Add check of component versions to CI

[dblock]

Description

Introduce checks into CI that verify that the versions of dependent components match OpenSearch, where possible. With this change most components go through CI checks when they get changed in the manifest to ensure that they have the correct versions. For example, this change would have caught #410.

• Extracts PropertiesFile which can now be instantiated empty, from a Dict or a file.
• Adds checks:
  • CheckGradleDependencies: runs gradlew dependencies, parses the tree and loads as PropertiesFile
  • CheckGradleDependenciesProjectOpenSearchVersion: checks that opensearch.version matches
  • CheckGradleProperties: runs gradlew properties, loads as PropertiesFile
  • CheckGradlePropertiesVersion: checks that version matches opensearch version plus .0

A handful of components (alerting, performance-analyzer-rc and security) don't have these checks enabled because they have maven or non-standard gradle commands, and don't respond to things like ./gradlew properties. Will follow-up via #437.

Check List

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov-commenter]

Codecov Report

Merging #414 (b8d4b04) into main (a9da775) will increase coverage by 2.80%.
The diff coverage is 90.25%.

@@            Coverage Diff             @@
##             main     #414      +/-   ##
==========================================
+ Coverage   59.42%   62.23%   +2.80%     
==========================================
  Files          38       45       +7     
  Lines        1119     1234     +115     
==========================================
+ Hits          665      768     +103     
- Misses        454      466      +12     

Impacted Files	Coverage Δ
bundle-workflow/src/ci.py	0.00% <0.00%> (ø)
bundle-workflow/src/ci_workflow/ci.py	57.89% <50.00%> (-27.82%)	⬇️
bundle-workflow/src/git/git_repository.py	90.69% <50.00%> (-9.31%)	⬇️
bundle-workflow/src/ci_workflow/check.py	93.33% <93.33%> (ø)
bundle-workflow/src/system/properties_file.py	97.36% <97.36%> (ø)
...ndle-workflow/src/build_workflow/build_recorder.py	98.90% <100.00%> (+0.71%)	⬆️
...kflow/src/ci_workflow/check_gradle_dependencies.py	100.00% <100.00%> (ø)
...i_workflow/check_gradle_dependencies_opensearch.py	100.00% <100.00%> (ø)
...orkflow/src/ci_workflow/check_gradle_properties.py	100.00% <100.00%> (ø)
...src/ci_workflow/check_gradle_properties_version.py	100.00% <100.00%> (ø)
... and 10 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a9da775...b8d4b04. Read the comment docs.

[peternied]

[Nit] This class seems like it is doing double duty, its got a description of a git repo, version and build target information as well as an interface for validation something about the check itself. Could resolve by making it a VersionCheck, or BuildCheck, or breaking them data fields into another object.

[dblock]

Good point. I'll refactor this separately since it's the same pattern in build_workflow and needs to be addressed at the same time.

[peternied]

[Optional] Seems like there is shared constructions between CheckGradleProperties. Might be useful to centralize concepts around gradle in one place such as having GradleCmd(self, target=':dependencies') vs GradleCmd(self, target='properties') where self is a Check or VersionCheck subclass

[dblock]

I suppose if we do more gradle commands for sure.

[peternied]

[Nit] Reshape, rename to __perform_check is abstract does the checking, add concrete check that does logging around the __perform_check call for consistency.

[dblock]

Good suggestion, but I actually don't want this logging most of the time, this method should just be a pass.

[mch2]

I understand right now only two components will use this check, but this feels like we are getting closer and closer to simply running a build with
./bundle-workflow/build.sh manifests/opensearch-1.1.0.yml.

Each component that uses this is essentially doing a full build of that component.

What if we just run the full build if there is a change to a manifest file?
Something like.

on:
  pull_request:
    paths:
       - manifests/*.yml

[dblock]

You have a point, however this is actually quite far from a full build, only some gradle runs to extract properties. Once we have maven we don't need to publish OpenSearch and common-utils to maven local, so this CI will be much faster.

If we start building everything we're going to start running out of space on workers, it will take 2 hours on GHA, etc.

[dblock]

I added running CI on manifests only in PRs, that's a good idea.

[mch2]

If we are not backporting java 11 to 1.0 branch, can we start with 11 here and make a separate job for the 1.0 manifests?

[dblock]

Everything is still on 14.

[saratvemulapalli]

I took one pass at it.
Couple of questions, overall it looks good to me.

[saratvemulapalli]

This is cryptic...

[dblock]

Trust me. It just picks all .py files that are added or modified, minus the deleted ones. It's a dev readme anyway, so you're supposed to parse regexp in your head ;)

[dblock]

I opened #442 to add a pre-commit hook.

[saratvemulapalli]

Just trying to understand:
Looks like we are only checking opensearch and its version. Why not just look for compile time dependencies instead of all of them?

Also for next steps, we should verify plugin dependencies on other plugins and make sure their versions also match the manifest.

[dblock]

Do you know how to get just those? I can open a separate PR for improving this.

[dblock]

#440 and #441

[saratvemulapalli]

Yeah a simple way is to do something like ./gradlew :dependencies --configuration compile

Eg: From our fav plugin AD

~anomaly-detection$ ./gradlew :dependencies --configuration compile

> Configure project :
=======================================
OpenSearch Build Hamster says Hello!
  Gradle Version        : 6.6.1
  OS Info               : Linux 5.4.0-1037-aws (amd64)
  JDK Version           : 14 (JDK)
  JAVA_HOME             : /usr/lib/jvm/java-14-openjdk-amd64
  Random Testing Seed   : DFA8FDF8CA53A245
  In FIPS 140 mode      : false
=======================================

> Task :dependencies

------------------------------------------------------------
Root project - OpenSearch anomaly detector plugin
------------------------------------------------------------

compile - Dependencies for source set 'main' (deprecated, use 'implementation' instead). (n)
+--- org.opensearch:opensearch:1.0.0-rc1 (n)
+--- org.opensearch:common-utils:1.0.0.0-rc1 (n)
+--- com.google.guava:guava:29.0-jre (n)
+--- org.apache.commons:commons-math3:3.6.1 (n)
+--- com.google.code.gson:gson:2.8.6 (n)
+--- com.yahoo.datasketches:sketches-core:0.13.4 (n)
+--- com.yahoo.datasketches:memory:0.12.2 (n)
+--- commons-lang:commons-lang:2.6 (n)
+--- software.amazon.randomcutforest:randomcutforest-core:1.0 (n)
+--- software.amazon.randomcutforest:randomcutforest-serialization-json:1.0 (n)
+--- org.opensearch.client:opensearch-rest-client:1.0.0-rc1 (n)
+--- org.jacoco:org.jacoco.agent:0.8.5 (n)
\--- org.jacoco:org.jacoco.ant:0.8.5 (n)

[saratvemulapalli]

Looks good to me! Thanks @dblock !!