-
Notifications
You must be signed in to change notification settings - Fork 440
151 lines (140 loc) · 4.9 KB
/
system-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: System Tests
on:
workflow_call: # allows to reuse this workflow
inputs:
branch_ref:
description: 'The branch to run the workflow on'
required: true
type: string
push:
branches:
- main
- release-v*
tags:
- "**"
pull_request:
branches:
- "**"
merge_group:
workflow_dispatch:
inputs:
ref:
description: 'System Tests ref/tag/branch'
required: true
default: main
type: string
schedule:
- cron: '00 04 * * 2-6'
permissions:
contents: read
jobs:
system-tests:
if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'DataDog/dd-trace-go')
# Note: Not using large runners because the jobs spawned by this pipeline
# don't seem to get a noticable speedup from using larger runners.
runs-on: ubuntu-latest
strategy:
matrix:
weblog-variant:
- net-http
- echo
- chi
- gin
- uds-echo
scenario:
- DEFAULT
- INTEGRATIONS
- INTEGRATIONS_AWS
- CROSSED_TRACING_LIBRARIES
- APPSEC_DISABLED
- APPSEC_BLOCKING
- APPSEC_BLOCKING_FULL_DENYLIST
- APPSEC_REQUEST_BLOCKING
- APPSEC_API_SECURITY
- APPSEC_RASP
- APPSEC_RUNTIME_ACTIVATION
- APM_TRACING_E2E
- APM_TRACING_E2E_SINGLE_SPAN
- APM_TRACING_E2E_OTEL
- TRACING_CONFIG_SCENARIOS
include:
- weblog-variant: net-http
scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_FEATURES
- weblog-variant: net-http
scenario: REMOTE_CONFIG_MOCKED_BACKEND_LIVE_DEBUGGING
- weblog-variant: net-http
scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_DD
# AppSec scenarios that don't depend on the integrations, so we just run on the net/http variant
- weblog-variant: net-http
scenario: APPSEC_RATE_LIMITER
- weblog-variant: net-http
scenario: APPSEC_CUSTOM_RULES
- weblog-variant: net-http
scenario: APPSEC_MISSING_RULES
- weblog-variant: net-http
scenario: APPSEC_CORRUPTED_RULES
- weblog-variant: net-http
scenario: APPSEC_LOW_WAF_TIMEOUT
- weblog-variant: net-http
scenario: APPSEC_CUSTOM_OBFUSCATION
# APM scenarios requiring specific environment settings
- scenario: APM_TRACING_E2E
env:
DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY
DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY
DD_SITE="datadoghq.com"
- scenario: APM_TRACING_E2E_SINGLE_SPAN
env:
DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY
DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY
DD_SITE="datadoghq.com"
- scenario: APM_TRACING_E2E_OTEL
env:
DD_API_KEY=$SYSTEM_TESTS_E2E_DD_API_KEY
DD_APPLICATION_KEY=$SYSTEM_TESTS_E2E_DD_APP_KEY
DD_SITE="datadoghq.com"
# GraphQL System Tests
- scenario: GRAPHQL_APPSEC
weblog-variant: graph-gophers
- scenario: GRAPHQL_APPSEC
weblog-variant: graphql-go
- scenario: GRAPHQL_APPSEC
weblog-variant: gqlgen
fail-fast: false
env:
TEST_LIBRARY: golang
WEBLOG_VARIANT: ${{ matrix.weblog-variant }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
SYSTEM_TESTS_E2E_DD_API_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_API_KEY }}
SYSTEM_TESTS_E2E_DD_APP_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_APP_KEY }}
SYSTEM_TESTS_AWS_ACCESS_KEY_ID: ${{ secrets.SYSTEM_TESTS_IDM_AWS_ACCESS_KEY_ID }}
SYSTEM_TESTS_AWS_SECRET_ACCESS_KEY: ${{ secrets.SYSTEM_TESTS_IDM_AWS_SECRET_ACCESS_KEY }}
name: Test (${{ matrix.weblog-variant }}, ${{ matrix.scenario }})
steps:
- name: Checkout system tests
uses: actions/checkout@v3
with:
repository: 'DataDog/system-tests'
ref: ${{ inputs.ref }}
- name: Checkout dd-trace-go
uses: actions/checkout@v3
with:
ref: ${{ inputs.branch_ref || github.ref }}
path: 'binaries/dd-trace-go'
- name: Build weblog
run: ./build.sh -i weblog
- name: Build runner
uses: ./.github/actions/install_runner
- name: Build agent
run: ./build.sh -i agent
- name: Run
run: env ${{ matrix.env }} ./run.sh ${{ matrix.scenario }}
- name: Compress artifact
if: ${{ always() }}
run: tar -czvf artifact.tar.gz $(ls | grep logs)
- name: Upload artifact
uses: actions/upload-artifact@v4
if: ${{ always() }}
with:
name: logs_${{ matrix.weblog-variant }}_${{ matrix.scenario }}
path: artifact.tar.gz