Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci/appsec: smaller matrix and faster jobs #2541

Merged
merged 76 commits into from
Feb 27, 2024
Merged
Changes from 1 commit
Commits
Show all changes
76 commits
Select commit Hold shift + click to select a range
0ad88da
ci/appsec: leverage our github enterprise ubuntu-latest runner
Julio-Guerra Feb 7, 2024
0250f90
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
3a25b92
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
0e680e1
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
800ca02
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
49a60f9
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
3c8ce83
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
0f04ff3
ci/appsec: debug go mod caching
Julio-Guerra Feb 7, 2024
1c8ddaa
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
6448024
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
b1ebef6
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
e9bf2a6
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
7ea5311
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
79e7c01
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
a9b679c
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
62d31c8
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
13868b1
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
a1285df
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
18d6b01
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
b276169
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
3621d90
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
20af85f
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
f2915e0
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
a802955
ci/appsec: debug go mod caching
Julio-Guerra Feb 8, 2024
6b6fdc5
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
ba9aa68
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
7a786f0
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
71cff65
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
1fd5d06
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
08e1017
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
a0fe49d
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
5404b22
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
c47a408
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
dd75f71
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
8f66489
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
eb32c6f
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
6b77fe9
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
1e80046
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
cca5f47
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
a307536
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
aa2fbdb
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
166a6cb
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
6ca39a7
ci/appsec: debug go mod caching
Julio-Guerra Feb 9, 2024
9f79f3c
ci/appsec: debug go mod caching
Julio-Guerra Feb 12, 2024
c4c7519
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
53be125
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
b6e33b6
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
8cd89cf
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
eabd8c8
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
373d0cb
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
d7fd423
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
c35bb8d
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
49acf07
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
af6758e
ci/appsec: debug go mod caching
Julio-Guerra Feb 13, 2024
2e67bf1
ci/appsec: debug go mod caching
Julio-Guerra Feb 14, 2024
81f51b2
ci/appsec: last fixes
Julio-Guerra Feb 14, 2024
12b9890
Merge branch 'main' into julio.guerra/ci-gh-enterprise-runner
Julio-Guerra Feb 14, 2024
c917bb5
ci/appsec: restore the smoke tests
Julio-Guerra Feb 14, 2024
9b406a6
ci/appsec: fix bash script
Julio-Guerra Feb 15, 2024
9b18524
ci/appsec: test the jobs fail upon exit error
Julio-Guerra Feb 15, 2024
fd94a0c
ci/appsec: reuse golang containers for simpe rebuilds
Julio-Guerra Feb 15, 2024
b840a13
ci/appsec: remove unecessary docker run options
Julio-Guerra Feb 15, 2024
d8618bb
Update .github/workflows/appsec.yml
Julio-Guerra Feb 15, 2024
c0f5079
ci/appsec: fix bash script
Julio-Guerra Feb 15, 2024
5997cb8
ci/appsec: set -euxo pipefail
Julio-Guerra Feb 15, 2024
a47608b
ci/appsec: force bash on golang containers
Julio-Guerra Feb 15, 2024
f50ad1f
ci/appsec: force bash on golang containers
Julio-Guerra Feb 15, 2024
9b94b38
ci/appsec: force bash on golang containers
Julio-Guerra Feb 15, 2024
8db4a0c
ci/appsec: force bash on golang containers
Julio-Guerra Feb 25, 2024
1ff7d19
ci/appsec: remove for loop in golang containers
Julio-Guerra Feb 25, 2024
925c5fb
ci/appsec: final workflow file
Julio-Guerra Feb 25, 2024
52998b0
Merge branch 'main' into julio.guerra/ci-gh-enterprise-runner
Julio-Guerra Feb 26, 2024
8cd5722
ci/appsec: add go1.22
Julio-Guerra Feb 26, 2024
0f0574f
ci/appsec: exclude golang:1.21-buster
Julio-Guerra Feb 26, 2024
ff73538
ci/appsec: exclude golang:1.22-buster
Julio-Guerra Feb 26, 2024
c53a196
Merge branch 'main' into julio.guerra/ci-gh-enterprise-runner
Julio-Guerra Feb 26, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
ci/appsec: final workflow file
Julio-Guerra committed Feb 25, 2024
commit 925c5fb828182d8a037d6398c86548c89ba43698
196 changes: 98 additions & 98 deletions .github/workflows/appsec.yml
Original file line number Diff line number Diff line change
@@ -88,99 +88,99 @@ jobs:
GOMODCACHE: ${{ github.workspace }}/${{ steps.cfg.outputs.path }}
run: go mod download -x

# macos:
# name: macos ${{ toJSON(matrix) }}
# runs-on: macos-11 # oldest macos runner available - the full macOS matrix is in go-libddwaf
# needs: go-mod-caching
# strategy:
# matrix:
# runs-on: [ macos-11, macos-14 ] # oldest and newest macos runners available - macos-14 mainly is here to cover the fact it is an ARM machine
# go-version: [ "1.21", "1.20", "1.19" ]
# fail-fast: true # saving some CI time - macos runners too long to get
# steps:
# - uses: actions/checkout@v4
#
# - name: Restore Go modules cache
# uses: actions/cache/restore@v4
# with:
# path: ${{ needs.go-mod-caching.outputs.path }}
# key: ${{ needs.go-mod-caching.outputs.key }}
# restore-keys: go-pkg-mod-
# enableCrossOsArchive: true
# fail-on-cache-miss: true
#
# - uses: actions/setup-go@v5
# with:
# go-version: ${{ matrix.go-version }}
# cache: false # we manage the caching ourselves
#
# # go test is being manually called multiple times here for the sake of reusing the runner.
# # Waiting runners is unfortunately so long that we decided to do so for things only requiring recompilation or
# # reruns under different settings.
# - name: go test
# shell: bash
# env:
# GOMODCACHE: ${{ github.workspace }}/${{ needs.go-mod-caching.outputs.path }}
# run: |
# set -euxo pipefail
# cgocheck="GOEXPERIMENT=cgocheck2"
# if [[ "$(go version)" =~ (go1.20)|(go1.19) ]]; then
# cgocheck="GODEBUG=cgocheck=2"
# fi
# for cgo in "0" "1"; do
# for appsec_enabled_env in "" "DD_APPSEC_ENABLED=true" "DD_APPSEC_ENABLED=false"; do
# for cgocheck_env in "" "$cgocheck"; do
# if ! env CGO_ENABLED=$cgo $appsec_enabled_env $cgocheck_env go test -v $TESTS; then
# echo "Failed: env CGO_ENABLED=$cgo $appsec_enabled_env $cgocheck_env go test -v $TESTS"
# exit 1
# fi
# done
# done
# done
#
# # Tests cases were appsec end up being disabled at compilation time
# disabled:
# name: disabled ${{ toJSON(matrix) }}
# needs: go-mod-caching
# runs-on: ${{ matrix.runs-on }}
# strategy:
# fail-fast: false
# matrix:
# runs-on: [ macos-latest, windows-latest, ubuntu-latest-16-cores ]
# steps:
# - uses: actions/checkout@v4
#
# - name: Restore Go modules cache
# uses: actions/cache/restore@v4
# with:
# path: ${{ needs.go-mod-caching.outputs.path }}
# key: ${{ needs.go-mod-caching.outputs.key }}
# restore-keys: go-pkg-mod-
# enableCrossOsArchive: true
# fail-on-cache-miss: true
#
# - uses: actions/setup-go@v5
# with:
# go-version: stable
# cache: false # we manage the caching ourselves
#
# - run: go env -w GOMODCACHE=${{ github.workspace }}\${{ needs.go-mod-caching.outputs.path }}
# if: runner.os == 'Windows'
# - run: go env -w GOMODCACHE=${{ github.workspace }}/${{ needs.go-mod-caching.outputs.path }}
# if: runner.os != 'Windows'
#
# - name: go test
# shell: bash
# run: |
# set -euxo pipefail
# for appsec_enabled_env in "" "DD_APPSEC_ENABLED=true" "DD_APPSEC_ENABLED=false"; do
# for go_tags in "" "-tags datadog.no_waf"; do
# if ! env $appsec_enabled_env go test -v $go_tags $TESTS; then
# echo "Failed: env $appsec_enabled_env go test -v $go_tags $TESTS"
# exit 1
# fi
# done
# done
macos:
name: macos ${{ toJSON(matrix) }}
runs-on: macos-11 # oldest macos runner available - the full macOS matrix is in go-libddwaf
needs: go-mod-caching
strategy:
matrix:
runs-on: [ macos-11, macos-14 ] # oldest and newest macos runners available - macos-14 mainly is here to cover the fact it is an ARM machine
go-version: [ "1.21", "1.20", "1.19" ]
fail-fast: true # saving some CI time - macos runners too long to get
steps:
- uses: actions/checkout@v4

