Thorough integration tests for index API authorization #15707

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	- 1.*
	- 2.*
	pull_request:

	env:
	GRADLE_OPTS: -Dhttp.keepAlive=false
	CI_ENVIRONMENT: normal

	jobs:
	Get-CI-Image-Tag:
	uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
	with:
	product: opensearch

	generate-test-list:
	runs-on: ubuntu-latest
	outputs:
	separateTestsNames: ${{ steps.set-matrix.outputs.separateTestsNames }}
	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: 21

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Generate list of tasks
	id: set-matrix
	run: \|
	echo "separateTestsNames=$(./gradlew listTasksAsJSON -q --console=plain \| tail -n 1)" >> $GITHUB_OUTPUT

	test-windows:
	name: test
	needs: [generate-test-list]
	strategy:
	fail-fast: false
	matrix:
	gradle_task: ${{ fromJson(needs.generate-test-list.outputs.separateTestsNames) }}
	platform: [windows-latest]
	jdk: [21, 24]
	runs-on: ${{ matrix.platform }}

	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Build and Test
	uses: gradle/gradle-build-action@v3
	with:
	cache-disabled: true
	arguments: \|
	${{ matrix.gradle_task }} -Dbuild.snapshot=false

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: ${{ matrix.platform }}-JDK${{ matrix.jdk }}-${{ matrix.gradle_task }}-reports
	path: \|
	./build/reports/

	test-linux:
	name: test
	needs: ["generate-test-list", "Get-CI-Image-Tag"]
	strategy:
	fail-fast: false
	matrix:
	gradle_task: ${{ fromJson(needs.generate-test-list.outputs.separateTestsNames) }}
	platform: [ubuntu-latest]
	jdk: [21, 24]
	runs-on: ubuntu-latest
	container:
	# using the same image which is used by opensearch-build to build the OpenSearch Distribution
	# this image tag is subject to change as more dependencies and updates will arrive over time
	image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
	# need to switch to root so that github actions can install runner binary on container without permission issues.
	options: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-options }}

	steps:
	- name: Run start commands
	run: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-command }}
	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Build and Test
	uses: gradle/gradle-build-action@v3
	with:
	cache-disabled: true
	arguments: \|
	${{ matrix.gradle_task }} -Dbuild.snapshot=false

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: ${{ matrix.platform }}-JDK${{ matrix.jdk }}-${{ matrix.gradle_task }}-reports
	path: \|
	./build/reports/

	report-coverage:
	needs: ["test-windows", "test-linux", "integration-tests-windows", "integration-tests-linux", "spi-tests-linux", "spi-tests-windows", "sample-plugin-integration-tests-linux", "sample-plugin-integration-tests-windows"]
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	- uses: actions/download-artifact@v5
	with:
	path: downloaded-artifacts

	- name: Display structure of downloaded files
	run: ls -R
	working-directory: downloaded-artifacts

	- name: Upload Coverage with retry
	uses: Wandalen/[email protected]
	with:
	attempt_limit: 5
	attempt_delay: 2000
	action: codecov/codecov-action@v4
	with: \|
	token: ${{ secrets.CODECOV_TOKEN }}
	fail_ci_if_error: true
	verbose: true

	integration-tests-windows:
	name: integration-tests
	strategy:
	fail-fast: false
	matrix:
	jdk: [21, 24]
	platform: [windows-latest]
	runs-on: ${{ matrix.platform }}

	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Run Integration Tests
	uses: gradle/gradle-build-action@v3
	with:
	cache-disabled: true
	arguments: \|
	:integrationTest -Dbuild.snapshot=false

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: integration-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
	path: \|
	./build/reports/

	integration-tests-linux:
	name: integration-tests
	needs: ["Get-CI-Image-Tag"]
	strategy:
	fail-fast: false
	matrix:
	jdk: [21, 24]
	platform: [ubuntu-latest]
	runs-on: ubuntu-latest
	container:
	# using the same image which is used by opensearch-build team to build the OpenSearch Distribution
	# this image tag is subject to change as more dependencies and updates will arrive over time
	image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
	# need to switch to root so that github actions can install runner binary on container without permission issues.
	options: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-options }}

	steps:
	- name: Run start commands
	run: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-command }}

