[Backport 2.17] fix path-to-regex cve #11256
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run cypress tests | |
# trigger on every PR for all branches except feature branches | |
on: | |
pull_request: | |
branches: [ '**', '!feature/**' ] | |
paths-ignore: | |
- '**/*.md' | |
- '.lycheeignore' | |
- 'changelogs/fragments/**' | |
workflow_dispatch: | |
inputs: | |
test_repo: | |
description: 'Cypress test repo' | |
default: 'opensearch-project/opensearch-dashboards-functional-test' | |
required: true | |
type: string | |
test_branch: | |
description: 'Cypress test branch (default: source branch)' | |
required: false | |
type: string | |
specs: | |
description: 'Tests to run (default: osd:ciGroup)' | |
required: false | |
type: string | |
pr_number: | |
description: 'PR Number (optional)' | |
required: false | |
type: number | |
env: | |
TEST_REPO: ${{ inputs.test_repo != '' && inputs.test_repo || 'opensearch-project/opensearch-dashboards-functional-test' }} | |
TEST_BRANCH: "${{ inputs.test_branch != '' && inputs.test_branch || github.base_ref }}" | |
FTR_PATH: 'ftr' | |
START_CMD: 'node ../scripts/opensearch_dashboards --dev --no-base-path --no-watch --savedObjects.maxImportPayloadBytes=10485760 --server.maxPayloadBytes=1759977 --logging.json=false --data.search.aggs.shardDelay.enabled=true --csp.warnLegacyBrowsers=false --uiSettings.overrides["query:enhancements:enabled"]=false' | |
OPENSEARCH_SNAPSHOT_CMD: 'node ../scripts/opensearch snapshot -E cluster.routing.allocation.disk.threshold_enabled=false' | |
CYPRESS_BROWSER: 'chromium' | |
CYPRESS_VISBUILDER_ENABLED: true | |
CYPRESS_DATASOURCE_MANAGEMENT_ENABLED: false | |
OSD_SNAPSHOT_SKIP_VERIFY_CHECKSUM: true | |
NODE_OPTIONS: '--max-old-space-size=6144 --dns-result-order=ipv4first' | |
COMMENT_TAG: '[MANUAL CYPRESS TEST RUN RESULTS]' | |
COMMENT_SUCCESS_MSG: ':white_check_mark: Cypress test run succeeded!' | |
COMMENT_FAILURE_MSG: ':x: Cypress test run failed!' | |
jobs: | |
cypress-tests: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
group: [1, 2, 3, 4, 5, 6, 7, 8, 9] | |
container: | |
image: docker://opensearchstaging/ci-runner:ci-runner-rockylinux8-opensearch-dashboards-integtest-v2 | |
options: --user 1001 | |
env: | |
# prevents extra Cypress installation progress messages | |
CI: 1 | |
# avoid warnings like "tput: No value for $TERM and no -T specified" | |
TERM: xterm | |
name: Run cypress tests (osd:ciGroup${{ matrix.group }}) | |
steps: | |
- name: Get source information from PR number | |
if: ${{ github.event_name == 'workflow_dispatch' && inputs.pr_number != '' }} | |
id: get_pr_info | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const { data: result } = await github.rest.pulls.get({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
pull_number: ${{ inputs.pr_number }} | |
}); | |
core.setOutput('head_name', result.head.repo.full_name); | |
core.setOutput('head_ref', result.head.ref); | |
- name: Set source repo from PR number | |
if: ${{ github.event_name == 'workflow_dispatch' && inputs.pr_number != '' }} | |
run: | | |
echo "SOURCE_REPO=${{ steps.get_pr_info.outputs.head_name }}" >> $GITHUB_ENV | |
echo "SOURCE_BRANCH=${{ steps.get_pr_info.outputs.head_ref }}" >> $GITHUB_ENV | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
repository: ${{ env.SOURCE_REPO }} | |
ref: '${{ env.SOURCE_BRANCH }}' | |
- name: Setup Node | |
uses: actions/setup-node@v2 | |
with: | |
node-version-file: '.nvmrc' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Setup Yarn | |
run: | | |
npm uninstall -g yarn | |
npm i -g [email protected] | |
- name: Run bootstrap | |
run: yarn osd bootstrap | |
- name: Build plugins | |
run: node scripts/build_opensearch_dashboards_platform_plugins --no-examples --workers 12 | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
path: ${{ env.FTR_PATH }} | |
repository: ${{ env.TEST_REPO }} | |
ref: '${{ env.TEST_BRANCH }}' | |
- name: Setup spec files by input | |
if: ${{ inputs.specs != '' }} | |
run: | | |
echo "SPEC=${{ inputs.specs }}" >> $GITHUB_ENV | |
- name: Setup spec files | |
if: ${{ inputs.specs == '' }} | |
working-directory: ${{ env.FTR_PATH }} | |
shell: bash | |
run: | | |
IFS="," read -a SPEC_ARRAY <<< $(yarn --silent osd:ciGroup${{ matrix.group }}) | |
FORMATTED_SPEC='' | |
for i in "${SPEC_ARRAY[@]}"; do | |
FORMATTED_SPEC+="cypress/integration/core-opensearch-dashboards/opensearch-dashboards/${i}," | |
done | |
echo "SPEC=${FORMATTED_SPEC}" >> $GITHUB_ENV | |
- name: Get Cypress version | |
id: cypress_version | |
run: | | |
echo "name=cypress_version::$(cat ./${{ env.FTR_PATH }}/package.json | jq '.devDependencies.cypress' | tr -d '"')" >> $GITHUB_OUTPUT | |
- name: Cache Cypress | |
id: cache-cypress | |
uses: actions/cache@v1 | |
with: | |
path: ~/.cache/Cypress | |
key: cypress-cache-v2-${{ runner.os }}-${{ hashFiles('**/package.json') }} | |
env: | |
CYPRESS_INSTALL_BINARY: ${{ steps.cypress_version.outputs.cypress_version }} | |
- run: npx cypress cache list | |
- run: npx cypress cache path | |
- name: Run tests | |
uses: cypress-io/github-action@v2 | |
with: | |
working-directory: ${{ env.FTR_PATH }} | |
start: ${{ env.OPENSEARCH_SNAPSHOT_CMD }}, ${{ env.START_CMD }} | |
wait-on: 'http://localhost:9200, http://localhost:5601' | |
command: yarn cypress:run-without-security --browser ${{ env.CYPRESS_BROWSER }} --spec ${{ env.SPEC }} | |
# Screenshots are only captured on failure, will change this once we do visual regression tests | |
- uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: ftr-cypress-screenshots | |
path: ${{ env.FTR_PATH }}/cypress/screenshots | |
retention-days: 1 | |
- uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: ftr-cypress-videos | |
path: ${{ env.FTR_PATH }}/cypress/videos | |
retention-days: 1 | |
- uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: ftr-cypress-results | |
path: ${{ env.FTR_PATH }}/cypress/results | |
retention-days: 1 | |
add-comment: | |
needs: [cypress-tests] | |
if: ${{ always() && github.event_name == 'workflow_dispatch' && inputs.pr_number != '' }} | |
permissions: | |
pull-requests: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Find Comment | |
uses: peter-evans/find-comment@v2 | |
id: fc | |
with: | |
issue-number: ${{ inputs.pr_number }} | |
comment-author: 'github-actions[bot]' | |
body-includes: "${{ env.COMMENT_TAG }}" | |
- name: Add comment on the PR | |
uses: peter-evans/create-or-update-comment@v3 | |
with: | |
comment-id: ${{ steps.fc.outputs.comment-id }} | |
issue-number: ${{ inputs.pr_number }} | |
body: | | |
### ${{ env.COMMENT_TAG }} | |
#### ${{ needs.cypress-tests.result == 'success' && env.COMMENT_SUCCESS_MSG || env.COMMENT_FAILURE_MSG }} | |
#### Inputs: | |
``` | |
Test repo: '${{ env.TEST_REPO }}' | |
Test branch: '${{ env.TEST_BRANCH }}' | |
Test spec: | |
'${{ env.SPEC }}' | |
``` | |
#### Link to results: | |
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
edit-mode: replace |