Updated security CI workflow to build security plugin via Gradle

Signed-off-by: Sai Kumar <karanas@amazon.com>

.github/workflows/security-tests.yml

@@ -11,7 +11,7 @@ on:
 jobs:
   build:
     # Job name
-    name: Build Replication plugin
+    name: Build and Run Security tests
     runs-on: ubuntu-latest
     steps:
       # This step uses the setup-java Github action: https://github.com/actions/setup-java
@@ -32,8 +32,8 @@ jobs:
       - name: Build security
         working-directory: ./security
         run: |
-          mvn clean package -Padvanced -DskipTests
-          cp target/releases/opensearch-security-*-SNAPSHOT.zip ../src/test/resources/security/plugin/
+          ./gradlew clean assemble
+          cp build/distributions/opensearch-security-*-SNAPSHOT.zip ../src/test/resources/security/plugin/
       - name: Build and run Replication tests
         run: |
           ls -al src/test/resources/security/plugin

CONTRIBUTING.md

@@ -8,6 +8,7 @@
 - [Developer Certificate of Origin](#developer-certificate-of-origin)
 - [License Headers](#license-headers)
 - [Backports](#backports)
+- [Security tests](#security-tests)
 - [Review Process](#review-process)
 
 ## Contributing to OpenSearch
@@ -105,13 +106,6 @@ Test suite covers following 3 scenarios:
 
 New files in your code contributions should contain the following license header. If you are modifying existing files with license headers, or including new files that already have license headers, do not remove or modify them without guidance.
 
-## Backports
-
-The Github workflow in [`backport.yml`](.github/workflows/backport.yml) creates backport PRs automatically when the
-original PR with an appropriate label `backport <backport-branch-name>` is merged to main with the backport workflow
-run successfully on the PR. For example, if a PR on main needs to be backported to `1.x` branch, add a label
-`backport 1.x` to the PR and make sure the backport workflow runs on the PR along with other checks. Once this PR is
-merged to main, the workflow will create a backport PR to the `1.x` branch.
 
 ### Kotlin
 
@@ -137,6 +131,26 @@ merged to main, the workflow will create a backport PR to the `1.x` branch.
 # SPDX-License-Identifier: Apache-2.0
 ```
 
+## Backports
+
+The Github workflow in [`backport.yml`](.github/workflows/backport.yml) creates backport PRs automatically when the
+original PR with an appropriate label `backport <backport-branch-name>` is merged to main with the backport workflow
+run successfully on the PR. For example, if a PR on main needs to be backported to `1.x` branch, add a label
+`backport 1.x` to the PR and make sure the backport workflow runs on the PR along with other checks. Once this PR is
+merged to main, the workflow will create a backport PR to the `1.x` branch.
+
+## Security tests
+
+To run security tests locally, 
+```
+git clone https://github.com/opensearch-project/security.git
+cd security 
+./gradlew clean assemble 
+# REPLICATION_DIR - root dir of cross-cluster-replication repo
+cp build/distributions/opensearch-security-1.3.0.0-SNAPSHOT.zip $REPLICATION_DIR/src/test/resources/security/plugin/
+./gradlew clean release -Psecurity=true
+```
+
 ## Review Process
 
 We deeply appreciate everyone who takes the time to make a contribution. We will review all contributions as quickly as possible. As a reminder, [opening an issue](issues/new/choose) discussing your change before you make it is the best way to smooth the PR process. This will prevent a rejection because someone else is already working on the problem, or because the solution is incompatible with the architectural direction.