appsec: add tracer start option for appsec enablement (#2966) #11399
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: System Tests | |
on: | |
workflow_call: # allows to reuse this workflow | |
inputs: | |
branch_ref: | |
description: 'The branch to run the workflow on' | |
required: true | |
type: string | |
push: | |
branches: | |
- main | |
- release-v* | |
tags: | |
- "**" | |
pull_request: | |
branches: | |
- "**" | |
merge_group: | |
workflow_dispatch: | |
inputs: | |
ref: | |
description: 'System Tests ref/tag/branch' | |
required: true | |
default: main | |
type: string | |
schedule: | |
- cron: '00 04 * * 2-6' | |
permissions: | |
contents: read | |
jobs: | |
system-tests: | |
if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'DataDog/dd-trace-go') | |
# Note: Not using large runners because the jobs spawned by this pipeline | |
# don't seem to get a noticable speedup from using larger runners. | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
weblog-variant: | |
- net-http | |
- echo | |
- chi | |
- gin | |
- uds-echo | |
scenario: | |
- DEFAULT | |
- INTEGRATIONS | |
- INTEGRATIONS_AWS | |
- CROSSED_TRACING_LIBRARIES | |
- APPSEC_DISABLED | |
- APPSEC_BLOCKING | |
- APPSEC_BLOCKING_FULL_DENYLIST | |
- APPSEC_REQUEST_BLOCKING | |
- APPSEC_API_SECURITY | |
- APPSEC_RASP | |
- APM_TRACING_E2E | |
- APM_TRACING_E2E_SINGLE_SPAN | |
- APM_TRACING_E2E_OTEL | |
include: | |
- weblog-variant: net-http | |
scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_FEATURES | |
- weblog-variant: net-http | |
scenario: REMOTE_CONFIG_MOCKED_BACKEND_LIVE_DEBUGGING | |
- weblog-variant: net-http | |
scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_DD | |
# AppSec scenarios that don't depend on the integrations, so we just run on the net/http variant | |
- weblog-variant: net-http | |
scenario: APPSEC_RATE_LIMITER | |
- weblog-variant: net-http | |
scenario: APPSEC_CUSTOM_RULES | |
- weblog-variant: net-http | |
scenario: APPSEC_MISSING_RULES | |
- weblog-variant: net-http | |
scenario: APPSEC_CORRUPTED_RULES | |
- weblog-variant: net-http | |
scenario: APPSEC_LOW_WAF_TIMEOUT | |
- weblog-variant: net-http | |
scenario: APPSEC_CUSTOM_OBFUSCATION | |
# APM scenarios requiring specific environment settings | |
- scenario: APM_TRACING_E2E | |
env: | |
DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY | |
DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY | |
DD_SITE="datadoghq.com" | |
- scenario: APM_TRACING_E2E_SINGLE_SPAN | |
env: | |
DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY | |
DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY | |
DD_SITE="datadoghq.com" | |
- scenario: APM_TRACING_E2E_OTEL | |
env: | |
DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY | |
DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY | |
DD_SITE="datadoghq.com" | |
# GraphQL System Tests | |
- scenario: GRAPHQL_APPSEC | |
weblog-variant: graph-gophers | |
- scenario: GRAPHQL_APPSEC | |
weblog-variant: graphql-go | |
- scenario: GRAPHQL_APPSEC | |
weblog-variant: gqlgen | |
fail-fast: false | |
env: | |
TEST_LIBRARY: golang | |
WEBLOG_VARIANT: ${{ matrix.weblog-variant }} | |
DD_API_KEY: ${{ secrets.DD_API_KEY }} | |
SYSTEM_TESTS_E2E_DD_API_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_API_KEY }} | |
SYSTEM_TESTS_E2E_DD_APP_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_APP_KEY }} | |
SYSTEM_TESTS_AWS_ACCESS_KEY_ID: ${{ secrets.SYSTEM_TESTS_IDM_AWS_ACCESS_KEY_ID }} | |
SYSTEM_TESTS_AWS_SECRET_ACCESS_KEY: ${{ secrets.SYSTEM_TESTS_IDM_AWS_SECRET_ACCESS_KEY }} | |
name: Test (${{ matrix.weblog-variant }}, ${{ matrix.scenario }}) | |
steps: | |
- name: Checkout system tests | |
uses: actions/checkout@v3 | |
with: | |
repository: 'DataDog/system-tests' | |
ref: ${{ inputs.ref }} | |
- name: Checkout dd-trace-go | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ inputs.branch_ref || github.ref }} | |
path: 'binaries/dd-trace-go' | |
- name: Build weblog | |
run: ./build.sh -i weblog | |
- name: Build runner | |
uses: ./.github/actions/install_runner | |
- name: Build agent | |
run: ./build.sh -i agent | |
- name: Run | |
run: env ${{ matrix.env }} ./run.sh ${{ matrix.scenario }} | |
- name: Compress artifact | |
if: ${{ always() }} | |
run: tar -czvf artifact.tar.gz $(ls | grep logs) | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
if: ${{ always() }} | |
with: | |
name: logs_${{ matrix.weblog-variant }}_${{ matrix.scenario }} | |
path: artifact.tar.gz |