From 0f5af7858f4159ee58df04065e142b639687f507 Mon Sep 17 00:00:00 2001 From: Andrew Ross Date: Fri, 3 Apr 2026 15:35:06 -0700 Subject: [PATCH 1/9] Move OpenSearch-specific Jenkins file from opensearch-build These files are entirely related to running CI workflows against this repository. They share nothing else in opensearch-build. They belong in this repository. Signed-off-by: Andrew Ross --- .ci/jenkins/gradle-check.jenkinsfile | 232 +++++++++++++++++++++++++++ .ci/jenkins/scripts/gradle-check.sh | 156 ++++++++++++++++++ .github/workflows/gradle-check.yml | 9 +- 3 files changed, 389 insertions(+), 8 deletions(-) create mode 100644 .ci/jenkins/gradle-check.jenkinsfile create mode 100644 .ci/jenkins/scripts/gradle-check.sh diff --git a/.ci/jenkins/gradle-check.jenkinsfile b/.ci/jenkins/gradle-check.jenkinsfile new file mode 100644 index 0000000000000..d60d25a923026 --- /dev/null +++ b/.ci/jenkins/gradle-check.jenkinsfile @@ -0,0 +1,232 @@ +/* + * Copyright OpenSearch Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + */ + +// @job-name: gradle-check +// @description: Runs Gradle check on OpenSearch core repository for a given branch or commit. + +def secret_dockerhub_readonly = [ + [envVar: 'DOCKER_USERNAME', secretRef: 'op://opensearch-infra-secrets/dockerhub-production-readonly-credentials/username'], + [envVar: 'DOCKER_PASSWORD', secretRef: 'op://opensearch-infra-secrets/dockerhub-production-readonly-credentials/password'] +] + +lib = library(identifier: 'jenkins@11.6.0', retriever: modernSCM([ + $class: 'GitSCMSource', + remote: 'https://github.com/opensearch-project/opensearch-build-libraries.git', +])) + +pipeline { + agent { label AGENT_LABEL } + options { + timeout(time: 2, unit: 'HOURS') + buildDiscarder(logRotator(daysToKeepStr: '90')) + throttleJobProperty( + categories: [], + limitOneJobWithMatchingParams: false, + maxConcurrentPerNode: 0, + maxConcurrentTotal: 45, + paramsToUseForLimit: '', + throttleEnabled: true, + throttleOption: 'project', + ) + } + parameters { + string( + name: 'GIT_REPO_URL', + description: 'OpenSearch core repository url on git, can be either the official upstream url or your fork url.', + defaultValue: 'https://github.com/opensearch-project/OpenSearch.git', + trim: true + ) + string( + name: 'GIT_REFERENCE', + description: 'Git branch, tag, commitid for reference to checkout commit of OpenSearch core before running the gradle check.', + defaultValue: 'main', + trim: true + ) + string( + name: 'GRADLE_CHECK_COMMAND', + description: ' Custom command to pass to runGradleCheck.', + defaultValue: 'check -Dtests.coverage=true', + trim: true + ) + // Must use agent with 1 executor or gradle check will show a lot of java-related errors + // The c524xlarge is the instance type that has the least amount of errors during gradle check + // https://github.com/opensearch-project/OpenSearch/issues/1975 + // + // Update 20230724: Recent investigation shows gradle check is memory-bound thus switch to a new + // runner of M58xlarge for more stable runs + // https://github.com/opensearch-project/opensearch-ci/issues/321 + choice( + name: 'AGENT_LABEL', + description: ' Choose which jenkins agent to run gradle check on. Defaults to Jenkins-Agent-Ubuntu2404-X64-M58xlarge-Single-Host.', + choices: ['Jenkins-Agent-Ubuntu2404-X64-M58xlarge-Single-Host', 'Jenkins-Agent-Windows2019-X64-C524xlarge-Single-Host'], + ) + } + triggers { + GenericTrigger( + genericVariables: [ + [key: 'pr_from_sha', value: '$.pr_from_sha'], + [key: 'pr_from_clone_url', value: '$.pr_from_clone_url'], + [key: 'pr_to_clone_url', value: '$.pr_to_clone_url'], + [key: 'pr_title', value: '$.pr_title'], + [key: 'pr_number', value: '$.pr_number'], + [key: 'post_merge_action', value: '$.post_merge_action'], + [key: 'pr_owner', value: '$.pr_owner'], + [key: 'gradle_check_command', value: '$.gradle_check_command'] + ], + tokenCredentialId: 'jenkins-gradle-check-generic-webhook-token', + causeString: 'Triggered by PR on OpenSearch core repository', + printContributedVariables: false, + printPostContent: false + ) + parameterizedCron ''' + H */2 * * * %GIT_REFERENCE=main;AGENT_LABEL=Jenkins-Agent-Ubuntu2404-X64-M58xlarge-Single-Host + H 6 * * * %GIT_REFERENCE=2.19;AGENT_LABEL=Jenkins-Agent-Ubuntu2404-X64-M58xlarge-Single-Host + ''' + } + environment { + BUILD_CAUSE = currentBuild.getBuildCauses() + } + stages { + stage('Run Gradle Check') { + steps { + script { + + // Use webhook value if provided, otherwise fall back to pipeline parameter default + if (binding.hasVariable('gradle_check_command') && gradle_check_command?.trim()) { + env.GRADLE_CHECK_COMMAND = gradle_check_command + } + + if (!(env.GRADLE_CHECK_COMMAND ==~ /^[a-zA-Z0-9\-._=: \/*#]+$/)) { + error("Invalid GRADLE_CHECK_COMMAND '${env.GRADLE_CHECK_COMMAND}': contains disallowed characters") + } + + sh """ + set +x + set -e + JAVA_HOME_LIST=`env | grep JAVA | grep HOME` + echo "JAVA_HOME_LIST \$JAVA_HOME_LIST" + + if [ -n "\$JAVA_HOME_LIST" ] && [ "\$JAVA_HOME_LIST" != "" ]; then + for java_version in \$JAVA_HOME_LIST; do + echo \$java_version + java_path="`echo \$java_version | cut -d= -f2`/bin/java -version" + eval \$java_path + done + else + echo "Missing JAVA_HOME information in env vars, exit 1" + exit 1 + fi + """ + + def agent_name_array = params.AGENT_LABEL.tokenize('-') + def agent_name = agent_name_array[2] + " " + agent_name_array[4] + + echo("Build Cause: ${BUILD_CAUSE}") + withSecrets(secrets: secret_dockerhub_readonly){ + def bwc_checkout_align = "false" + + def dockerLogin = sh(returnStdout: true, script: "set +x && (echo $DOCKER_PASSWORD | docker login --username $DOCKER_USERNAME --password-stdin) || echo docker error").trim() + + if (!env.BUILD_CAUSE.contains('Started by user') && !env.BUILD_CAUSE.contains('Started by timer')) { + def pr_url = "${pr_to_clone_url}".replace(".git", "/pull/${pr_number}") + println("Triggered by GitHub: ${pr_to_clone_url}") + if ("$post_merge_action" == "true") { + currentBuild.description = """runner: ${agent_name}
Others: ${pr_title}""" + } + else { + currentBuild.description = """runner: ${agent_name}
PR #${pr_number}: ${pr_title} with bwc.checkout.align=true""" + bwc_checkout_align = "true" + } + + abortStaleJenkinsJobs(jobName: 'gradle-check', lookupTime: 3) + + runGradleCheck( + gitRepoUrl: "${pr_from_clone_url}", + gitReference: "${pr_from_sha}", + bwcCheckoutAlign: "${bwc_checkout_align}", + command: "${GRADLE_CHECK_COMMAND}" + ) + } + else { + println("Triggered by User or Triggered by Timer") + def repo_url = "${GIT_REPO_URL}".replace(".git", "/commit") + currentBuild.description = """runner: ${agent_name}
git: ${GIT_REPO_URL}
ref: ${GIT_REFERENCE}""" + + runGradleCheck( + gitRepoUrl: "${GIT_REPO_URL}", + gitReference: "${GIT_REFERENCE}", + bwcCheckoutAlign: "${bwc_checkout_align}", + command: "${GRADLE_CHECK_COMMAND}" + ) + } + + sh("docker logout || echo docker error") + } + } + } + post() { + failure { + archiveArtifacts artifacts: '**/build/heapdump/*.hprof', allowEmptyArchive: true + } + always { + sh ("cp -v `find search/build/reports/jacoco/ -name '*.xml' | head -n 1` codeCoverage.xml || echo") + junit allowEmptyResults: true, testResults: '**/build/test-results/**/*.xml' + archiveArtifacts artifacts: 'codeCoverage.xml', onlyIfSuccessful: true + script { + def invokedBy + def pullRequest + def pullRequestTitle + def gitReference + def pullRequestOwner + switch (true) { + case env.BUILD_CAUSE.contains('Started by user'): + invokedBy = 'User' + pullRequest = "null" + pullRequestTitle = "null" + gitReference = "${GIT_REFERENCE}" + pullRequestOwner = "null" + break + case env.BUILD_CAUSE.contains('Started by timer'): + invokedBy = 'Timer' + pullRequest = "null" + pullRequestTitle = "null" + gitReference = "${GIT_REFERENCE}" + pullRequestOwner = "null" + break + case "${post_merge_action}" == "true": + invokedBy = 'Post Merge Action' + pullRequest = "${pr_number}" + pullRequestTitle = "${pr_title}" + gitReference = "${pr_from_sha}" + pullRequestOwner = "${pr_owner}" + break + default: + invokedBy = 'Pull Request' + pullRequest = "${pr_number}" + pullRequestTitle = "${pr_title}" + gitReference = "${pr_from_sha}" + pullRequestOwner = "${pr_owner}" + } + publishGradleCheckTestResults(prNumber: "${pullRequest}" , prTitle: "${pullRequestTitle}", prOwner: "${pullRequestOwner}", invokeType: "${invokedBy}", gitReference: "${gitReference}", command: "${GRADLE_CHECK_COMMAND}") + sh("rm -rf *") + postCleanup() + } + } + } + } + } + post() { + always { + script { + postCleanup() + sh "(docker logout && docker image prune -f --all) || echo docker error" + } + } + } +} diff --git a/.ci/jenkins/scripts/gradle-check.sh b/.ci/jenkins/scripts/gradle-check.sh new file mode 100644 index 0000000000000..40db9b5d14d76 --- /dev/null +++ b/.ci/jenkins/scripts/gradle-check.sh @@ -0,0 +1,156 @@ +#!