Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci/appsec: smaller matrix and faster jobs #2541

Merged
merged 76 commits into from
Feb 27, 2024
Merged
Changes from 1 commit
Commits
Show all changes
76 commits
Select commit Hold shift + click to select a range
0ad88da
ci/appsec: leverage our github enterprise ubuntu-latest runner
Julio-Guerra Feb 7, 2024
0250f90
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
3a25b92
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
0e680e1
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
800ca02
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
49a60f9
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
3c8ce83
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
0f04ff3
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
1c8ddaa
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
6448024
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
b1ebef6
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
e9bf2a6
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
7ea5311
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
79e7c01
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
a9b679c
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
62d31c8
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
13868b1
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
a1285df
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
18d6b01
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
b276169
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
3621d90
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
20af85f
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
f2915e0
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
a802955
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
6b6fdc5
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
ba9aa68
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
7a786f0
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
71cff65
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
1fd5d06
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
08e1017
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
a0fe49d
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
5404b22
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
c47a408
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
dd75f71
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
8f66489
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
eb32c6f
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
6b77fe9
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
1e80046
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
cca5f47
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
a307536
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
aa2fbdb
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
166a6cb
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
6ca39a7
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
9f79f3c
ci/appsec: debug go mod caching
Julio-Guerra Feb 12, 2024
c4c7519
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
53be125
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
b6e33b6
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
8cd89cf
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
eabd8c8
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
373d0cb
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
d7fd423
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
c35bb8d
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
49acf07
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
af6758e
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
2e67bf1
ci/appsec: debug go mod caching
Julio-Guerra Feb 14, 2024
81f51b2
ci/appsec: last fixes
Julio-Guerra Feb 14, 2024
12b9890
Merge branch 'main' into julio.guerra/ci-gh-enterprise-runner
Julio-Guerra Feb 14, 2024
c917bb5
ci/appsec: restore the smoke tests
Julio-Guerra Feb 14, 2024
9b406a6
ci/appsec: fix bash script
Julio-Guerra Feb 15, 2024
9b18524
ci/appsec: test the jobs fail upon exit error
Julio-Guerra Feb 15, 2024
fd94a0c
ci/appsec: reuse golang containers for simpe rebuilds
Julio-Guerra Feb 15, 2024
b840a13
ci/appsec: remove unecessary docker run options
Julio-Guerra Feb 15, 2024
d8618bb
Update .github/workflows/appsec.yml
Julio-Guerra Feb 15, 2024
c0f5079
ci/appsec: fix bash script
Julio-Guerra Feb 15, 2024
5997cb8
ci/appsec: set -euxo pipefail
Julio-Guerra Feb 15, 2024
a47608b
ci/appsec: force bash on golang containers
Julio-Guerra Feb 15, 2024
f50ad1f
ci/appsec: force bash on golang containers
Julio-Guerra Feb 15, 2024
9b94b38
ci/appsec: force bash on golang containers
Julio-Guerra Feb 15, 2024
8db4a0c
ci/appsec: force bash on golang containers
Julio-Guerra Feb 25, 2024
1ff7d19
ci/appsec: remove for loop in golang containers
Julio-Guerra Feb 25, 2024
925c5fb
ci/appsec: final workflow file
Julio-Guerra Feb 25, 2024
52998b0
Merge branch 'main' into julio.guerra/ci-gh-enterprise-runner
Julio-Guerra Feb 26, 2024
8cd5722
ci/appsec: add go1.22
Julio-Guerra Feb 26, 2024
0f0574f
ci/appsec: exclude golang:1.21-buster
Julio-Guerra Feb 26, 2024
ff73538
ci/appsec: exclude golang:1.22-buster
Julio-Guerra Feb 26, 2024
c53a196
Merge branch 'main' into julio.guerra/ci-gh-enterprise-runner
Julio-Guerra Feb 26, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
ci/appsec: debug go mod caching
Julio-Guerra committed Feb 8, 2024
commit 7ea531142e669698d54440f5d75eff8512c0dddb
344 changes: 178 additions & 166 deletions .github/workflows/appsec.yml
Original file line number Diff line number Diff line change
@@ -45,177 +45,189 @@ jobs:
- name: Download Go modules
if: steps.cache.outputs.cache-hit != 'true'
run: env GOMODCACHE=${{ runner.temp }}/go/pkg/mod go mod download -x

