feat: Add image for OpenSearch Dashboards

.github/ISSUE_TEMPLATE/update-product-opensearch-dashboards.md

@@ -0,0 +1,78 @@
+---
+name: Update OpenSearch Dashboards
+about: >-
+  This template contains instructions specific to updating this product and/or
+  container image(s).
+title: >-
+  chore(opensearch-dashboards): Update major/minor|patch versions for YY.M.X
+labels: []
+# Currently, projects cannot be assigned via front-matter.
+projects: ['stackabletech/10']
+assignees: ''
+---
+
+Part of <https://github.com/stackabletech/issues/issues/xxx>.
+
+<!--
+This gives hints to the person doing the work.
+Add/Change/Remove anything that isn't applicable anymore
+-->
+- Add: `x.x.x`
+- Remove: `y.y.y`
+
+> [!TIP]
+> Please add the `scheduled-for/YY.M.X` label, and add to the [Stackable Engineering][1] project.
+>
+> [1]: https://github.com/orgs/stackabletech/projects/10
+
+## Update tasks
+
+- [ ] Update `versions.py` to reflect the agreed upon versions in the spreadsheet (including the removal of old versions).
+- [ ] Update other dependencies if applicable (eg: security-plugin, etc).
+- [ ] Check other operators (getting_started / kuttl / supported-versions) for usage of the versions. Add the PR(s) to the list below.
+- [ ] Update the version in demos. Add the PR(s) to the list below.
+
+## Related Pull Requests
+
+> [!TIP]
+> Delete any items that do not apply so that all applicable items can be checked.
+> For example, if you add release notes to the documentation repository, you do not need the latter two criteria.
+
+- _Link to the docker-images PR (product update)_
+- _Link to the operator PR (getting_started / kuttl / supported-versions)_
+- _Link to any other operator PRs (getting_started / kuttl)_
+- _Link to demo PR (raise against the `main` branch)_
+- _Link to the Release Notes PR in the documentation repo (if not a comment below)_
+
+## Acceptance
+
+> [!TIP]
+> This list should be completed by the assignee(s), once respective PRs have been merged. Once all items have been
+> checked, the issue can be moved into _Development: Done_.
+
+- [ ] Can build image (either locally, or in CI)
+- [ ] Kuttl smoke tests passes (either locally, or in CI)
+- [ ] Release notes added to documentation and linked as a PR above
+- [ ] Release notes written in a comment below
+- [ ] Applicable `release-note` label added to this issue
+
+<details>
+<summary>Testing instructions</summary>
+
+```shell
+# See the latest version at https://pypi.org/project/image-tools-stackabletech/
+pip install image-tools-stackabletech==0.0.16
+
+bake --product opensearch-dashboards=x.y.z # where x.y.z is the new version added in this PR
+
+kind load docker-image oci.stackable.tech/sdp/opensearch-dashboards:x.y.z-stackable0.0.0-dev
+
+# Change directory into the opensearch-operator repository and update the
+# product version in tests/test-definition.yaml (once there is an integration test for opensearch-dashboards)
+./scripts/run-tests --test-suite smoke-latest # or similar
+```
+
+</details>
+
+_Please consider updating this template if these instructions are wrong, or
+could be made clearer._

.github/workflows/build_opensearch_dashboards.yaml

@@ -0,0 +1,35 @@
+---
+name: Build OpenSearch Dashboards
+run-name: |
+  Build OpenSearch Dashboards (attempt #${{ github.run_attempt }})
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 2/2 * *' # https://crontab.guru/#0_0_2/2_*_*
+  push:
+    branches: [main]
+    tags:
+      - "[0-9][0-9].[0-9]+.[0-9]+"
+      - "[0-9][0-9].[0-9]+.[0-9]+-rc[0-9]+"
+    paths:
+      # To check dependencies, run this ( you will need to consider transitive dependencies)
+      # bake --product PRODUCT -d | grep -v 'docker buildx bake' | jq '.target | keys[]'
+      - opensearch-dashboards/**
+      - vector/**
+      - stackable-devel/**
+      - .github/actions/**
+      - .github/workflows/build_opensearch_dashboards.yaml
+      - .github/workflows/reusable_build_image.yaml
+
+jobs:
+  build_image:
+    name: Reusable Workflow
+    uses: ./.github/workflows/reusable_build_image.yaml
+    secrets:
+      harbor-robot-secret: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
+      slack-token: ${{ secrets.SLACK_CONTAINER_IMAGE_TOKEN }}
+    with:
+      product-name: opensearch-dashboards
+      sdp-version: ${{ github.ref_type == 'tag' && github.ref_name || '0.0.0-dev' }}
+      registry-namespace: sdp

