feat(contrib): add integration for aerospike/aerospike-client-go.v7 #8014
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AppSec Tests | |
| on: | |
| workflow_call: # allows to reuse this workflow | |
| inputs: | |
| ref: | |
| description: 'The branch to run the workflow on' | |
| required: true | |
| type: string | |
| workflow_dispatch: # manually | |
| schedule: # nightly | |
| - cron: "0 0 * * *" | |
| pull_request: # on pull requests touching appsec files | |
| paths: | |
| - '.github/workflows/appsec.yml' | |
| - 'internal/appsec/**' | |
| - 'appsec/**' | |
| - 'contrib/**/appsec.go' | |
| - '**/go.mod' | |
| push: | |
| branches: | |
| - release-v* | |
| tags-ignore: | |
| - 'contrib/**' | |
| - 'instrumentation/**' | |
| - 'internal/**' | |
| - 'orchestrion/**' | |
| - 'scripts/**' | |
| env: | |
| DD_APPSEC_WAF_TIMEOUT: 1m | |
| PACKAGES: >- | |
| ./appsec/... | |
| ./instrumentation/appsec/... | |
| ./internal/appsec/... | |
| SUBMODULES: >- | |
| ./contrib/database/sql | |
| ./contrib/gin-gonic/gin | |
| ./contrib/google.golang.org/grpc | |
| ./contrib/net/http | |
| ./contrib/gorilla/mux | |
| ./contrib/go-chi/chi | |
| ./contrib/go-chi/chi.v5 | |
| ./contrib/labstack/echo.v4 | |
| ./contrib/99designs/gqlgen | |
| ./contrib/graphql-go/graphql | |
| ./contrib/graph-gophers/graphql-go | |
| concurrency: | |
| # Automatically cancel previous runs if a new one is triggered to conserve resources. | |
| group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| # Prepare the cache of Go modules to share it will the other jobs. | |
| # This maximizes cache hits and minimizes the time spent downloading Go modules. | |
| # Note 1: @actions/cache is very sensitive and it's easy to mess up. Things to know: | |
| # - doing it after @actions/checkout is required for all the metadata to be available; | |
| # - sharing the cache with windows requires backslashes to be used in the path; | |
| # - sharing the cache between OSes requires the base path to be the same, so a relative one is used; | |
| # - as of writing this doc, @actions/cache doest work inside docker containers, so had to design so | |
| # containerized jobs around this problem, by restoring the cache in the runner and mounting it in the | |
| # container ourselves. | |
| # Note 2: a lot of time was spent on making caching work across macos, linux, | |
| # windows and golang containers. So this is very sensitive and should be | |
| # validated again in case of changes. To do so, you can click on the @actions/cache | |
| # actions logs and look for the "Cache hit" or "Cache miss" messages. | |
| go-mod-caching: | |
| name: Prepare Go modules cache | |
| runs-on: ubuntu-latest-16-cores | |
| outputs: | |
| key: ${{ steps.cfg.outputs.key }} | |
| path: ${{ steps.cfg.outputs.path }} | |
| steps: | |
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ inputs.ref || github.ref }} | |
| - name: Compute cache configuration | |
| id: cfg | |
| run: | | |
| echo "key=go-pkg-mod-${{ hashFiles('**/go.sum') }}" >> "$GITHUB_OUTPUT" | |
| echo "path=go_pkg_mod_cache" >> "$GITHUB_OUTPUT" | |
| - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 | |
| with: | |
| go-version: stable | |
| cache: false | |
| - name: Cache Go modules | |
| id: cache | |
| uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: ${{ steps.cfg.outputs.path }} | |
| key: ${{ steps.cfg.outputs.key }} | |
| enableCrossOsArchive: true | |
| lookup-only: true | |
| - name: Download Go modules | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| env: | |
| GOMODCACHE: ${{ github.workspace }}/${{ steps.cfg.outputs.path }} | |
| run: go mod download -x | |
| macos: | |
| name: ${{ matrix.runs-on }} go${{ matrix.go-version }} | |
| runs-on: ${{ matrix.runs-on }} | |
| needs: | |
| - go-mod-caching | |
| strategy: | |
| matrix: | |
