Bump micromatch for CVE-2024-4067 #1315
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Install Dashboards with Plugin via Binary' | |
on: [push, pull_request] | |
env: | |
OPENSEARCH_VERSION: '3.0.0' | |
CI: 1 | |
# avoid warnings like "tput: No value for $TERM and no -T specified" | |
TERM: xterm | |
PLUGIN_NAME: opensearch-security | |
OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123! | |
jobs: | |
verify-binary-installation: | |
name: Run binary installation | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] | |
# TODO: add windows support when OSD core is stable on windows | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout Branch | |
uses: actions/checkout@v3 | |
- name: Set env | |
run: | | |
opensearch_version=$(node -p "require('./package.json').opensearchDashboards.version") | |
plugin_version=$(node -p "require('./package.json').version") | |
echo "OPENSEARCH_VERSION=$opensearch_version" >> $GITHUB_ENV | |
echo "PLUGIN_VERSION=$plugin_version" >> $GITHUB_ENV | |
shell: bash | |
- name: Download security plugin and create setup scripts | |
uses: ./.github/actions/download-plugin | |
with: | |
opensearch-version: ${{ env.OPENSEARCH_VERSION }} | |
plugin-name: ${{ env.PLUGIN_NAME }} | |
plugin-version: ${{ env.PLUGIN_VERSION }} | |
download-location: ${{ env.PLUGIN_NAME }} | |
- name: Run Opensearch with security | |
uses: derek-ho/start-opensearch@v2 | |
with: | |
opensearch-version: ${{ env.OPENSEARCH_VERSION }} | |
plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip" | |
security-enabled: true | |
admin-password: ${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} | |
# Configure the Dashboard | |
- name: Configure OpenSearch Dashboards | |
run: | | |
cat << 'EOT' > opensearch-dashboards-config.yml | |
server.host: "0.0.0.0" | |
opensearch.hosts: ["https://localhost:9200"] | |
opensearch.ssl.verificationMode: none | |
opensearch.username: "kibanaserver" | |
opensearch.password: "kibanaserver" | |
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] | |
opensearch_security.multitenancy.enabled: true | |
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] | |
opensearch_security.readonly_mode.roles: ["kibana_read_only"] | |
# Use this setting if you are running opensearch-dashboards without https | |
opensearch_security.cookie.secure: false | |
EOT | |
- name: Run Dashboard with Security Dashboards Plugin | |
id: setup-dashboards | |
uses: derek-ho/setup-opensearch-dashboards@v2 | |
with: | |
plugin_name: security-dashboards-plugin | |
built_plugin_name: security-dashboards | |
install_zip: true | |
opensearch_dashboards_yml: opensearch-dashboards-config.yml | |
- name: Start the binary | |
run: | | |
nohup ./bin/opensearch-dashboards & | |
working-directory: ${{ steps.setup-dashboards.outputs.dashboards-binary-directory }} | |
shell: bash | |
- name: Health check | |
run: | | |
timeout 300 bash -c 'while [[ "$(curl -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -k http://localhost:5601/api/status | jq -r '.status.overall.state')" != "green" ]]; do sleep 5; done' | |
shell: bash | |