CHANGELOG.md

@@ -11,6 +11,7 @@ All notable changes to this project will be documented in this file.
 - opensearch: Use build-repo.stackable.tech instead of Maven Central ([#1222]).
 - opensearch: Add the `opensearch-prometheus-exporter` plugin to the image ([#1223]).
 - opensearch: Replace the demo configuration of the OpenSearch Security plugin with a minimal one ([#1228]).
+- opensearch-dashboards: Add an image for Opensearch Dashboards with version `3.1.0` ([#1248]).
 - nifi: Backport NIFI-14848 to NiFi ([#1225]).
 - stackable-base: Add cert-tools ([#1247]).
 - kafka: Add jackson xml dataformat for Kafka 4.0.0 ([#1262]).
@@ -44,6 +45,7 @@ All notable changes to this project will be documented in this file.
 [#1228]: https://github.com/stackabletech/docker-images/pull/1228
 [#1230]: https://github.com/stackabletech/docker-images/pull/1230
 [#1247]: https://github.com/stackabletech/docker-images/pull/1247
+[#1248]: https://github.com/stackabletech/docker-images/pull/1248
 [#1253]: https://github.com/stackabletech/docker-images/pull/1253
 [#1258]: https://github.com/stackabletech/docker-images/pull/1258
 [#1262]: https://github.com/stackabletech/docker-images/pull/1262

README.md

@@ -8,9 +8,10 @@ This repository contains Dockerfiles and scripts to build base images for use wi
 | [![Build Airflow]][build_airflow.yaml] | [![Build Druid]][build_druid.yaml] | [![Build Hadoop]][build_hadoop.yaml] | [![Build HBase]][build_hbase.yaml] |
 | [![Build Hive]][build_hive.yaml] | [![Build Java Base]][build_java-base.yaml] | [![Build Java Development]][build_java-devel.yaml] | [![Build Kafka Testing Tools]][build_kafka-testing-tools.yaml] |
 | [![Build Kafka]][build_kafka.yaml] | [![Build Krb5]][build_krb5.yaml] | [![Build NiFi]][build_nifi.yaml] | [![Build Omid]][build_omid.yaml] |
-| [![Build OPA]][build_opa.yaml] | [![Build OpenSearch]][build_opensearch.yaml] | [![Build Spark Connect Client]][build_spark-connect-client.yaml] | [![Build Spark K8s]][build_spark-k8s.yaml] |
-| [![Build Stackable Base]][build_stackable-base.yaml] | [![Build Superset]][build_superset.yaml] | [![Build Testing Tools]][build_testing-tools.yaml] | [![Build Tools]][build_tools.yaml] |
-| [![Build Trino CLI]][build_trino-cli.yaml] | [![Build Trino]][build_trino.yaml] | [![Build Vector]][build_vector.yaml] | [![Build ZooKeeper]][build_zookeeper.yaml] |
+| [![Build OPA]][build_opa.yaml] | [![Build OpenSearch]][build_opensearch.yaml] | [![Build OpenSearch Dashboards]][build_opensearch_dashboards.yaml] | [![Build Spark Connect Client]][build_spark-connect-client.yaml] |
+| [![Build Spark K8s]][build_spark-k8s.yaml] | [![Build Stackable Base]][build_stackable-base.yaml] | [![Build Superset]][build_superset.yaml] | [![Build Testing Tools]][build_testing-tools.yaml] |
+| [![Build Tools]][build_tools.yaml] | [![Build Trino CLI]][build_trino-cli.yaml] | [![Build Trino]][build_trino.yaml] | [![Build Vector]][build_vector.yaml] |
+| [![Build ZooKeeper]][build_zookeeper.yaml] | | | |
 <!-- end:badges -->
 
 ## Prerequisites
@@ -79,6 +80,8 @@ preflight check container oci.stackable.tech/sdp/<IMAGE>:<VERSION>-stackable<REL
 [build_opa.yaml]: https://github.com/stackabletech/docker-images/actions/workflows/build_opa.yaml
 [Build OpenSearch]: https://github.com/stackabletech/docker-images/actions/workflows/build_opensearch.yaml/badge.svg
 [build_opensearch.yaml]: https://github.com/stackabletech/docker-images/actions/workflows/build_opensearch.yaml
+[Build OpenSearch Dashboards]: https://github.com/stackabletech/docker-images/actions/workflows/build_opensearch_dashboards.yaml/badge.svg
+[build_opensearch_dashboards.yaml]: https://github.com/stackabletech/docker-images/actions/workflows/build_opensearch_dashboards.yaml
 [Build Spark Connect Client]: https://github.com/stackabletech/docker-images/actions/workflows/build_spark-connect-client.yaml/badge.svg
 [build_spark-connect-client.yaml]: https://github.com/stackabletech/docker-images/actions/workflows/build_spark-connect-client.yaml
 [Build Spark K8s]: https://github.com/stackabletech/docker-images/actions/workflows/build_spark-k8s.yaml/badge.svg