	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Build and Test
	uses: gradle/gradle-build-action@v3
	with:
	cache-disabled: true
	arguments: \|
	:integrationTest -Dbuild.snapshot=false

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: integration-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
	path: \|
	./build/reports/

	spi-tests-linux:
	name: spi-tests
	needs: ["Get-CI-Image-Tag"]
	strategy:
	fail-fast: false
	matrix:
	jdk: [21, 24]
	platform: [ubuntu-latest]
	runs-on: ${{ matrix.platform }}
	container:
	# using the same image which is used by opensearch-build to build the OpenSearch Distribution
	# this image tag is subject to change as more dependencies and updates will arrive over time
	image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
	# need to switch to root so that github actions can install runner binary on container without permission issues.
	options: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-options }}

	steps:
	- name: Run start commands
	run: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-command }}

	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Run SPI Tests
	uses: gradle/gradle-build-action@v3
	with:
	cache-disabled: true
	arguments: \|
	:opensearch-security-spi:test -Dbuild.snapshot=false

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: spi-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
	path: \|
	./build/reports/

	spi-tests-windows:
	name: spi-tests
	strategy:
	fail-fast: false
	matrix:
	jdk: [21, 24]
	platform: [windows-latest]
	runs-on: ${{ matrix.platform }}

	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Run SPI Tests
	uses: gradle/gradle-build-action@v3
	with:
	cache-disabled: true
	arguments: \|
	:opensearch-security-spi:test -Dbuild.snapshot=false

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: spi-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
	path: \|
	./build/reports/

	sample-plugin-integration-tests-linux:
	name: sample-plugin-integration-tests
	needs: [ "Get-CI-Image-Tag" ]
	strategy:
	fail-fast: false
	matrix:
	jdk: [21,24]
	platform: [ubuntu-latest]
	runs-on: ${{ matrix.platform }}
	container:
	# using the same image which is used by opensearch-build team to build the OpenSearch Distribution
	# this image tag is subject to change as more dependencies and updates will arrive over time
	image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
	# need to switch to root so that github actions can install runner binary on container without permission issues.
	options: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-options }}

	steps:
	- name: Run start commands
	run: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-command }}

	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Run SampleResourcePlugin Integration Tests
	uses: gradle/gradle-build-action@v3
	with:
	arguments: \|
	:opensearch-sample-resource-plugin:integrationTest -Dbuild.snapshot=false

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: sample-plugin-integration-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
	path: \|
	./sample-resource-plugin/build/reports/

	sample-plugin-integration-tests-windows:
	name: sample-plugin-integration-tests
	strategy:
	fail-fast: false
	matrix:
	jdk: [21, 24]
	platform: [windows-latest]
	runs-on: ${{ matrix.platform }}

	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Run SampleResourcePlugin Integration Tests
	uses: gradle/gradle-build-action@v3
	with:
	arguments: \|
	:opensearch-sample-resource-plugin:integrationTest -Dbuild.snapshot=false

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: sample-plugin-integration-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
	path: \|
	./sample-resource-plugin/build/reports/

	resource-tests:
	env:
	CI_ENVIRONMENT: resource-test
	strategy:
	fail-fast: false
	matrix:
	jdk: [21, 24]
	platform: [ubuntu-latest]
	runs-on: ${{ matrix.platform }}

	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v5

	- name: Run Resource Tests
	uses: gradle/gradle-build-action@v3
	with:
	cache-disabled: true
	arguments: \|
	:integrationTest -Dbuild.snapshot=false --tests org.opensearch.security.ResourceFocusedTests

	backward-compatibility-build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: 21

	- name: Checkout Security Repo
	uses: actions/checkout@v5

	- name: Build BWC tests
	uses: gradle/gradle-build-action@v3
	with:
	cache-disabled: true
	arguments: \|
	-p bwc-test build -x test -x integTest

	backward-compatibility:
	strategy:
	fail-fast: false
	matrix:
	jdk: [11, 17]
	platform: [ubuntu-latest, windows-latest]
	runs-on: ${{ matrix.platform }}

	steps:
	- uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout Security Repo
	uses: actions/checkout@v5

