Removes checked in js zip

[downsrob]

Issue #, if available:
#402

Description of changes:

• Removes checked in js zip and replaces it with a dynamic dependency.

CheckList:

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov-commenter]

Codecov Report

Merging #403 (fbb45fc) into 1.x (71745ca) will increase coverage by 0.04%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##                1.x     #403      +/-   ##
============================================
+ Coverage     75.60%   75.64%   +0.04%     
- Complexity     1997     2015      +18     
============================================
  Files           253      253              
  Lines         11466    11489      +23     
  Branches       1815     1819       +4     
============================================
+ Hits           8669     8691      +22     
- Misses         1765     1767       +2     
+ Partials       1032     1031       -1     

Impacted Files	Coverage Δ
...nt/indexstatemanagement/model/destination/Chime.kt	40.90% <0.00%> (-13.64%)	⬇️
...nt/indexstatemanagement/ManagedIndexCoordinator.kt	67.06% <0.00%> (-5.44%)	⬇️
...anagement/indexstatemanagement/model/Transition.kt	63.38% <0.00%> (-4.23%)	⬇️
...nt/rollup/action/stop/TransportStopRollupAction.kt	70.93% <0.00%> (-1.17%)	⬇️
.../rollup/action/start/TransportStartRollupAction.kt	66.27% <0.00%> (-1.17%)	⬇️
...earch/indexmanagement/transform/model/Transform.kt	86.08% <0.00%> (+0.43%)	⬆️
.../opensearch/indexmanagement/rollup/model/Rollup.kt	84.43% <0.00%> (+0.47%)	⬆️
...ent/indexstatemanagement/util/ManagedIndexUtils.kt	78.03% <0.00%> (+1.15%)	⬆️
...exmanagement/opensearchapi/OpenSearchExtensions.kt	87.65% <0.00%> (+1.23%)	⬆️
.../action/explain/TransportExplainTransformAction.kt	69.31% <0.00%> (+2.27%)	⬆️
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 71745ca...fbb45fc. Read the comment docs.

[downsrob]

Whitesource failing with

CVE-2022-24329	Medium	5.3	kotlin-stdlib-1.4.0.jar	Upgrade to version: org.jetbrains.kotlin:kotlin-stdlib:1.6.0

[bowenlan-amzn]

Nice

[prudhvigodithi]

Hey @downsrob
will this address #123?
Thank you

[downsrob]

@prudhvigodithi It addresses the mentioned issue #402

[opensearch-trigger-bot]

The backport to 1.3 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-1.3 1.3
# Navigate to the new working tree
cd .worktrees/backport-1.3
# Create a new branch
git switch --create backport/backport-403-to-1.3
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 e9075dd2ebfa3e3f916614d132fb101c1ad0b2a1
# Push it to GitHub
git push --set-upstream origin backport/backport-403-to-1.3
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-1.3

Then, create a pull request where the base branch is 1.3 and the compare/head branch is backport/backport-403-to-1.3.

[rursprung]

why do it this way around? as the infrastructure is now in place to publish everything to maven and you already have a snapshot maven repo located here you could use that: https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/

@prudhvigodithi: it seems that the snapshots of plugin ZIPs are not (yet) published there. if they would be this would allow you to just use them as normal maven dependencies here in the gradle build w/o having to manually construct any URLs and downloading them manually.

[prudhvigodithi]

@prudhvigodithi: it seems that the snapshots of plugin ZIPs are not (yet) published there. if they would be this would allow you to just use them as normal maven dependencies here in the gradle build w/o having to manually construct any URLs and downloading them manually.

Hey @rursprung snapshots can be fetched from nexus maven repo
Example for job-scheduler snapshots

Quick test:

mvn org.apache.maven.plugins:maven-dependency-plugin:2.1:get -DrepoUrl=https://aws.oss.sonatype.org/content/repositories/snapshots/ -Dartifact=org.opensearch.plugin:opensearch-job-scheduler:2.1.0.0-SNAPSHOT:zip

Picked up JAVA_TOOL_OPTIONS: -Dlog4j2.formatMsgNoLookups=true
[INFO] Scanning for projects...
[INFO] 
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:2.1:get (default-cli) @ standalone-pom ---
Downloading from temp: https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-job-scheduler/2.1.0.0-SNAPSHOT/maven-metadata.xml
Downloaded from temp: https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-job-scheduler/2.1.0.0-SNAPSHOT/maven-metadata.xml (804 B at 1.6 kB/s)
Downloading from temp: https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-job-scheduler/2.1.0.0-SNAPSHOT/opensearch-job-scheduler-2.1.0.0-20220630.215242-39.zip
Downloaded from temp: https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/plugin/opensearch-job-scheduler/2.1.0.0-SNAPSHOT/opensearch-job-scheduler-2.1.0.0-20220630.215242-39.zip (210 kB at 344 kB/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.557 s
[INFO] Finished at: 2022-07-10T08:30:10-04:00
[INFO] ------------------------------------------------------------------------

[prudhvigodithi]

Just to add the PluginZips are out in maven starting 2.1.0, 1.x versions have to be backfilled.
Thank you
@rursprung @dblock @bbarani