[DRAFT] Add a base setup for resource access evaluation and adds a sample plugin #662
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
- 1.* | |
- 2.* | |
pull_request: | |
env: | |
GRADLE_OPTS: -Dhttp.keepAlive=false | |
CI_ENVIRONMENT: normal | |
jobs: | |
generate-test-list: | |
runs-on: ubuntu-latest | |
outputs: | |
separateTestsNames: ${{ steps.set-matrix.outputs.separateTestsNames }} | |
steps: | |
- name: Set up JDK for build and test | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: 21 | |
- name: Checkout security | |
uses: actions/checkout@v4 | |
- name: Generate list of tasks | |
id: set-matrix | |
run: | | |
echo "separateTestsNames=$(./gradlew listTasksAsJSON -q --console=plain | tail -n 1)" >> $GITHUB_OUTPUT | |
test: | |
name: test | |
needs: generate-test-list | |
strategy: | |
fail-fast: false | |
matrix: | |
gradle_task: ${{ fromJson(needs.generate-test-list.outputs.separateTestsNames) }} | |
platform: [windows-latest, ubuntu-latest] | |
jdk: [21] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Set up JDK for build and test | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: ${{ matrix.jdk }} | |
- name: Checkout security | |
uses: actions/checkout@v4 | |
- name: Build and Test | |
uses: gradle/gradle-build-action@v3 | |
with: | |
cache-disabled: true | |
arguments: | | |
${{ matrix.gradle_task }} -Dbuild.snapshot=false | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: ${{ matrix.platform }}-JDK${{ matrix.jdk }}-${{ matrix.gradle_task }}-reports | |
path: | | |
./build/reports/ | |
report-coverage: | |
needs: ["test", "integration-tests"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
path: downloaded-artifacts | |
- name: Display structure of downloaded files | |
run: ls -R | |
working-directory: downloaded-artifacts | |
- name: Upload Coverage with retry | |
uses: Wandalen/wretry.action@v3.7.2 | |
with: | |
attempt_limit: 5 | |
attempt_delay: 2000 | |
action: codecov/codecov-action@v4 | |
with: | | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: true | |
verbose: true | |
integration-tests: | |
name: integration-tests | |
strategy: | |
fail-fast: false | |
matrix: | |
jdk: [21] | |
platform: [ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Set up JDK for build and test | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: ${{ matrix.jdk }} | |
- name: Checkout security | |
uses: actions/checkout@v4 | |
- name: Build and Test | |
uses: gradle/gradle-build-action@v3 | |
with: | |
cache-disabled: true | |
arguments: | | |
integrationTest -Dbuild.snapshot=false | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: integration-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports | |
path: | | |
./build/reports/ | |
resource-tests: | |
env: | |
CI_ENVIRONMENT: resource-test | |
strategy: | |
fail-fast: false | |
matrix: | |
jdk: [21] | |
platform: [ubuntu-latest] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- name: Set up JDK for build and test | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: ${{ matrix.jdk }} | |
- name: Checkout security | |
uses: actions/checkout@v4 | |
- name: Build and Test | |
uses: gradle/gradle-build-action@v3 | |
with: | |
cache-disabled: true | |
arguments: | | |
integrationTest -Dbuild.snapshot=false --tests org.opensearch.security.ResourceFocusedTests | |
backward-compatibility-build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: 21 | |
- name: Checkout Security Repo | |
uses: actions/checkout@v4 | |
- name: Build BWC tests | |
uses: gradle/gradle-build-action@v3 | |
with: | |
cache-disabled: true | |
arguments: | | |
-p bwc-test build -x test -x integTest | |
backward-compatibility: | |
strategy: | |
fail-fast: false | |
matrix: | |
jdk: [11, 17] | |
platform: [ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.platform }} | |
steps: | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: ${{ matrix.jdk }} | |
- name: Checkout Security Repo | |
uses: actions/checkout@v4 | |
- id: build-previous | |
uses: ./.github/actions/run-bwc-suite | |
with: | |
plugin-previous-branch: "2.x" | |
plugin-next-branch: "current_branch" | |
report-artifact-name: bwc-${{ matrix.platform }}-jdk${{ matrix.jdk }} | |
username: admin | |
password: admin | |
code-ql: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: 21 | |
- uses: github/codeql-action/init@v3 | |
with: | |
languages: java | |
- run: ./gradlew clean assemble | |
- uses: github/codeql-action/analyze@v3 | |
build-artifact-names: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: temurin # Temurin is a distribution of adoptium | |
java-version: 21 | |
- run: | | |
security_plugin_version=$(./gradlew properties -q | grep -E '^version:' | awk '{print $2}') | |
security_plugin_version_no_snapshot=$(echo $security_plugin_version | sed 's/-SNAPSHOT//g') | |
security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot | cut -d- -f1) | |
test_qualifier=alpha2 | |
echo "SECURITY_PLUGIN_VERSION=$security_plugin_version" >> $GITHUB_ENV | |
echo "SECURITY_PLUGIN_VERSION_NO_SNAPSHOT=$security_plugin_version_no_snapshot" >> $GITHUB_ENV | |
echo "SECURITY_PLUGIN_VERSION_ONLY_NUMBER=$security_plugin_version_only_number" >> $GITHUB_ENV | |
echo "TEST_QUALIFIER=$test_qualifier" >> $GITHUB_ENV | |
- run: | | |
echo ${{ env.SECURITY_PLUGIN_VERSION }} | |
echo ${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }} | |
echo ${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }} | |
echo ${{ env.TEST_QUALIFIER }} | |
- run: ./gradlew clean assemble && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip | |
- run: ./gradlew clean assemble -Dbuild.snapshot=false && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}.zip | |
- run: ./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}.zip | |
- run: ./gradlew clean assemble -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}-SNAPSHOT.zip | |
- run: ./gradlew clean publishPluginZipPublicationToZipStagingRepository && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.pom | |
- name: List files in the build directory if there was an error | |
run: ls -al ./build/distributions/ | |
if: failure() |