Skip to content

Commit d2d5539

Browse files
marcotcmarcotc
authored
Merge branch 'master' into karafka-tracing
2 parents 9007248 + 5255b85 commit d2d5539

File tree

15 files changed

+1659
-344
lines changed

15 files changed

+1659
-344
lines changed

.github/workflows/check.yml

+99-11
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,57 @@
1-
name: Check
1+
name: Static Analysis
22
on:
33
push:
44

5+
concurrency:
6+
group: ${{ github.workflow }}-${{ github.ref }}
7+
cancel-in-progress: true
8+
59
jobs:
6-
lint:
7-
runs-on: ubuntu-22.04
8-
container:
9-
image: ghcr.io/datadog/images-rb/engines/ruby:3.2
10+
build:
11+
name: build
12+
runs-on: ubuntu-24.04
13+
container: ghcr.io/datadog/images-rb/engines/ruby:3.3
1014
steps:
1115
- uses: actions/checkout@v4
16+
- run: bundle lock
17+
- uses: actions/upload-artifact@v4
18+
id: lockfile
19+
with:
20+
name: 'check-lockfile-${{ github.sha }}-${{ github.run_id }}'
21+
path: '*.lock'
22+
if-no-files-found: error
23+
24+
rubocop:
25+
name: rubocop/lint
26+
runs-on: ubuntu-24.04
27+
needs: ['build']
28+
container: ghcr.io/datadog/images-rb/engines/ruby:3.3
29+
steps:
30+
- uses: actions/checkout@v4
31+
- uses: actions/download-artifact@v4
32+
- run: bundle install
33+
- run: bundle exec rake rubocop
34+
35+
standard:
36+
name: standard/lint
37+
runs-on: ubuntu-24.04
38+
needs: ['build']
39+
container: ghcr.io/datadog/images-rb/engines/ruby:3.3
40+
steps:
41+
- uses: actions/checkout@v4
42+
- uses: actions/download-artifact@v4
1243
- name: Install dependencies
1344
run: bundle install
14-
- run: bundle exec rake rubocop standard
45+
- run: bundle exec rake standard
1546

16-
check:
17-
name: Check types
18-
runs-on: ubuntu-22.04
19-
container:
20-
image: ghcr.io/datadog/images-rb/engines/ruby:3.2
47+
steep:
48+
name: steep/typecheck
49+
runs-on: ubuntu-24.04
50+
needs: ['build']
51+
container: ghcr.io/datadog/images-rb/engines/ruby:3.3
2152
steps:
2253
- uses: actions/checkout@v4
54+
- uses: actions/download-artifact@v4
2355
- name: Install dependencies
2456
run: bundle install
2557
- name: Check for stale signature files
@@ -30,3 +62,59 @@ jobs:
3062
run: bundle exec rake steep:check
3163
- name: Record stats
3264
run: bundle exec rake steep:stats[md] >> $GITHUB_STEP_SUMMARY
65+
66+
# Dogfooding Datadog SBOM Analysis
67+
dd-software-composition-analysis:
68+
name: dd/sca
69+
runs-on: ubuntu-24.04
70+
needs: ['build']
71+
container: ghcr.io/datadog/images-rb/engines/ruby:3.3
72+
steps:
73+
- name: Checkout
74+
uses: actions/checkout@v4
75+
- uses: actions/download-artifact@v4 # requires the lockfile
76+
- uses: DataDog/datadog-sca-github-action@main
77+
with:
78+
dd_api_key: ${{ secrets.DD_API_KEY }}
79+
dd_app_key: ${{ secrets.DD_APP_KEY }}
80+
dd_site: datadoghq.com
81+
82+
# Dogfooding Datadog Static Analysis
83+
dd-static-analysis:
84+
name: dd/static-analysis
85+
runs-on: ubuntu-24.04
86+
steps:
87+
- uses: actions/checkout@v4
88+
- uses: DataDog/datadog-static-analyzer-github-action@v1
89+
with:
90+
dd_api_key: ${{ secrets.DD_API_KEY }}
91+
dd_app_key: ${{ secrets.DD_APP_KEY }}
92+
dd_site: datadoghq.com
93+
cpu_count: 2
94+
95+
semgrep:
96+
name: semgrep/ci
97+
runs-on: ubuntu-24.04
98+
container: semgrep/semgrep # PENDING: Possible to be rate limited.
99+
steps:
100+
- uses: actions/checkout@v4
101+
- run: |
102+
semgrep ci \
103+
--include=bin/* \
104+
--include=ext/* \
105+
--include=lib/* \
106+
--exclude-rule=ruby.lang.security.model-attributes-attr-accessible.model-attributes-attr-accessible
107+
env:
108+
SEMGREP_RULES: p/default
109+
110+
static-analysis:
111+
needs:
112+
- 'steep'
113+
- 'rubocop'
114+
- 'standard'
115+
- 'semgrep'
116+
- 'dd-software-composition-analysis'
117+
- 'dd-static-analysis'
118+
runs-on: ubuntu-24.04
119+
steps:
120+
- run: echo "Done"