/bin/bash + +# Copyright OpenSearch Contributors + +# SPDX-License-Identifier: Apache-2.0 +# +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. + +# This script is used in OpenSearch Core repo github actions +# To trigger Jenkins Gradle Check from a PR + + +JENKINS_URL="https://build.ci.opensearch.org" +TRIGGER_TOKEN="" +GITHUB_USER="" +GITHUB_TOKEN="" + +GRADLE_CHECK_COMMAND="" + +while getopts "u:t:p:c:" opt; do + case $opt in + t) + TRIGGER_TOKEN="$OPTARG" + ;; + u) + GITHUB_USER="$OPTARG" + ;; + p) + GITHUB_TOKEN="$OPTARG" + ;; + c) + GRADLE_CHECK_COMMAND="$OPTARG" + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + :) + echo "Option -$OPTARG requires an argument." >&2 + exit 1 + ;; + esac +done + +if [ -z "$TRIGGER_TOKEN" ]; then + echo "Error: TRIGGER_TOKEN is required. Use -t option to provide it." + exit 1 +fi + +if [ -z "$GITHUB_USER" ]; then + echo "Error: GITHUB_USER is required. Use -u option to provide it." + exit 1 +fi + +if [ -z "$GITHUB_TOKEN" ]; then + echo "Error: GITHUB_TOKEN is required. Use -p option to provide it." + exit 1 +fi + + +TIMEPASS=0 +TIMEOUT=7200 +RESULT="null" +PR_TITLE_NEW=`echo $pr_title | tr -dc '[:alnum:] ' | tr '[:upper:]' '[:lower:]'` +PAYLOAD_JSON="{\"pr_from_sha\": \"$pr_from_sha\", \"pr_from_clone_url\": \"$pr_from_clone_url\", \"pr_to_clone_url\": \"$pr_to_clone_url\", \"pr_title\": \"$PR_TITLE_NEW\", \"pr_number\": \"$pr_number\", \"post_merge_action\": \"$post_merge_action\", \"pr_owner\": \"$pr_owner\", \"gradle_check_command\": \"$GRADLE_CHECK_COMMAND\"}" + +perform_curl_and_process_with_jq() { + local url=$1 + local jq_filter=$2 + local max_retries=$3 + local count=0 + local success=false + + while [ "$count" -lt "$max_retries" ]; do + response=$(curl -s -XGET "${url}api/json" --user ${GITHUB_USER}:${GITHUB_TOKEN}) + processed_response=$(echo "$response" | jq --raw-output "$jq_filter") + jq_exit_code=$? + + if [ "$jq_exit_code" -eq "0" ]; then + success=true + echo "$processed_response" + break + else + echo "Attempt $((count+1))/$max_retries failed. The jq processing failed with exit code: $jq_exit_code. Retrying..." + fi + + count=$((count+1)) + sleep 10 + done + + if [ "$success" != "true" ]; then + echo "Failed to retrieve and process data after $max_retries attempts." + exit 1 + fi +} + +echo "Trigger Jenkins workflows" +JENKINS_REQ=`curl -s -XPOST \ + -H "Authorization: Bearer $TRIGGER_TOKEN" \ + -H "Content-Type: application/json" \ + "$JENKINS_URL/generic-webhook-trigger/invoke" \ + --data "$(echo $PAYLOAD_JSON)"` + +echo $PAYLOAD_JSON +echo $JENKINS_REQ + +QUEUE_URL=$(echo $JENKINS_REQ | jq --raw-output '.jobs."gradle-check".url') +echo QUEUE_URL $QUEUE_URL +echo "wait for jenkins to start workflow" && sleep 15 + +echo "Check if queue exist in Jenkins after triggering" +if [ -z "$QUEUE_URL" ] || [ "$QUEUE_URL" != "null" ]; then + while [ "$RESULT" = "null" ] && [ "$TIMEPASS" -le "$TIMEOUT" ]; do + echo "Use queue information to find build number in Jenkins if available" + WORKFLOW_URL=$(curl -s -XGET ${JENKINS_URL}/${QUEUE_URL}api/json --user ${GITHUB_USER}:${GITHUB_TOKEN} | jq --raw-output .executable.url) + echo WORKFLOW_URL $WORKFLOW_URL + + if [ -n "$WORKFLOW_URL" ] && [ "$WORKFLOW_URL" != "null" ]; then + + RUNNING="true" + + echo "Waiting for Jenkins to complete the run" + while [ "$RUNNING" = "true" ] && [ "$TIMEPASS" -le "$TIMEOUT" ]; do + echo "Still running, wait for another 30 seconds before checking again, max timeout $TIMEOUT" + echo "Jenkins Workflow Url: $WORKFLOW_URL" + TIMEPASS=$(( TIMEPASS + 30 )) && echo time passed: $TIMEPASS + sleep 30 + RUNNING=$(perform_curl_and_process_with_jq "$WORKFLOW_URL" ".building" 10) + echo "Workflow running status :$RUNNING" + done + + if [ "$RUNNING" = "true" ]; then + echo "Timed out" + RESULT="TIMEOUT" + else + echo "Complete the run, checking results now......" + RESULT=$(curl -s -XGET ${WORKFLOW_URL}api/json --user ${GITHUB_USER}:${GITHUB_TOKEN} | jq --raw-output .result) + fi + + else + echo "Job not started yet. Waiting for 60 seconds before next attempt." + TIMEPASS=$(( TIMEPASS + 60 )) && echo time passed: $TIMEPASS + sleep 60 + fi + done +fi + +echo "Please check jenkins url for logs: $WORKFLOW_URL" +echo "Result: $RESULT" +if [ "$RESULT" == "SUCCESS" ] || [ "$RESULT" == "UNSTABLE" ]; then + echo "Get codeCoverage.xml" && curl -SLO ${WORKFLOW_URL}artifact/codeCoverage.xml --user ${GITHUB_USER}:${GITHUB_TOKEN} +else + exit 1 +fi diff --git a/.github/workflows/gradle-check.yml b/.github/workflows/gradle-check.yml index b2cec76812377..7f6f4a6ba9747 100644 --- a/.github/workflows/gradle-check.yml +++ b/.github/workflows/gradle-check.yml @@ -117,18 +117,11 @@ jobs: echo "pr_or_commit_description=$(jq --ascii-output .head_commit.message $GITHUB_EVENT_PATH)" >> $GITHUB_ENV echo "post_merge_action=true" >> $GITHUB_ENV - - name: Checkout opensearch-build repo - uses: actions/checkout@v6 - with: - repository: opensearch-project/opensearch-build - ref: main - path: opensearch-build - - name: Trigger jenkins workflow to run gradle check run: | set -e set -o pipefail - bash opensearch-build/scripts/gradle/gradle-check.sh -t ${{ secrets.JENKINS_GRADLE_CHECK_GENERIC_WEBHOOK_TOKEN }} -u ${{ secrets.JENKINS_GITHUB_USER}} -p ${{ secrets.JENKINS_GITHUB_USER_TOKEN}} | tee -a gradle-check.log + bash .ci/jenkins/scripts/gradle-check.sh -t ${{ secrets.JENKINS_GRADLE_CHECK_GENERIC_WEBHOOK_TOKEN }} -u ${{ secrets.JENKINS_GITHUB_USER}} -p ${{ secrets.JENKINS_GITHUB_USER_TOKEN}} | tee -a gradle-check.log - name: Setup Result Status if: always() From 013173a1b8c5318a6ca225e92973cf1d4e9dde31 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Mon, 13 Apr 2026 14:01:08 -0400 Subject: [PATCH 2/9] Update tokenCredentialId for gradle check --- .ci/jenkins/gradle-check.jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/jenkins/gradle-check.jenkinsfile b/.ci/jenkins/gradle-check.jenkinsfile index d60d25a923026..f1319aaf8a06a 100644 --- a/.ci/jenkins/gradle-check.jenkinsfile +++ b/.ci/jenkins/gradle-check.jenkinsfile @@ -79,7 +79,7 @@ pipeline { [key: 'pr_owner', value: '$.pr_owner'], [key: 'gradle_check_command', value: '$.gradle_check_command'] ], - tokenCredentialId: 'jenkins-gradle-check-generic-webhook-token', + tokenCredentialId: 'jenkins-gradle-check-generic-webhook-token-test-only', causeString: 'Triggered by PR on OpenSearch core repository', printContributedVariables: false, printPostContent: false From 02b1d3ce12c586bf3afab7829520f8b417f1ba23 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Mon, 13 Apr 2026 14:03:40 -0400 Subject: [PATCH 3/9] Update Jenkins queue URL for gradle-check-test-only --- .ci/jenkins/scripts/gradle-check.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/jenkins/scripts/gradle-check.sh b/.ci/jenkins/scripts/gradle-check.sh index 40db9b5d14d76..67a40c694d188 100644 --- a/.ci/jenkins/scripts/gradle-check.sh +++ b/.ci/jenkins/scripts/gradle-check.sh @@ -106,7 +106,7 @@ JENKINS_REQ=`curl -s -XPOST \ echo $PAYLOAD_JSON echo $JENKINS_REQ -QUEUE_URL=$(echo $JENKINS_REQ | jq --raw-output '.jobs."gradle-check".url') +QUEUE_URL=$(echo $JENKINS_REQ | jq --raw-output '.jobs."gradle-check-test-only".url') echo QUEUE_URL $QUEUE_URL echo "wait for jenkins to start workflow" && sleep 15 From 010ea9d3afa83d2086241d7add3469b171189be4 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Mon, 13 Apr 2026 14:04:21 -0400 Subject: [PATCH 4/9] Change job name in abortStaleJenkinsJobs call --- .ci/jenkins/gradle-check.jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/jenkins/gradle-check.jenkinsfile b/.ci/jenkins/gradle-check.jenkinsfile index f1319aaf8a06a..d5288e684f494 100644 --- a/.ci/jenkins/gradle-check.jenkinsfile +++ b/.ci/jenkins/gradle-check.jenkinsfile @@ -144,7 +144,7 @@ pipeline { bwc_checkout_align = "true" } - abortStaleJenkinsJobs(jobName: 'gradle-check', lookupTime: 3) + abortStaleJenkinsJobs(jobName: 'gradle-check-test-only', lookupTime: 3) runGradleCheck( gitRepoUrl: "${pr_from_clone_url}", From cca2f109dc4528fec9f3a2dbdd5e2a4f5f58f0ef Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Mon, 13 Apr 2026 14:05:23 -0400 Subject: [PATCH 5/9] Fix formatting in gradle-check.yml script execution --- .github/workflows/gradle-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gradle-check.yml b/.github/workflows/gradle-check.yml index 7f6f4a6ba9747..1361614cd2649 100644 --- a/.github/workflows/gradle-check.yml +++ b/.github/workflows/gradle-check.yml @@ -121,7 +121,7 @@ jobs: run: | set -e set -o pipefail - bash .ci/jenkins/scripts/gradle-check.sh -t ${{ secrets.JENKINS_GRADLE_CHECK_GENERIC_WEBHOOK_TOKEN }} -u ${{ secrets.JENKINS_GITHUB_USER}} -p ${{ secrets.JENKINS_GITHUB_USER_TOKEN}} | tee -a gradle-check.log + bash .ci/jenkins/scripts/gradle-check.sh -t ${{ secrets.JENKINS_GRADLE_CHECK_GENERIC_WEBHOOK_TOKEN }} -u ${{ secrets.JENKINS_GITHUB_USER }} -p ${{ secrets.JENKINS_GITHUB_USER_TOKEN }} | tee -a gradle-check.log - name: Setup Result Status if: always() From ae224f923e49b7f03923f7705fa8d9dfa318cdf2 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Mon, 13 Apr 2026 14:24:29 -0400 Subject: [PATCH 6/9] Modify gradle-check workflow for repository changes --- .github/workflows/gradle-check.