[Campaign] Ensure Github workflow runs on docker image used by Production Distribution Build #3494
Comments
github-actions
bot
added
the
untriaged
|
[Triage] Hi @peterzhuamazon, thank you for filing this issue. At this time, the Security repos do not have enough context around the purpose of this change... It seems like this is adding responsibility to the Security repo without context for the change. Could you provide a case for this change and why we should address it on such an aggressive time scale (11/1)? Thank you. |
stephen-crawford
removed
the
untriaged
|
Hi @scrawfor99 I will work with you on this soon. Thanks. |
|
We have a new approach established here. Thanks. |
|
Hi @peterzhuamazon, thanks for following up. Looking at the workflow you shared, it seems like the idea is to just use the docker image to make things more standardized? Have there been issues around this area? I am not against the change, just want to make sure we (security) have the context for the root of the change. |
|
Hi @peterzhuamazon, just following up. Are you still pursuing this campaign? If not, we will close this issue. Thank you. |
github-project-automation
bot
moved this to Backlog
in OpenSearch Engineering Effectiveness
Yes @scrawfor99 this is for standardizing the github run env to be the same as on Jenkins during prod release build. |
|
Due to the complexity of the workflows, we need to work with security team to understand the process before onboarding the docker images. |
|
Hi @peterzhuamazon, just checking in if there was anything you needed from the Security repos at this time. Thanks |
|
@reta to follow-up. |
stephen-crawford
added
the
triaged
|
@peterzhuamazon This recommendation creates a circular dependency between security and OpenSearch-build repos please publish a GitHub action that can be consumed instead of a file [1] |
Hi All,
This is coming from the campaign here:
Overview
We would like your CI check (specifically plugin build) in GitHub Repo to run on top of the Build Docker Images from production distribution pipeline.
This is to ensure every plugin repo will use the exact docker images we used in Jenkins build, to check their PRs and run tests before merging the code, so that issues can be detected earlier, and environment can be identical across teams.
Solutions
The Build Team has created a simple script to dynamically retrieve the current docker image name/tag, so everyone can easily pull the images for their CI checks.
We have a trial run of the above with k-NN team. The script retrieves the docker image dynamically, save output, and use it as the docker image to pull for the upcoming run:
Note that GitHub Actions only support LINUX docker container at the time of this writing, so we will add Windows containers later on as well as macOS.
Implementation Notes
We would like you to review above PR and implement similar changes. Note on line
33of the above k-NN PR,-uand-pparameters needs to assign values accordingly.Note that in the above k-NN PR, despite it being OpenSearch plugin, it still uses
rockylinux8, as we initially plan to upgrade to rockylinux. We have since revert back tocentos7to support older versions of systems running k-NN lib. As a result, all OpenSearch plugins still usescentos7for the time being, and all OpenSearch-Dashboards plugins can go torockylinux8.Completion Date
The above should be implemented by
Nov. 1, 2023 (2023-11-01)by Plugin Owners to their repository.And backport the changes to
2.xbranch after merging inmainbranch.Contacts
Please contact @peterzhuamazon for any questions on this campaign.
cc: @bbarani
Thanks.
The text was updated successfully, but these errors were encountered: