Support Windows runner for CI workflows #1275
Conversation
RyanL1997
changed the title
This PR is still a WIP. The major blockers are:
Reference[1]: https://github.com/RyanL1997/security-dashboards-plugin/actions/runs/3716119921/jobs/6333900876 |
|
Is the test getting stuck somewhere? It looks like its reaching the 10min timeout limit: on this test: |
RyanL1997
force-pushed
the
windows-support-for-ci
branch
from
9999f7e
to
0a33ee3
Compare
UpdatesHere is the log of using: https://github.com/RyanL1997/security-dashboards-plugin/actions/runs/3752295912/jobs/6374283816#step:17:101. |
RyanL1997
force-pushed
the
windows-support-for-ci
branch
2 times, most recently
from
c95647d
to
076b2d8
Compare
Updates on 01/06/2023There are two major issues blocking this PR:
For the first issue of IDP server of integration test workflow, instead of using For the second issue of Cypress workflow, I was assuming that it may need longer time to set up OSD on windows runner. However, according to the experiments me and @scrawfor99 did for using the original On behalf the similarity of the above findings, I guess the way we are using of starting severs on windows runner is wrong. I'm still doing research about this and I will also keep updating the findings. Reference[1] : https://github.com/opensearch-project/security-dashboards-plugin/actions/runs/3859072362/jobs/6578260549 |
|
As written the SAML IDP is started before the tests run, but this seems backwards to me. The SAML server should be started by the tests that need it so endpoint, state, and other properties can be reviewed and confirmed by the tests. Can we migrate the IDP start up logic into the tests - this side-steps issues of how to start the server in Windows vs Linux environments. As there is considerable progress towards getting the rest of the tests running, can we handle the SAML tests running on windows in a separate PR to keep up speed, what do you think? |
|
@RyanL1997 thank you for filing this. I think @peternied's suggestion to migrate the server launch into the tests themselves is a good one. You and I have both tried about every other way of getting the server to launch and I think it is just a matter of something being different on the window's runner versus the Linux which may not be configurable. That being said, great job with all this. |
Update 01/09/2023@cwperks, Here is the findings after we tried to It seems like we lost the server after the checkout. Reference[1] : https://github.com/RyanL1997/security-dashboards-plugin/actions/runs/3880154925/jobs/6617977487#step:12:30. |
|
@opensearch-project/security Guys I think I need your support on this. If you can take a look of this comment (#1275 (comment)) I think the server of OSD cannot be carried after the checkout of functional test repo for Cypress Test. |
|
Looks like both, Cypress and Integration test, CI checks failed with |
|
@DarshitChanpura, I was trying to help @RyanL1997 remove the SAML test from the Windows side and saw this too. I am looking into it now and will hopefully identify a cause soon. |
|
Seems like this could be a potential root cause: |
|
@DarshitChanpura, thanks for the help. I see that too on mine. I am actually running the 2.x and main versions of the install workflow on the backend side to see what the results are. It may be as simple as updating the fasterxml dependency if it fails on the backend too. Update: 2.x is fine but main fails saying a bunch of jackson stuff does not exist. I am going to look at the changes that impacted jackson recently and see where we will need to add it back in. Update: Now it seems to be working on main again. I am not sure if it is intermittent build changes on the distribution build that is causing the behavior difference but even when the backend is fixed the dashboards repo is still running into the issue. I am going to look more closely at the specific error mentioned above. For the jackson issue I am unsure what we want to elect as the course of action. It seems like we are running into the issue as a result of the core snapshot having moved jackson around (my best guess without following the path further). We can directly depend on jackson ourselves in order to make sure we have the correct version where we expect but this would add an entire dependency and I know that jackson has been a topic for discussion as of late. |
The class is present in jackson-databind 2.14.1 which is what we use: https://fasterxml.github.io/jackson-databind/javadoc/2.14/com/fasterxml/jackson/databind/InjectableValues.Std.html |
Looks like jackson-databind is not shipped with the packaging distribution, neither in core nor in security which is most likely the root cause. Investigating now |
|
I also saw that core and security seemed to not be building with the jackson dependency. However, it looks like the classes can be found when you just focus on the backend tests--if you run plugin install workflow, everything is successful on main. I suspect this means that dashboards may be getting a different version of either the security plugin or the core SNAPSHOT. |
Interesting. I did confirm that the building the package using |
RyanL1997
force-pushed
the
windows-support-for-ci
branch
2 times, most recently
from
d565352
to
549afe5
Compare
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #1275 +/- ##
=======================================
Coverage 71.78% 71.78%
=======================================
Files 88 88
Lines 2027 2027
Branches 274 274
=======================================
Hits 1455 1455
Misses 509 509
Partials 63 63 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
RyanL1997
force-pushed
the
windows-support-for-ci
branch
4 times, most recently
from
4dd8a09
to
833cdff
Compare
Update 01/23/2023I have successfully fixed the Cypress workflow [1]. However, since the original github action for checkout is broken for windows runner [2]. I have came out a work around: instead of checking-out to functional test repo to run the Cypress test, I clone the FTR into current working directory and directly setup and run Cypress in the same step of OSD setup [3]. Reference[1] : https://github.com/opensearch-project/security-dashboards-plugin/actions/runs/3993203040/workflow |
Signed-off-by: Ryan Liang <[email protected]>
Signed-off-by: Ryan Liang <[email protected]>
RyanL1997
force-pushed
the
windows-support-for-ci
branch
4 times, most recently
from
916f111
to
429c71e
Compare
Signed-off-by: Ryan Liang <[email protected]>
RyanL1997
force-pushed
the
windows-support-for-ci
branch
from
429c71e
to
9da6a34
Compare
Update 01/31/2023Since the latest distribution build does not have security plugin included, so I'm testing on build version @cwperks, @peternied, @scrawfor99, and @DarshitChanpura, I have finished some of the refactoring so some of the old reviews of you guys disappeared on the latest change. I also replied some of the comments in the old commits but for better view and understanding I'm manually updating with you guys following:
|
|
Great work @RyanL1997. I know this has been a major thorn and it is appreciated that you continue to be diligent about it. All of your comments make sense to me. I would also mention that if you were really motivated, you could fork the gecko action and firefox action for windows and then make your own versioned action which you could refer to (this is not necessary but is an option should you want to go that route). Great job overall! |
Thanks for the comment @scrawfor99. That makes sense. The reason we were trying to avoid using |
| uses: peternied/download-file@v2 | ||
| if: ${{ runner.os == 'Linux' }} | ||
| with: | ||
| url: https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/${{ inputs.opensearch-version }}/7028/linux/x64/tar/builds/opensearch/plugins/${{ inputs.plugin-name }}-${{ inputs.plugin-version }}.zip |
There was a problem hiding this comment.
Yes, I was checking with infra team this morning and seems like the latest doesnt include security plugin yet and that's also the reason for the failing of pre-requisite test. I will change it back to latest once everything is ready. This is only for now.
There was a problem hiding this comment.
Please link the issue where this is being worked on.
There was a problem hiding this comment.
I just linked issue in the general comment section.
There was a problem hiding this comment.
Since the latest distribution build of 3.0.0 does not have security plugin included, so I'm testing on build version 7028 which includes all the latest changes we made for core and security plugin, and I will change it back to latest once this issue gets fixed opensearch-project/cross-cluster-replication#696
If the security plugin is building on 3.0.0 why don't we have a fresh build of it available? Should we be publishing our own builds to maven for consumption so we aren't stuck because of a separate plugin, or should the build process automatically publish binaries for components that do function?
@RyanL1997 Please create a new issue in opensearch-build and start a thread in our release channel linking that issue, we need to be pushing for a solution to the systemic problem.
There was a problem hiding this comment.
There was a problem hiding this comment.
Update: They have fixed the build
| # Browser-action version does not work on Windows | ||
| - name: Set up Firefox browser for Windows | ||
| if: ${{ runner.os == 'Windows' }} | ||
| uses: RyanL1997/setup-browser@main |
There was a problem hiding this comment.
I don't see any changes in your fork, can you link the commit with the changes you needed? I'm fine using your fork and should use the same fork for both linux/windows workflows
I was forking from the other's fork. I think this is the commit from the original author to fix firefox browser on arm64 on windows runner: RyanL1997/setup-browser@4e4eb11#diff-75000eb32e68d8d07d14a37b002c16b1920c849082945fbaf79c4d263a182e87 |
Signed-off-by: Ryan Liang <[email protected]>
Signed-off-by: Ryan Liang <[email protected]>
Signed-off-by: Ryan Liang <[email protected]>
RyanL1997
force-pushed
the
windows-support-for-ci
branch
from
1eafb8d
to
6a6c6e2
Compare
|
Since the latest distribution build of 3.0.0 does not have security plugin included, so I'm testing on build version 7028 which includes all the latest changes we made for core and security plugin, and I will change it back to latest once this issue gets fixed opensearch-project/cross-cluster-replication#696 |
|
Updating branch protection rules to make integ tests on Ubuntu + Windows a requirement |
Description
Support Windows runner for CI workflows of integration test and Cypress test
Category
Enhancement
Issues Resolved
Testing
GitHub Actions
Check List
New functionality has been documentedBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.