opensearch-dashboards/Dockerfile

@@ -0,0 +1,175 @@
+# syntax=docker/dockerfile:1.16.0@sha256:e2dd261f92e4b763d789984f6eab84be66ab4f5f08052316d8eb8f173593acf7
+# check=error=true
+
+FROM local-image/opensearch-dashboards/security-dashboards-plugin AS security-dashboards-plugin
+FROM local-image/opensearch-dashboards/opensearch-build AS opensearch-build
+FROM local-image/stackable-devel AS opensearch-dashboards-builder
+
+ARG PRODUCT_VERSION
+ARG RELEASE_VERSION
+ARG OPENSEARCH_DASHBOARDS_SECURITY_DASHBOARDS_PLUGIN_VERSION
+ARG NODEJS_VERSION
+ARG YARN_VERSION
+ARG CDXGEN_VERSION
+ARG STACKABLE_USER_UID
+ARG TARGETARCH
+
+WORKDIR /stackable
+
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/stackable/patches/patchable.toml /stackable/src/opensearch-dashboards/stackable/patches/patchable.toml
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/stackable/patches/${PRODUCT_VERSION} /stackable/src/opensearch-dashboards/stackable/patches/${PRODUCT_VERSION}
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=security-dashboards-plugin \
+    /stackable/src/opensearch-dashboards/security-dashboards-plugin/patchable-work/worktree/${OPENSEARCH_DASHBOARDS_SECURITY_DASHBOARDS_PLUGIN_VERSION} \
+    /stackable/security-dashboards-plugin
+
+# tar - extract nodejs bundle
+# unzip - extract plugin from archive
+# yarn - build Opensearch Dashboards
+# cdxgen - generate CycloneDX SBOM
+RUN <<EOF
+ARCH="${TARGETARCH/amd64/x64}"
+microdnf update
+microdnf install tar unzip
+microdnf clean all
+rm -rf /var/cache/yum
+curl "https://repo.stackable.tech/repository/packages/node/node-v${NODEJS_VERSION}-linux-${ARCH}.tar.gz" | tar -xzC /usr/local --strip-components=1
+npm install -g yarn@${YARN_VERSION} @cyclonedx/cdxgen@${CDXGEN_VERSION}
+EOF
+
+USER ${STACKABLE_USER_UID}
+
+RUN <<EOF
+ARCH="${TARGETARCH/amd64/x64}"
+cd "$(/stackable/patchable --images-repo-root=src checkout opensearch-dashboards ${PRODUCT_VERSION})"
+cp -r /stackable/security-dashboards-plugin plugins/security-dashboards-plugin
+NEW_VERSION="${PRODUCT_VERSION}-stackable${RELEASE_VERSION}"
+# Create snapshot of the source code including custom patches
+# Exclude cypress directory to prevent bloat in the final image
+tar -cz --exclude ./cypress -f /stackable/opensearch-dashboards-${NEW_VERSION}-src.tar.gz .
+yarn osd bootstrap
+# Running yarn build-platform without a platform flag will build the local architecture
+yarn build-platform --release
+mkdir /stackable/opensearch-dashboards
+tar -xzf target/opensearch-dashboards-${PRODUCT_VERSION}-linux-${ARCH}.tar.gz -C /stackable/opensearch-dashboards --strip-components=1
+cdxgen --target yarn --json-pretty
+cd plugins/security-dashboards-plugin
+yarn build
+cdxgen --target yarn --json-pretty
+unzip build/security-dashboards-${OPENSEARCH_DASHBOARDS_SECURITY_DASHBOARDS_PLUGIN_VERSION}.zip -d /stackable/security-dashboards-plugin
+mv /stackable/security-dashboards-plugin/opensearch-dashboards/securityDashboards /stackable/opensearch-dashboards/plugins/securityDashboards
+EOF
+
+
+RUN <<EOF
+# Change the group permissions already in the builder image to reduce
+# the size of the final image.
+# see https://github.com/stackabletech/docker-images/issues/961
+chmod -R g=u /stackable
+EOF
+
+FROM local-image/vector AS final
+
+ARG PRODUCT_VERSION
+ARG RELEASE_VERSION
+ARG STACKABLE_USER_UID
+
+ARG NAME="OpenSearch Dashboards"
+ARG DESCRIPTION="This image is currently not deployed by a Stackable Operator."
+ARG HOME=/stackable
+ARG OPENSEARCH_DASHBOARDS_HOME=${HOME}/opensearch-dashboards
+
+LABEL \
+  name="${NAME}" \
+  maintainer="[email protected]" \
+  vendor="Stackable GmbH" \
+  version="${PRODUCT_VERSION}" \
+  release="${RELEASE_VERSION}" \
+  summary="The Stackable image for OpenSearch Dashboards." \
+  description="${DESCRIPTION}"
+
+# # https://github.com/opencontainers/image-spec/blob/036563a4a268d7c08b51a08f05a02a0fe74c7268/annotations.md#annotations
+LABEL org.opencontainers.image.version="${PRODUCT_VERSION}"
+LABEL org.opencontainers.image.revision="${RELEASE_VERSION}"
+LABEL org.opencontainers.image.title="${NAME}"
+LABEL org.opencontainers.image.description="${DESCRIPTION}"