native:
strategy:
matrix:
runs-on: [ macos-14, macos-13, macos-12, ubuntu-22.04, ubuntu-20.04 ]
go-version: [ "1.21", "1.20", "1.19" ]
cgo_enabled: [ "0", "1" ] # test it compiles with and without cgo
appsec_enabled: # test it compiles with and without appsec enabled
- DD_APPSEC_ENABLED=true
- DD_APPSEC_ENABLED=false
- "" # the env var is not defined so that the remote-config path can be taken
include:
- cgocheck:
GODEBUG=cgocheck=2
- go-version: "1.21"
cgocheck: # 1.21 deprecates the GODEBUG=cgocheck=2 value, replacing it with GOEXPERIMENT=cgocheck2
GOEXPERIMENT=cgocheck2
fail-fast: false
name: native ${{ toJSON(matrix) }}
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.ref }}
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}

- name: go test
shell: bash
run: |
go install gotest.tools/gotestsum@latest
# Run the tests with gotestsum
env ${{ matrix.cgocheck }} CGO_ENABLED=${{ matrix.cgo_enabled }} ${{ matrix.appsec_enabled }} ./.github/workflows/apps/appsec-test-contrib-submodules.sh

- name: Upload the results to Datadog CI App
uses: ./.github/actions/dd-ci-upload
with:
dd-api-key: ${{ secrets.DD_CI_API_KEY }}
files: ${{ env.JUNIT_REPORT }}*.xml
tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }}

# Tests cases were appsec end up being disabled
disabled:
strategy:
fail-fast: false
matrix:
go-args: [ "-tags datadog.no_waf", "-tags go1.22" ]
runs-on: [ macos-13, ubuntu-latest-16-cores ]
appsec_enabled:
- DD_APPSEC_ENABLED=true
- "" # the env var is not defined so that the remote-config path can be taken
include:
- runs-on: windows-latest
go-args: ""
name: disabled ${{ toJSON(matrix) }}
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: stable

- name: go test
shell: bash
run: |
go install gotest.tools/gotestsum@latest
# Run the tests with gotestsum
env ${{ matrix.appsec_enabled }} ./.github/workflows/apps/appsec-test-contrib-submodules.sh

- name: Upload the results to Datadog CI App
uses: ./.github/actions/dd-ci-upload
with:
dd-api-key: ${{ secrets.DD_CI_API_KEY }}
files: ${{ env.JUNIT_REPORT }}*.xml
tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }}


# Same tests but on the official golang container for linux
golang-linux-container:
go-mod-caching-test:
needs: go-mod-caching
name: golang-containers ${{ toJSON(matrix) }}
runs-on: ubuntu-latest-16-cores
container:
image: golang:${{ matrix.go-version }}-${{ matrix.distribution }}
strategy:
matrix:
go-version: [ "1.21", "1.20", "1.19" ]
distribution: [ bookworm, bullseye, buster, alpine ]
cgo_enabled: # test it compiles with and without cgo
- 0
- 1
appsec_enabled: # test it compiles with and without appsec enabled
- DD_APPSEC_ENABLED=true
- DD_APPSEC_ENABLED=false
- "" # the env var is not defined so that the remote-config path can be taken
exclude:
- go-version: "1.21"
distribution: buster

fail-fast: false
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.ref }}
# Install gcc and the libc headers on alpine images
- if: ${{ matrix.distribution == 'alpine' }}
run: apk add gcc musl-dev libc6-compat git bash tar

# Restore the Go modules cache
- name: Go modules cache
id: cache
- name: Restore Go modules cache
uses: actions/cache/restore@v4
with:
path: ${{ runner.temp }}/go/mod/cache
path: ${{ runner.temp }}/go/pkg/mod
key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
restore-keys: go-pkg-mod-
fail-on-cache-miss: true
enableCrossOsArchive: true
- run: go env -w GOMODCACHE=${{ runner.temp }}/go/mod/cache

