Skip to content
Test

refactor!: opt-in with the appsec build tag when cgo is disabled #765

Sign in to view logs

refactor!: opt-in with the appsec build tag when cgo is disabled

refactor!: opt-in with the appsec build tag when cgo is disabled #765

Workflow file for this run

.github/workflows/test.yml at 75a7fde
name: Test
on:
workflow_dispatch: # manually
schedule: # nightly
- cron: "0 0 * * *"
pull_request: # on pull requests touching appsec files
push: # on push to the main branch
branches:
- main
jobs:
bare-metal:
strategy:
fail-fast: false
matrix:
runs-on: [ macos-13, macos-12, macos-11, ubuntu-22.04, ubuntu-20.04, windows-latest ]
go-version: [ "1.21", "1.20", "1.19" ]
cgo-enabled: [ "0", "1" ] # test it compiles with and without cgo
go-tags:
- '' # Default behavior
- 'datadog.no_waf' # Explicitly disabled WAF
- 'go1.22' # Too recent go version (purego compatibility uncertain)
- 'appsec' # Legacy build tag to enable appsec when cgo is disabled
- 'datadog.no_waf,go1.22' # Explicitly disabled & too recent go version (purego compatibility uncertain)
include:
# gocheck2 is configured differently in go1.21 than in previous versions
- go-version: '1.21'
go-experiment: cgocheck2
- go-version: '1.20'
go-debug: cgocheck=2
- go-version: '1.19'
go-debug: cgocheck=2
exclude:
# Prune redundant checks (the go-next test needs only run once per platform)
- go-version: '1.20'
go-tags: go1.22
- go-version: '1.20'
go-tags: datadog.no_waf,go1.22
- go-version: '1.19'
go-tags: go1.22
- go-version: '1.19'
go-tags: datadog.no_waf,go1.22
name: ${{ matrix.runs-on }} go${{ matrix.go-version }} cgo=${{ matrix.cgo-enabled }} tags=${{ matrix.go-tags }}
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
cache: true
- name: Install gotestsum
run: go install gotest.tools/gotestsum@latest
- name: go test
shell: bash
run: |-
gotestsum -- -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' ./...
env:
CGO_ENABLED: ${{ matrix.cgo-enabled }}
DD_APPSEC_WAF_TIMEOUT: 5s
GODEBUG: ${{ matrix.go-debug }}
GOEXPERIMENT: ${{ matrix.go-experiment }}
containerized:
strategy:
fail-fast: false
matrix:
image:
# Standard golang image
- golang:{0}-alpine
- golang:{0}-bookworm
- golang:{0}-bullseye
- golang:{0}-buster
# RPM-based image
- amazonlinux:2 # pretty popular on AWS workloads
arch: [ amd64, arm64 ]
go-version: [ "1.21", "1.20", "1.19" ]
cgo-enabled: [ "0", "1" ] # test it compiles with and without cgo
go-tags:
- '' # Default behavior
- 'datadog.no_waf' # Explicitly disabled WAF
- 'go1.22' # Too recent go version (purego compatibility uncertain)
- 'appsec' # Legacy build tag to enable appsec when cgo is disabled
- 'datadog.no_waf,go1.22' # Explicitly disabled & too recent go version (purego compatibility uncertain)
include:
# gocheck2 is configured differently in go1.21 than in previous versions
- go-version: '1.21'
go-experiment: cgocheck2
- go-version: '1.20'
go-debug: cgocheck=2
- go-version: '1.19'
go-debug: cgocheck=2
exclude:
# Prune redundant checks (the go-next test needs only run once per platform)
- go-version: '1.20'
go-tags: go1.22
- go-version: '1.20'
go-tags: datadog.no_waf,go1.22
- go-version: '1.19'
go-tags: go1.22
- go-version: '1.19'
go-tags: datadog.no_waf,go1.22
# Prune inexistant build images (debian buster is on LTS but won't get new go version images)
- go-version: '1.21'
image: golang:{0}-buster
# The amazonlinux:2 variant is only relevant for the default go version yum ships (currently 1.20)
- go-version: '1.19'
image: amazonlinux:2
- go-version: '1.21'
image: amazonlinux:2
name: linux/${{ matrix.arch }} ${{ format(matrix.image, matrix.go-version) }} cgo=${{ matrix.cgo-enabled }} tags=${{ matrix.go-tags }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
restore-keys: go-pkg-mod-
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: ${{ matrix.arch }}
- name: Create container
id: container
run: |-
docker run --name gha-${{ github.run_id }} --rm -di \
--platform="linux/${{ matrix.arch }}" \
-v "${HOME}/go/pkg/mod:/go/pkg/mod" \
-v "$PWD:$PWD" \
-w "$PWD" \
-eCGO_ENABLED="${{ matrix.cgo-enabled }}" \
-eDD_APPSEC_WAF_TIMEOUT="${DD_APPSEC_WAF_TIMEOUT}" \
-eGODEBUG="${{ matrix.go-debug }}" \
-eGOEXPERIMENT="${{ matrix.go-experiment }}" \
-eGOMODCACHE="/go/pkg/mod" \
"${{ format(matrix.image, matrix.go-version) }}"
- name: Install alpine requirements
if: endsWith(matrix.image, '-alpine') && matrix.cgo-enabled == '1'
run: |-
docker exec -i gha-${{ github.run_id }} \
apk add gcc musl-dev libc6-compat
- name: Install AmazonLinux 2 requirements
if: matrix.image == 'amazonlinux:2'
run: |-
docker exec -i gha-${{ github.run_id }} \
yum install -y golang
- name: Install gotestsum
run: |-
docker exec -i gha-${{ github.run_id }} \
go install gotest.tools/gotestsum@latest
- name: go test
run: |-
docker exec -i gha-${{ github.run_id }} \
go run gotest.tools/gotestsum@latest -- \
-v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' \
./...
- name: Stop container
if: always() && steps.container.outcome == 'success'
run: |-
docker stop gha-${{ github.run_id }}
# A simple join target to simplify setting up branch protection settings in GH.
done:
name: Done
runs-on: ubuntu-latest
needs:
- bare-metal
- containerized
steps:
- name: Done
run: echo "Done!"