-
Notifications
You must be signed in to change notification settings - Fork 125
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Martin Gaievski <gaievski@amazon.com>
- Loading branch information
1 parent
f6d3d40
commit 3e6dda3
Showing
2 changed files
with
105 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,104 @@ | ||
| name: Security test workflow for k-NN | ||
| on: | ||
| push: | ||
| branches: | ||
| - "*" | ||
| - "feature/**" | ||
| pull_request: | ||
| branches: | ||
| - "*" | ||
| - "feature/**" | ||
|
|
||
| jobs: | ||
| Build-ad: | ||
| strategy: | ||
| matrix: | ||
| java: [ 11,17 ] | ||
| os: [ubuntu-latest, macos-latest] | ||
| fail-fast: false | ||
|
|
||
| name: Security test workflow for k-NN Plugin | ||
| runs-on: ${{ matrix.os }} | ||
|
|
||
| steps: | ||
| - name: Checkout k-NN | ||
| uses: actions/checkout@v1 | ||
|
|
||
| - name: Setup Java ${{ matrix.java }} | ||
| uses: actions/setup-java@v1 | ||
| with: | ||
| java-version: ${{ matrix.java }} | ||
|
|
||
| - name: Install dependencies on ubuntu | ||
| if: startsWith(matrix.os,'ubuntu') | ||
| run: | | ||
| sudo apt-get install libopenblas-dev gfortran -y | ||
| - name: Install dependencies on macos | ||
| if: startsWith(matrix.os, 'macos') | ||
| run: | | ||
| brew reinstall gcc | ||
| export FC=/usr/local/Cellar/gcc/12.2.0/bin/gfortran | ||
| - name: Assemble k-NN | ||
| run: | | ||
| ./gradlew assemble | ||
| # example of variables: | ||
| # plugin = opensearch-knn-2.7.0.0-SNAPSHOT.zip | ||
| # version = 2.7.0 | ||
| # plugin_version = 2.7.0.0 | ||
| # qualifier = `SNAPSHOT` | ||
| - name: Pull and Run Docker | ||
| run: | | ||
| plugin=`basename $(ls build/distributions/*.zip)` | ||
| version=`echo $plugin|awk -F- '{print $3}'| cut -d. -f 1-3` | ||
| plugin_version=`echo $plugin|awk -F- '{print $3}'| cut -d. -f 1-4` | ||
| qualifier=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-1` | ||
| if [ $qualifier!=`SNAPSHOT` ] | ||
| then | ||
| docker_version=$version-$qualifier | ||
| else | ||
| docker_version=$version | ||
| fi | ||
| echo plugin version plugin_version qualifier docker_version | ||
| echo "($plugin) ($version) ($plugin_version) ($qualifier) ($docker_version)" | ||
| cd .. | ||
| if docker pull opensearchstaging/opensearch:$docker_version | ||
| then | ||
| echo "FROM opensearchstaging/opensearch:$docker_version" >> Dockerfile | ||
| # this is required knn plugin cannot be deleted until there are plugin that has dependency on it | ||
| echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-neural-search ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-neural-search; fi" >> Dockerfile | ||
| # TODO review if this is still requied | ||
| echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-performance-analyzer ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-performance-analyzer; fi" >> Dockerfile | ||
| # saving pre-built artifacts of native libraries as we can't build it with gradle assemle | ||
| echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-knn ]; then cp -r /usr/share/opensearch/plugins/opensearch-knn/lib /usr/share/opensearch/knn-libs; fi" >> Dockerfile | ||
| echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-knn ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-knn; fi" >> Dockerfile | ||
| echo "ADD k-NN/build/distributions/$plugin /tmp/" >> Dockerfile | ||
| echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin" >> Dockerfile | ||
| # moving pre-built artifacts of native libraries back to plugin folder | ||
| echo "RUN if [ -d /usr/share/opensearch/knn-libs ]; then mv /usr/share/opensearch/knn-libs /usr/share/opensearch/plugins/opensearch-knn/lib; fi" >> Dockerfile | ||
| docker build -t opensearch-knn:test . | ||
| echo "imagePresent=true" >> $GITHUB_ENV | ||
| else | ||
| echo "imagePresent=false" >> $GITHUB_ENV | ||
| fi | ||
| - name: Run Docker Image | ||
| if: env.imagePresent == 'true' | ||
| run: | | ||
| cd .. | ||
| docker run -p 9200:9200 -d -p 9600:9600 -e "discovery.type=single-node" opensearch-knn:test | ||
| sleep 90 | ||
| - name: Run k-NN Integ Test | ||
| if: env.imagePresent == 'true' | ||
| run: | | ||
| security=`curl -XGET https://localhost:9200/_cat/plugins?v -u admin:admin --insecure |grep opensearch-security|wc -l` | ||
| if [ $security -gt 0 ] | ||
| then | ||
| echo "Security plugin is available" | ||
| ./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="docker-cluster" -Dhttps=true -Duser=admin -Dpassword=admin | ||
| else | ||
| echo "Security plugin is NOT available, skipping integration tests" | ||
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters