Merge branch 'main' into dario.castane/exp-optimize-settags

DataDog · Dec 2, 2024 · 51cf835 · 51cf835
2 parents 372234c + 697219e
commit 51cf835
Show file tree

Hide file tree

Showing 368 changed files with 24,087 additions and 8,661 deletions.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -32,6 +32,7 @@
 - [ ] If this interacts with the agent in a new way, a system test has been added.
 - [ ] Add an appropriate team label so this PR gets put in the right place for the release notes.
 - [ ] Non-trivial go.mod changes, e.g. adding new modules, are reviewed by @DataDog/dd-trace-go-guild.
+- [ ] For internal contributors, a matching PR should be created to the `v2-dev` branch and reviewed by @DataDog/apm-go.
 
 
 Unsure? Have a question? Request a review!
diff --git a/.github/workflows/appsec.yml b/.github/workflows/appsec.yml
@@ -40,6 +40,9 @@ concurrency:
   # Automatically cancel previous runs if a new one is triggered to conserve resources.
   group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
 
+permissions:
+  contents: read
+
 jobs:
   # Prepare the cache of Go modules to share it will the other jobs.
   # This maximizes cache hits and minimizes the time spent downloading Go modules.
@@ -94,9 +97,9 @@ jobs:
     needs: go-mod-caching
     strategy:
       matrix:
-        runs-on: [ macos-12, macos-14 ] # oldest and newest macos runners available - macos-14 mainly is here to cover the fact it is an ARM machine
-        go-version: [ "1.22", "1.21" ]
-      fail-fast: true # saving some CI time - macos runners too long to get
+        runs-on: [ macos-13, macos-15 ] # oldest and newest macos runners available - macos-15 is an ARM runner
+        go-version: [ "1.23", "1.22" ]
+      fail-fast: true # saving some CI time - macos runners are too long to get
     steps:
       - uses: actions/checkout@v4
 
@@ -187,7 +190,7 @@ jobs:
     needs: go-mod-caching
     strategy:
       matrix:
-        go-version: [ "1.22", "1.21" ]
+        go-version: [ "1.23", "1.22" ]
         distribution: [ bookworm, bullseye, alpine ]
         platform: [ linux/amd64, linux/arm64 ]
 

diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml
@@ -2,6 +2,10 @@ on: [push]
 
 name: Datadog Static Analysis
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   static-analysis:
     runs-on: ubuntu-latest

diff --git a/...workflows/ecosystems-label-issue copy.yml → .github/workflows/ecosystems-label-issue.yml b/...workflows/ecosystems-label-issue copy.yml → .github/workflows/ecosystems-label-issue.yml
@@ -5,6 +5,9 @@ on:
       - reopened
       - opened
       - edited
+permissions:
+  contents: read
+  issues: write
 jobs:
   label_issues:
     if: contains(github.event.issue.title, 'contrib')

diff --git a/.github/workflows/ecosystems-label-pr.yml b/.github/workflows/ecosystems-label-pr.yml
@@ -7,6 +7,9 @@ on:
       - opened
       - reopened
       - edited
+permissions:
+  contents: read
+  pull-requests: write
 jobs:
   label_issues:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -14,6 +14,9 @@ on:
     - cron: '00 00 * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   govulncheck-tests:
     runs-on: ubuntu-latest
@@ -32,7 +35,6 @@ jobs:
         run: govulncheck ./ddtrace/... ./appsec/... ./profiler/... ./internal/...
       - name: Run govulncheck-contribs
         run: |
-          # Excluding legacy contrib grpc.v12
-          go list -f '{{.Dir}}' ./contrib/... | grep -v -e grpc.v12 | while read dir ; do
+          go list -f '{{.Dir}}' ./contrib/... | while read dir ; do
             govulncheck -C $dir .
           done
diff --git a/.github/workflows/main-branch-tests.yml b/.github/workflows/main-branch-tests.yml
@@ -22,7 +22,7 @@ jobs:
   unit-integration-tests:
     strategy:
       matrix:
-        go-version: [ "1.21", "1.22" ]
+        go-version: [ "1.22", "1.23" ]
       fail-fast: false
     uses: ./.github/workflows/unit-integration-tests.yml
     with:
@@ -33,7 +33,7 @@ jobs:
     strategy:
       matrix:
         runs-on: [ macos-latest, windows-latest, ubuntu-latest ]
-        go-version: [ "1.21", "1.22" ]
+        go-version: [ "1.22", "1.23" ]
       fail-fast: false
     uses: ./.github/workflows/multios-unit-tests.yml
     with:

