Simplify process and remove dco yml as it is replaced by dco app

Signed-off-by: Peter Zhu <[email protected]>

.github/workflows/build-and-test.yml

@@ -11,29 +11,11 @@ on:
 # We build for all combinations but run tests only on one combination (linux & latest java)
 jobs:
   Get-CI-Image-Tag:
-    runs-on: ubuntu-latest
-    outputs:
-      ci-image-version-linux: ${{ steps.step-ci-image-version-linux.outputs.ci-image-version-linux }}
-    steps:
-      - name: Install crane
-        uses: iarekylew00t/crane-installer@v1
-        with:
-          crane-release: v0.15.2
-      - name: Checkout opensearch-build repository
-        uses: actions/checkout@v2
-        with:
-          repository: 'opensearch-project/opensearch-build'
-          ref: 'main'
-          path: 'opensearch-build'
-      - name: Get ci image version from opensearch-build repository scripts
-        id: step-ci-image-version-linux
-        run: |
-          crane version
-          CI_IMAGE_VERSION=`opensearch-build/docker/ci/get-ci-images.sh -p centos7 -u opensearch -t build | head -1`
-          echo $CI_IMAGE_VERSION
-          echo "ci-image-version-linux=$CI_IMAGE_VERSION" >> $GITHUB_OUTPUT
+    uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
+    with:
+      product: opensearch
 
-  Build-Test-CCR-Linux:
+  build-test-linux:
     strategy:
       matrix:
         java: [11, 17]
@@ -60,7 +42,7 @@ jobs:
         # switching the user, as OpenSearch cluster can only be started as root/Administrator on linux-deb/linux-rpm/windows-zip.
         run: |
           chown -R opensearch.opensearch `pwd`
-          su opensearch -c "whoami && java -version && ./gradlew --refresh-dependencies clean release -D"build.snapshot=true""
+          su `id -un 1000` -c 'whoami && java -version && ./gradlew --refresh-dependencies clean release -D"build.snapshot=true"'
       - name: Upload failed logs
         uses: actions/upload-artifact@v2
         if: failure()
@@ -77,4 +59,4 @@ jobs:
       - name: Upload Coverage Report
         uses: codecov/codecov-action@v1
         with:
-          token: ${{ secrets.CODECOV_TOKEN }}
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/build.yml

@@ -12,29 +12,11 @@ on:
 # Also, We're not running tests here as those are already covered with linux build.
 jobs:
   Get-CI-Image-Tag:
-    runs-on: ubuntu-latest
-    outputs:
-      ci-image-version-linux: ${{ steps.step-ci-image-version-linux.outputs.ci-image-version-linux }}
-    steps:
-      - name: Install crane
-        uses: iarekylew00t/crane-installer@v1
-        with:
-          crane-release: v0.15.2
-      - name: Checkout opensearch-build repository
-        uses: actions/checkout@v1
-        with:
-          repository: 'opensearch-project/opensearch-build'
-          ref: 'main'
-          path: 'opensearch-build'
-      - name: Get ci image version from opensearch-build repository scripts
-        id: step-ci-image-version-linux
-        run: |
-          crane version
-          CI_IMAGE_VERSION=`opensearch-build/docker/ci/get-ci-images.sh -p centos7 -u opensearch -t build | head -1`
-          echo $CI_IMAGE_VERSION
-          echo "ci-image-version-linux=$CI_IMAGE_VERSION" >> $GITHUB_OUTPUT
+    uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
+    with:
+      product: opensearch
 
-  Build-CCR-Linux:
+  build-linux:
     strategy:
       matrix:
         java: [11, 17]
@@ -60,8 +42,8 @@ jobs:
       - name: Run build
         # switching the user, as OpenSearch cluster can only be started as root/Administrator on linux-deb/linux-rpm/windows-zip.
         run: |
-          chown -R opensearch.opensearch `pwd`
-          su opensearch -c "whoami && java -version && ./gradlew --refresh-dependencies clean release -D"build.snapshot=true" -x test -x IntegTest"
+          chown -R 1000:1000 `pwd`
+          su `id -un 1000` -c 'whoami && java -version && ./gradlew --refresh-dependencies clean release -D"build.snapshot=true" -x test -x IntegTest'
 