	- id: build-previous
	uses: ./.github/actions/run-bwc-suite
	with:
	plugin-previous-branch: "2.19"
	plugin-next-branch: "current_branch"
	report-artifact-name: bwc-${{ matrix.platform }}-jdk${{ matrix.jdk }}
	username: admin
	password: admin

	code-ql:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	- uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: 21
	- uses: github/codeql-action/init@v3
	with:
	languages: java
	- run: ./gradlew clean assemble
	- uses: github/codeql-action/analyze@v3

	build-health:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	- uses: actions/setup-java@v5
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: 21
	- run: ./gradlew clean buildHealth

	- uses: actions/upload-artifact@v4
	if: always()
	with:
	name: dependency-analysis
	path: \|
	./build/reports/dependency-analysis/

	build-artifact-names:
	runs-on: ubuntu-latest
	steps:
	- name: Setup Environment
	uses: actions/checkout@v5

	- name: Configure Java
	uses: actions/setup-java@v5
	with:
	distribution: temurin
	java-version: 21

	- name: Build and Test Artifacts
	run: \|
	# Set version variables
	security_plugin_version=$(./gradlew properties -q \| grep -E '^version:' \| awk '{print $2}')
	security_plugin_version_no_snapshot=$(echo $security_plugin_version \| sed 's/-SNAPSHOT//g')
	security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot \| cut -d- -f1)
	test_qualifier=alpha2

	# Debug print versions
	echo "Versions:"
	echo $security_plugin_version
	echo $security_plugin_version_no_snapshot
	echo $security_plugin_version_only_number
	echo $test_qualifier

	# Publish SPI
	./gradlew clean :opensearch-security-spi:publishToMavenLocal && test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version.jar
	./gradlew clean :opensearch-security-spi:publishToMavenLocal -Dbuild.snapshot=false && test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version_no_snapshot.jar
	./gradlew clean :opensearch-security-spi:publishToMavenLocal -Dbuild.snapshot=false -Dbuild.version_qualifier=$test_qualifier && test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version_only_number-$test_qualifier.jar
	./gradlew clean :opensearch-security-spi:publishToMavenLocal -Dbuild.version_qualifier=$test_qualifier && test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version_only_number-$test_qualifier-SNAPSHOT.jar

	# Build artifacts
	./gradlew clean assemble && \
	test -s ./build/distributions/opensearch-security-$security_plugin_version.zip && \
	test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version.jar

	./gradlew clean assemble -Dbuild.snapshot=false && \
	test -s ./build/distributions/opensearch-security-$security_plugin_version_no_snapshot.zip && \
	test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version_no_snapshot.jar

	./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=$test_qualifier && \
	test -s ./build/distributions/opensearch-security-$security_plugin_version_only_number-$test_qualifier.zip && \
	test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version_only_number-$test_qualifier.jar

	./gradlew clean assemble -Dbuild.version_qualifier=$test_qualifier && \
	test -s ./build/distributions/opensearch-security-$security_plugin_version_only_number-$test_qualifier-SNAPSHOT.zip && \
	test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version_only_number-$test_qualifier-SNAPSHOT.jar

	./gradlew clean publishPluginZipPublicationToZipStagingRepository && \
	test -s ./build/distributions/opensearch-security-$security_plugin_version.zip && \
	test -s ./build/distributions/opensearch-security-$security_plugin_version.pom && \
	test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version.jar

	./gradlew clean publishShadowPublicationToMavenLocal && \
	test -s ./spi/build/libs/opensearch-security-spi-$security_plugin_version.jar

	- name: List files in build directory on failure
	if: failure()
	run: ls -al ./*/build/libs/ ./build/distributions/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Thorough integration tests for index API authorization #15707

Workflow file

Thorough integration tests for index API authorization #15707

Uh oh!

Jobs

Run details

Workflow file for this run