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/gradle-check.yml b/.github/workflows/gradle-check.yml index 1361614cd2649..4278d78a40136 100644 --- a/.github/workflows/gradle-check.yml +++ b/.github/workflows/gradle-check.yml @@ -57,8 +57,10 @@ jobs: skip_diff_reviewer_with_label_name: 'skip-diff-reviewer' gradle-check: - needs: [check-files, Code-Diff-Analyzer] - if: github.repository == 'opensearch-project/OpenSearch' && needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' + #needs: [check-files, Code-Diff-Analyzer] + needs: [check-files] + #if: github.repository == 'opensearch-project/OpenSearch' && needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' + if: github.repository == 'andrross/OpenSearch' && needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' permissions: contents: read # to fetch code (actions/checkout) pull-requests: write # to create or update comment (peter-evans/create-or-update-comment) @@ -182,12 +184,17 @@ jobs: Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure [a flaky test](https://github.com/opensearch-project/OpenSearch/blob/main/DEVELOPER_GUIDE.md#flaky-tests) unrelated to your change? check-result: - needs: [check-files, gradle-check, Code-Diff-Analyzer] + #needs: [check-files, gradle-check, Code-Diff-Analyzer] + needs: [check-files, gradle-check] if: always() runs-on: ubuntu-latest steps: - name: Fail if gradle-check fails if: | - needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' && - (needs.gradle-check.result == 'failure' || needs.Code-Diff-Analyzer.result == 'failure' || needs.Code-Diff-Analyzer.result == 'cancelled') + needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' && needs.gradle-check.result == 'failure' run: exit 1 + #- name: Fail if gradle-check fails + # if: | + # needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' && + # (needs.gradle-check.result == 'failure' || needs.Code-Diff-Analyzer.result == 'failure' || needs.Code-Diff-Analyzer.result == 'cancelled') + # run: exit 1 From 4ccb83ba1208c1f70efa2ecddd5888dc02f83077 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Mon, 13 Apr 2026 17:34:18 -0400 Subject: [PATCH 7/9] Update Jenkins agent choice options --- .ci/jenkins/gradle-check.jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/jenkins/gradle-check.jenkinsfile b/.ci/jenkins/gradle-check.jenkinsfile index d5288e684f494..eb65f224a23d0 100644 --- a/.ci/jenkins/gradle-check.jenkinsfile +++ b/.ci/jenkins/gradle-check.jenkinsfile @@ -64,7 +64,7 @@ pipeline { choice( name: 'AGENT_LABEL', description: ' Choose which jenkins agent to run gradle check on. Defaults to Jenkins-Agent-Ubuntu2404-X64-M58xlarge-Single-Host.', - choices: ['Jenkins-Agent-Ubuntu2404-X64-M58xlarge-Single-Host', 'Jenkins-Agent-Windows2019-X64-C524xlarge-Single-Host'], + choices: ['Jenkins-Agent-Ubuntu2404-X64-M58xlarge-Single-Host', 'Jenkins-Agent-Ubuntu2404-X64-M7a8xlarge-Single-Host', 'Jenkins-Agent-Windows2019-X64-C524xlarge-Single-Host'], ) } triggers { From 659aa7ec7397cc34898b19ce40e2a0629eebf734 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Wed, 15 Apr 2026 13:53:45 -0400 Subject: [PATCH 8/9] Update checkout reference in gradle-check workflow Change checkout reference from pull request SHA to 'main'. --- .github/workflows/gradle-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gradle-check.yml b/.github/workflows/gradle-check.yml index 4278d78a40136..e0a0c22e81101 100644 --- a/.github/workflows/gradle-check.yml +++ b/.github/workflows/gradle-check.yml @@ -71,7 +71,7 @@ jobs: - name: Checkout OpenSearch repo uses: actions/checkout@v6 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: 'main' - name: Setup environment variables (PR) if: github.event_name == 'pull_request_target' From f971a019b38d040b8e5295921e643bf281f39470 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Wed, 15 Apr 2026 13:55:20 -0400 Subject: [PATCH 9/9] Test gradle check on the Andrew branch Signed-off-by: Peter Zhu --- .github/workflows/add-performance-comment.yml | 28 --- .github/workflows/assemble.yml | 74 ------- .github/workflows/auto-release.yml | 29 --- .github/workflows/backport.yml | 40 ---- .github/workflows/benchmark-pull-request.yml | 182 ---------------- .github/workflows/codeql-analysis.yml | 74 ------- .../workflows/copy-linked-issue-labels.yml | 21 -- .../workflows/create-documentation-issue.yml | 41 ---- .github/workflows/delete_backport_branch.yml | 22 -- .github/workflows/dependabot_pr.yml | 57 ----- .github/workflows/detect-breaking-change.yml | 26 --- .github/workflows/gradle-check.yml | 200 ------------------ .github/workflows/links.yml | 21 -- .github/workflows/lucene-snapshots.yml | 81 ------- .github/workflows/nightly-precommit.yml | 72 ------- .github/workflows/poc-checklist.yml | 49 ----- .github/workflows/publish-maven-snapshots.yml | 55 ----- .github/workflows/sandbox-check.yml | 43 ---- .github/workflows/stalled.yml | 28 --- .github/workflows/triage.yml | 52 ----- .../workflows/trigger-manifest-generation.yml | 17 -- .github/workflows/version.yml | 130 ------------ .github/workflows/wrapper.yml | 11 - build.gradle | 2 + 24 files changed, 2 insertions(+), 1353 deletions(-) delete mode 100644 .github/workflows/add-performance-comment.yml delete mode 100644 .github/workflows/assemble.yml delete mode 100644 .github/workflows/auto-release.yml delete mode 100644 .github/workflows/backport.yml delete mode 100644 .github/workflows/benchmark-pull-request.yml delete mode 100644 .github/workflows/codeql-analysis.yml delete mode 100644 .github/workflows/copy-linked-issue-labels.yml delete mode 100644 .github/workflows/create-documentation-issue.yml delete mode 100644 .github/workflows/delete_backport_branch.yml delete mode 100644 .github/workflows/dependabot_pr.yml delete mode 100644 .github/workflows/detect-breaking-change.yml delete mode 100644 .github/workflows/gradle-check.yml delete mode 100644 .github/workflows/links.yml delete mode 100644 .github/workflows/lucene-snapshots.yml delete mode 100644 .github/workflows/nightly-precommit.yml delete mode 100644 .github/workflows/poc-checklist.yml delete mode 100644 .github/workflows/publish-maven-snapshots.yml delete mode 100644 .github/workflows/sandbox-check.yml delete mode 100644 .github/workflows/stalled.yml delete mode 100644 .github/workflows/triage.yml delete mode 100644 .github/workflows/trigger-manifest-generation.yml delete mode 100644 .github/workflows/version.yml delete mode 100644 .github/workflows/wrapper.yml diff --git a/.github/workflows/add-performance-comment.yml b/.github/workflows/add-performance-comment.yml deleted file mode 100644 index f33c087a12e87..0000000000000 --- a/.github/workflows/add-performance-comment.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Performance Label Action - -on: - pull_request_target: - types: [labeled] - -jobs: - add-comment: - if: | - github.event.label.name == 'Performance' || - github.event.label.name == 'Search:Performance' || - github.event.label.name == 'Indexing:Performance' - runs-on: ubuntu-latest - permissions: - pull-requests: write - - steps: - - name: Add comment to PR - uses: actions/github-script@v8 - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: "Hello!\nWe have added a performance benchmark workflow that runs by adding a comment on the PR.\n Please refer https://github.com/opensearch-project/OpenSearch/blob/main/PERFORMANCE_BENCHMARKS.md on how to run benchmarks on pull requests." - }) diff --git a/.github/workflows/assemble.yml b/.github/workflows/assemble.yml deleted file mode 100644 index 824dd485ffe66..0000000000000 --- a/.github/workflows/assemble.