From 8a15045366611e8ce26f5fc2d652090d5930ded9 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Fri, 13 Oct 2023 17:56:26 +0000
Subject: [PATCH] [PR2]Ensure Github workflow runs on docker image used by
 Production Distribution Build (#1264)

* Update get image workflow to use the yml from opensearch-build repo

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Update more

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Remove usages

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Add more

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

* Restore security test to original as it is not good to run dind for docker

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>

---------

Signed-off-by: Peter Zhu <zhujiaxi@amazon.com>
(cherry picked from commit b195c5944f0b300230ba5298f081d8072663a6ee)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 .github/workflows/get-ci-image-tag.yml        | 39 -------------------
 .../workflows/multi-node-test-workflow.yml    |  5 +--
 .github/workflows/security-test-workflow.yml  | 28 ++++---------
 .github/workflows/test-workflow.yml           |  5 +--
 4 files changed, 12 insertions(+), 65 deletions(-)
 delete mode 100644 .github/workflows/get-ci-image-tag.yml

diff --git a/.github/workflows/get-ci-image-tag.yml b/.github/workflows/get-ci-image-tag.yml
deleted file mode 100644
index 81c42635a..000000000
--- a/.github/workflows/get-ci-image-tag.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-name: Get CI Image Tag
-on:
-  workflow_call:
-    inputs:
-      platform:
-        required: true
-        type: string
-      usage:
-        required: true
-        type: string
-    outputs:
-      ci-image-version-linux:
-        description: The ci image version for linux build
-        value: ${{ jobs.Get-CI-Image-Tag.outputs.output-ci-image-version-linux }}
-
-jobs:
-  Get-CI-Image-Tag:
-    runs-on: ubuntu-latest
-    outputs:
-      output-ci-image-version-linux: ${{ steps.step-ci-image-version-linux.outputs.ci-image-version-linux }}
-    steps:
-      - name: Install crane
-        uses: iarekylew00t/crane-installer@v1
-        with:
-          crane-release: v0.15.2
-      - name: Checkout opensearch-build repository
-        uses: actions/checkout@v2
-        with:
-            repository: 'opensearch-project/opensearch-build'
-            ref: 'main'
-            path: 'opensearch-build'
-      - name: Get ci image version from opensearch-build repository scripts
-        id: step-ci-image-version-linux
-        run: |
-          crane version
-          CI_IMAGE_VERSION=`opensearch-build/docker/ci/get-ci-images.sh -p ${{ inputs.platform }} -u ${{ inputs.usage }} -t build | head -1`
-          echo $CI_IMAGE_VERSION
-          echo "ci-image-version-linux=$CI_IMAGE_VERSION" >> $GITHUB_OUTPUT
-
diff --git a/.github/workflows/multi-node-test-workflow.yml b/.github/workflows/multi-node-test-workflow.yml
index b80f04a43..0531ebd46 100644
--- a/.github/workflows/multi-node-test-workflow.yml
+++ b/.github/workflows/multi-node-test-workflow.yml
@@ -10,10 +10,9 @@ on:
 
 jobs:
   Get-CI-Image-Tag:
-    uses: ./.github/workflows/get-ci-image-tag.yml
+    uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
     with:
-      platform: centos7
-      usage: opensearch
+      product: opensearch
 
   build-linux:
     needs: Get-CI-Image-Tag
diff --git a/.github/workflows/security-test-workflow.yml b/.github/workflows/security-test-workflow.yml
index 9a8f45bf8..127962210 100644
--- a/.github/workflows/security-test-workflow.yml
+++ b/.github/workflows/security-test-workflow.yml
@@ -9,14 +9,7 @@ on:
       - "*"
 
 jobs:
-  Get-CI-Image-Tag:
-    uses: ./.github/workflows/get-ci-image-tag.yml
-    with:
-      platform: centos7
-      usage: opensearch
-
-  build-linux:
-    needs: Get-CI-Image-Tag
+  build:
     strategy:
       matrix:
         java: [ 11, 17 ]
@@ -24,14 +17,12 @@ jobs:
     name: Build and test Alerting
     # This job runs on Linux
     runs-on: ubuntu-latest
-    container:
-      # using the same image which is used by opensearch-build team to build the OpenSearch Distribution
-      # this image tag is subject to change as more dependencies and updates will arrive over time
-      image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
-      # need to switch to root so that github actions can install runner binary on container without permission issues.
-      options: --user root
-
     steps:
+      # This step uses the setup-java Github action: https://github.com/actions/setup-java
+      - name: Set Up JDK ${{ matrix.java }}
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.java }}
       # This step uses the checkout Github action: https://github.com/actions/checkout
       - name: Checkout Branch
         uses: actions/checkout@v2
@@ -42,9 +33,7 @@ jobs:
           java-version: ${{ matrix.java }}
       - name: Build Alerting
         # Only assembling since the full build is governed by other workflows
-        run: |
-          chown -R opensearch.opensearch `pwd`
-          su opensearch -c "whoami && java -version && ./gradlew assemble"
+        run: ./gradlew assemble
       - name: Pull and Run Docker
         run: |
           plugin=`basename $(ls alerting/build/distributions/*.zip)`
@@ -97,8 +86,7 @@ jobs:
           if [ $security -gt 0 ]
           then
             echo "Security plugin is available"
-            chown -R opensearch.opensearch `pwd`
-            su opensearch -c "whoami && java -version && ./gradlew :alerting:integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=admin"
+            ./gradlew :alerting:integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dsecurity=true -Dhttps=true -Duser=admin -Dpassword=admin
           else
             echo "Security plugin is NOT available skipping this run as tests without security have already been run"
           fi
diff --git a/.github/workflows/test-workflow.yml b/.github/workflows/test-workflow.yml
index 6d248cfcb..6757d5c05 100644
--- a/.github/workflows/test-workflow.yml
+++ b/.github/workflows/test-workflow.yml
@@ -10,10 +10,9 @@ on:
 
 jobs:
   Get-CI-Image-Tag:
-    uses: ./.github/workflows/get-ci-image-tag.yml
+    uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
     with:
-      platform: centos7
-      usage: opensearch
+      product: opensearch
 
   build-linux:
     needs: Get-CI-Image-Tag