diff --git a/.github/workflows/multios-unit-tests.yml b/.github/workflows/multios-unit-tests.yml
@@ -29,6 +29,9 @@ on:
 env:
   DD_APPSEC_WAF_TIMEOUT: 1m # Increase time WAF time budget to reduce CI flakiness
 
+permissions:
+  contents: read
+
 jobs:
   test-multi-os:
     runs-on: "${{ inputs.runs-on }}"
@@ -53,7 +56,7 @@ jobs:
       - name: "Runner ${{ matrix.runner-index }}: Test Core and Contrib (No Integration Tests)"
         shell: bash
         run: |
-          go list ./... | grep -v -e grpc.v12 -e google.golang.org/api -e sarama -e confluent-kafka-go -e cmemprof | sort >packages.txt
+          go list ./... | grep -v -e google.golang.org/api -e sarama -e confluent-kafka-go -e cmemprof | sort >packages.txt
           gotestsum --junitfile ${REPORT} -- $(cat packages.txt) -v -coverprofile=coverage.txt -covermode=atomic -timeout 15m
       - name: Upload the results to Datadog CI App
         if: always()

diff --git a/.github/workflows/orchestrion.yml b/.github/workflows/orchestrion.yml
@@ -17,6 +17,7 @@ concurrency:
 jobs:
   test:
     name: 'Run Tests'
-    uses: DataDog/orchestrion/.github/workflows/workflow_call.yml@eliott.bouhana/smoke-tests
+    uses: DataDog/orchestrion/.github/workflows/workflow_call.yml@main # we don't want to pin our own action
     with:
       dd-trace-go-ref: ${{ github.sha }}
+      runs-on: ubuntu-latest-16-cores
diff --git a/.github/workflows/parametric-tests.yml b/.github/workflows/parametric-tests.yml
@@ -21,6 +21,9 @@ on:
   schedule:
     - cron:  '00 04 * * 2-6'
 
+permissions:
+  contents: read
+
 jobs:
   parametric-tests:
     if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'DataDog/dd-trace-go')

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -18,6 +18,6 @@ jobs:
     name: PR Unit and Integration Tests
     uses: ./.github/workflows/unit-integration-tests.yml
     with:
-      go-version: "1.21"
+      go-version: "1.22"
       ref: ${{ github.ref }}
     secrets: inherit
diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml
@@ -27,6 +27,9 @@ on:
 env:
   TEST_RESULTS: /tmp/test-results # path to where test results will be saved
 
+permissions:
+  contents: read
+
 jobs:
   go-get-u:
     #  Run go get -u to upgrade dd-trace-go dependencies to their
@@ -70,13 +73,20 @@ jobs:
     # Run go mod tidy to ensure that all go.mod and go.sum files are up-to-date.
     name: 'go mod tidy smoke test'
     runs-on: ubuntu-latest
+    env:
+      # Users may build our library with GOTOOLCHAIN=local. If they do, and our
+      # go.mod file specifies a newer Go version than their local toolchain, their
+      # build will break. Run our tests with GOTOOLCHAIN=local to ensure that
+      # our library builds with all of the Go versions we claim to support,
+      # without having to download a newer one.
+      GOTOOLCHAIN: local
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref || github.ref }}
       - uses: actions/setup-go@v3
         with:
-          go-version: "1.21"
+          go-version: "1.22"
           cache: true
       - name: go mod tidy
         run: |-
@@ -99,7 +109,7 @@ jobs:
       matrix:
         # TODO: cross-compilation from/to different hardware architectures once
         #       github provides native ARM runners.
-        go: [ "1.21", "1.22", "1.23-rc" ]
+        go: [ "1.22", "1.23" ]
         build-env: [ alpine, bookworm, bullseye ]
         build-with-cgo: [ 0, 1 ]
         deployment-env: [ alpine, debian11, debian12, al2, al2023, busybox, scratch ]
@@ -171,7 +181,7 @@ jobs:
         uses: docker/build-push-action@v5
         with:
           context: .
-          file: ./internal/apps/setup-smoke-test/Dockerfile
+          file: ./internal/setup-smoke-test/Dockerfile
           push: false
           load: true
           tags: smoke-test

