Fix conflicts in PR 402 - Automated branch-sync

.github/workflows/branch-sync.yml

@@ -13,56 +13,90 @@ permissions:
 jobs:
   create-pull-request:
     runs-on: ubuntu-latest
+    container: ghcr.io/dpc-sdp/bay/ci-builder:6.x
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
-          fetch-depth: 0
+          ref: 6.x
+
+      - name: Set ownership of the workspace
+        run: chown -R $(id -u):$(id -g) $PWD
 
       - name: Configure git
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
 
-      - name: Prepare sync branch
+      - name: Create PR
+        id: create-pr
         run: |
-          # Fetch all branches
-          git fetch origin
+          set +e
+          output=$(gh pr create --base 7.x --title "Automated PR - merge 6.x into 7.x" --body "This pull request syncs relevant changes from the 6.x branch into the 7.x branch. This PR was automatically generated by the CI workflow." --label "sync" --label "automated" 2>&1)
+          COMMAND_STATUS=$?
+
+          diff=$(echo $output | grep -q "No commits" && echo "false" || echo "true")
 
-          # Create a new sync branch from 7.x (target)
-          git checkout -b temp-sync-branch origin/7.x
+          echo "stdout<<EOF" | tee "$GITHUB_OUTPUT"
+          echo $output | tee -a "$GITHUB_OUTPUT"
+          ( echo ; echo "EOF" ) | tee -a "$GITHUB_OUTPUT"
 
-          # Find all 6.x commits not on 7.x and cherry-pick them
-          COMMITS=$(git log --reverse --pretty=format:"%H" origin/7.x..origin/6.x)
-          if [ -z "$COMMITS" ]; then
-            echo "NO_CHANGES=true" >> "${GITHUB_ENV}"
-            exit 0
+          if [[ $diff == "false" ]]; then
+            echo "There are no commits between the base and HEAD branches." >> $GITHUB_STEP_SUMMARY
+            COMMAND_STATUS=0
           fi
 
-          for COMMIT in $COMMITS; do
-            git log -1 --format=%s "${COMMIT}"
-            git cherry-pick "${COMMIT}" || { echo "Cherry-pick failed"; exit 1; }
-          done
+          echo "diff=$diff" >> "$GITHUB_OUTPUT"
 
-      - name: Create a pull request from sync branch to 7.x
-        if: env.NO_CHANGES != 'true'
-        uses: peter-evans/create-pull-request@v7
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          base: 7.x
-          branch: temp-sync-branch
-          title: "Sync changes from 6.x"
-          body: |
-            This pull request syncs relevant changes from the `6.x` branch into the `7.x` branch.
-
-            This PR was automatically generated by the CI workflow.
-          labels: sync, automated
-          draft: false
-          sign-commits: true
+          exit $COMMAND_STATUS
+        shell: bash
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: If successful set PR number to env var
+        if: steps.create-pr.conclusion == 'success' && steps.create-pr.outputs.diff == 'true'
+        run: |
+          output="${{ steps.create-pr.outputs.stdout }}"
+          pr_url=$(echo $output | grep -o "^https.*[0-9]")
+          pr=$(echo $pr_url | cut -d "/" -f 7)
+
+          echo "PR_URL=$pr_url" >> GITHUB_ENV
+          echo "PR_NUMBER=$pr" >> $GITHUB_ENV
 
-      - name: Enable auto-merge
-        if: env.NO_CHANGES != 'true'
+      - name: Successful, check for conflicts
+        if: env.PR_NUMBER
         run: |
-          gh pr merge temp-sync-branch --auto --merge
+          conflicts=$(gh pr view ${{ env.PR_NUMBER }} --json mergeStateStatus --jq 'if .mergeStateStatus == "DIRTY" then true else false end')
+          echo "CONFLICTS=$conflicts" >> $GITHUB_ENV
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Send Slack notification if pr created but conflicts exist
+        id: notify_slack_conflicts
+        uses: slackapi/slack-github-action@v2.1.1
+        if: always() && env.CONFLICTS
+        env:
+          LINK: ${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}
+        with:
+          webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
+          payload: |
+            text: "GitHub Action - ${{ github.workflow }} requires manual intervention. \n${{ env.LINK }}"
+            blocks:
+              - type: "section"
+                text:
+                  type: "mrkdwn"
+                  text: "${{ github.workflow }} needs conflicts resolved.\n${{ env.PR_URL }}" 
+
+      - name: Send Slack notification if PR creation failed for a reason other than "no commits"
+        id: notify_slack_failed
+        uses: slackapi/slack-github-action@v2.1.1
+        if: always() && (steps.create-pr.conclusion == 'failure' && steps.create-pr.outputs.diff == 'true')
+        env:
+          LINK: ${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}
+        with:
+          webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
+          webhook-type: incoming-webhook
+          payload: |
+            channel: ${{ secrets.SLACK_CHANNEL_ID }}
+            text: "GitHub Action ${{ github.workflow }} failed. \n${{ env.LINK }}"

