Skip to content

[CVE] Address CVE-2023-6378 issue (#1053) #1461

[CVE] Address CVE-2023-6378 issue (#1053)

[CVE] Address CVE-2023-6378 issue (#1053) #1461

name: Test and Build OpenSearch Dashboards Reports
on: [pull_request, push]
env:
PLUGIN_NAME: reportsDashboards
ARTIFACT_NAME: reports-dashboards
OPENSEARCH_VERSION: '1.3'
OPENSEARCH_PLUGIN_VERSION: 1.3.7.0
jobs:
linux-build:
runs-on: ubuntu-latest
steps:
- name: Checkout Plugin
uses: actions/checkout@v1
- name: Checkout OpenSearch Dashboards
uses: actions/checkout@v1
with:
repository: opensearch-project/Opensearch-Dashboards
ref: ${{ env.OPENSEARCH_VERSION }}
path: OpenSearch-Dashboards
- name: Get node version
id: versions_step
run:
echo "::set-output name=node_version::$(node -p "(require('../OpenSearch-Dashboards/package.json').engines.node).match(/[.0-9]+/)[0]")"
- name: Setup Node
uses: actions/setup-node@v1
with:
node-version: ${{ steps.versions_step.outputs.node_version }}
registry-url: 'https://registry.npmjs.org'
- name: Move Dashboards Reports to Plugins Dir
run: mv dashboards-reports ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}
- name: Add Chromium Binary to Reporting for Testing
run: |
sudo apt update
sudo apt install -y libnss3-dev fonts-liberation libfontconfig1
cd ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}
wget https://github.com/opendistro-for-elasticsearch/kibana-reports/releases/download/chromium-1.12.0.0/chromium-linux-x64.zip
unzip chromium-linux-x64.zip
rm chromium-linux-x64.zip
- name: OpenSearch Dashboards Plugin Bootstrap
uses: nick-invision/retry@v1
with:
timeout_minutes: 30
max_attempts: 3
command: cd ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}; yarn osd bootstrap
- name: Test
uses: nick-invision/retry@v1
with:
timeout_minutes: 30
max_attempts: 3
command: cd ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}; yarn test --coverage
- name: Upload coverage
uses: codecov/codecov-action@v1
with:
flags: dashboards-reports
directory: ../OpenSearch-Dashboards/plugins/
token: ${{ secrets.CODECOV_TOKEN }}
- name: Build Artifact
run: |
cd ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}
yarn build
cd build
mkdir -p ./{linux-x64,linux-arm64}/opensearch-dashboards/${{ env.PLUGIN_NAME }}
cp ./${{ env.PLUGIN_NAME }}-*.zip ./linux-x64/${{ env.ARTIFACT_NAME }}-${{ env.OPENSEARCH_PLUGIN_VERSION }}-linux-x64.zip
cp ./${{ env.PLUGIN_NAME }}-*.zip ./linux-arm64/${{ env.ARTIFACT_NAME }}-${{ env.OPENSEARCH_PLUGIN_VERSION }}-linux-arm64.zip
cd linux-x64
wget https://github.com/opensearch-project/dashboards-reports/releases/download/chromium-1.12.0.0/chromium-linux-x64.zip
unzip chromium-linux-x64.zip -d ./opensearch-dashboards/${{ env.PLUGIN_NAME }}
zip -ur ./${{ env.ARTIFACT_NAME }}-*.zip ./opensearch-dashboards
mv ./${{ env.ARTIFACT_NAME }}-*.zip ..
cd ..
cd linux-arm64
wget https://github.com/opensearch-project/dashboards-reports/releases/download/chromium-1.12.0.0/chromium-linux-arm64.zip
unzip chromium-linux-arm64.zip -d ./opensearch-dashboards/${{ env.PLUGIN_NAME }}
zip -ur ./${{ env.ARTIFACT_NAME }}-*.zip ./opensearch-dashboards
mv ./${{ env.ARTIFACT_NAME }}-*.zip ..
cd ..
- name: Upload Artifact For Linux x64
uses: actions/upload-artifact@v1
with:
name: dashboards-reports-linux-x64
path: ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}/build/${{ env.ARTIFACT_NAME }}-${{ env.OPENSEARCH_PLUGIN_VERSION }}-linux-x64.zip
- name: Upload Artifact For Linux arm64
uses: actions/upload-artifact@v1
with:
name: dashboards-reports-linux-arm64
path: ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}/build/${{ env.ARTIFACT_NAME }}-${{ env.OPENSEARCH_PLUGIN_VERSION }}-linux-arm64.zip
windows-build:
runs-on: windows-latest
steps:
- name: Checkout Plugin
uses: actions/checkout@v1
# Enable longer filenames for windows
- name: Enable longer filenames
run: git config --system core.longpaths true
- name: Checkout OpenSearch Dashboards
uses: actions/checkout@v1
with:
repository: opensearch-project/Opensearch-Dashboards
ref: ${{ env.OPENSEARCH_VERSION }}
path: OpenSearch-Dashboards
- name: Get node version
id: versions_step
run:
echo "::set-output name=node_version::$(node -p "(require('../OpenSearch-Dashboards/package.json').engines.node).match(/[.0-9]+/)[0]")"
- name: Setup Node
uses: actions/setup-node@v1
with:
node-version: ${{ steps.versions_step.outputs.node_version }}
registry-url: 'https://registry.npmjs.org'
- name: Move Dashboards Reports to Plugins Dir
run: mv dashboards-reports ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}
- name: Add Chromium Binary to Reporting for Testing
run: |
cd ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}
curl.exe -LO https://github.com/opensearch-project/dashboards-reports/releases/download/chromium-1.12.0.0/chromium-windows-x64.zip
Expand-Archive -Path 'chromium-windows-x64.zip'
Move-Item -Path "./chromium-windows-x64/.chromium" -Destination "./.chromium"
rd chromium-windows-x64.zip
rd chromium-windows-x64
- name: OpenSearch Dashboards Plugin Bootstrap
uses: nick-invision/retry@v1
with:
timeout_minutes: 30
max_attempts: 3
command: cd ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }} && yarn osd bootstrap
- name: Test
uses: nick-invision/retry@v1
with:
timeout_minutes: 30
max_attempts: 3
command: cd ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }} && yarn test
- name: Build Artifact
run: |
cd ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}
yarn build
cd build
mkdir -p ./windows-x64/opensearch-dashboards/${{ env.PLUGIN_NAME }}
mv ./${{ env.PLUGIN_NAME }}-*.zip ./windows-x64/${{ env.ARTIFACT_NAME }}-${{ env.OPENSEARCH_PLUGIN_VERSION }}-windows-x64.zip
cd windows-x64
curl.exe -LO https://github.com/opensearch-project/dashboards-reports/releases/download/chromium-1.12.0.0/chromium-windows-x64.zip
Expand-Archive -Path 'chromium-windows-x64.zip'
Move-Item -Path "./chromium-windows-x64/.chromium" -Destination "./opensearch-dashboards/${{ env.PLUGIN_NAME }}"
rd chromium-windows-x64.zip
rd chromium-windows-x64
Compress-Archive -Path "./${{ env.ARTIFACT_NAME }}-*.zip" -Destination "./opensearch-dashboards"
mv ./${{ env.ARTIFACT_NAME }}-*.zip ..
cd ..
- name: Upload Artifact For Windows
uses: actions/upload-artifact@v1
with:
name: dashboards-reports-windows-x64
path: ../OpenSearch-Dashboards/plugins/${{ env.PLUGIN_NAME }}/build/${{ env.ARTIFACT_NAME }}-${{ env.OPENSEARCH_PLUGIN_VERSION }}-windows-x64.zip