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -4,6 +4,10 @@ on:
   schedule:
     - cron: '30 1 * * *'
 
+permissions:
+  contents: read
+  issues: write
+
 jobs:
   stale:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml
@@ -27,6 +27,9 @@ on:
   schedule:
     - cron:  '00 04 * * 2-6'
 
+permissions:
+  contents: read
+
 jobs:
   system-tests:
     if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'DataDog/dd-trace-go')
@@ -43,20 +46,25 @@ jobs:
           - uds-echo
         scenario:
           - DEFAULT
+          - INTEGRATIONS
+          - INTEGRATIONS_AWS
+          - CROSSED_TRACING_LIBRARIES
           - APPSEC_DISABLED
           - APPSEC_BLOCKING
           - APPSEC_BLOCKING_FULL_DENYLIST
           - APPSEC_REQUEST_BLOCKING
           - APPSEC_API_SECURITY
           - APPSEC_RASP
+          - APPSEC_RUNTIME_ACTIVATION
           - APM_TRACING_E2E
           - APM_TRACING_E2E_SINGLE_SPAN
           - APM_TRACING_E2E_OTEL
+          - TRACING_CONFIG_SCENARIOS
         include:
           - weblog-variant: net-http
             scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_FEATURES
           - weblog-variant: net-http
-            scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_FEATURES
+            scenario: REMOTE_CONFIG_MOCKED_BACKEND_LIVE_DEBUGGING
           - weblog-variant: net-http
             scenario: REMOTE_CONFIG_MOCKED_BACKEND_ASM_DD
           # AppSec scenarios that don't depend on the integrations, so we just run on the net/http variant
@@ -103,6 +111,8 @@ jobs:
       DD_API_KEY: ${{ secrets.DD_API_KEY }}
       SYSTEM_TESTS_E2E_DD_API_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_API_KEY }}
       SYSTEM_TESTS_E2E_DD_APP_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_APP_KEY }}
+      SYSTEM_TESTS_AWS_ACCESS_KEY_ID: ${{ secrets.SYSTEM_TESTS_IDM_AWS_ACCESS_KEY_ID }}
+      SYSTEM_TESTS_AWS_SECRET_ACCESS_KEY: ${{ secrets.SYSTEM_TESTS_IDM_AWS_SECRET_ACCESS_KEY }}
     name: Test (${{ matrix.weblog-variant }}, ${{ matrix.scenario }})
     steps:
       - name: Checkout system tests
@@ -134,7 +144,7 @@ jobs:
         run: tar -czvf artifact.tar.gz $(ls | grep logs)
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         if: ${{ always() }}
         with:
           name: logs_${{ matrix.weblog-variant }}_${{ matrix.scenario }}

diff --git a/.github/workflows/test-apps.cue b/.github/workflows/test-apps.cue
@@ -115,6 +115,10 @@ env: {
   DD_TAGS: "github_run_id:${{ github.run_id }} github_run_number:${{ github.run_number }} ${{ inputs['arg: tags'] }}",
 }
 
+permissions: {
+    contents: "read",
+}
+
 jobs: {
     for i, scenario in #scenarios {
         for j, env in #envs {

diff --git a/.github/workflows/test-apps.yml b/.github/workflows/test-apps.yml
@@ -64,6 +64,8 @@ name: Test Apps
 env:
   DD_ENV: github
   DD_TAGS: 'github_run_id:${{ github.run_id }} github_run_number:${{ github.run_number }} ${{ inputs[''arg: tags''] }}'
+permissions:
+  contents: read
 jobs:
   job-0-0:
     name: unit-of-work/v1 (prod)