gh-actions-bake.hcl

@@ -11,9 +11,16 @@ target "ci-builder" {
 
   platforms     = ["linux/amd64", "linux/arm64"]
 }
+target "opensearch" {
+  inherits = ["docker-metadata-action"]
+  context       = "${CONTEXT}/opensearch"
+  dockerfile    = "Dockerfile"
+
+  platforms     = ["linux/amd64", "linux/arm64"]
+}
 target "elasticsearch" {
   inherits = ["docker-metadata-action"]
-  context       = "${CONTEXT}/elasticsearch"
+  context       = "${CONTEXT}/opensearch"
   dockerfile    = "Dockerfile"
 
   platforms     = ["linux/amd64", "linux/arm64"]

images/aws-es-proxy/Dockerfile

@@ -4,6 +4,7 @@ RUN apk add --no-cache git
 RUN git clone https://github.com/abutaha/aws-es-proxy.git /go/src/github.com/abutaha/aws-es-proxy
 WORKDIR /go/src/github.com/abutaha/aws-es-proxy
 
+RUN go get -u && go mod tidy
 RUN CGO_ENABLED=0 GOOS=linux go build -o aws-es-proxy
 
 FROM alpine:latest

images/awx-ee/execution-environment.yml

@@ -29,7 +29,6 @@ additional_build_steps:
     - ARG NVM_DIR="/runner/.nvm"
     - ARG PHP_VERSION="8.4"
     - ARG COMPOSER_VERSION="2.7.7"
-    - ARG HUB_VERSION="2.14.2"
     - ARG GOJQ_VERSION="0.12.17"
     - ARG HELM_VERSION="3.18.3"
     - ARG YAMLFMT_VERSION="0.17.2"
@@ -67,8 +66,6 @@ additional_build_steps:
 
     - RUN curl -L "https://github.com/uselagoon/lagoon-cli/releases/download/${LAGOON_CLI_VERSION}/lagoon-cli-${LAGOON_CLI_VERSION}-linux-amd64" -o /usr/local/bin/lagoon
     - RUN chmod +x /usr/local/bin/lagoon
-    - RUN curl -L "https://github.com/github/hub/releases/download/v${HUB_VERSION}/hub-linux-amd64-${HUB_VERSION}.tgz" -o /tmp/hub && tar -xvf /tmp/hub -C /tmp && mv /tmp/hub-linux-amd64-${HUB_VERSION}/bin/hub /usr/local/bin
-    - RUN chmod +x /usr/local/bin/hub
     - RUN lagoon config feature --enable-local-dir-check false --force
     - RUN curl -sS "https://getcomposer.org/download/${COMPOSER_VERSION}/composer.phar" --output composer.phar
     - RUN chmod +x composer.phar

images/awx-ee/requirements.yml

@@ -3,11 +3,12 @@ collections:
   - ansible.posix
   - ansible.utils
   - awx.awx
-  - community.general
+  - name: community.general
+    version: "11.1.2"
   - kubernetes.core
   - name: lagoon.api
     source: https://github.com/salsadigitalauorg/lagoon_ansible_collection.git
-    version: 2.1.0
+    version: "2.2.4"
     type: git
   - name: section.api
     source: https://github.com/salsadigitalauorg/section_ansible_collection.git

images/ci-builder/Dockerfile

@@ -3,7 +3,6 @@ FROM ghcr.io/dpc-sdp/sumocli:v0.11.1 AS sumocli
 FROM php:8.4-cli-alpine
 ARG AHOY_VERSION=2.4.0
 ARG GOJQ_VERSION=0.12.17
-ARG HUB_VERSION=2.14.2
 ARG LAGOON_CLI_VERSION=0.32.0
 ARG SHIPSHAPE_VERSION=1.0.0-alpha.1.5.1
 
@@ -26,6 +25,7 @@ RUN apk add --update --no-cache \
     docker \
     docker-compose \
     git \
+    github-cli \
     libffi-dev \
     musl-dev \
     ncurses \
@@ -37,12 +37,6 @@ RUN apk add --update --no-cache \
     python3 \
     python3-dev
 
-## Install GitHub CLI tool.
-RUN curl -sL "https://github.com/mislav/hub/releases/download/v${HUB_VERSION}/hub-$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '-')-${HUB_VERSION}.tgz" -o /tmp/hub.tgz && \
-    tar -C /tmp -xzvf /tmp/hub.tgz && \
-    mv /tmp/hub-$(echo ${TARGETPLATFORM:-linux/amd64} | tr '/' '-')-${HUB_VERSION}/bin/hub /usr/local/bin && \
-    chmod 755 /usr/local/bin
-
 ## Install required PHP extensions for Drupal and python packages.
 RUN apk add --no-cache \
     py3-flake8 \

images/opensearch/Dockerfile

@@ -0,0 +1,7 @@
+FROM uselagoon/opensearch-2:latest
+
+RUN for plugin in \
+  analysis-kuromoji \
+  analysis-icu; do \
+    /usr/share/opensearch/bin/opensearch-plugin install $plugin; \
+  done

images/php/mtk/drupal.conf

@@ -63,3 +63,4 @@ nodata:
   - router
   - sessions
   - webform_*
+  - scheduled_transition*

images/php/settings.php

@@ -314,37 +314,60 @@
 $config['clamav.settings']['mode_daemon_tcpip']['hostname'] = $clamav_host;
 $config['clamav.settings']['mode_daemon_tcpip']['port'] = $clamav_port;
 
-// Configure elasticsearch connections from environment variables.
-if (getenv('SEARCH_HASH') && getenv('SEARCH_URL')) {
-  $config['elasticsearch_connector.cluster.elasticsearch_bay']['url'] = sprintf('http://%s.%s', getenv('SEARCH_HASH'), getenv('SEARCH_URL'));
+$opensearch_profile = getenv('BAY_OPENSEARCH_PROFILE') ?: 'sdp-elastic';
+if ($opensearch_profile == 'sdp-elastic') {
+  // Configuration for legacy sdp-elastic integration.
+  // @todo remove this sdp-elastic block when all applications migrated to opensearch.
+  if (getenv('SEARCH_HASH') && getenv('SEARCH_URL')) {
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['url'] = sprintf('http://%s.%s', getenv('SEARCH_HASH'), getenv('SEARCH_URL'));
+  } else {
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['url'] = "http://elasticsearch:9200";
+  }
+
+  if (getenv('SEARCH_INDEX')) {
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['rewrite']['rewrite_index'] = 1;
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['rewrite']['index'] = [
+      'prefix' => getenv('SEARCH_INDEX'),
+      'suffix' => '',
+    ];
+  } else {
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['rewrite']['index'] = [
+      'prefix' => 'elasticsearch_index_default_',
+      'suffix' => '',
+    ];
+  }
+
+  if (getenv('SEARCH_AUTH_USERNAME') && getenv('SEARCH_AUTH_PASSWORD')) {
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['username'] = getenv('SEARCH_AUTH_USERNAME');
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['password'] = getenv('SEARCH_AUTH_PASSWORD');
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['use_authentication'] = 1;
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['authentication_type'] = 'Basic';
+  } else {
+    $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['use_authentication'] = 0;
+  }
+  // Override data_pipelines url.
+  $config['data_pipelines.dataset_destination.sdp_elasticsearch']['destinationSettings']['url'] = (getenv('SEARCH_HASH') && getenv('SEARCH_URL')) ? sprintf('http://%s.%s', getenv('SEARCH_HASH'), getenv('SEARCH_URL')) : "http://elasticsearch:9200";
 } else {
-  $config['elasticsearch_connector.cluster.elasticsearch_bay']['url'] =  "http://elasticsearch:9200";
-}
+  // Configuration for bay opensearch integration.
+
+  // Connect to a proxy service that handles AWS IAM auth.
+  $endpoint = "http://aws-es-proxy:9200";
 
-if (getenv('SEARCH_INDEX')) {
+  // Default index prefix looks like "${PROJECT}__${ENVIRONMENT}__". This can be overridden with BAY_OPENSEARCH_PREFIX.
+  $environment = getenv('LAGOON_ENVIRONMENT') ?: 'default';
+  $index_prefix = getenv('BAY_OPENSEARCH_PREFIX') ?: sprintf('%s__%s', getenv('LAGOON_PROJECT'), $environment);
+  $config['elasticsearch_connector.cluster.elasticsearch_bay']['url'] = $endpoint;
+  $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['use_authentication'] = FALSE;
   $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['rewrite']['rewrite_index'] = 1;
   $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['rewrite']['index'] = [
-    'prefix' => getenv('SEARCH_INDEX'),
-    'suffix' => '',
-  ];
-} else {
-  $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['rewrite']['index'] = [
-    'prefix' => 'elasticsearch_index_default_',
+    'prefix' => sprintf('%s__%s_', $index_prefix, "sapi"),
     'suffix' => '',
   ];
+  $config['data_pipelines.dataset_destination.sdp_elasticsearch']['destinationSettings']['url'] = $endpoint;
+  $config['data_pipelines.dataset_destination.sdp_elasticsearch']['destinationSettings']['prefix'] = sprintf('%s__sdp_data_pipelines_', $index_prefix);
 }
 
-if (getenv('SEARCH_AUTH_USERNAME') && getenv('SEARCH_AUTH_PASSWORD')) {
-  $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['username'] = getenv('SEARCH_AUTH_USERNAME');
-  $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['password'] = getenv('SEARCH_AUTH_PASSWORD');
-  $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['use_authentication'] = 1;
-  $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['authentication_type'] = 'Basic';
-} else {
-  $config['elasticsearch_connector.cluster.elasticsearch_bay']['options']['use_authentication'] = 0;
-}
 
-// Override data_pipelines url.
-$config['data_pipelines.dataset_destination.sdp_elasticsearch']['destinationSettings']['url'] = (getenv('SEARCH_HASH') && getenv('SEARCH_URL')) ? sprintf('http://%s.%s', getenv('SEARCH_HASH'), getenv('SEARCH_URL')) : "http://elasticsearch:9200";
 
 // Configure tide_logs.
 if (getenv('TIDE_LOGS_UDPLOG_HOST')) {