Skip to content

[DRAFT] Add a base setup for resource access evaluation and adds a sample plugin #662

[DRAFT] Add a base setup for resource access evaluation and adds a sample plugin

[DRAFT] Add a base setup for resource access evaluation and adds a sample plugin #662

Workflow file for this run

name: CI
on:
push:
branches:
- main
- 1.*
- 2.*
pull_request:
env:
GRADLE_OPTS: -Dhttp.keepAlive=false
CI_ENVIRONMENT: normal
jobs:
generate-test-list:
runs-on: ubuntu-latest
outputs:
separateTestsNames: ${{ steps.set-matrix.outputs.separateTestsNames }}
steps:
- name: Set up JDK for build and test
uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 21
- name: Checkout security
uses: actions/checkout@v4
- name: Generate list of tasks
id: set-matrix
run: |
echo "separateTestsNames=$(./gradlew listTasksAsJSON -q --console=plain | tail -n 1)" >> $GITHUB_OUTPUT
test:
name: test
needs: generate-test-list
strategy:
fail-fast: false
matrix:
gradle_task: ${{ fromJson(needs.generate-test-list.outputs.separateTestsNames) }}
platform: [windows-latest, ubuntu-latest]
jdk: [21]
runs-on: ${{ matrix.platform }}
steps:
- name: Set up JDK for build and test
uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: ${{ matrix.jdk }}
- name: Checkout security
uses: actions/checkout@v4
- name: Build and Test
uses: gradle/gradle-build-action@v3
with:
cache-disabled: true
arguments: |
${{ matrix.gradle_task }} -Dbuild.snapshot=false
- uses: actions/upload-artifact@v4
if: always()
with:
name: ${{ matrix.platform }}-JDK${{ matrix.jdk }}-${{ matrix.gradle_task }}-reports
path: |
./build/reports/
report-coverage:
needs: ["test", "integration-tests"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
path: downloaded-artifacts
- name: Display structure of downloaded files
run: ls -R
working-directory: downloaded-artifacts
- name: Upload Coverage with retry
uses: Wandalen/wretry.action@v3.7.2
with:
attempt_limit: 5
attempt_delay: 2000
action: codecov/codecov-action@v4
with: |
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
verbose: true
integration-tests:
name: integration-tests
strategy:
fail-fast: false
matrix:
jdk: [21]
platform: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.platform }}
steps:
- name: Set up JDK for build and test
uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: ${{ matrix.jdk }}
- name: Checkout security
uses: actions/checkout@v4
- name: Build and Test
uses: gradle/gradle-build-action@v3
with:
cache-disabled: true
arguments: |
integrationTest -Dbuild.snapshot=false
- uses: actions/upload-artifact@v4
if: always()
with:
name: integration-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
path: |
./build/reports/
resource-tests:
env:
CI_ENVIRONMENT: resource-test
strategy:
fail-fast: false
matrix:
jdk: [21]
platform: [ubuntu-latest]
runs-on: ${{ matrix.platform }}
steps:
- name: Set up JDK for build and test
uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: ${{ matrix.jdk }}
- name: Checkout security
uses: actions/checkout@v4
- name: Build and Test
uses: gradle/gradle-build-action@v3
with:
cache-disabled: true
arguments: |
integrationTest -Dbuild.snapshot=false --tests org.opensearch.security.ResourceFocusedTests
backward-compatibility-build:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 21
- name: Checkout Security Repo
uses: actions/checkout@v4
- name: Build BWC tests
uses: gradle/gradle-build-action@v3
with:
cache-disabled: true
arguments: |
-p bwc-test build -x test -x integTest
backward-compatibility:
strategy:
fail-fast: false
matrix:
jdk: [11, 17]
platform: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: ${{ matrix.jdk }}
- name: Checkout Security Repo
uses: actions/checkout@v4
- id: build-previous
uses: ./.github/actions/run-bwc-suite
with:
plugin-previous-branch: "2.x"
plugin-next-branch: "current_branch"
report-artifact-name: bwc-${{ matrix.platform }}-jdk${{ matrix.jdk }}
username: admin
password: admin
code-ql:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 21
- uses: github/codeql-action/init@v3
with:
languages: java
- run: ./gradlew clean assemble
- uses: github/codeql-action/analyze@v3
build-artifact-names:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 21
- run: |
security_plugin_version=$(./gradlew properties -q | grep -E '^version:' | awk '{print $2}')
security_plugin_version_no_snapshot=$(echo $security_plugin_version | sed 's/-SNAPSHOT//g')
security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot | cut -d- -f1)
test_qualifier=alpha2
echo "SECURITY_PLUGIN_VERSION=$security_plugin_version" >> $GITHUB_ENV
echo "SECURITY_PLUGIN_VERSION_NO_SNAPSHOT=$security_plugin_version_no_snapshot" >> $GITHUB_ENV
echo "SECURITY_PLUGIN_VERSION_ONLY_NUMBER=$security_plugin_version_only_number" >> $GITHUB_ENV
echo "TEST_QUALIFIER=$test_qualifier" >> $GITHUB_ENV
- run: |
echo ${{ env.SECURITY_PLUGIN_VERSION }}
echo ${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}
echo ${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}
echo ${{ env.TEST_QUALIFIER }}
- run: ./gradlew clean assemble && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip
- run: ./gradlew clean assemble -Dbuild.snapshot=false && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}.zip
- run: ./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}.zip
- run: ./gradlew clean assemble -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}-SNAPSHOT.zip
- run: ./gradlew clean publishPluginZipPublicationToZipStagingRepository && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.pom
- name: List files in the build directory if there was an error
run: ls -al ./build/distributions/
if: failure()