Skip to content

feat(opensearch): build opensearch-fortlogs#1715

Draft
ztomaszewska wants to merge 4 commits into
mainfrom
feat/opensearch-fortlogs
Draft

feat(opensearch): build opensearch-fortlogs#1715
ztomaszewska wants to merge 4 commits into
mainfrom
feat/opensearch-fortlogs

Conversation

@ztomaszewska

@ztomaszewska ztomaszewska commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Pull Request Details

We need to build our own custom OpenSearch image for Fortlogs solution. It's based on official OpenSearch image. Two official plugins are removed and replaced with custom ones (that include some critical fixes).
It's a workaround for limitation of opensearch k8s operator (opensearch-project/opensearch-k8s-operator#1423).

Copilot AI review requested due to automatic review settings June 10, 2026 08:57
@ztomaszewska ztomaszewska requested review from a team as code owners June 10, 2026 08:57
Copilot AI reviewed Jun 10, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a custom OpenSearch Docker image (“opensearch-fortlogs”) intended for Fortlogs, based on the official OpenSearch image but replacing bundled opensearch-security-analytics and opensearch-alerting plugins with patched builds to work around current operator limitations.

Changes:

  • Added opensearch/build/Dockerfile to remove bundled plugins and install patched plugin ZIPs.
  • Added build documentation in opensearch/build/README.md describing rationale and included upstream PRs.
  • Updated .github/workflows/docker-build.yaml to build and Trivy-scan the new opensearch-fortlogs image.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File Description
opensearch/build/README.md Documents the custom image purpose, base image, and upstream patch tracking.
opensearch/build/Dockerfile Defines the custom OpenSearch image that swaps official plugins for patched ZIPs.
.github/workflows/docker-build.yaml Extends the build + vulnerability scan workflow matrix to include the new image.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread opensearch/build/README.md
Comment on lines +34 to +43
| Repo | PR | Title |
|------|----|-------|
| opensearch-project/alerting | [#2163](https://github.com/opensearch-project/alerting/pull/2163) | fix: stop DestinationMigrationCoordinator cycling on unrelated cluster events |
| opensearch-project/alerting | [#2158](https://github.com/opensearch-project/alerting/pull/2158) | Fix: Skip alias-type fields in doc-level monitor query index mapping |
| opensearch-project/alerting | [#2154](https://github.com/opensearch-project/alerting/pull/2154) | fix: correct inverted condition in DocLevelMonitorQueries causing query index churn |
| opensearch-project/alerting | [#2145](https://github.com/opensearch-project/alerting/pull/2145) | Fix/workflow validation ~10 delegation monitor limit |
| opensearch-project/alerting | [#2150](https://github.com/opensearch-project/alerting/pull/2150) | Fix/doc level monitor sample documents source fields |
| opensearch-project/security-analytics | [#1726](https://github.com/opensearch-project/security-analytics/pull/1726) | fix: set deleteQueryIndexInEveryRun=false for chained_findings monitor |
| ~~opensearch-project/security-analytics~~ | [~~#1722~~](https://github.com/opensearch-project/security-analytics/pull/1722) | ~~Fix mutable script params for detector trigger actions~~ |

Comment thread opensearch/build/README.md Outdated
Comment on lines +45 to +46
Images are build and push to ghcr.io. Pushed images are automatically mirrored to Keppel Container Image Registry.

Comment thread opensearch/build/Dockerfile Outdated
@@ -0,0 +1,16 @@
FROM opensearchproject/opensearch:3.6.0
Comment thread opensearch/build/Dockerfile Outdated
Comment on lines +13 to +14
RUN /usr/share/opensearch/bin/opensearch-plugin install --batch https://github.com/thecodingshrimp/opensearch-plugins-alerting/releases/download/v2-custom/opensearch-alerting-3.6.0.0-v2-SNAPSHOT.zip
RUN /usr/share/opensearch/bin/opensearch-plugin install --batch https://github.com/thecodingshrimp/opensearch-plugin-security-analytics/releases/download/v2-custom/opensearch-security-analytics-3.6.0.0-v2-SNAPSHOT.zip
Comment thread opensearch/build/Dockerfile Outdated
Comment on lines +7 to +14
# Don't change the order!
RUN /usr/share/opensearch/bin/opensearch-plugin remove opensearch-security-analytics
RUN /usr/share/opensearch/bin/opensearch-plugin remove opensearch-alerting

# Don't change the order!
# Will change the plugins repository to one of SAP repos ASAP.
RUN /usr/share/opensearch/bin/opensearch-plugin install --batch https://github.com/thecodingshrimp/opensearch-plugins-alerting/releases/download/v2-custom/opensearch-alerting-3.6.0.0-v2-SNAPSHOT.zip
RUN /usr/share/opensearch/bin/opensearch-plugin install --batch https://github.com/thecodingshrimp/opensearch-plugin-security-analytics/releases/download/v2-custom/opensearch-security-analytics-3.6.0.0-v2-SNAPSHOT.zip
Comment thread .github/workflows/docker-build.yaml
Comment on lines +34 to +37
- Context: opensearch/build
Dockerfiles: opensearch/build/Dockerfile
Imagename: opensearch-fortlogs
Platform: linux/amd64
@github-advanced-security

github-advanced-security AI commented Jun 10, 2026

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@ztomaszewska ztomaszewska marked this pull request as draft June 10, 2026 13:39
@thecodingshrimp
chore: update opensearch plugins to SAP-cloud-infrastructure org rele…
e0003d8 
…ases (#1731)

Replace thecodingshrimp placeholder plugin URLs with the official
SAP-cloud-infrastructure org releases for opensearch-alerting and
opensearch-security-analytics at version 3.6.0.0-sci-v2.

Refs: CCLOUDSRC-1017
Version: 3.6.0.0-sci-v2

Signed-off-by: thecodingshrimp <leonard.stutzer@sap.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ztomaszewska @github-advanced-security @thecodingshrimp