.github/workflows/datadog-sca.yml

-25
This file was deleted.

.github/workflows/datadog-static-analysis.yml

-21
This file was deleted.

.github/workflows/semgrep.yml

-27
This file was deleted.

.github/workflows/system-tests.yml

+32-25
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,22 @@ on:
44
push:
55
branches:
66
- "**"
7+
paths-ignore:
8+
- ".circleci/**"
9+
- ".gitlab/**"
10+
- "appraisal/**"
11+
- "benchmarks/**"
12+
- "docs/**"
13+
- "gemfiles/**"
14+
- "integration/**"
15+
- "sig/**"
16+
- "spec/**"
17+
- "suppressions/**"
18+
- "tools/**"
19+
- "vendor/**"
720
workflow_dispatch: {}
821
schedule:
9-
- cron: '00 04 * * 2-6'
22+
- cron: "00 04 * * 2-6"
1023

1124
env:
1225
REGISTRY: ghcr.io
@@ -33,7 +46,7 @@ jobs:
3346
- name: Checkout
3447
uses: actions/checkout@v4
3548
with:
36-
repository: 'DataDog/system-tests'
49+
repository: "DataDog/system-tests"
3750
ref: ${{ env.SYSTEM_TESTS_REF }}
3851
persist-credentials: false
3952
- name: Login to Docker Hub
@@ -61,21 +74,18 @@ jobs:
6174
run: |
6275
echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
6376
- name: Tag image for CI run
64-
run:
65-
docker tag ${{ matrix.image.internal }} ${{ env.REPO }}/system-tests/${{ matrix.image.name }}:gha${{ github.run_id }}-g${{ github.sha }}
77+
run: docker tag ${{ matrix.image.internal }} ${{ env.REPO }}/system-tests/${{ matrix.image.name }}:gha${{ github.run_id }}-g${{ github.sha }}
6678
- name: Push image for CI run
6779
run: |
6880
docker push ${{ env.REPO }}/system-tests/${{ matrix.image.name }}:gha${{ github.run_id }}-g${{ github.sha }}
6981
- name: Tag image for commit
70-
run:
71-
docker tag ${{ matrix.image.internal }} ${{ env.REPO }}/system-tests/${{ matrix.image.name }}:g${{ github.sha }}
82+
run: docker tag ${{ matrix.image.internal }} ${{ env.REPO }}/system-tests/${{ matrix.image.name }}:g${{ github.sha }}
7283
- name: Push image for commit
7384
run: |
7485
docker push ${{ env.REPO }}/system-tests/${{ matrix.image.name }}:g${{ github.sha }}
7586
- name: Tag image for release
7687
if: ${{ github.ref == 'refs/heads/master' }}
77-
run:
78-
docker tag ${{ matrix.image.internal }} ${{ env.REPO }}/system-tests/${{ matrix.image.name }}:latest
88+
run: docker tag ${{ matrix.image.internal }} ${{ env.REPO }}/system-tests/${{ matrix.image.name }}:latest
7989
- name: Push image for release
8090
if: ${{ github.ref == 'refs/heads/master' }}
8191
run: |
@@ -122,14 +132,14 @@ jobs:
122132
- name: Checkout
123133
uses: actions/checkout@v4
124134
with:
125-
repository: 'DataDog/system-tests'
135+
repository: "DataDog/system-tests"
126136
ref: ${{ env.SYSTEM_TESTS_REF }}
127137
persist-credentials: false
128138
- name: Checkout ${{ matrix.library.repository }}
129139
uses: actions/checkout@v4
130140
with:
131-
repository: '${{ matrix.library.repository }}'
132-
path: 'binaries/${{ matrix.library.path }}'
141+
repository: "${{ matrix.library.repository }}"
142+
path: "binaries/${{ matrix.library.path }}"
133143
fetch-depth: 2
134144
persist-credentials: false
135145
- name: Read forced-tests-list.json file
@@ -168,21 +178,18 @@ jobs:
168178