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: Gradle Assemble -on: - pull_request: - # Skip this check unless files that could plausibly impact a - # distribution have changed. - paths: - - 'distribution/**' - - 'buildSrc/**' - - '**/*.gradle' - - 'gradle/**' - - '.github/workflows/assemble.yml' - -jobs: - assemble: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ${{ matrix.os }} - strategy: - matrix: - java: [ 21, 25 ] - os: [ubuntu-latest, windows-latest, macos-15, ubuntu-24.04-arm] - steps: - - uses: actions/checkout@v6 - # https://github.com/actions/runner-images/issues/2840#issuecomment-790492173 - - name: Install protoc (Linux) - if: ${{ runner.os == 'Linux' }} - run: | - if [ "$(uname -m)" = "x86_64" ]; then \ - curl -SfL https://github.com/protocolbuffers/protobuf/releases/download/v33.0/protoc-33.0-linux-x86_64.zip -o protoc.zip; \ - else \ - curl -SfL https://github.com/protocolbuffers/protobuf/releases/download/v33.0/protoc-33.0-linux-aarch_64.zip -o protoc.zip; \ - fi; \ - unzip protoc.zip -d $HOME/.local && rm -v protoc.zip && protoc --version - - name: Install protoc (Windows) - if: ${{ runner.os == 'Windows' }} - uses: MinoruSekine/setup-scoop@v4.0.2 - with: - scoop_update: false - buckets: extras - apps: protobuf - - name: Install protoc (macOS) - if: ${{ runner.os == 'macOS' }} - run: brew install protobuf - - name: Remove unnecessary files Linux - if: ${{ runner.os == 'Linux' }} - run: | - sudo rm -rf /usr/share/dotnet - sudo rm -rf "$AGENT_TOOLSDIRECTORY" - - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v5 - with: - java-version: ${{ matrix.java }} - distribution: temurin - - name: Setup docker (missing on MacOS) - id: setup_docker - if: runner.os == 'macos' - continue-on-error: true - run: | - brew install docker colima coreutils - gtimeout 15m colima start - shell: bash - - name: Run Gradle (assemble) - if: runner.os == 'macos' && steps.setup_docker.outcome != 'success' - run: | - # Report success even if previous step failed (Docker on MacOS runner is very unstable) - exit 0; - - name: Run Gradle (assemble) - shell: bash - if: runner.os != 'macos' - run: | - ./gradlew assemble --parallel --no-build-cache -PDISABLE_BUILD_CACHE - - name: Run Gradle (assemble) - if: runner.os == 'macos' && steps.setup_docker.outcome == 'success' - run: | - ./gradlew assemble --parallel --no-build-cache -PDISABLE_BUILD_CACHE diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml deleted file mode 100644 index 2a72f68e9babd..0000000000000 --- a/.github/workflows/auto-release.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Releases - -on: - push: - tags: - - '*' - -jobs: - - build: - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: GitHub App token - id: github_app_token - uses: tibdex/github-app-token@v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - installation_id: 22958780 - - name: Get tag - id: tag - uses: dawidd6/action-get-tag@v1 - - uses: actions/checkout@v6 - - uses: ncipollo/release-action@v1 - with: - github_token: ${{ steps.github_app_token.outputs.token }} - bodyFile: release-notes/opensearch.release-notes-${{steps.tag.outputs.tag}}.md diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml deleted file mode 100644 index 2a95177174e9b..0000000000000 --- a/.github/workflows/backport.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Backport -on: - pull_request_target: - types: - - closed - - labeled - -jobs: - backport: - name: Backport - runs-on: ubuntu-latest - # Only react to merged PRs for security reasons. - # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target. - if: > - github.event.pull_request.merged - && ( - github.event.action == 'closed' - || ( - github.event.action == 'labeled' - && contains(github.event.label.name, 'backport') - ) - ) - permissions: - contents: write - pull-requests: write - steps: - - name: GitHub App token - id: github_app_token - uses: tibdex/github-app-token@v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - installation_id: 22958780 - - - name: Backport - uses: VachaShah/backport@v2.2.0 - with: - github_token: ${{ steps.github_app_token.outputs.token }} - head_template: backport/backport-<%= number %>-to-<%= base %> - failure_labels: backport-failed diff --git a/.github/workflows/benchmark-pull-request.yml b/.github/workflows/benchmark-pull-request.yml deleted file mode 100644 index 868de2a8c5e0a..0000000000000 --- a/.github/workflows/benchmark-pull-request.yml +++ /dev/null @@ -1,182 +0,0 @@ -name: Run performance benchmark on pull request -on: - issue_comment: - types: [created] -jobs: - run-performance-benchmark-on-pull-request: - if: | - github.repository == 'opensearch-project/OpenSearch' && - github.event.issue.pull_request && - contains(github.event.comment.body, '"run-benchmark-test"') - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - issues: write - pull-requests: write - steps: - - name: Checkout Repository - uses: actions/checkout@v6 - - name: Set up required env vars - run: | - echo "PR_NUMBER=${{ github.event.issue.number }}" >> $GITHUB_ENV - echo "REPOSITORY=${{ github.event.repository.full_name }}" >> $GITHUB_ENV - OPENSEARCH_VERSION=$(awk -F '=' '/^opensearch[[:space:]]*=/ {gsub(/[[:space:]]/, "", $2); print $2}' buildSrc/version.properties) - echo "OPENSEARCH_VERSION=$OPENSEARCH_VERSION" >> $GITHUB_ENV - major_version=$(echo $OPENSEARCH_VERSION | cut -d'.' -f1) - echo "OPENSEARCH_MAJOR_VERSION=$major_version" >> $GITHUB_ENV - echo "USER_TAGS=pull_request_number:${{ github.event.issue.number }},repository:OpenSearch" >> $GITHUB_ENV - - name: Check comment format - id: check_comment - uses: actions/github-script@v8 - with: - script: | - const fs = require('fs'); - const comment = context.payload.comment.body; - let commentJson; - try { - commentJson = JSON.parse(comment); - } catch (error) { - core.setOutput('invalid', 'true'); - return; - } - if (!commentJson.hasOwnProperty('run-benchmark-test')) { - core.setOutput('invalid', 'true'); - return; - } - const configId = commentJson['run-benchmark-test']; - let benchmarkConfigs; - try { - benchmarkConfigs = JSON.parse(fs.readFileSync('.github/benchmark-configs.json', 'utf8')); - } catch (error) { - core.setFailed('Failed to read benchmark-configs.json'); - return; - } - const openSearchMajorVersion = process.env.OPENSEARCH_MAJOR_VERSION; - console.log('MAJOR_VERSION', openSearchMajorVersion) - if (!benchmarkConfigs.hasOwnProperty(configId) || - !benchmarkConfigs[configId].supported_major_versions.includes(openSearchMajorVersion)) { - core.setOutput('invalid', 'true'); - return; - } - const clusterBenchmarkConfigs = benchmarkConfigs[configId]['cluster-benchmark-configs']; - for (const [key, value] of Object.entries(clusterBenchmarkConfigs)) { - core.exportVariable(key, value); - } - if (benchmarkConfigs[configId].hasOwnProperty('baseline_cluster_config')) { - core.exportVariable('BASELINE_CLUSTER_CONFIG', benchmarkConfigs[configId]['baseline_cluster_config']); - } - - name: Post invalid format comment - if: steps.check_comment.outputs.invalid == 'true' - uses: actions/github-script@v8 - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: 'Invalid comment format or config id. Please refer to https://github.com/opensearch-project/OpenSearch/blob/main/PERFORMANCE_BENCHMARKS.md on how to run benchmarks on pull requests.' - }) - - name: Fail workflow for invalid comment - if: steps.check_comment.outputs.invalid == 'true' - run: | - echo "Invalid comment format detected. Failing the workflow." - exit 1 - - name: Get PR Details - id: get_pr - uses: actions/github-script@v8 - with: - script: | - const issue = context.payload.issue; - const prNumber = issue.number; - console.log(`Pull Request Number: ${prNumber}`); - - const { data: pull_request } = await github.rest.pulls.get({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: prNumber, - }); - - return { - "headRepoFullName": pull_request.head.repo.full_name, - "headRefSha": pull_request.head.sha - }; - - name: Set pr details env vars - run: | - echo '${{ steps.get_pr.outputs.result }}' | jq -r '.headRepoFullName' - echo '${{ steps.get_pr.outputs.result }}' | jq -r '.headRefSha' - headRepo=$(echo '${{ steps.get_pr.outputs.result }}' | jq -r '.headRepoFullName') - headRefSha=$(echo '${{ steps.get_pr.outputs.result }}' | jq -r '.headRefSha') - echo "prHeadRepo=$headRepo" >> $GITHUB_ENV - echo "prHeadRefSha=$headRefSha" >> $GITHUB_ENV - - id: get_approvers - uses: actions/github-script@v8 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - result-encoding: json - script: | - // Get the collaborators - filtered to maintainer permissions - const maintainersResponse = await github.request('GET /repos/{owner}/{repo}/collaborators', { - owner: context.repo.owner, - repo: context.repo.repo, - permission: 'maintain', - affiliation: 'all', - per_page: 100 - }); - return maintainersResponse.data.map(item => item.login); - - uses: trstringer/manual-approval@v1 - if: ${{ !contains(fromJSON(steps.get_approvers.outputs.result), github.event.comment.user.login) }} - with: - secret: ${{ github.TOKEN }} - approvers: ${{ join(fromJSON(steps.get_approvers.outputs.result), ', ') }} - minimum-approvals: 1 - issue-title: 'Request to approve/deny benchmark run for PR #${{ env.PR_NUMBER }}' - issue-body: "Please approve or deny the benchmark run for PR #${{ env.PR_NUMBER }}" - exclude-workflow-initiator-as-approver: false - - name: Checkout PR Repo - uses: actions/checkout@v6 - with: - repository: ${{ env.prHeadRepo }} - ref: ${{ env.prHeadRefSha }} - token: ${{ secrets.GITHUB_TOKEN }} - - name: Setup Java - uses: actions/setup-java@v5 - with: - java-version: 21 - distribution: 'temurin' - - name: Build and Assemble OpenSearch from PR - run: | - ./gradlew :distribution:archives:linux-tar:assemble -Dbuild.snapshot=false - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v6 - with: - role-to-assume: ${{ secrets.UPLOAD_ARCHIVE_ARTIFACT_ROLE }} - role-session-name: publish-to-s3 - aws-region: us-west-2 - - name: Push to S3 - run: | - aws s3 cp distribution/archives/linux-tar/build/distributions/opensearch-min-$OPENSEARCH_VERSION-linux-x64.tar.gz s3://${{ secrets.ARCHIVE_ARTIFACT_BUCKET_NAME }}/PR-$PR_NUMBER/ - echo "DISTRIBUTION_URL=${{ secrets.ARTIFACT_BUCKET_CLOUDFRONT_URL }}/PR-$PR_NUMBER/opensearch-min-$OPENSEARCH_VERSION-linux-x64.tar.gz" >> $GITHUB_ENV - - name: Checkout opensearch-build repo - uses: actions/checkout@v6 - with: - repository: opensearch-project/opensearch-build - ref: main - path: opensearch-build - - name: Trigger jenkins workflow to run gradle check - run: | - cat $GITHUB_ENV - bash opensearch-build/scripts/benchmark/benchmark-pull-request.sh -t ${{ secrets.JENKINS_PR_BENCHMARK_GENERIC_WEBHOOK_TOKEN }} -u ${{ secrets.JENKINS_GITHUB_USER}} -p ${{ secrets.JENKINS_GITHUB_USER_TOKEN}} - - name: Update PR with Job Url - uses: actions/github-script@v8 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const workflowUrl = process.env.WORKFLOW_URL; - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `The Jenkins job url is ${workflowUrl} . Final results will be published once the job is completed.` - }) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index e9552e0537f9b..0000000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,74 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ main ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - schedule: - - cron: '42 20 * * 6' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'java' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v6 - - name: Set up JDK 21 - uses: actions/setup-java@v5 - with: - java-version: 21 - distribution: temurin - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - - name: Set up protoc - uses: arduino/setup-protoc@v3 - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v4 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/copy-linked-issue-labels.yml b/.github/workflows/copy-linked-issue-labels.yml deleted file mode 100644 index 33b5e92dc10da..0000000000000 --- a/.github/workflows/copy-linked-issue-labels.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Copy labels from linked issues -on: - pull_request_target: - types: [opened, edited, review_requested, synchronize, reopened, ready_for_review] - -jobs: - copy-issue-labels: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - permissions: - issues: read - contents: read - pull-requests: write - steps: - - name: copy-issue-labels - uses: michalvankodev/copy-issue-labels@v1.3.0 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - labels-to-exclude: | - untriaged - triaged diff --git a/.github/workflows/create-documentation-issue.yml b/.github/workflows/create-documentation-issue.yml deleted file mode 100644 index 21f3cfae81f47..0000000000000 --- a/.github/workflows/create-documentation-issue.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Create Documentation Issue -on: - pull_request: - types: - - labeled -env: - PR_NUMBER: ${{ github.event.number }} - -jobs: - create-issue: - if: ${{ github.event.label.name == 'needs-documentation' }} - runs-on: ubuntu-latest - name: Create Documentation Issue - steps: - - name: GitHub App token - id: github_app_token - uses: tibdex/github-app-token@v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - installation_id: 22958780 - - - name: Checkout code - uses: actions/checkout@v6 - - - name: Edit the issue template - run: | - echo "https://github.com/opensearch-project/OpenSearch/pull/${{ env.PR_NUMBER }}." >> ./ci/documentation/issue.md - - - name: Create Issue From File - id: create-issue - uses: peter-evans/create-issue-from-file@v6 - with: - title: Add documentation related to new feature - content-filepath: ./ci/documentation/issue.md - labels: documentation - repository: opensearch-project/documentation-website - token: ${{ steps.github_app_token.outputs.token }} - - - name: Print Issue - run: echo Created related documentation issue ${{ steps.create-issue.outputs.issue-number }} diff --git a/.github/workflows/delete_backport_branch.yml b/.github/workflows/delete_backport_branch.yml deleted file mode 100644 index 95ea6128d1d52..0000000000000 --- a/.github/workflows/delete_backport_branch.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Delete merged branch of the backport PRs -on: - pull_request: - types: - - closed - -jobs: - delete-branch: - runs-on: ubuntu-latest - permissions: - contents: write - if: github.repository == 'opensearch-project/OpenSearch' && (startsWith(github.event.pull_request.head.ref,'backport/') || startsWith(github.event.pull_request.head.ref,'release-chores/')) - steps: - - name: Delete merged branch - uses: actions/github-script@v8 - with: - script: | - github.rest.git.deleteRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: `heads/${context.payload.pull_request.head.ref}`, - }) diff --git a/.github/workflows/dependabot_pr.yml b/.github/workflows/dependabot_pr.yml deleted file mode 100644 index a924396292c42..0000000000000 --- a/.github/workflows/dependabot_pr.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Dependabot PR actions -on: pull_request - -jobs: - dependabot: - runs-on: ubuntu-latest - permissions: - pull-requests: write - contents: write - if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} - steps: - - name: GitHub App token - id: github_app_token - uses: tibdex/github-app-token@v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - installation_id: 22958780 - - - name: Check out code - uses: actions/checkout@v6 - with: - token: ${{ steps.github_app_token.outputs.token }} - ref: ${{ github.head_ref }} - - # See please https://docs.gradle.org/8.10/userguide/upgrading_version_8.html#minimum_daemon_jvm_version - - name: Set up JDK 21 - uses: actions/setup-java@v5 - with: - java-version: 21 - distribution: temurin - - - name: Update Gradle SHAs - run: | - ./gradlew updateSHAs - - - name: Commit the changes - uses: stefanzweifel/git-auto-commit-action@v7 - with: - commit_message: Updating SHAs - branch: ${{ github.head_ref }} - commit_user_name: dependabot[bot] - commit_user_email: support@github.com - commit_options: '--signoff' - - - name: Run spotless - run: | - ./gradlew spotlessApply - - - name: Commit the changes - uses: stefanzweifel/git-auto-commit-action@v7 - with: - commit_message: Spotless formatting - branch: ${{ github.head_ref }} - commit_user_name: dependabot[bot] - commit_user_email: support@github.com - commit_options: '--signoff' diff --git a/.github/workflows/detect-breaking-change.yml b/.github/workflows/detect-breaking-change.yml deleted file mode 100644 index c137667384a7f..0000000000000 --- a/.github/workflows/detect-breaking-change.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: "Detect Breaking Changes" -on: - pull_request - -jobs: - detect-breaking-change: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - uses: actions/setup-java@v5 - with: - distribution: temurin # Temurin is a distribution of adoptium - java-version: 21 - - uses: gradle/gradle-build-action@v3 - with: - cache-disabled: true - arguments: japicmp - gradle-version: 9.4.1 - build-root-directory: server - - if: failure() - run: cat server/build/reports/java-compatibility/report.txt - - if: failure() - uses: actions/upload-artifact@v7 - with: - name: java-compatibility-report.html - path: ${{ github.workspace }}/server/build/reports/java-compatibility/report.html diff --git a/.github/workflows/gradle-check.yml b/.github/workflows/gradle-check.yml deleted file mode 100644 index e0a0c22e81101..0000000000000 --- a/.github/workflows/gradle-check.yml +++ /dev/null @@ -1,200 +0,0 @@ -name: Gradle Check (Jenkins) -on: - push: - branches-ignore: - - 'backport/**' - - 'create-pull-request/**' - - 'dependabot/**' - pull_request_target: - types: [opened, synchronize, reopened] - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} - cancel-in-progress: true - -permissions: - contents: read # to fetch code (actions/checkout) - -jobs: - check-files: - runs-on: ubuntu-latest - outputs: - RUN_GRADLE_CHECK: ${{ steps.changed-files-specific.outputs.any_changed }} - steps: - - uses: actions/checkout@v6 - - name: Get changed files - id: changed-files-specific - uses: tj-actions/changed-files@v47.0.5 - with: - files_ignore: | - release-notes/*.md - .github/** - *.md - - Code-Diff-Analyzer: - uses: opensearch-project/opensearch-build/.github/workflows/code-diff-analyzer.yml@main - if: github.repository == 'opensearch-project/OpenSearch' - permissions: - id-token: write # github oidc to assume aws roles - pull-requests: write # to create or update comment (peter-evans/create-or-update-comment) - secrets: - BEDROCK_ACCESS_ROLE: ${{ secrets.BEDROCK_ACCESS_ROLE }} - with: - skip_diff_analyzer_with_label_name: 'skip-diff-analyzer' - update_pr_comment_with_analyzer_report: true - hard_fail_level: 2 # issues with medium severity or above will hard fail the check - - Code-Diff-Reviewer: - uses: opensearch-project/opensearch-build/.github/workflows/code-diff-reviewer.yml@main - needs: Code-Diff-Analyzer - if: github.repository == 'opensearch-project/OpenSearch' - permissions: - id-token: write # github oidc to assume aws roles - pull-requests: write # to create or update comment (peter-evans/create-or-update-comment) - secrets: - BEDROCK_ACCESS_ROLE: ${{ secrets.BEDROCK_ACCESS_ROLE }} - with: - skip_diff_reviewer_with_label_name: 'skip-diff-reviewer' - - gradle-check: - #needs: [check-files, Code-Diff-Analyzer] - needs: [check-files] - #if: github.repository == 'opensearch-project/OpenSearch' && needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' - if: github.repository == 'andrross/OpenSearch' && needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' - permissions: - contents: read # to fetch code (actions/checkout) - pull-requests: write # to create or update comment (peter-evans/create-or-update-comment) - issues: write # To create an issue if check fails on push. - runs-on: ubuntu-latest - timeout-minutes: 130 - steps: - - name: Checkout OpenSearch repo - uses: actions/checkout@v6 - with: - ref: 'main' - - - name: Setup environment variables (PR) - if: github.event_name == 'pull_request_target' - run: | - echo "event_name=pull_request_target" >> $GITHUB_ENV - echo "branch_name=$(jq --raw-output .pull_request.base.ref $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "pr_from_sha=$(jq --raw-output .pull_request.head.sha $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "pr_from_clone_url=$(jq --raw-output .pull_request.head.repo.clone_url $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "pr_to_clone_url=$(jq --raw-output .pull_request.base.repo.clone_url $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "pr_title=$(jq --raw-output .pull_request.title $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "pr_number=$(jq --raw-output .pull_request.number $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "pr_owner=$(jq --raw-output .pull_request.user.login $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "pr_or_commit_description=$(jq --ascii-output .pull_request.body $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "post_merge_action=false" >> $GITHUB_ENV - - # to get the PR data that can be used for post merge actions - - uses: actions/github-script@v8 - if: github.event_name == 'push' - id: get_pr_data - with: - github-token: ${{secrets.GITHUB_TOKEN}} - script: | - return ( - await github.rest.repos.listPullRequestsAssociatedWithCommit({ - commit_sha: context.sha, - owner: context.repo.owner, - repo: context.repo.repo, - }) - ).data[0]; - - - name: Setup environment variables (Push) - if: github.event_name == 'push' - run: | - repo_url="https://github.com/opensearch-project/OpenSearch" - ref_id=$(git rev-parse HEAD) - branch_name=$(git rev-parse --abbrev-ref HEAD) - echo "branch_name=$branch_name" >> $GITHUB_ENV - echo "event_name=push" >> $GITHUB_ENV - echo "pr_from_sha=$ref_id" >> $GITHUB_ENV - echo "pr_from_clone_url=$repo_url" >> $GITHUB_ENV - echo "pr_to_clone_url=$repo_url" >> $GITHUB_ENV - echo "pr_title=Push trigger $branch_name $ref_id $repo_url" >> $GITHUB_ENV - echo "pr_owner=$(jq --raw-output '.commits[0].author.username' $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo 'pr_number=${{ fromJson(steps.get_pr_data.outputs.result).number }}' >> $GITHUB_ENV - echo "pr_or_commit_description=$(jq --ascii-output .head_commit.message $GITHUB_EVENT_PATH)" >> $GITHUB_ENV - echo "post_merge_action=true" >> $GITHUB_ENV - - - name: Trigger jenkins workflow to run gradle check - run: | - set -e - set -o pipefail - bash .ci/jenkins/scripts/gradle-check.sh -t ${{ secrets.JENKINS_GRADLE_CHECK_GENERIC_WEBHOOK_TOKEN }} -u ${{ secrets.JENKINS_GITHUB_USER }} -p ${{ secrets.JENKINS_GITHUB_USER_TOKEN }} | tee -a gradle-check.log - - - name: Setup Result Status - if: always() - run: | - WORKFLOW_URL=`cat gradle-check.log | grep 'WORKFLOW_URL' | awk '{print $2}'` - RESULT=`cat gradle-check.log | grep 'Result:' | awk '{print $2}'` - echo "workflow_url=$WORKFLOW_URL" >> $GITHUB_ENV - echo "result=$RESULT" >> $GITHUB_ENV - - - name: Upload Coverage Report - if: success() - uses: codecov/codecov-action@v5 - with: - token: ${{ secrets.CODECOV_TOKEN }} - files: ./codeCoverage.xml - - - name: Create Comment Success - if: ${{ github.event_name == 'pull_request_target' && success() && env.result == 'SUCCESS' }} - uses: peter-evans/create-or-update-comment@v5 - with: - issue-number: ${{ env.pr_number }} - body: | - :white_check_mark: Gradle check result for ${{ env.pr_from_sha }}: [${{ env.result }}](${{ env.workflow_url }}) - - - name: Extract Test Failure - if: ${{ github.event_name == 'pull_request_target' && env.result != 'SUCCESS' }} - run: | - TEST_FAILURES=`curl -s "${{ env.workflow_url }}/testReport/api/json?tree=suites\[cases\[status,className,name\]\]" | jq -r '.. | objects | select(.status=="FAILED",.status=="REGRESSION") | (.className + "." + .name)' | uniq -c | sort -n -r | head -n 10` - if [[ "$TEST_FAILURES" != "" ]] - then - echo "test_failures<> $GITHUB_ENV - echo "" >> $GITHUB_ENV - echo "* **TEST FAILURES:**" >> $GITHUB_ENV - echo '```' >> $GITHUB_ENV - echo "$TEST_FAILURES" >> $GITHUB_ENV - echo '```' >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - fi - - - name: Create Comment Flaky - if: ${{ github.event_name == 'pull_request_target' && success() && env.result != 'SUCCESS' }} - uses: peter-evans/create-or-update-comment@v5 - with: - issue-number: ${{ env.pr_number }} - body: | - :grey_exclamation: Gradle check result for ${{ env.pr_from_sha }}: [${{ env.result }}](${{ env.workflow_url }}) ${{ env.test_failures }} - - Please review all [flaky tests](https://github.com/opensearch-project/OpenSearch/blob/main/DEVELOPER_GUIDE.md#flaky-tests) that succeeded after retry and create an issue if one does not already exist to track the flaky failure. - - - name: Create Comment Failure - if: ${{ github.event_name == 'pull_request_target' && failure() }} - uses: peter-evans/create-or-update-comment@v5 - with: - issue-number: ${{ env.pr_number }} - body: | - :x: Gradle check result for ${{ env.pr_from_sha }}: [${{ env.result }}](${{ env.workflow_url }}) - - Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure [a flaky test](https://github.com/opensearch-project/OpenSearch/blob/main/DEVELOPER_GUIDE.md#flaky-tests) unrelated to your change? - - check-result: - #needs: [check-files, gradle-check, Code-Diff-Analyzer] - needs: [check-files, gradle-check] - if: always() - runs-on: ubuntu-latest - steps: - - name: Fail if gradle-check fails - if: | - needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' && needs.gradle-check.result == 'failure' - run: exit 1 - #- name: Fail if gradle-check fails - # if: | - # needs.check-files.outputs.RUN_GRADLE_CHECK == 'true' && - # (needs.gradle-check.result == 'failure' || needs.Code-Diff-Analyzer.result == 'failure' || needs.Code-Diff-Analyzer.result == 'cancelled') - # run: exit 1 diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml deleted file mode 100644 index d91a7de4defdc..0000000000000 --- a/.github/workflows/links.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Link Checker -on: - schedule: - - cron: '0 0 * * *' -permissions: - contents: read # to fetch code (actions/checkout) -jobs: - linkchecker: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v6 - - name: lychee Link Checker - id: lychee - uses: lycheeverse/lychee-action@v2.8.0 - with: - args: --accept=200,403,429 --exclude-mail **/*.html **/*.md **/*.txt **/*.json --exclude-file .lychee.excludes - fail: true - env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/lucene-snapshots.yml b/.github/workflows/lucene-snapshots.yml deleted file mode 100644 index 1f650a5058f81..0000000000000 --- a/.github/workflows/lucene-snapshots.yml +++ /dev/null @@ -1,81 +0,0 @@ -# This workflow will check out, build, and publish snapshots of lucene. - -name: OpenSearch Lucene snapshots - -on: - workflow_dispatch: - # Inputs the workflow accepts. - inputs: - ref: - description: 'Lucene ref in github.com/apache/lucene' - type: string - required: false - default: 'main' - java_version: - description: 'Java version to use' - type: string - required: false - default: '25' - -jobs: - publish-snapshots: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - # These permissions are needed to interact with GitHub's OIDC Token endpoint. - permissions: - id-token: write - contents: read - - steps: - - name: Checkout Lucene ref:${{ github.event.inputs.ref }} - uses: actions/checkout@v6 - with: - repository: 'apache/lucene' - ref: ${{ github.event.inputs.ref }} - - - name: Get Lucene Revision - run: | - echo "REVISION=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - - name: Setup JDK ${{ github.event.inputs.java_version }} - uses: actions/setup-java@v5 - with: - java-version: ${{ github.event.inputs.java_version }} - distribution: 'temurin' - - - name: Publish Lucene to local maven repo. - run: ./gradlew publishJarsPublicationToMavenLocal -Pversion.suffix=snapshot-${{ env.REVISION }} -x javadoc - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v6 - with: - role-to-assume: ${{ secrets.LUCENE_SNAPSHOTS_SECRET_ROLE }} - aws-region: us-east-1 - - - name: Get S3 Bucket - id: get_s3_bucket - run: | - lucene_snapshots_bucket=`aws secretsmanager get-secret-value --secret-id jenkins-artifact-bucket-name --query SecretString --output text` - echo "::add-mask::$lucene_snapshots_bucket" - echo "LUCENE_SNAPSHOTS_BUCKET=$lucene_snapshots_bucket" >> $GITHUB_OUTPUT - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v6 - with: - role-to-assume: ${{ secrets.LUCENE_SNAPSHOTS_S3_ROLE }} - aws-region: us-east-1 - - - name: Copy files to S3 with the aws CLI (New) - run: | - aws s3 cp ~/.m2/repository/org/apache/lucene/ s3://${{ steps.get_s3_bucket.outputs.LUCENE_SNAPSHOTS_BUCKET }}/snapshots/lucene/org/apache/lucene/ --recursive --no-progress - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v6 - with: - role-to-assume: ${{ secrets.LUCENE_SNAPSHOTS_ROLE }} - aws-region: us-west-2 - - # We will remove this step once all the lucene snapshots old links are updated with the new one - - name: Copy files to S3 with the aws CLI (Old) - run: | - aws s3 cp ~/.m2/repository/org/apache/lucene/ s3://${{ secrets.LUCENE_SNAPSHOTS_BUCKET }}/snapshots/lucene/org/apache/lucene/ --recursive --no-progress diff --git a/.github/workflows/nightly-precommit.yml b/.github/workflows/nightly-precommit.yml deleted file mode 100644 index acb0a77ef82cc..0000000000000 --- a/.github/workflows/nightly-precommit.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: Nightly Gradle Precommit -on: - schedule: - - cron: '0 6 * * *' # Daily at 6:00 AM UTC - -jobs: - # The precommit tasks are run on every PR as a part of `check`. This - # nightly workflow exists to ensure OpenSearch remains buildable on - # all supported platforms, but runs on a scheduled basis to reduce the - # overhead on all pull requests. - nightly-precommit: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ${{ matrix.os }} - strategy: - matrix: - java: [ 21, 25 ] - os: [ubuntu-latest, windows-latest, macos-15, macos-15-intel, ubuntu-24.04-arm] - include: - - java: 21 - os: 'windows-2025' - experimental: true - steps: - - uses: actions/checkout@v6 - - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v5 - with: - java-version: ${{ matrix.java }} - distribution: temurin - cache: gradle - - name: Run Gradle (precommit) - continue-on-error: ${{ matrix.experimental }} - shell: bash - run: | - ./gradlew javadoc precommit --parallel - - open-issue-on-failure: - if: failure() && github.event_name == 'schedule' - needs: nightly-precommit - runs-on: ubuntu-latest - permissions: - issues: write - steps: - - uses: actions/github-script@v8 - with: - script: | - const title = 'Nightly precommit failed'; - const { data: existing_issues } = await github.rest.issues.listForRepo({ - owner: context.repo.owner, - repo: context.repo.repo, - state: 'open', - labels: 'autocut,CI', - per_page: 100 - }); - const existing = existing_issues.find(i => i.title === title); - if (existing) { - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: existing.number, - body: `Another nightly failure.\n\n[View run](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})` - }); - console.log('Commented on existing issue.'); - return; - } - const body = `The nightly precommit workflow failed.\n\n[View run](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})`; - await github.rest.issues.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title, - body, - labels: ['autocut', 'CI'] - }); diff --git a/.github/workflows/poc-checklist.yml b/.github/workflows/poc-checklist.yml deleted file mode 100644 index 42db625e6c75a..0000000000000 --- a/.github/workflows/poc-checklist.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: Add comment -on: - issues: - types: - - labeled -jobs: - add-comment: - if: github.event.label.name == 'poc' - runs-on: ubuntu-latest - permissions: - issues: write - steps: - - name: Add comment - uses: peter-evans/create-or-update-comment@v5 - with: - issue-number: ${{ github.event.issue.number }} - body: | - ### POC Checklist: - - Please go through the following checklist to ensure these items are taken into account while designing the POC. - - - [ ] Supports safe upgrade paths from all supported BWC versions to the current version - - [ ] Supports compatibility with all plugins - - [ ] opensearch-alerting - - [ ] opensearch-anomaly-detection - - [ ] opensearch-asynchronous-search - - [ ] opensearch-cross-cluster-replication - - [ ] opensearch-geospatial - - [ ] opensearch-index-management - - [ ] opensearch-job-scheduler - - [ ] opensearch-knn - - [ ] opensearch-ml - - [ ] opensearch-notifications - - [ ] opensearch-notifications-core - - [ ] opensearch-observability - - [ ] opensearch-performance-analyzer - - [ ] opensearch-reports-scheduler - - [ ] opensearch-security - - [ ] opensearch-sql - - [ ] Supports lucene upgrades across minor lucene versions - - [ ] Supports lucene upgrades across major lucene versions - - [ ] Supports lucene upgrades across underlying lucene codec bumps (Eg: Lucene95Codec -> Lucene96Codec) - - [ ] Supports wire compatibility of OpenSearch - - [ ] Plan to measure performance degradation/improvement (if any) - - [ ] Plan to document any user facing changes introduced by this feature - - [ ] Ensure working and passing CI - - Thank you for your contribution! - diff --git a/.github/workflows/publish-maven-snapshots.yml b/.github/workflows/publish-maven-snapshots.yml deleted file mode 100644 index 353adbb95faf8..0000000000000 --- a/.github/workflows/publish-maven-snapshots.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: Publish snapshots to maven - -on: - workflow_dispatch: - push: - branches: - - main - - '[0-9]+.[0-9]+' - - '[0-9]+.x' - -jobs: - build-and-publish-snapshots: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - - permissions: - id-token: write - contents: write - - steps: - - uses: actions/checkout@v6 - - name: Set up JDK 21 - uses: actions/setup-java@v5 - with: - distribution: temurin - java-version: 21 - - - name: Install protoc (Linux) - run: | - if [ "$(uname -m)" = "x86_64" ]; then \ - curl -SfL https://github.com/protocolbuffers/protobuf/releases/download/v33.0/protoc-33.0-linux-x86_64.zip -o protoc.zip; \ - else \ - curl -SfL https://github.com/protocolbuffers/protobuf/releases/download/v33.0/protoc-33.0-linux-aarch_64.zip -o protoc.zip; \ - fi; \ - unzip protoc.zip -d $HOME/.local && rm -v protoc.zip && protoc --version - - - name: Load secret - uses: 1password/load-secrets-action@v3 - with: - # Export loaded secrets as environment variables - export-env: true - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - MAVEN_SNAPSHOTS_S3_REPO: op://opensearch-infra-secrets/maven-snapshots-s3/repo - MAVEN_SNAPSHOTS_S3_ROLE: op://opensearch-infra-secrets/maven-snapshots-s3/role - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v6 - with: - role-to-assume: ${{ env.MAVEN_SNAPSHOTS_S3_ROLE }} - aws-region: us-east-1 - - - name: Publish snapshots to maven - run: | - ./gradlew publishNebulaPublicationToSnapshotsRepository -Pcrypto.standard=FIPS-140-3 diff --git a/.github/workflows/sandbox-check.yml b/.github/workflows/sandbox-check.yml deleted file mode 100644 index fc710f499fb89..0000000000000 --- a/.github/workflows/sandbox-check.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Sandbox Check -on: - push: - pull_request: - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - sandbox-check: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - continue-on-error: true - timeout-minutes: 60 - steps: - - uses: actions/checkout@v6 - - name: Remove unnecessary files - run: | - sudo rm -rf /usr/share/dotnet - sudo rm -rf "$AGENT_TOOLSDIRECTORY" - - name: Set up JDK 25 - uses: actions/setup-java@v5 - with: - java-version: 25 - distribution: temurin - cache: gradle - - name: Set up Rust - uses: dtolnay/rust-toolchain@stable - - name: Install protobuf compiler - run: sudo apt-get update && sudo apt-get install -y protobuf-compiler - - name: Run sandbox check - run: ./gradlew check -p sandbox -Dsandbox.enabled=true - - name: Upload test results - if: always() - uses: actions/upload-artifact@v4 - with: - name: sandbox-test-results - path: sandbox/**/build/reports/tests/ - retention-days: 7 diff --git a/.github/workflows/stalled.yml b/.github/workflows/stalled.yml deleted file mode 100644 index 13dcc9048ef8f..0000000000000 --- a/.github/workflows/stalled.