forked from opensearch-project/index-management
-
Notifications
You must be signed in to change notification settings - Fork 0
103 lines (98 loc) · 4.26 KB
/
docker-security-test-workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Docker Security Test Workflow
on:
pull_request:
branches:
- "**"
push:
branches:
- "**"
jobs:
docker-test:
# This job runs on Linux
runs-on: ubuntu-latest
steps:
- name: Set Up JDK
uses: actions/setup-java@v2
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 21
- name: Checkout Branch
uses: actions/checkout@v2
- name: Build Index Management
run: ./gradlew assemble
- name: Pull and Run Docker
run: |
plugin=`basename $(ls build/distributions/*.zip)`
list_of_files=`ls`
list_of_all_files=`ls build/distributions/`
version=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-3`
plugin_version=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-4`
qualifier=`echo $plugin|awk -F- '{print $4}'| cut -d. -f 1-1`
candidate_version=`echo $plugin|awk -F- '{print $5}'| cut -d. -f 1-1`
if qualifier
then
docker_version=$version-$qualifier
else
docker_version=$version
fi
[[ -z $candidate_version ]] && candidate_version=$qualifier && qualifier=""
echo plugin version plugin_version qualifier candidate_version docker_version
echo "($plugin) ($version) ($plugin_version) ($qualifier) ($candidate_version) ($docker_version)"
echo $ls $list_of_all_files
if docker pull opensearchstaging/opensearch:$docker_version
then
echo "FROM opensearchstaging/opensearch:$docker_version" >> Dockerfile
echo "RUN if [ -d /usr/share/opensearch/plugins/opensearch-index-management ]; then /usr/share/opensearch/bin/opensearch-plugin remove opensearch-index-management; fi" >> Dockerfile
echo "ADD build/distributions/$plugin /tmp/" >> Dockerfile
echo "RUN /usr/share/opensearch/bin/opensearch-plugin install --batch file:/tmp/$plugin" >> Dockerfile
echo "RUN echo 'path.repo: ["/usr/share/opensearch/data/repo"]' >> /usr/share/opensearch/config/opensearch.yml" >> Dockerfile
docker build -t opensearch-index-management:test .
echo "imagePresent=true" >> $GITHUB_ENV
else
echo "imagePresent=false" >> $GITHUB_ENV
fi
- name: Generate Password For Admin
id: genpass
run: |
PASSWORD=$(openssl rand -base64 20 | tr -dc 'A-Za-z0-9!@#$%^&*()_+=-')
echo "password=$PASSWORD" >> $GITHUB_OUTPUT
- name: Run Docker Image
if: env.imagePresent == 'true'
run: |
cd ..
container_id=`docker run -p 9200:9200 -d -p 9600:9600 -e "discovery.type=single-node" -e OPENSEARCH_INITIAL_ADMIN_PASSWORD=${{ steps.genpass.outputs.password }} opensearch-index-management:test`
sleep 120
echo `docker logs $container_id`
- name: Run Index Management Test for security enabled test cases
if: env.imagePresent == 'true'
run: |
container_id=`docker ps -q`
plugins=`docker exec $container_id /usr/share/opensearch/bin/opensearch-plugin list`
echo "plugins: $plugins"
security=`echo $plugins | grep opensearch-security | wc -l`
echo $security
if [ $security -gt 0 ]
then
echo "Security plugin is available"
./gradlew integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=${{ steps.genpass.outputs.password }} --tests '*SecurityBehaviorIT'
else
echo "Security plugin is NOT available skipping this run as tests without security have already been run"
fi
- name: Upload failed logs
uses: actions/upload-artifact@v2
if: failure()
with:
name: logs
path: build/testclusters/integTest-*/logs/*
- name: Collect docker logs on failure
uses: jwalton/gh-docker-logs@v2
with:
dest: './logs'
- name: Tar logs
run: tar cvzf ./logs.tgz ./logs
- name: Upload logs to GitHub
uses: actions/upload-artifact@v2
if: failure()
with:
name: logs.tgz
path: ./logs.tgz