| runs-on: [ macos-14, macos-latest ] # oldest and newest macos runners available | |
| go-version: [ "1.26", "1.25" ] | |
| fail-fast: true # saving some CI time - macos runners are too long to get | |
| steps: | |
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ inputs.ref || github.ref }} | |
| - name: Restore Go modules cache | |
| uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: ${{ needs.go-mod-caching.outputs.path }} | |
| key: ${{ needs.go-mod-caching.outputs.key }} | |
| restore-keys: go-pkg-mod- | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| cache: false # we manage the caching ourselves | |
| - name: Setup testing environment | |
| run: |- | |
| mkdir -p "tmp_appsec" | |
| go install gotest.tools/gotestsum@latest | |
| # go test is being manually called multiple times here for the sake of reusing the runner. | |
| # Waiting runners is unfortunately so long that we decided to do so for things only requiring recompilation or | |
| # reruns under different settings. | |
| - name: go test | |
| shell: bash | |
| env: | |
| GOMODCACHE: ${{ github.workspace }}/${{ needs.go-mod-caching.outputs.path }} | |
| run: | | |
| set -euxo pipefail | |
| # Go experiments to test with. Add/remove entries here when experiments change. | |
| # Empty string means "no experiment" (baseline run). | |
| goexperiments=("" "cgocheck2") | |
| # Submodules to skip for specific experiments (experiment:submodule). | |
| skip_rules=("cgocheck2:./contrib/gin-gonic/gin") | |
| report_error=0 | |
| for cgo in "0" "1"; do | |
| for appsec_enabled_env in "" "DD_APPSEC_ENABLED=true" "DD_APPSEC_ENABLED=false"; do | |
| for goexp in "${goexperiments[@]}"; do | |
| goexp_env="" | |
| goexp_label="default" | |
| if [[ -n "$goexp" ]]; then | |
| goexp_env="GOEXPERIMENT=$goexp" | |
| goexp_label="$goexp" | |
| fi | |
| # shellcheck disable=SC2086 | |
| if ! env CGO_ENABLED="$cgo" $appsec_enabled_env $goexp_env gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-${cgo}-${appsec_enabled_env:-default}-${goexp_label}.xml" -- -v $PACKAGES; then | |
| echo "Failed: env CGO_ENABLED=$cgo $appsec_enabled_env $goexp_env gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-${cgo}-${appsec_enabled_env:-default}-${goexp_label}.xml\" -- -v $PACKAGES" | |
| fi | |
| # shellcheck disable=SC2086 | |
| for submodule in $SUBMODULES; do | |
| # Check skip rules for this experiment+submodule combination | |
| skip=false | |
| for rule in "${skip_rules[@]}"; do | |
| if [[ "$rule" == "$goexp:$submodule" ]]; then | |
| echo "Skipped: env CGO_ENABLED=$cgo $appsec_enabled_env $goexp_env go test -v . (submodule: $submodule, reason: skip rule for GOEXPERIMENT=$goexp)" | |
| skip=true | |
| break | |
| fi | |
| done | |
| if [[ "$skip" == "true" ]]; then continue; fi | |
| cd "$submodule" | |
| submodule_name=$(echo "$submodule" | tr '/' '-') | |
| # shellcheck disable=SC2086 | |
| if ! env CGO_ENABLED="$cgo" $appsec_enabled_env $goexp_env gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-${cgo}-${appsec_enabled_env:-default}-${goexp_label}-${submodule_name}.xml" -- -v .; then | |
| echo "Failed: env CGO_ENABLED=$cgo $appsec_enabled_env $goexp_env gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-${cgo}-${appsec_enabled_env:-default}-${goexp_label}-${submodule_name}.xml\" -- -v . (submodule: $submodule)" | |
| report_error=1 | |
| fi | |
| cd - | |
| done | |
| done | |
| done | |
| done | |
| exit $report_error | |
| - name: Get Datadog credentials | |
| id: dd-sts | |
| continue-on-error: true | |
| uses: DataDog/dd-sts-action@7d2d231c02fd54a3da912e582ff87cb995d1fd30 | |
| with: | |
| policy: dd-trace-go | |
| - name: Upload the results to Datadog CI App | |
| if: always() | |
| continue-on-error: true | |
| uses: ./.github/actions/dd-ci-upload | |
| with: | |
| dd-api-key: ${{ steps.dd-sts.outputs.api_key }} | |
| path: tmp_appsec | |
| tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }} | |
| # Tests cases were appsec end up being disabled at compilation time | |
| disabled: | |
| name: ${{ matrix.runs-on }} (AppSec disabled) | |
| needs: | |
| - go-mod-caching | |
| runs-on: ${{ matrix.runs-on }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| runs-on: [ macos-latest, windows-latest, ubuntu-latest-16-cores ] | |
| steps: | |
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ inputs.ref || github.ref }} | |
| - name: Get Datadog credentials | |
| id: dd-sts | |
| continue-on-error: true | |
| uses: DataDog/dd-sts-action@7d2d231c02fd54a3da912e582ff87cb995d1fd30 | |
| with: | |
| policy: dd-trace-go | |
| - name: Restore Go modules cache | |
| uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: ${{ needs.go-mod-caching.outputs.path }} | |
| key: ${{ needs.go-mod-caching.outputs.key }} | |
| restore-keys: go-pkg-mod- | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 | |
| with: | |
| go-version: stable | |
| cache: false # we manage the caching ourselves | |
| - run: go env -w GOMODCACHE="${{ github.workspace }}\${{ needs.go-mod-caching.outputs.path }}" | |
| if: runner.os == 'Windows' | |
| - run: go env -w GOMODCACHE=${{ github.workspace }}/${{ needs.go-mod-caching.outputs.path }} | |
| if: runner.os != 'Windows' | |
| - name: Setup testing environment | |
| run: |- | |
| mkdir -p "tmp_appsec" | |
| go install gotest.tools/gotestsum@latest | |
| - name: go test | |
| shell: bash | |
| run: | | |
| set -euxo pipefail | |
| for appsec_enabled_env in "" "DD_APPSEC_ENABLED=true" "DD_APPSEC_ENABLED=false"; do | |
| for go_tags in "" "-tags datadog.no_waf"; do | |
| # shellcheck disable=SC2086 | |
| if ! env $appsec_enabled_env gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-${appsec_enabled_env:-default}-${go_tags}.xml" -- -v $go_tags $PACKAGES; then | |
| echo "Failed: env $appsec_enabled_env gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-${appsec_enabled_env:-default}-${go_tags}.xml\" -- -v $go_tags $PACKAGES" | |
| fi | |
| # shellcheck disable=SC2086 | |
| for submodule in $SUBMODULES; do | |
| cd "$submodule" | |
| submodule_name=$(echo "$submodule" | tr '/' '-') | |
| # shellcheck disable=SC2086 | |
| if ! env $appsec_enabled_env gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-${appsec_enabled_env:-default}-${go_tags}-${submodule_name}.xml" -- -v $go_tags .; then | |
| echo "Failed: env $appsec_enabled_env gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-${appsec_enabled_env:-default}-${go_tags}-${submodule_name}.xml\" -- -v $go_tags . (submodule: $submodule)" | |
| fi | |
| cd - | |
| done | |
| done | |
| done | |
| # Check for changes in the supported configurations | |
| - name: Supported Configurations Diff Check | |
| if: always() | |
| uses: ./.github/actions/supported_configurations_validation | |
| - name: Upload the results to Datadog CI App | |
| if: always() | |
| continue-on-error: true | |
| uses: ./.github/actions/dd-ci-upload | |
| with: | |
| dd-api-key: ${{ steps.dd-sts.outputs.api_key }} | |
| path: tmp_appsec | |
| tags: go:,arch:${{ runner.arch }},os:${{ runner.os }} | |
| # Same tests but on the official golang container for linux | |
| golang-linux-container: | |
| name: ${{ matrix.platform }} golang:${{ matrix.go-version }}-${{ matrix.distribution }} | |
| # We use ARM runners when needed to avoid the performance hit of QEMU | |
| runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-latest-16-cores' || 'ubuntu-24.04-arm' }} | |
| needs: | |
| - go-mod-caching | |
| strategy: | |
| matrix: | |
| go-version: [ "1.26", "1.25" ] | |
| distribution: [ trixie, bookworm, alpine ] | |
| platform: [ linux/amd64, linux/arm64 ] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ inputs.ref || github.ref }} | |
| - name: Restore Go modules cache | |
| uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 | |
| with: | |
| path: ${{ needs.go-mod-caching.outputs.path }} | |
| key: ${{ needs.go-mod-caching.outputs.key }} | |
| restore-keys: go-pkg-mod- | |
| enableCrossOsArchive: true | |
| fail-on-cache-miss: true | |
| # Docker is not present on early-access ARM runners | |
| - name: Prepare ARM Runner | |
| if: runner.arch == 'ARM64' || runner.arch == 'ARM' | |
| run: |- | |
| for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove -y $pkg || echo "Not present: $pkg"; done | |
| sudo apt update | |
| sudo apt install -y ca-certificates curl | |
| sudo install -m 0755 -d /etc/apt/keyrings | |
| sudo curl -fsSL "https://download.docker.com/linux/ubuntu/gpg" -o /etc/apt/keyrings/docker.asc | |
| sudo chmod a+r /etc/apt/keyrings/docker.asc | |
| echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list | |
| sudo apt update | |
| sudo apt install -y docker-ce docker-ce-cli containerd.io | |
| - name: Create container | |
| env: | |
| GOMODCACHE: ${{ github.workspace }}/${{ needs.go-mod-caching.outputs.path }} | |
| run: |- | |
| sudo docker run \ | |
| --rm \ | |
| -di \ | |
| --name test.runner \ | |
| -v "${GOMODCACHE}:${GOMODCACHE}" \ | |
| -e "GOMODCACHE=${GOMODCACHE}" \ | |
| -v "$PWD:$PWD" \ | |
| -w "$PWD" \ | |
| -e "DD_APPSEC_WAF_TIMEOUT=${{ env.DD_APPSEC_WAF_TIMEOUT }}" \ | |
| -e "GOEXPERIMENT=${{ env.GOEXPERIMENT }}" \ | |
| golang:${{ matrix.go-version }}-${{ matrix.distribution }} | |
| - name: Install pre-requisites on Alpine | |
| if: matrix.distribution == 'alpine' | |
| run: sudo docker exec -i test.runner apk add gcc musl-dev libc6-compat bash | |
| - name: Output go env | |
| run: sudo docker exec -i test.runner go env | |
| - name: Setup testing environment | |
| run: |- | |
| mkdir -p "tmp_appsec" | |
| sudo docker exec -i test.runner go install gotest.tools/gotestsum@latest | |
| - name: NOCGO, undefined appsec state | |
| run: | | |
| # shellcheck disable=SC2086 | |
| sudo docker exec -i -e CGO_ENABLED=0 test.runner gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-undefined.xml" -- -v $PACKAGES | |
| # shellcheck disable=SC2086 | |
| for submodule in $SUBMODULES; do | |
| submodule_name=$(echo "$submodule" | tr '/' '-') | |
| if ! sudo docker exec -i -e CGO_ENABLED=0 test.runner bash -c "cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-undefined-${submodule_name}.xml\" -- -v ."; then | |
| echo "Failed: env CGO_ENABLED=0 bash -c 'cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-undefined-${submodule_name}.xml\" -- -v .' (submodule: $submodule)" | |
| fi | |
| done | |
| - name: NOCGO, appsec disabled | |
| run: | | |
| # shellcheck disable=SC2086 | |
| sudo docker exec -i -e CGO_ENABLED=0 -e DD_APPSEC_ENABLED=false test.runner gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-disabled.xml" -- -v $PACKAGES | |
| # shellcheck disable=SC2086 | |
| for submodule in $SUBMODULES; do | |
| submodule_name=$(echo "$submodule" | tr '/' '-') | |
| if ! sudo docker exec -i -e CGO_ENABLED=0 -e DD_APPSEC_ENABLED=false test.runner bash -c "cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-disabled-${submodule_name}.xml\" -- -v ."; then | |
| echo "Failed: env CGO_ENABLED=0 DD_APPSEC_ENABLED=false bash -c 'cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-disabled-${submodule_name}.xml\" -- -v .' (submodule: $submodule)" | |
| fi | |
| done | |
| - name: NOCGO, appsec enabled | |
| run: | | |
| # shellcheck disable=SC2086 | |
| sudo docker exec -i -e CGO_ENABLED=0 -e DD_APPSEC_ENABLED=true test.runner gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-enabled.xml" -- -v $PACKAGES | |
| # shellcheck disable=SC2086 | |
| for submodule in $SUBMODULES; do | |
| submodule_name=$(echo "$submodule" | tr '/' '-') | |