       - name: Upload Coverage Report
         uses: codecov/codecov-action@v1
@@ -91,4 +73,4 @@ jobs:
         uses: actions/checkout@v2
       - name: Build and run Replication tests
         run: |
-          ./gradlew --refresh-dependencies clean release -D"build.snapshot=true" -x test -x IntegTest
+          ./gradlew --refresh-dependencies clean release -D"build.snapshot=true" -x test -x IntegTest

.github/workflows/security-knn-tests.yml

@@ -9,6 +9,11 @@ on:
       - '*'
 
 jobs:
+  Get-CI-Image-Tag:
+    uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
+    with:
+      product: opensearch
+
   req:
     # Job name
     name: plugin check
@@ -45,12 +50,19 @@ jobs:
             cat $GITHUB_OUTPUT
           fi  
 
-  build:
-    needs: req
+  build-linux:
+    needs: [req, Get-CI-Image-Tag]
     if: ${{ 'True' == needs.req.outputs.isSecurityPluginAvailable }}
     # Job name
     name: Build and Run Security tests
     runs-on: ubuntu-latest
+    container:
+      # using the same image which is used by opensearch-build team to build the OpenSearch Distribution
+      # this image tag is subject to change as more dependencies and updates will arrive over time
+      image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
+      # need to switch to root so that github actions can install runner binary on container without permission issues.
+      options: --user root
+
     steps:
       # This step uses the setup-java Github action: https://github.com/actions/setup-java
       - name: Set Up JDK 17
@@ -62,8 +74,9 @@ jobs:
         uses: actions/checkout@v2
       - name: Build and run Replication tests
         run: |
+          chown -R 1000:1000 `pwd`
           ls -al src/test/resources/security/plugin
-          ./gradlew --refresh-dependencies clean release -Dbuild.snapshot=true -Psecurity=true
+          su `id -un 1000` -c "whoami && java -version && ./gradlew --refresh-dependencies clean release -Dbuild.snapshot=true -Psecurity=true"
       - name: Upload failed logs
         uses: actions/upload-artifact@v2
         if: failure()
@@ -82,12 +95,19 @@ jobs:
           fetch-depth: 2
         uses: codecov/[email protected]
 
-  knn-build:
-    needs: req
+  knn-build-linux:
+    needs: [req, Get-CI-Image-Tag] 
     if: ${{ 'True' == needs.req.outputs.isKnnPluginAvailable }}
     # Job name
     name: Build and Run Knn tests
     runs-on: ubuntu-latest
+    container:
+      # using the same image which is used by opensearch-build team to build the OpenSearch Distribution
+      # this image tag is subject to change as more dependencies and updates will arrive over time
+      image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
+      # need to switch to root so that github actions can install runner binary on container without permission issues.
+      options: --user root
+
     steps:
       # This step uses the setup-java Github action: https://github.com/actions/setup-java
       - name: Set Up JDK 17
@@ -99,7 +119,8 @@ jobs:
         uses: actions/checkout@v2
       - name: Build and run Replication tests
         run: |
-          ./gradlew --refresh-dependencies clean release -Dbuild.snapshot=true -PnumNodes=1  -Dtests.class=org.opensearch.replication.BasicReplicationIT   -Dtests.method="test knn index replication"  -Pknn=true
+          chown -R opensearch.opensearch `pwd`
+          su `id -un 1000` -c 'whoami && java -version && ./gradlew --refresh-dependencies clean release -Dbuild.snapshot=true -PnumNodes=1  -Dtests.class=org.opensearch.replication.BasicReplicationIT   -Dtests.method="test knn index replication"  -Pknn=true'
       - name: Upload failed logs
         uses: actions/upload-artifact@v2
         if: failure()
@@ -116,4 +137,4 @@ jobs:
       - name: Uploads coverage
         with:
           fetch-depth: 2
-        uses: codecov/[email protected]
+        uses: codecov/[email protected]