-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopensearch-dashboards-2-2.17.0-r0.yaml
163 lines (127 loc) · 6.6 KB
/
opensearch-dashboards-2-2.17.0-r0.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
package:
name: opensearch-dashboards-2-2.17.0-r0
version: 2.17.1
epoch: 1
description: Open source visualization dashboards for OpenSearch
copyright:
- license: Apache-2.0
resources:
cpu: 16
memory: 16Gi
dependencies:
runtime:
- nodejs-18
environment:
contents:
packages:
- apk-tools
- build-base
- busybox
- ca-certificates-bundle
- curl
- gcc-12
- gcc-12-default
- git
- jq
- node-gyp
- nodejs-18
- npm
- openssf-compiler-options
- posix-libc-utils
- py3-setuptools
- python3
- xorg-server
- yarn
environment:
CC: gcc
CXX: g++
data:
- name: plugins
items:
dashboards-observability: observabilityDashboards
dashboards-reporting: reportsDashboards
dashboards-visualizations: ganttChartDashboards
dashboards-query-workbench: queryWorkbenchDashboards
dashboards-maps: customImportMapDashboards
anomaly-detection-dashboards-plugin: anomalyDetectionDashboards
ml-commons-dashboards: mlCommonsDashboards
index-management-dashboards-plugin: indexManagementDashboards
dashboards-notifications: notificationsDashboards
alerting-dashboards-plugin: alertingDashboards
security-analytics-dashboards-plugin: securityAnalyticsDashboards
security-dashboards-plugin: securityDashboards
dashboards-search-relevance: searchRelevanceDashboards
pipeline:
- uses: git-checkout
with:
repository: https://github.com/opensearch-project/OpenSearch-Dashboards.git
tag: ${{package.version}}
expected-commit: 62cc0320399aef63aa09689aaaf000adafbedeef
cherry-picks: 'main/5e19749ec40230316ba2688c38e5c62f74ddb71d: CVE-2024-37890
'
- runs: '# Workaround for "OpenSearch Dashboards should not be run as root. Use --allow-root to continue."
# This change will add the --allow-root when running the build_ts_refs and register_git_hook scripts
sed -i ''s/\("osd:bootstrap": "scripts\/use_node scripts\/build_ts_refs\)\( && scripts\/use_node scripts\/register_git_hook\)/\1 --allow-root\2 --allow-root/'' package.json
'
- runs: "# Create \"resolutions\" section of package.json\njq '.resolutions |= (if . then . else {} end)' package.json > temp.json && mv temp.json package.json\nfor override in '\"**/hoek\"=\"npm:@hapi/hoek@>=8.5.1\"'; do\n jq \".resolutions.${override}\" package.json > temp.json && mv temp.json package.json\ndone\n"
- runs: 'set -x
# Our commond LDFLAGS cause some issues when building for aarch64. We
# unset our global flags to allow the build to succeed.
unset LDFLAGS
# fix CVE-2024-47764
resolutions=''{"**/cookie": "^0.7.0"}''
jq --argjson resolutions "$resolutions" ''.resolutions += $resolutions'' package.json > temp.json && mv temp.json package.json
# fix CVE-2024-45801
devDependencies=''{"dompurify": "^3.1.3"}''
jq --argjson devDependencies "$devDependencies" ''.devDependencies += $devDependencies'' package.json > temp.json && mv temp.json package.json
yarn osd bootstrap --allow-root --silent 2>/dev/null
yarn build-platform --skip-os-packages --skip-archives --release --allow-root
# Delete the node directory to ensure we use the system node.
rm -r build/opensearch-dashboards-${{package.version}}-linux-*/node
mkdir -p "${{targets.destdir}}/usr/share"
cp -r build/opensearch-dashboards-${{package.version}}-linux-* "${{targets.destdir}}/usr/share/opensearch-dashboards"
# Remove the default config file, as it will be provided by the config package which comes from a different repository.
rm -r ${{targets.destdir}}/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
'
- uses: strip
subpackages:
- name: ${{package.name}}-config
description: Compatibility package to place Docker startup scripts.
pipeline:
- uses: git-checkout
with:
repository: https://github.com/opensearch-project/opensearch-build
tag: ${{package.version}}
destination: opensearch-build
expected-commit: d0abadc62f63b10a6ed683950451a65f5c2cd457
- runs: 'install -Dm755 opensearch-build/docker/release/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint-2.x.sh ${{targets.contextdir}}/usr/share/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh
install -Dm655 opensearch-build/config/opensearch_dashboards-2.x.yml ${{targets.contextdir}}/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
install -Dm655 opensearch-build/docker/release/config/opensearch-dashboards/opensearch.example.org.key ${{targets.contextdir}}/usr/share/opensearch-dashboards/config/opensearch.example.org.key
install -Dm655 opensearch-build/docker/release/config/opensearch-dashboards/opensearch.example.org.cert ${{targets.contextdir}}/usr/share/opensearch-dashboards/config/opensearch.example.org.cert
'
- range: plugins
name: ${{package.name}}-${{range.key}}
pipeline:
- runs: 'rm -r plugins/* || true
'
- uses: git-checkout
with:
repository: https://github.com/opensearch-project/${{range.key}}.git
tag: ${{package.version}}.0
destination: ./plugins/${{range.value}}
- runs: "# fix cve CVE-2024-45801\ncd ./plugins/${{range.value}}\nif [ ${{range.value}} = \"reportsDashboards\" ]\nthen\n # Define the dependencies\n dependencies='{\"dompurify\": \"^3.1.3\"}'\n # Apply the dependencies\n jq --argjson dependencies \"$dependencies\" '.dependencies += $dependencies' package.json > temp.json && mv temp.json package.json\nfi\n\nyarn osd bootstrap --allow-root --silent 2>/dev/null\nnode /home/build/scripts/plugin_helpers build --allow-root --skip-archive\n\nif [ ${{range.value}} = \"reportsDashboards\" ]\nthen\n # Remove a test directory of the `resolver` package to prevent surfacing a false-positive.\n # See https://github.com/browserify/resolve/issues/288\n rm -r build/opensearch-dashboards/${{range.value}}/node_modules/resolve/test\nfi\n\nmkdir -p \"${{targets.contextdir}}/usr/share/opensearch-dashboards/plugins\"\ncp -r build/opensearch-dashboards/${{range.value}} \"${{targets.contextdir}}/usr/share/opensearch-dashboards/plugins/\"\n"
update:
enabled: true
github:
identifier: opensearch-project/OpenSearch-Dashboards
tag-filter: 2.0
test:
environment:
contents:
packages:
- ${{package.name}}-config
environment:
OSD_NODE_HOME: /usr
pipeline:
- runs: '/usr/share/opensearch-dashboards/bin/opensearch-dashboards --version --allow-root
'