| if ! sudo docker exec -i -e CGO_ENABLED=0 -e DD_APPSEC_ENABLED=true test.runner bash -c "cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-enabled-${submodule_name}.xml\" -- -v ."; then | |
| echo "Failed: env CGO_ENABLED=0 DD_APPSEC_ENABLED=true bash -c 'cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-nocgo-enabled-${submodule_name}.xml\" -- -v .' (submodule: $submodule)" | |
| fi | |
| done | |
| - name: CGO, undefined appsec state | |
| run: | | |
| # shellcheck disable=SC2086 | |
| sudo docker exec -i -e CGO_ENABLED=1 test.runner gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-undefined.xml" -- -v $PACKAGES | |
| # shellcheck disable=SC2086 | |
| for submodule in $SUBMODULES; do | |
| submodule_name=$(echo "$submodule" | tr '/' '-') | |
| if ! sudo docker exec -i -e CGO_ENABLED=1 test.runner bash -c "cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-undefined-${submodule_name}.xml\" -- -v ."; then | |
| echo "Failed: env CGO_ENABLED=1 bash -c 'cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-undefined-${submodule_name}.xml\" -- -v .' (submodule: $submodule)" | |
| fi | |
| done | |
| - name: CGO, appsec disabled | |
| run: | | |
| # shellcheck disable=SC2086 | |
| sudo docker exec -i -e CGO_ENABLED=1 -e DD_APPSEC_ENABLED=false test.runner gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-disabled.xml" -- -v $PACKAGES | |
| # shellcheck disable=SC2086 | |
| for submodule in $SUBMODULES; do | |
| submodule_name=$(echo "$submodule" | tr '/' '-') | |
| if ! sudo docker exec -i -e CGO_ENABLED=1 -e DD_APPSEC_ENABLED=false test.runner bash -c "cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-disabled-${submodule_name}.xml\" -- -v ."; then | |
| echo "Failed: env CGO_ENABLED=1 DD_APPSEC_ENABLED=false bash -c 'cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-disabled-${submodule_name}.xml\" -- -v .' (submodule: $submodule)" | |
| fi | |
| done | |
| - name: CGO, appsec enabled | |
| run: | | |
| # shellcheck disable=SC2086 | |
| sudo docker exec -i -e CGO_ENABLED=1 -e DD_APPSEC_ENABLED=true test.runner gotestsum --junitfile "$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-enabled.xml" -- -v $PACKAGES | |
| # shellcheck disable=SC2086 | |
| for submodule in $SUBMODULES; do | |
| submodule_name=$(echo "$submodule" | tr '/' '-') | |
| if ! sudo docker exec -i -e CGO_ENABLED=1 -e DD_APPSEC_ENABLED=true test.runner bash -c "cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-enabled-${submodule_name}.xml\" -- -v ."; then | |
| echo "Failed: env CGO_ENABLED=1 DD_APPSEC_ENABLED=true bash -c 'cd $submodule && gotestsum --junitfile \"$GITHUB_WORKSPACE/tmp_appsec/gotestsum-report-cgo-enabled-${submodule_name}.xml\" -- -v .' (submodule: $submodule)" | |
| fi | |
| done | |
| # Check for changes in the supported_configurations.json file | |
| - name: Supported Configurations Diff Check | |
| if: always() | |
| run: | | |
| sudo docker exec -i test.runner bash -c "go run ./scripts/configinverter/main.go check" | |
| - name: Get Datadog credentials | |
| id: dd-sts | |
| continue-on-error: true | |
| uses: DataDog/dd-sts-action@7d2d231c02fd54a3da912e582ff87cb995d1fd30 | |
| with: | |
| policy: dd-trace-go | |
| - name: Upload the results to Datadog CI App | |
| if: always() | |
| continue-on-error: true | |
| uses: ./.github/actions/dd-ci-upload | |
| with: | |
| dd-api-key: ${{ steps.dd-sts.outputs.api_key }} | |
| path: tmp_appsec | |
| tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }} | |
| - name: Clean up | |
| if: always() | |
| run: sudo docker rm --force test.runner || echo "Could not remove container" | |
| test-app-smoke-tests: | |
| name: Smoke Tests | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner == 'DataDog' | |
| uses: DataDog/appsec-go-test-app/.github/workflows/smoke-tests.yml@main | |
| with: | |
| dd-trace-go-version: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || '' }} |