Ensure DI PII line probe tests actually run for all tracers #23821
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Testing the test | |
on: | |
workflow_dispatch: {} | |
pull_request: | |
branches: | |
- '**' | |
types: | |
- opened | |
- synchronize | |
- labeled | |
- unlabeled | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run lints | |
uses: ./.github/actions/lint_code | |
test_the_test: | |
name: Test the test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install runner | |
uses: ./.github/actions/install_runner | |
# force /bin/bash in order to test against bash 3.2 on macOS | |
- name: Test the test (direct) | |
run: /bin/bash run.sh TEST_THE_TEST | |
- name: Test group parsing | |
run: | | |
/bin/bash run.sh ++dry APPSEC_SCENARIOS | |
/bin/bash run.sh ++dry TRACER_RELEASE_SCENARIOS | |
scenarios: | |
name: Get scenarios and groups | |
uses: ./.github/workflows/compute-scenarios.yml | |
impacted_libraries: | |
name: Get impacted libraries | |
uses: ./.github/workflows/compute-impacted-libraries.yml | |
get_dev_artifacts: | |
needs: | |
- impacted_libraries | |
strategy: | |
matrix: | |
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get library artifact | |
run: ./utils/scripts/load-binary.sh ${{ matrix.library }} | |
- name: Get agent artifact | |
run: ./utils/scripts/load-binary.sh agent | |
# ### appsec-event-rules is now a private repo. The GH_TOKEN provided can't read private repos. | |
# ### skipping this, waiting for a proper solution | |
# - name: Load WAF rules | |
# if: matrix.version == 'dev' | |
# run: ./utils/scripts/load-binary.sh waf_rule_set | |
# env: | |
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: binaries_dev_${{ matrix.library }} | |
path: binaries/ | |
system_tests: | |
name: System Tests | |
needs: | |
- lint | |
- test_the_test | |
- scenarios | |
- impacted_libraries | |
- get_dev_artifacts | |
strategy: | |
matrix: | |
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }} | |
version: | |
- prod | |
- dev | |
fail-fast: false | |
uses: ./.github/workflows/system-tests.yml | |
permissions: | |
contents: read | |
packages: write | |
secrets: inherit | |
with: | |
library: ${{ matrix.library }} | |
scenarios: ${{ needs.scenarios.outputs.scenarios }} | |
scenarios_groups: ${{ needs.scenarios.outputs.scenarios_groups }} | |
binaries_artifact: ${{ matrix.version == 'dev' && format('binaries_dev_{0}', matrix.library) || '' }} | |
ci_environment: ${{ matrix.version }} | |
build_python_base_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-python-base-images') }} | |
build_buddies_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-buddies-images') }} | |
build_proxy_image: ${{ contains(github.event.pull_request.labels.*.name, 'build-proxy-image') }} | |
build_lib_injection_app_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-lib-injection-app-images') }} | |
_experimental_parametric_job_count: ${{ matrix.version == 'dev' && 2 || 1 }} # test both use cases | |
skip_empty_scenarios: true | |
system_tests_docker_mode: | |
name: Ruby Docker Mode | |
needs: | |
- lint | |
- test_the_test | |
- impacted_libraries | |
- get_dev_artifacts # non official set-up, this needs put this job in last | |
if: contains(needs.impacted_libraries.outputs.impacted_libraries, 'ruby') | |
uses: ./.github/workflows/run-docker-mode.yml | |
permissions: | |
packages: write | |
secrets: inherit | |
exotics: | |
name: Exotics scenarios | |
if: contains(github.event.pull_request.labels.*.name, 'run-all-scenarios') | |
uses: ./.github/workflows/run-exotics.yml | |
secrets: inherit | |
fancy-report: | |
runs-on: ubuntu-latest | |
needs: | |
- system_tests | |
if: always() | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- run: pip install requests | |
- run: python utils/scripts/get-workflow-summary.py ${{ github.run_id }} >> $GITHUB_STEP_SUMMARY | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
update-CI-visibility: | |
name: Update CI Visibility Dashboard | |
runs-on: ubuntu-latest | |
needs: | |
- system_tests | |
if: always() && github.ref == 'refs/heads/main' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Update CI Dashboard | |
run: ./utils/scripts/update_dashboard_CI_visibility.sh system-tests ${{ github.run_id }}-${{ github.run_attempt }} | |
env: | |
DD_API_KEY: ${{ secrets.DD_CI_API_KEY }} | |
DD_APP_KEY: ${{ secrets.DD_CI_APP_KEY }} |