- name: Restore Go modules cache
uses: actions/cache/restore@v4
with:
path: ${{ needs.go-mod-caching.outputs.path }}
key: ${{ needs.go-mod-caching.outputs.key }}
restore-keys: go-pkg-mod-
enableCrossOsArchive: true
fail-on-cache-miss: true

- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
cache: false # we manage the caching ourselves

# go test is being manually called multiple times here for the sake of reusing the runner.
# Waiting runners is unfortunately so long that we decided to do so for things only requiring recompilation or
# reruns under different settings.
- name: go test
shell: bash
env:
GOMODCACHE: ${{ github.workspace }}/${{ needs.go-mod-caching.outputs.path }}
run: |
set -euxo pipefail
cgocheck="GOEXPERIMENT=cgocheck2"
if [[ "$(go version)" =~ (go1.20)|(go1.19) ]]; then
cgocheck="GODEBUG=cgocheck=2"
fi
for cgo in "0" "1"; do
for appsec_enabled_env in "" "DD_APPSEC_ENABLED=true" "DD_APPSEC_ENABLED=false"; do
for cgocheck_env in "" "$cgocheck"; do
if ! env CGO_ENABLED=$cgo $appsec_enabled_env $cgocheck_env go test -v $TESTS; then
echo "Failed: env CGO_ENABLED=$cgo $appsec_enabled_env $cgocheck_env go test -v $TESTS"
exit 1
fi
done
done
done

# Tests cases were appsec end up being disabled at compilation time
disabled:
name: disabled ${{ toJSON(matrix) }}
needs: go-mod-caching
runs-on: ${{ matrix.runs-on }}
strategy:
fail-fast: false
matrix:
runs-on: [ macos-latest, windows-latest, ubuntu-latest-16-cores ]
steps:
- uses: actions/checkout@v4

- name: Restore Go modules cache
uses: actions/cache/restore@v4
with:
path: ${{ needs.go-mod-caching.outputs.path }}
key: ${{ needs.go-mod-caching.outputs.key }}
restore-keys: go-pkg-mod-
enableCrossOsArchive: true
fail-on-cache-miss: true

- uses: actions/setup-go@v5
with:
go-version: stable
cache: false # we manage the caching ourselves

- run: go env -w GOMODCACHE=${{ github.workspace }}\${{ needs.go-mod-caching.outputs.path }}
if: runner.os == 'Windows'
- run: go env -w GOMODCACHE=${{ github.workspace }}/${{ needs.go-mod-caching.outputs.path }}
if: runner.os != 'Windows'

- name: go test
shell: bash
run: |
set -euxo pipefail
for appsec_enabled_env in "" "DD_APPSEC_ENABLED=true" "DD_APPSEC_ENABLED=false"; do
for go_tags in "" "-tags datadog.no_waf"; do
if ! env $appsec_enabled_env go test -v $go_tags $TESTS; then
echo "Failed: env $appsec_enabled_env go test -v $go_tags $TESTS"
exit 1
fi
done
done

# Same tests but on the official golang container for linux
golang-linux-container:
@@ -240,8 +240,8 @@ jobs:
env CGO_ENABLED=1 DD_APPSEC_ENABLED=false go test -v $TESTS # cgo enabled + appsec disabled
env CGO_ENABLED=1 DD_APPSEC_ENABLED=true go test -v $TESTS # cgo enabled + appsec enabled
EOF
#
# test-app-smoke-tests:
# uses: DataDog/appsec-go-test-app/.github/workflows/smoke-tests.yml@main
# with:
# dd-trace-go-version: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}

test-app-smoke-tests:
uses: DataDog/appsec-go-test-app/.github/workflows/smoke-tests.yml@main
with:
dd-trace-go-version: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}