+# https://docs.openshift.com/container-platform/4.16/openshift_images/create-images.html#defining-image-metadata
+# https://github.com/projectatomic/ContainerApplicationGenericLabels/blob/master/vendor/redhat/labels.md
+LABEL io.openshift.tags="ubi9,stackable,opensearch-dashboards,opensearch"
+LABEL io.k8s.description="${DESCRIPTION}"
+LABEL io.k8s.display-name="${NAME}"
+
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-dashboards-builder \
+    /stackable/opensearch-dashboards \
+    /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-dashboards-builder \
+    /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}-src.tar.gz \
+    /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}-src.tar.gz
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-build \
+    /stackable/opensearch-dashboards-docker-entrypoint.sh \
+    /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}/opensearch-dashboards-docker-entrypoint.sh
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-build \
+    /stackable/opensearch_dashboards.yml \
+    /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}/config/opensearch_dashboards.yml
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-dashboards-builder \
+    /stackable/src/opensearch-dashboards/patchable-work/worktree/${PRODUCT_VERSION}/bom.json \
+    /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}.cdx.json
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-dashboards-builder \
+    /stackable/src/opensearch-dashboards/patchable-work/worktree/${PRODUCT_VERSION}/plugins/security-dashboards-plugin/bom.json \
+    /stackable/opensearch-dashboards-security-dashboards-plugin-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}.cdx.json
+COPY \
+    --chown=${STACKABLE_USER_UID}:0 \
+    --from=opensearch-dashboards-builder \
+    /usr/local/bin/node \
+    /usr/local/bin/node
+COPY --chown=${STACKABLE_USER_UID}:0 opensearch-dashboards/licenses /licenses
+
+RUN <<EOF
+microdnf update
+microdnf clean all
+rm -rf /var/cache/yum
+EOF
+
+RUN <<EOF
+# # All files and folders owned by root group to support running as arbitrary users.
+# # This is best practice as all container users will belong to the root group (0).
+chown ${STACKABLE_USER_UID}:0 ${HOME}
+chmod g=u /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}
+chmod g=u /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}/opensearch-dashboards-docker-entrypoint.sh
+chmod g=u /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION}/config/opensearch_dashboards.yml
+ln -s /stackable/opensearch-dashboards-${PRODUCT_VERSION}-stackable${RELEASE_VERSION} ${OPENSEARCH_DASHBOARDS_HOME}
+chown -h ${STACKABLE_USER_UID}:0 ${OPENSEARCH_DASHBOARDS_HOME}
+
+# ----------------------------------------
+# Checks
+# This section is to run final checks to ensure the created final images
+# adhere to several minimal requirements like:
+# - check file permissions and ownerships
+# ----------------------------------------
+
+# Check that permissions and ownership in /stackable are set correctly
+# This will fail and stop the build if any mismatches are found.
+/bin/check-permissions-ownership.sh /stackable ${STACKABLE_USER_UID} 0
+EOF
+
+USER ${STACKABLE_USER_UID}
+
+ENV HOME=${HOME}
+ENV OPENSEARCH_DASHBOARDS_HOME=${OPENSEARCH_DASHBOARDS_HOME}
+ENV PATH="${PATH}:/${OPENSEARCH_DASHBOARDS_HOME}:${OPENSEARCH_DASHBOARDS_HOME}/bin"
+
+WORKDIR ${OPENSEARCH_DASHBOARDS_HOME}
+CMD ["opensearch-dashboards-docker-entrypoint.sh"]

opensearch-dashboards/README.md

@@ -0,0 +1,8 @@
+# OpenSearch Dashboards
+
+This is the Stackable Data Platform (SDP) OCI image for [OpenSearch Dashboards](https://github.com/opensearch-project/opensearch-dashboards).
+
+The image includes:
+
+- OpenSearch Dashboards
+- `securityDashboards` plugin

opensearch-dashboards/boil-config.toml

@@ -0,0 +1,10 @@
+[versions."3.1.0".local-images]
+stackable-devel = "1.0.0"
+"opensearch-dashboards/security-dashboards-plugin"= "3.1.0.0"
+"opensearch-dashboards/opensearch-build"= "3.1.0"
+"vector" = "0.49.0"
+
+[versions."3.1.0".build-arguments]
+nodejs-version = "20.18.3"
+yarn-version = "1.22.19"
+cdxgen-version = "11.7.0"