nightly-playground-deploy.yml

name: Nightly Playground Validate and Deploy

on:
  workflow_call:
    inputs:
      dist_version:
        required: true
        description: 'OpenSearch and Dashboards distribution version'
        type: string

jobs:
  set-os-osd-urls:
    runs-on: ubuntu-latest
    outputs:
      OPENSEARCH_URL: ${{ steps.set-env.outputs.OPENSEARCH_URL }}
      OPENSEARCH_DASHBOARDS_URL: ${{ steps.set-env.outputs.OPENSEARCH_DASHBOARDS_URL }}
      OPENSEARCH_DIST_MANIFEST_URL: ${{ steps.set-env.outputs.OPENSEARCH_DIST_MANIFEST_URL }}
      OPENSEARCH_DASHBOARDS_DIST_MANIFEST_URL: ${{ steps.set-env.outputs.OPENSEARCH_DASHBOARDS_DIST_MANIFEST_URL }}
    steps:
      - name: Set Env variables
        id: set-env
        run: |
          wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/${{inputs.dist_version}}/latest/linux/x64/tar/dist/opensearch/manifest.yml -O opensearch.yml
          wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{inputs.dist_version}}/latest/linux/x64/tar/dist/opensearch-dashboards/manifest.yml -O dashboards.yml

          opensearch_build_id=$(yq .build.id opensearch.yml)
          dashboards_build_id=$(yq .build.id dashboards.yml)

          echo "OPENSEARCH_URL=$(yq .build.location opensearch.yml)" >> "$GITHUB_OUTPUT"
          echo "OPENSEARCH_DASHBOARDS_URL=$(yq .build.location dashboards.yml)" >> "$GITHUB_OUTPUT"

          echo "OPENSEARCH_DIST_MANIFEST_URL=https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/${{inputs.dist_version}}/$opensearch_build_id/linux/x64/tar/dist/opensearch/manifest.yml" >> "$GITHUB_OUTPUT"
          echo "OPENSEARCH_DASHBOARDS_DIST_MANIFEST_URL=https://ci.opensearch.org/ci/dbc/distribution-build-opensearch-dashboards/${{inputs.dist_version}}/$dashboards_build_id/linux/x64/tar/dist/opensearch-dashboards/manifest.yml" >> "$GITHUB_OUTPUT"

  validate-and-deploy:
    outputs:
      ENDPOINT: ${{ steps.deploy.outputs.ENDPOINT }}
      PLAYGROUND_ID: ${{ steps.deploy.outputs.playground_id }}
    permissions:
      id-token: write
      contents: read
    needs: set-os-osd-urls
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          repository: 'opensearch-project/opensearch-build'

      - name: Set up Python 3.9
        uses: actions/setup-python@v3
        with:
          python-version: 3.9

      - name: Install Pipenv and Dependencies
        run: |
          python -m pip install --upgrade pipenv wheel
          pipenv install --deploy --dev

      - name: Validate OS and OSD
        run: unset JAVA_HOME && ./validation.sh --file-path opensearch=${{needs.set-os-osd-urls.outputs.OPENSEARCH_URL}} opensearch-dashboards=${{needs.set-os-osd-urls.outputs.OPENSEARCH_DASHBOARDS_URL}}

      - uses: actions/checkout@v3

      - uses: aws-actions/configure-aws-credentials@v4.0.2
        with:
          role-to-assume: ${{ secrets.DEPLOY_NIGHTLY_PLAYGROUND_ROLE }}
          aws-region: us-west-2

      - uses: actions/setup-node@v4
        with:
          node-version: 16.x

      - name: Deploy nightly playground
        id: deploy
        working-directory: nightly-playground
        run: |
          npm install
          playground_id=`echo ${{inputs.dist_version}} | cut -d. -f1`x
          echo "PLAYGROUND_ID=$playground_id" >> "$GITHUB_OUTPUT"
          aws s3 cp s3://nightly-playgrounds-snapshots-bucket/internal_users.yml resources/security-config/internal_users.yml
          npm run cdk deploy "infra*" -- -c playGroundId=$playground_id -c distVersion=${{inputs.dist_version}} -c distributionUrl=${{needs.set-os-osd-urls.outputs.OPENSEARCH_URL}} -c dashboardsUrl=${{needs.set-os-osd-urls.outputs.OPENSEARCH_DASHBOARDS_URL}} -c dashboardPassword=${{ SECRETS.DASHBOARDS_PASSWORD }} -c adminPassword=${{ SECRETS.OPENSEARCH_PASSWORD }} -c dashboardOpenIDClientSecret=${{ SECRETS.DASHBOARD_OPENID_CLIENT_SECRET }} --require-approval never

          echo "ENDPOINT=$(aws cloudformation --region us-west-2 describe-stacks --stack-name infraStack-$playground_id --query 'Stacks[0].Outputs[0].OutputValue' --output text)" >> "$GITHUB_OUTPUT"