- name: go test
run: |
# Install gotestsum to get the results in a junit file
go install gotest.tools/gotestsum@latest
# Run the tests with gotestsum
env CGO_ENABLED=${{ matrix.cgo_enabled }} ${{ matrix.appsec_enabled }} /bin/bash ./.github/workflows/apps/appsec-test-contrib-submodules.sh

- name: Upload the results to Datadog CI App
if: matrix.distribution != 'alpine' # datadog-ci CLI doesn't work on alpine
uses: ./.github/actions/dd-ci-upload
with:
dd-api-key: ${{ secrets.DD_CI_API_KEY }}
files: ${{ env.JUNIT_REPORT }}*.xml
tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }},distribution:${{ matrix.distribution }}

linux-arm64:
needs: go-mod-caching
runs-on: ubuntu-latest-16-cores
name: linux/arm64 ${{ toJSON(matrix) }}
strategy:
matrix:
cgo_enabled: # test it compiles with and without cgo
- 0
- 1
fail-fast: false
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref || github.ref }}

# Restore the Go modules cache
- name: Go modules cache
id: cache
uses: actions/cache/restore@v4
with:
path: ${{ runner.temp }}/go/mod/cache
key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
restore-keys: go-pkg-mod-
enableCrossOsArchive: true
fail-on-cache-miss: true
- run: go env -w GOMODCACHE=${{ runner.temp }}/go/mod/cache

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: arm64
- run: |
env GOMODCACHE=${{ runner.temp }}/go/mod/cache CGO_ENABLED=${{ matrix.cgo_enabled }} DD_APPSEC_ENABLED=true DD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT ./.github/workflows/apps/appsec-test-contrib-submodules.sh docker linux/arm64

test-app:
uses: DataDog/appsec-go-test-app/.github/workflows/smoke-tests.yml@main
with:
dd-trace-go-version: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
- run: ls -l ${{ runner.temp }}/go/pkg/mod