echo "cache args: ${cache_from[*]}"
169179
./build.sh --library ${{ matrix.library.name }} --weblog-variant ${{ matrix.app }} --images ${{ matrix.image }} --extra-docker-args "${cache_from[*]}"
170180
- name: Tag image for CI run
171-
run:
172-
docker tag system_tests/${{ matrix.image }}:latest ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:gha${{ github.run_id }}-g${{ github.sha }}
181+
run: docker tag system_tests/${{ matrix.image }}:latest ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:gha${{ github.run_id }}-g${{ github.sha }}
173182
- name: Push image for CI run
174183
run: |
175184
docker push ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:gha${{ github.run_id }}-g${{ github.sha }}
176185
- name: Tag image for commit
177-
run:
178-
docker tag system_tests/${{ matrix.image }}:latest ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:g${{ github.sha }}
186+
run: docker tag system_tests/${{ matrix.image }}:latest ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:g${{ github.sha }}
179187
- name: Push image for commit
180188
run: |
181189
docker push ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:g${{ github.sha }}
182190
- name: Tag image for release
183191
if: ${{ github.ref == 'refs/heads/master' }}
184-
run:
185-
docker tag system_tests/${{ matrix.image }}:latest ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:latest
192+
run: docker tag system_tests/${{ matrix.image }}:latest ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:latest
186193
- name: Push image for release
187194
if: ${{ github.ref == 'refs/heads/master' }}
188195
run: |
@@ -306,7 +313,7 @@ jobs:
306313
- name: Checkout
307314
uses: actions/checkout@v4
308315
with:
309-
repository: 'DataDog/system-tests'
316+
repository: "DataDog/system-tests"
310317
ref: ${{ env.SYSTEM_TESTS_REF }}
311318
persist-credentials: false
312319
- name: Login to Docker Hub
@@ -390,11 +397,11 @@ jobs:
390397
- name: Setup python 3.12
391398
uses: actions/setup-python@v5
392399
with:
393-
python-version: '3.12'
400+
python-version: "3.12"
394401
- name: Checkout
395402
uses: actions/checkout@v4
396403
with:
397-
repository: 'DataDog/system-tests'
404+
repository: "DataDog/system-tests"
398405
ref: ${{ env.SYSTEM_TESTS_REF }}
399406
persist-credentials: false
400407
- name: Retrieve logs
@@ -446,9 +453,9 @@ jobs:
446453
echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
447454
- uses: actions/delete-package-versions@v5
448455
with:
449-
package-version-ids: 'gha${{ github.run_id }}-g${{ github.sha }}'
450-
package-name: 'system-tests/${{ matrix.image }}'
451-
package-type: 'container'
456+
package-version-ids: "gha${{ github.run_id }}-g${{ github.sha }}"
457+
package-name: "system-tests/${{ matrix.image }}"
458+
package-type: "container"
452459
continue-on-error: true
453460

454461
build-artifacts:
@@ -474,5 +481,5 @@ jobs:
474481
with:
475482
library: ruby
476483
binaries_artifact: system_tests_binaries
477-
_experimental_job_count: 8
478-
_experimental_job_matrix: '[1,2,3,4,5,6,7,8]'
484+
job_count: 8
485+
job_matrix: "[1,2,3,4,5,6,7,8]"

0 commit comments

Comments
 (0)