  index-dist-manifests:
    needs: 
      - set-os-osd-urls
      - validate-and-deploy
    runs-on: ubuntu-latest
    steps:
      - name: Index distribution manifests
        run: |
          wget ${{ needs.set-os-osd-urls.outputs.OPENSEARCH_DIST_MANIFEST_URL }} -O opensearch.yml
          wget ${{ needs.set-os-osd-urls.outputs.OPENSEARCH_DASHBOARDS_DIST_MANIFEST_URL }} -O opensearch-dashboards.yml
          yq -o=json '.' opensearch.yml > opensearch.json
          yq -o=json '.' opensearch-dashboards.yml > dashboards.json

          curl -XPOST -f "https://${{needs.validate-and-deploy.outputs.ENDPOINT}}:8443/opensearch/_doc/1" -H "Content-Type: application/json" -d @opensearch.json -u ${{ secrets.OPENSEARCH_USER }}:${{ secrets.OPENSEARCH_PASSWORD }} --insecure

          curl -XPOST -f "https://${{needs.validate-and-deploy.outputs.ENDPOINT}}:8443/opensearch-dashboards/_doc/1" -H "Content-Type: application/json" -d @dashboards.json -u ${{ secrets.OPENSEARCH_USER }}:${{ secrets.OPENSEARCH_PASSWORD }} --insecure

  configure-alerts-notifications:
    needs: validate-and-deploy
    runs-on: ubuntu-latest
    continue-on-error: true
    steps:
      - uses: actions/checkout@v3

      - name: Check and Create notification channel
        run: |
          status_code=$(curl -XGET -s -o /dev/null -w "%{http_code}" "https://${{needs.validate-and-deploy.outputs.ENDPOINT}}:8443/_plugins/_notifications/configs/slack-notification-channel" -u ${{ secrets.OPENSEARCH_USER }}:${{ secrets.OPENSEARCH_PASSWORD }} --insecure)

          if [ "$status_code" != "200" ]; then
            curl -XPOST -f "https://${{needs.validate-and-deploy.outputs.ENDPOINT}}:8443/_plugins/_notifications/configs" -H 'Content-Type: application/json' -d'
            {
              "config_id": "slack-notification-channel",
              "name": "slack-notification-channel",
              "config": {
                "name": "slack-notification-channel",
                "description": "Slack notification channel for monitoring alerts",
                "config_type": "webhook",
                "is_enabled": true,
                "webhook": {
                  "url": "${{ secrets.SLACK_WEBHOOK }}"
                  }
                }
              }' -u ${{ secrets.OPENSEARCH_USER }}:${{ secrets.OPENSEARCH_PASSWORD }} --insecure
          fi

      - name: Configure monitors
        run: |
          for config in `ls nightly-playground/resources/monitors-config/`;
          do curl -XPOST -f "https://${{needs.validate-and-deploy.outputs.ENDPOINT}}:8443/_plugins/_alerting/monitors" -H 'Content-Type: application/json' -d @nightly-playground/resources/monitors-config/$config -u ${{ secrets.OPENSEARCH_USER }}:${{ secrets.OPENSEARCH_PASSWORD }} --insecure;
          done

  add-sample-data:
    needs: validate-and-deploy
    runs-on: ubuntu-latest
    steps:
      - name: Add sample data
        run : |
          curl -X POST -f 'https://${{needs.validate-and-deploy.outputs.ENDPOINT}}/${{needs.validate-and-deploy.outputs.PLAYGROUND_ID}}/api/sample_data/logs' -H 'securitytenant: global' -H 'Content-Type: application/json' -H 'osd-version: ${{inputs.dist_version}}' -H 'osd-xsrf: osd-fetch' -u ${{ secrets.OPENSEARCH_USER }}:${{ secrets.OPENSEARCH_PASSWORD }} --insecure
          curl -X POST -f 'https://${{needs.validate-and-deploy.outputs.ENDPOINT}}/${{needs.validate-and-deploy.outputs.PLAYGROUND_ID}}/api/sample_data/flights' -H 'securitytenant: global' -H 'Content-Type: application/json' -H 'osd-version: ${{inputs.dist_version}}' -H 'osd-xsrf: osd-fetch' -u ${{ secrets.OPENSEARCH_USER }}:${{ secrets.OPENSEARCH_PASSWORD }} --insecure
          curl -X POST -f 'https://${{needs.validate-and-deploy.outputs.ENDPOINT}}/${{needs.validate-and-deploy.outputs.PLAYGROUND_ID}}/api/sample_data/ecommerce' -H 'securitytenant: global' -H 'Content-Type: application/json' -H 'osd-version: ${{inputs.dist_version}}' -H 'osd-xsrf: osd-fetch' -u ${{ secrets.OPENSEARCH_USER }}:${{ secrets.OPENSEARCH_PASSWORD }} --insecure