# native:
# strategy:
# matrix:
# runs-on: [ macos-14, macos-13, macos-12, ubuntu-22.04, ubuntu-20.04 ]
# go-version: [ "1.21", "1.20", "1.19" ]
# cgo_enabled: [ "0", "1" ] # test it compiles with and without cgo
# appsec_enabled: # test it compiles with and without appsec enabled
# - DD_APPSEC_ENABLED=true
# - DD_APPSEC_ENABLED=false
# - "" # the env var is not defined so that the remote-config path can be taken
# include:
# - cgocheck:
# GODEBUG=cgocheck=2
# - go-version: "1.21"
# cgocheck: # 1.21 deprecates the GODEBUG=cgocheck=2 value, replacing it with GOEXPERIMENT=cgocheck2
# GOEXPERIMENT=cgocheck2
# fail-fast: false
# name: native ${{ toJSON(matrix) }}
# runs-on: ${{ matrix.runs-on }}
# steps:
# - uses: actions/checkout@v4
# with:
# ref: ${{ inputs.ref || github.ref }}
# - uses: actions/setup-go@v5
# with:
# go-version: ${{ matrix.go-version }}
#
# - name: go test
# shell: bash
# run: |
# go install gotest.tools/gotestsum@latest
# # Run the tests with gotestsum
# env ${{ matrix.cgocheck }} CGO_ENABLED=${{ matrix.cgo_enabled }} ${{ matrix.appsec_enabled }} ./.github/workflows/apps/appsec-test-contrib-submodules.sh
#
# - name: Upload the results to Datadog CI App
# uses: ./.github/actions/dd-ci-upload
# with:
# dd-api-key: ${{ secrets.DD_CI_API_KEY }}
# files: ${{ env.JUNIT_REPORT }}*.xml
# tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }}
#
# # Tests cases were appsec end up being disabled
# disabled:
# strategy:
# fail-fast: false
# matrix:
# go-args: [ "-tags datadog.no_waf", "-tags go1.22" ]
# runs-on: [ macos-13, ubuntu-latest-16-cores ]
# appsec_enabled:
# - DD_APPSEC_ENABLED=true
# - "" # the env var is not defined so that the remote-config path can be taken
# include:
# - runs-on: windows-latest
# go-args: ""
# name: disabled ${{ toJSON(matrix) }}
# runs-on: ${{ matrix.runs-on }}
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-go@v5
# with:
# go-version: stable
#
# - name: go test
# shell: bash
# run: |
# go install gotest.tools/gotestsum@latest
# # Run the tests with gotestsum
# env ${{ matrix.appsec_enabled }} ./.github/workflows/apps/appsec-test-contrib-submodules.sh
#
# - name: Upload the results to Datadog CI App
# uses: ./.github/actions/dd-ci-upload
# with:
# dd-api-key: ${{ secrets.DD_CI_API_KEY }}
# files: ${{ env.JUNIT_REPORT }}*.xml
# tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }}
#
#
# # Same tests but on the official golang container for linux
# golang-linux-container:
# needs: go-mod-caching
# name: golang-containers ${{ toJSON(matrix) }}
# runs-on: ubuntu-latest-16-cores
# container:
# image: golang:${{ matrix.go-version }}-${{ matrix.distribution }}
# strategy:
# matrix:
# go-version: [ "1.21", "1.20", "1.19" ]
# distribution: [ bookworm, bullseye, buster, alpine ]
# cgo_enabled: # test it compiles with and without cgo
# - 0
# - 1
# appsec_enabled: # test it compiles with and without appsec enabled
# - DD_APPSEC_ENABLED=true
# - DD_APPSEC_ENABLED=false
# - "" # the env var is not defined so that the remote-config path can be taken
# exclude:
# - go-version: "1.21"
# distribution: buster
#
# fail-fast: false
# steps:
# - uses: actions/checkout@v4
# with:
# ref: ${{ inputs.ref || github.ref }}
# # Install gcc and the libc headers on alpine images
# - if: ${{ matrix.distribution == 'alpine' }}
# run: apk add gcc musl-dev libc6-compat git bash tar
#
# # Restore the Go modules cache
# - name: Go modules cache
# id: cache
# uses: actions/cache/restore@v4
# with:
# path: ${{ runner.temp }}/go/mod/cache
# key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
# restore-keys: go-pkg-mod-
# fail-on-cache-miss: true
# enableCrossOsArchive: true
# - run: go env -w GOMODCACHE=${{ runner.temp }}/go/mod/cache
#
# - name: go test
# run: |
# # Install gotestsum to get the results in a junit file
# go install gotest.tools/gotestsum@latest
# # Run the tests with gotestsum
# env CGO_ENABLED=${{ matrix.cgo_enabled }} ${{ matrix.appsec_enabled }} /bin/bash ./.github/workflows/apps/appsec-test-contrib-submodules.sh
#
# - name: Upload the results to Datadog CI App
# if: matrix.distribution != 'alpine' # datadog-ci CLI doesn't work on alpine
# uses: ./.github/actions/dd-ci-upload
# with:
# dd-api-key: ${{ secrets.DD_CI_API_KEY }}
# files: ${{ env.JUNIT_REPORT }}*.xml
# tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }},distribution:${{ matrix.distribution }}
#
# linux-arm64:
# needs: go-mod-caching
# runs-on: ubuntu-latest-16-cores
# name: linux/arm64 ${{ toJSON(matrix) }}
# strategy:
# matrix:
# cgo_enabled: # test it compiles with and without cgo
# - 0
# - 1
# fail-fast: false
# steps:
# - uses: actions/checkout@v4
# with:
# ref: ${{ inputs.ref || github.ref }}
#
# # Restore the Go modules cache
# - name: Go modules cache
# id: cache
# uses: actions/cache/restore@v4
# with:
# path: ${{ runner.temp }}/go/mod/cache
# key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
# restore-keys: go-pkg-mod-
# enableCrossOsArchive: true
# fail-on-cache-miss: true
# - run: go env -w GOMODCACHE=${{ runner.temp }}/go/mod/cache
#
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
# with:
# platforms: arm64
# - run: |
# env GOMODCACHE=${{ runner.temp }}/go/mod/cache CGO_ENABLED=${{ matrix.cgo_enabled }} DD_APPSEC_ENABLED=true DD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT ./.github/workflows/apps/appsec-test-contrib-submodules.sh docker linux/arm64
#
# test-app:
# uses: DataDog/appsec-go-test-app/.github/workflows/smoke-tests.yml@main
# with:
# dd-trace-go-version: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}