[Campaign] Ensure Github workflow runs on docker image used by Production Distribution Build #1605
Comments
|
[Triage] Hi @peterzhuamazon, thank you for filing this issue. At this time, the Security repos do not have enough context around the purpose of this change... It seems like this is adding responsibility to the Security repo without context for the change. Could you provide a case for this change and why we should address it on such an aggressive time scale (11/1)? Thank you. |
|
We have a new approach established here. Thanks. |
|
Hi @scrawfor99 I will work with you on this soon. Thanks. |
|
[Triage] @peterzhuamazon Will this potentially speed up or make CI checks more stable than the default github runners? The security-dashboards-plugin repo has recently been having issues with running out of space, do these runners have more space than the default github runners? |
Hi @cwperks I dont think it will resolve out of space issues as it is still using github actions runner as host (?), tho the env is in sync with jenkins prod build now so if there is any errors where github actions pass but jenkins doesnt, we can catch them earlier before release cycle starts. Thanks. |
|
Due to the complexity of the workflows, we need to work with security team to understand the process before onboarding the docker images. |
|
[Triage] Hi @peterzhuamazon, is there anything you needed from the Security Plugin or its maintainers at this time? It looks like you marked this as in your Backlog so we wanted to check whether this was still being pursued? |
|
[Triage] Going to close this. Please reopen if further work continues on this effort. |
Hi All,
This is coming from the campaign here:
Overview
We would like your CI check (specifically plugin build) in GitHub Repo to run on top of the Build Docker Images from production distribution pipeline.
This is to ensure every plugin repo will use the exact docker images we used in Jenkins build, to check their PRs and run tests before merging the code, so that issues can be detected earlier, and environment can be identical across teams.
Solutions
The Build Team has created a simple script to dynamically retrieve the current docker image name/tag, so everyone can easily pull the images for their CI checks.
We have a trial run of the above with k-NN team. The script retrieves the docker image dynamically, save output, and use it as the docker image to pull for the upcoming run:
Note that GitHub Actions only support LINUX docker container at the time of this writing, so we will add Windows containers later on as well as macOS.
Implementation Notes
We would like you to review above PR and implement similar changes. Note on line
33of the above k-NN PR,-uand-pparameters needs to assign values accordingly.Note that in the above k-NN PR, despite it being OpenSearch plugin, it still uses
rockylinux8, as we initially plan to upgrade to rockylinux. We have since revert back tocentos7to support older versions of systems running k-NN lib. As a result, all OpenSearch plugins still usescentos7for the time being, and all OpenSearch-Dashboards plugins can go torockylinux8.Completion Date
The above should be implemented by
Nov. 1, 2023 (2023-11-01)by Plugin Owners to their repository.And backport the changes to
2.xbranch after merging inmainbranch.Contacts
Please contact @peterzhuamazon for any questions on this campaign.
cc: @bbarani
Thanks.
The text was updated successfully, but these errors were encountered: