[Feature/Extension] Restrict OBO token's usage for certain endpoints #7812

Workflow file for this run

	name: CI

	on: [push, pull_request]

	env:
	GRADLE_OPTS: -Dhttp.keepAlive=false

	jobs:
	generate-test-list:
	runs-on: ubuntu-latest
	outputs:
	separateTestsNames: ${{ steps.set-matrix.outputs.separateTestsNames }}
	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v2
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: 17

	- name: Checkout security
	uses: actions/checkout@v2

	- name: Generate list of tasks
	id: set-matrix
	run: \|
	echo "separateTestsNames=$(./gradlew listTasksAsJSON -q --console=plain \| tail -n 1)" >> $GITHUB_OUTPUT

	test:
	name: test
	needs: generate-test-list
	strategy:
	fail-fast: false
	matrix:
	gradle_task: ${{ fromJson(needs.generate-test-list.outputs.separateTestsNames) }}
	platform: [windows-latest, ubuntu-latest]
	jdk: [11, 17]
	runs-on: ${{ matrix.platform }}

	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v2
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v2

	- name: Build and Test
	uses: gradle/gradle-build-action@v2
	with:
	arguments: \|
	${{ matrix.gradle_task }} -Dbuild.snapshot=false
	-x test

	- name: Coverage
	uses: codecov/codecov-action@v1
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	files: ./build/reports/jacoco/test/jacocoTestReport.xml

	- uses: actions/upload-artifact@v3
	if: always()
	with:
	name: ${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
	path: \|
	./build/reports/

	- name: check archive for debugging
	if: always()
	run: echo "Check the artifact ${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports for detailed test results"

	integration-tests:
	name: integration-tests
	strategy:
	fail-fast: false
	matrix:
	jdk: [17]
	platform: [ubuntu-latest, windows-latest]
	runs-on: ${{ matrix.platform }}

	steps:
	- name: Set up JDK for build and test
	uses: actions/setup-java@v2
	with:
	distribution: temurin # Temurin is a distribution of adoptium
	java-version: ${{ matrix.jdk }}

	- name: Checkout security
	uses: actions/checkout@v2

	- name: Build and Test
	uses: gradle/gradle-build-action@v2
	continue-on-error: true # Until retries are enable do not fail the workflow https://github.com/opensearch-project/security/issues/2184
	with:
	arguments: \|
	integrationTest -Dbuild.snapshot=false

	backward-compatibility:
	strategy:
	fail-fast: false
	matrix:
	jdk: [11, 17]
	platform: [ubuntu-latest, windows-latest]
	runs-on: ${{ matrix.platform }}

	steps:
	- uses: actions/setup-java@v1
	with:
	java-version: ${{ matrix.jdk }}

	- name: Checkout Security Repo
	uses: actions/checkout@v2

	- id: build-previous
	uses: ./.github/actions/run-bwc-suite
	with:
	plugin-previous-branch: "2.x"
	plugin-next-branch: "current_branch"
	report-artifact-name: bwc-${{ matrix.platform }}-jdk${{ matrix.jdk }}

	code-ql:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- uses: actions/setup-java@v1
	with:
	java-version: 11
	- uses: github/codeql-action/init@v1
	with:
	languages: java
	- run: ./gradlew clean build -Dbuild.snapshot=false -x test -x integrationTest
	- uses: github/codeql-action/analyze@v1

	build-artifact-names:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2

	- uses: actions/setup-java@v1
	with:
	java-version: 11

	- run: \|
	security_plugin_version=$(./gradlew properties -q \| grep -E '^version:' \| awk '{print $2}')
	security_plugin_version_no_snapshot=$(echo $security_plugin_version \| sed 's/-SNAPSHOT//g')
	security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot \| cut -d- -f1)
	test_qualifier=alpha2

	echo "SECURITY_PLUGIN_VERSION=$security_plugin_version" >> $GITHUB_ENV
	echo "SECURITY_PLUGIN_VERSION_NO_SNAPSHOT=$security_plugin_version_no_snapshot" >> $GITHUB_ENV
	echo "SECURITY_PLUGIN_VERSION_ONLY_NUMBER=$security_plugin_version_only_number" >> $GITHUB_ENV
	echo "TEST_QUALIFIER=$test_qualifier" >> $GITHUB_ENV

	- run: \|
	echo ${{ env.SECURITY_PLUGIN_VERSION }}
	echo ${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}
	echo ${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}
	echo ${{ env.TEST_QUALIFIER }}

	- run: ./gradlew clean assemble && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip

	- run: ./gradlew clean assemble -Dbuild.snapshot=false && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}.zip

	- run: ./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}.zip

	- run: ./gradlew clean assemble -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}-SNAPSHOT.zip

	- name: List files in the build directory if there was an error
	run: ls -al ./build/distributions/
	if: failure()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Feature/Extension] Restrict OBO token's usage for certain endpoints #7812

Workflow file

[Feature/Extension] Restrict OBO token's usage for certain endpoints #7812

Jobs

Run details

Workflow file for this run