run Docker run: | plugin=`basename $(ls plugin/build/distributions/*.zip)` @@ -71,6 +88,10 @@ jobs: if: env.imagePresent == 'true' run: | security=`curl -XGET https://localhost:9200/_cat/plugins?v -u admin:admin --insecure |grep opensearch-security|wc -l` + export OPENAI_KEY=$(aws secretsmanager get-secret-value --secret-id github_openai_key --query SecretString --output text) + export COHERE_KEY=$(aws secretsmanager get-secret-value --secret-id github_cohere_key --query SecretString --output text) + echo "::add-mask::$OPENAI_KEY" + echo "::add-mask::$COHERE_KEY" if [ $security -gt 0 ] then echo "Security plugin is available" @@ -91,6 +112,8 @@ jobs: matrix: java: [11, 17, 20] name: Build and Test MLCommons Plugin on Windows + if: github.repository == 'opensearch-project/ml-commons' + environment: ml-commons-cicd-env runs-on: windows-latest steps: @@ -99,6 +122,11 @@ jobs: with: java-version: ${{ matrix.java }} +# - uses: aws-actions/configure-aws-credentials@v2 +# with: +# role-to-assume: ${{ secrets.ML_ROLE }} +# aws-region: us-west-2 + # ml-commons - name: Checkout MLCommons uses: actions/checkout@v2 @@ -111,4 +139,8 @@ jobs: ./gradlew publishToMavenLocal # - name: Multi Nodes Integration Testing # run: | +# export OPENAI_KEY=$(aws secretsmanager get-secret-value --secret-id github_openai_key --query SecretString --output text) +# export COHERE_KEY=$(aws secretsmanager get-secret-value --secret-id github_cohere_key --query SecretString --output text) +# echo "::add-mask::$OPENAI_KEY" +# echo "::add-mask::$COHERE_KEY" # ./gradlew integTest -PnumNodes=3 diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml deleted file mode 100644 index cf30ea89dc..0000000000 --- a/.github/workflows/dco.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: Developer Certificate of Origin Check - -on: [pull_request] - -jobs: - check: - runs-on: ubuntu-latest - - steps: - - name: Get PR Commits - id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.1.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: DCO Check - uses: tim-actions/dco@v1.1.0 - with: - commits: ${{ steps.get-pr-commits.outputs.commits }}