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Label Stalled PRs -on: - schedule: - - cron: '15 15 * * *' # Run every day at 15:15 UTC / 7:15 PST / 8:15 PDT -permissions: - pull-requests: write -jobs: - stale: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - steps: - - name: GitHub App token - id: github_app_token - uses: tibdex/github-app-token@v2.1.0 - with: - app_id: ${{ secrets.APP_ID }} - private_key: ${{ secrets.APP_PRIVATE_KEY }} - installation_id: 22958780 - - name: Stale PRs - uses: actions/stale@v10 - with: - repo-token: ${{ steps.github_app_token.outputs.token }} - stale-pr-label: 'stalled' - stale-pr-message: 'This PR is stalled because it has been open for 30 days with no activity.' - days-before-pr-stale: 30 - days-before-issue-stale: -1 - days-before-pr-close: -1 - days-before-issue-close: -1 diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml deleted file mode 100644 index 615e5ec313fd6..0000000000000 --- a/.github/workflows/triage.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Auto triage based on the component label in issue - -on: - issues: - types: [opened, reopened, transferred] - -jobs: - apply-label: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - steps: - - uses: actions/github-script@v8 - with: - script: | - const { issue, repository } = context.payload; - const { number, body, user } = issue; - const { owner, name } = repository; - const regex = /###\sRelated\scomponent\n\n(\w.*)\n/gm; - let match; - - while ( ( match = regex.exec( body ) ) ) { - const [ , component_label ] = match; - - let label - // Check if the component label is "_No response_" - if (component_label.trim() === "_No response_") { - // Add a comment tagging the user - await github.rest.issues.createComment({ - owner: owner.login, - repo: name, - issue_number: number, - body: `@${user.login} Please reply to this comment with the relevant component to ensure it gets properly triaged:\n\n- Build\n- Clients\n- Cluster Manager\n- Extensions\n- Indexing:Performance\n- Indexing:Replication\n- Indexing\n- Libraries\n- Other\n- Plugins\n- Search:Aggregations\n- Search:Performance\n- Search:Query Capabilities\n- Search:Query Insights\n- Search:Relevance\n- Search:Remote Search\n- Search:Resiliency\n- Search:Searchable Snapshots\n- Search\n- Storage:Durability\n- Storage:Performance\n- Storage:Remote\n- Storage:Snapshots\n- Storage\n\nReply with the component name, and we'll label this issue appropriately.` - }); - label = 'missing-component' - } else { - label = component_label - } - await github.rest.issues.addLabels({ - owner: owner.login, - repo: name, - issue_number: number, - labels: [label] - }); - } - - // Always add the untriaged label - await github.rest.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: ['untriaged'] - }); diff --git a/.github/workflows/trigger-manifest-generation.yml b/.github/workflows/trigger-manifest-generation.yml deleted file mode 100644 index ddee9c3710d3b..0000000000000 --- a/.github/workflows/trigger-manifest-generation.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Trigger manifest generation workflow - -on: - workflow_dispatch: - push: - paths: - - buildSrc/version.properties - -jobs: - trigger-manifest-workflow: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - steps: - - name: Trigger manifest-update workflow - run: | - echo "Triggering manifest-update workflow at https://build.ci.opensearch.org/job/manifest-update/" - curl -f -X POST https://build.ci.opensearch.org/job/manifest-update/build --user ${{ secrets.JENKINS_GITHUB_USER}}:${{ secrets.JENKINS_GITHUB_USER_TOKEN}} \ No newline at end of file diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml deleted file mode 100644 index d3f1275e7d005..0000000000000 --- a/.github/workflows/version.yml +++ /dev/null @@ -1,130 +0,0 @@ -name: Increment Version - -on: - workflow_dispatch: - inputs: - tag: - description: 'the tag' - required: true - type: string - push: - tags: - - '*.*.*' - -permissions: - contents: write - issues: write - pull-requests: write - -jobs: - build: - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - steps: - - name: Fetch tag and version information - run: | - TAG=$(echo "${GITHUB_REF#refs/*/}") - if [ -n ${{ github.event.inputs.tag }} ]; then - TAG=${{ github.event.inputs.tag }} - fi - CURRENT_VERSION_ARRAY=($(echo "$TAG" | tr . '\n')) - BASE=$(IFS=. ; echo "${CURRENT_VERSION_ARRAY[*]:0:2}") - MAIN_BRANCH="main" - CURRENT_VERSION=$(IFS=. ; echo "${CURRENT_VERSION_ARRAY[*]:0:3}") - CURRENT_VERSION_UNDERSCORE=$(IFS=_ ; echo "V_${CURRENT_VERSION_ARRAY[*]:0:3}") - CURRENT_VERSION_ARRAY[2]=$((CURRENT_VERSION_ARRAY[2]+1)) - NEXT_VERSION=$(IFS=. ; echo "${CURRENT_VERSION_ARRAY[*]:0:3}") - NEXT_VERSION_UNDERSCORE=$(IFS=_ ; echo "V_${CURRENT_VERSION_ARRAY[*]:0:3}") - if [[ ${#CURRENT_VERSION_ARRAY[2]} -gt 1 ]]; then - NEXT_VERSION_ID="${CURRENT_VERSION_ARRAY[0]:0:3}0${CURRENT_VERSION_ARRAY[1]:0:3}${CURRENT_VERSION_ARRAY[2]:0:3}99" - else - NEXT_VERSION_ID=$(IFS=0 ; echo "${CURRENT_VERSION_ARRAY[*]:0:3}99") - fi - echo "TAG=$TAG" >> $GITHUB_ENV - echo "BASE=$BASE" >> $GITHUB_ENV - echo "MAIN_BRANCH=$MAIN_BRANCH" >> $GITHUB_ENV - echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV - echo "CURRENT_VERSION_UNDERSCORE=$CURRENT_VERSION_UNDERSCORE" >> $GITHUB_ENV - echo "NEXT_VERSION=$NEXT_VERSION" >> $GITHUB_ENV - echo "NEXT_VERSION_UNDERSCORE=$NEXT_VERSION_UNDERSCORE" >> $GITHUB_ENV - echo "NEXT_VERSION_ID=$NEXT_VERSION_ID" >> $GITHUB_ENV - - - uses: actions/checkout@v6 - with: - ref: ${{ env.BASE }} - - - name: Increment Patch Version on Major.Minor branch - uses: peternied/opensearch-core-version-updater@v1 - with: - previous-version: ${{ env.CURRENT_VERSION }} - new-version: ${{ env.NEXT_VERSION }} - update-current: true - - - name: Create PR for BASE - id: base_pr - uses: peter-evans/create-pull-request@v8 - with: - base: ${{ env.BASE }} - branch: 'create-pull-request/patch-${{ env.BASE }}' - commit-message: Increment version to ${{ env.NEXT_VERSION }} - signoff: true - delete-branch: true - labels: | - autocut - title: '[AUTO] Increment version to ${{ env.NEXT_VERSION }}.' - body: | - I've noticed that a new tag ${{ env.TAG }} was pushed, and incremented the version from ${{ env.CURRENT_VERSION }} to ${{ env.NEXT_VERSION }}. - - - uses: actions/checkout@v6 - with: - ref: ${{ env.MAIN_BRANCH }} - - - name: Add Patch Version on main branch - uses: peternied/opensearch-core-version-updater@v1 - with: - previous-version: ${{ env.CURRENT_VERSION }} - new-version: ${{ env.NEXT_VERSION }} - update-current: false - - - name: Create PR for MAIN_BRANCH - id: main_branch_pr - uses: peter-evans/create-pull-request@v8 - with: - base: ${{ env.MAIN_BRANCH }} - branch: 'create-pull-request/patch-${{ env.MAIN_BRANCH }}' - commit-message: Add bwc version ${{ env.NEXT_VERSION }} - signoff: true - delete-branch: true - labels: | - autocut - title: '[AUTO] [${{ env.MAIN_BRANCH }}] Add bwc version ${{ env.NEXT_VERSION }}.' - body: | - I've noticed that a new tag ${{ env.TAG }} was pushed, and added a bwc version ${{ env.NEXT_VERSION }}. - - - name: Create tracking issue - id: create-issue - uses: actions/github-script@v8 - with: - script: | - const body = ` - ### Description - A new version of OpenSearch was released, to prepare for the next release new version numbers need to be updated in all active branches of development. - - ### Exit Criteria - Review and merged the following pull requests - - [ ] ${{ steps.base_pr.outputs.pull-request-url }} - - [ ] ${{ steps.main_branch_pr.outputs.pull-request-url }} - - ### Additional Context - See project wide guidance on branching and versions [[link]](https://github.com/opensearch-project/.github/blob/main/RELEASING.md). - ` - const { data: issue }= await github.rest.issues.create({ - owner: context.repo.owner, - repo: context.repo.repo, - labels: ["Build"], - title: "Increment version for ${{ env.NEXT_VERSION }}", - body: body - }); - console.error(JSON.stringify(issue)); - return issue.number; - result-encoding: string diff --git a/.github/workflows/wrapper.yml b/.github/workflows/wrapper.yml deleted file mode 100644 index 21e8821af15df..0000000000000 --- a/.github/workflows/wrapper.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Validate Gradle Wrapper -on: [pull_request] - -jobs: - validate: - name: Validate - if: github.repository == 'opensearch-project/OpenSearch' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - uses: gradle/actions/wrapper-validation@v5 diff --git a/build.gradle b/build.gradle index c3bea8cf8d993..11ccfea37bc22 100644 --- a/build.gradle +++ b/build.gradle @@ -743,3 +743,5 @@ allprojects { project -> } } } + +// test gradle test