From 16734558be3bef143d363a4ed9d81e93c4e93a93 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Sat, 13 Jun 2026 17:27:25 -0400 Subject: [PATCH 1/3] Enable logger usage checks in security subprojects Signed-off-by: Craig Perkins --- build.gradle | 3 --- bwc-test/build.gradle | 1 - sample-resource-plugin/build.gradle | 1 - .../actions/transport/UpdateResourceTransportAction.java | 3 ++- .../actions/transport/UpdateResourceGroupTransportAction.java | 3 ++- 5 files changed, 4 insertions(+), 7 deletions(-) diff --git a/build.gradle b/build.gradle index 42b123bc9c..2a0bfce956 100644 --- a/build.gradle +++ b/build.gradle @@ -392,9 +392,6 @@ opensearchplugin { extendedPlugins = ['rule-framework', 'workload-management;optional=true', 'transport-grpc;optional=true'] } -// This requires an additional Jar not published as part of build-tools -loggerUsageCheck.enabled = false - publishing { publications { pluginZip(MavenPublication) { publication -> diff --git a/bwc-test/build.gradle b/bwc-test/build.gradle index 005503dc1f..b363fed816 100644 --- a/bwc-test/build.gradle +++ b/bwc-test/build.gradle @@ -79,7 +79,6 @@ dependencies { } -loggerUsageCheck.enabled = false testingConventions.enabled = false validateNebulaPom.enabled = false diff --git a/sample-resource-plugin/build.gradle b/sample-resource-plugin/build.gradle index 053b055526..9de2a32985 100644 --- a/sample-resource-plugin/build.gradle +++ b/sample-resource-plugin/build.gradle @@ -25,7 +25,6 @@ opensearchplugin { dependencyLicenses.enabled = false thirdPartyAudit.enabled = false -loggerUsageCheck.enabled = false validateNebulaPom.enabled = false testingConventions.enabled = false tasks.configureEach { task -> diff --git a/sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/transport/UpdateResourceTransportAction.java b/sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/transport/UpdateResourceTransportAction.java index 321b32338f..e6a8834d54 100644 --- a/sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/transport/UpdateResourceTransportAction.java +++ b/sample-resource-plugin/src/main/java/org/opensearch/sample/resource/actions/transport/UpdateResourceTransportAction.java @@ -10,6 +10,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.ActionFilters; @@ -78,7 +79,7 @@ private void updateResource(UpdateResourceRequest request, ActionListener new ParameterizedMessage("Failed to update resource: {}", request.getResourceId()), e); listener.onFailure(e); } diff --git a/sample-resource-plugin/src/main/java/org/opensearch/sample/resourcegroup/actions/transport/UpdateResourceGroupTransportAction.java b/sample-resource-plugin/src/main/java/org/opensearch/sample/resourcegroup/actions/transport/UpdateResourceGroupTransportAction.java index 0e34bc8491..28af118661 100644 --- a/sample-resource-plugin/src/main/java/org/opensearch/sample/resourcegroup/actions/transport/UpdateResourceGroupTransportAction.java +++ b/sample-resource-plugin/src/main/java/org/opensearch/sample/resourcegroup/actions/transport/UpdateResourceGroupTransportAction.java @@ -10,6 +10,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.message.ParameterizedMessage; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.ActionFilters; @@ -78,7 +79,7 @@ private void updateResource(UpdateResourceGroupRequest request, ActionListener new ParameterizedMessage("Failed to update resource: {}", request.getResourceId()), e); listener.onFailure(e); } From 7941c188a92d1337d4fa86dbf8c2f24a9ec6fbfd Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Sat, 13 Jun 2026 17:33:08 -0400 Subject: [PATCH 2/3] Pin Gradle GitHub Actions references Signed-off-by: Craig Perkins --- .github/actions/create-bwc-build/action.yaml | 10 +++++----- .github/actions/run-bwc-suite/action.yaml | 4 ++-- .github/workflows/ci.yml | 16 ++++++++-------- .github/workflows/code-hygiene.yml | 6 +++--- .github/workflows/plugin_install.yml | 4 ++-- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/actions/create-bwc-build/action.yaml b/.github/actions/create-bwc-build/action.yaml index 8960849333..11f7db9182 100644 --- a/.github/actions/create-bwc-build/action.yaml +++ b/.github/actions/create-bwc-build/action.yaml @@ -21,32 +21,32 @@ runs: - name: Checkout Branch from Fork if: ${{ inputs.plugin-branch == 'current_branch' }} - uses: actions/checkout@v2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: path: ${{ inputs.plugin-branch }} - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 if: ${{ inputs.plugin-branch != 'current_branch' }} with: repository: opensearch-project/security ref: ${{ inputs.plugin-branch }} path: ${{ inputs.plugin-branch }} - - uses: actions/setup-java@v4 + - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 if: ${{ inputs.plugin-branch == 'current_branch' }} with: distribution: temurin # Temurin is a distribution of adoptium java-version: 21 - name: Build - uses: gradle/gradle-build-action@v2 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: assemble build-root-directory: ${{ inputs.plugin-branch }} - id: get-opensearch-version - uses: peternied/get-opensearch-version@v1 + uses: peternied/get-opensearch-version@c13e2946341f9f17befbafe76327dae0d1e0b7a0 # v1 with: working-directory: ${{ inputs.plugin-branch }} diff --git a/.github/actions/run-bwc-suite/action.yaml b/.github/actions/run-bwc-suite/action.yaml index 12ebf13a5d..15d1406fef 100644 --- a/.github/actions/run-bwc-suite/action.yaml +++ b/.github/actions/run-bwc-suite/action.yaml @@ -37,7 +37,7 @@ runs: plugin-branch: ${{ inputs.plugin-next-branch }} - name: Run BWC tests - uses: gradle/gradle-build-action@v2 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: | @@ -50,7 +50,7 @@ runs: -Dbwc.version.previous=${{ steps.build-previous.outputs.built-version }} -Dbwc.version.next=${{ steps.build-next.outputs.built-version }} -i - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 if: always() with: name: ${{ inputs.report-artifact-name }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b86c66f22f..60124c164e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -62,7 +62,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Build and Test - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: | @@ -105,7 +105,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Build and Test - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: | @@ -162,7 +162,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Run Integration Tests - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: | @@ -205,7 +205,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Build and Test - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: | @@ -248,7 +248,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Run SampleResourcePlugin Integration Tests - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: arguments: | :opensearch-sample-resource-plugin:integrationTest -Dbuild.snapshot=false @@ -280,7 +280,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Run SampleResourcePlugin Integration Tests - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: arguments: | :opensearch-sample-resource-plugin:integrationTest -Dbuild.snapshot=false @@ -313,7 +313,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Run Resource Tests - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: | @@ -331,7 +331,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Build BWC tests - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: | diff --git a/.github/workflows/code-hygiene.yml b/.github/workflows/code-hygiene.yml index c6e31cf352..04beaa0d93 100644 --- a/.github/workflows/code-hygiene.yml +++ b/.github/workflows/code-hygiene.yml @@ -24,7 +24,7 @@ jobs: distribution: temurin # Temurin is a distribution of adoptium java-version: 21 - - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + - uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: spotlessCheck @@ -40,7 +40,7 @@ jobs: distribution: temurin # Temurin is a distribution of adoptium java-version: 21 - - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + - uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: checkstyleMain checkstyleTest checkstyleIntegrationTest @@ -56,7 +56,7 @@ jobs: distribution: temurin # Temurin is a distribution of adoptium java-version: 21 - - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + - uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: spotbugsMain diff --git a/.github/workflows/plugin_install.yml b/.github/workflows/plugin_install.yml index 75f2b2a0dc..49a85d12ff 100644 --- a/.github/workflows/plugin_install.yml +++ b/.github/workflows/plugin_install.yml @@ -34,7 +34,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Assemble target plugin - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: assemble @@ -65,7 +65,7 @@ jobs: jdk-version: 21 - name: Run sanity tests - uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0 with: cache-disabled: true arguments: integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="opensearch" -Dhttps=true -Duser=admin -Dpassword=${{ steps.generate-password.outputs.password }} -i From 52a71181af6ec5b83e3450d886940611d666f4c0 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Sun, 14 Jun 2026 08:24:48 -0400 Subject: [PATCH 3/3] Update opensearch-build workflow pins Signed-off-by: Craig Perkins --- .github/workflows/ci.yml | 2 +- .github/workflows/issue-dedupe.yml | 4 ++-- .github/workflows/pr_review.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 60124c164e..47bae99522 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ env: jobs: Get-CI-Image-Tag: - uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main + uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main with: product: opensearch diff --git a/.github/workflows/issue-dedupe.yml b/.github/workflows/issue-dedupe.yml index a9be9ef576..11c1656864 100644 --- a/.github/workflows/issue-dedupe.yml +++ b/.github/workflows/issue-dedupe.yml @@ -20,7 +20,7 @@ jobs: (github.event_name == 'issues' && github.event.issue.user.type != 'Bot' && github.repository == 'opensearch-project/security') - uses: opensearch-project/opensearch-build/.github/workflows/issue-dedupe-detect.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main + uses: opensearch-project/opensearch-build/.github/workflows/issue-dedupe-detect.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main permissions: contents: read issues: write @@ -33,7 +33,7 @@ jobs: auto-close-issue: if: github.event_name == 'schedule' && github.repository == 'opensearch-project/security' - uses: opensearch-project/opensearch-build/.github/workflows/issue-dedupe-autoclose.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main + uses: opensearch-project/opensearch-build/.github/workflows/issue-dedupe-autoclose.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main permissions: issues: write with: diff --git a/.github/workflows/pr_review.yml b/.github/workflows/pr_review.yml index 5fbb166a51..c525fc3f56 100644 --- a/.github/workflows/pr_review.yml +++ b/.github/workflows/pr_review.yml @@ -6,7 +6,7 @@ on: jobs: Code-Diff-Analyzer: - uses: opensearch-project/opensearch-build/.github/workflows/code-diff-analyzer.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main + uses: opensearch-project/opensearch-build/.github/workflows/code-diff-analyzer.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main if: github.repository == 'opensearch-project/security' permissions: id-token: write # github oidc to assume aws roles @@ -18,7 +18,7 @@ jobs: update_pr_comment_with_analyzer_report: true Code-Diff-Reviewer: - uses: opensearch-project/opensearch-build/.github/workflows/code-diff-reviewer.yml@c2498b758c08fb7bc48476509a5fc1b8dd5f7493 # main + uses: opensearch-project/opensearch-build/.github/workflows/code-diff-reviewer.yml@761e093b8c1349cc07f21c1d681d3b30bf9e1999 # main needs: Code-Diff-Analyzer if: github.repository == 'opensearch-project/security' permissions: