Extract some workflow steps to Github and exclude from Jenkins runner

.github/workflows/auxiliary-checks.yml

@@ -0,0 +1,46 @@
+name: Auxiliary Checks
+on:
+  push:
+  pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  repository-plugin-check:
+    if: github.repository == 'opensearch-project/OpenSearch'
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    timeout-minutes: 60
+    strategy:
+      matrix:
+        plugin: [repository-azure, repository-gcs]
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Remove unnecessary files
+        run: |
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          java-version: 21
+          distribution: temurin
+          cache: gradle
+
+      - name: Run ${{ matrix.plugin }} check
+        run: ./gradlew :plugins:${{ matrix.plugin }}:check
+
+      - name: Upload test results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.plugin }}-test-results
+          path: plugins/${{ matrix.plugin }}/build/reports/tests/
+          retention-days: 7

plugins/repository-azure/src/test/java/org/opensearch/repositories/azure/AzureStorageServiceTests.java

@@ -35,7 +35,6 @@
 import com.azure.core.http.policy.HttpPipelinePolicy;
 import com.azure.storage.blob.BlobServiceClient;
 import com.azure.storage.common.policy.RequestRetryPolicy;
-import com.microsoft.aad.msal4j.MsalServiceException;
 import org.opensearch.common.settings.MockSecureSettings;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.common.settings.SettingsException;
@@ -61,7 +60,6 @@
 import reactor.netty.http.HttpResources;
 
 import static org.hamcrest.Matchers.containsInAnyOrder;
-import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.emptyString;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
@@ -193,19 +191,17 @@ public void testGettingSecondaryStorageBlobEndpoint() throws IOException {
     }
 
     public void testClientUsingManagedIdentity() throws IOException {
-        // Enabled managed identity
+        // Verify that when MANAGED_IDENTITY is configured alongside a key, the client uses
+        // the managed identity credential path (HTTPS endpoint) rather than the key-based connection string.
         final Settings settings = Settings.builder()
             .setSecureSettings(buildSecureSettings())
             .put("azure.client.azure1.token_credential_type", TokenCredentialType.MANAGED_IDENTITY.name())
             .build();
         try (AzureRepositoryPlugin plugin = pluginWithSettingsValidation(settings)) {
             try (final AzureStorageService azureStorageService = plugin.azureStoreService) {
                 final BlobServiceClient client1 = azureStorageService.client("azure1").v1();
-
-                // Expect the client to use managed identity for authentication, and it should fail because managed identity environment is
-                // not setup in the test
-                final MsalServiceException e = expectThrows(MsalServiceException.class, () -> client1.getAccountInfo());
-                assertThat(e.getMessage(), containsString("[Managed Identity] MSI returned 401"));
+                // Managed identity path builds an HTTPS endpoint URL, not a connection string with embedded key
+                assertThat(client1.getAccountUrl(), equalTo("https://myaccount1.blob.core.windows.net"));
             }
         }
     }

test/fixtures/azure-fixture/docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3'
 services:
   azure-fixture:
     build:

test/fixtures/gcs-fixture/docker-compose.yml

@@ -1,4 +1,3 @@
-version: '3'
 services:
   gcs-fixture:
     build: