From 8a59852ea1cfb9c2f5c8dd1310a61971f0fb0c81 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Wed, 13 Dec 2023 14:59:39 +0100 Subject: [PATCH] improve test matrix comprehensiveness --- .github/workflows/test.yml | 137 +++++++----------- go.mod | 2 +- ...ed_manually.go => waf_manually_disabled.go | 2 +- waf_manually_disabled_test.go | 2 +- waf_support.go | 7 +- waf_unsupported_go.go | 6 +- waf_unsupported_go_test.go | 3 +- waf_unsupported_target.go | 2 +- waf_unsupported_target_test.go | 7 +- 9 files changed, 67 insertions(+), 101 deletions(-) rename waf_disabled_manually.go => waf_manually_disabled.go (82%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1eabe869..8a55316e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,19 +10,17 @@ on: env: DD_APPSEC_WAF_TIMEOUT: 5s jobs: - native: + bare-metal: strategy: fail-fast: false matrix: - runs-on: [ macos-13, macos-12, macos-11, ubuntu-22.04, ubuntu-20.04 ] + runs-on: [ macos-13, macos-12, macos-11, ubuntu-22.04, ubuntu-20.04, windows-latest ] go-version: [ "1.21", "1.20", "1.19" ] - cgo_enabled: [ "0", "1" ] # test it compiles with and without cgo - include: - - env: - GODEBUG=cgocheck=2 - - go-version: "1.21" - env: - GOEXPERIMENT=cgocheck2 + cgo-enabled: [ "0", "1" ] # test it compiles with and without cgo + go-tags: + - '' # Default behavior + - 'datadog.no_waf' # Explicitly disabled WAF + - 'go1.22' # Too recent go version (purego compatibility uncertain) runs-on: ${{ matrix.runs-on }} steps: - uses: actions/checkout@v3 @@ -30,104 +28,75 @@ jobs: with: go-version: ${{ matrix.go-version }} cache: true + - name: Install gotestsum + run: go install gotest.tools/gotestsum@latest - name: go test shell: bash - run: | - # Install gotestsum - env GOBIN=$PWD go install gotest.tools/gotestsum@latest - # Run the tests with gotestsum - env ${{ matrix.env }} CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v -count=10 -shuffle=on ./... + run: |- + gotestsum -- -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' ./... + env: + GODEBUG: gocheck=2 + GOEXPERIMENT: cgocheck2 + CGO_ENABLED: ${{ matrix.cgo-enabled }} - disabled: - strategy: - fail-fast: false - matrix: - runs-on: [ windows-latest, ubuntu-latest, macos-13 ] - go-args: [ "-tags datadog.no_waf", "-tags go1.22" ] - include: - - runs-on: windows-latest - go-args: "" - runs-on: ${{ matrix.runs-on }} - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: 'stable' # get latest stable version from https://github.com/actions/go-versions/blob/main/versions-manifest.json - cache: true - - name: go test - shell: bash - run: | - # Install gotestsum - env GOBIN=$PWD go install gotest.tools/gotestsum@latest - # Run the tests with gotestsum - ./gotestsum -- -v ${{ matrix.go-tags }} -shuffle=on ./... - - # Same tests but on the official golang container for linux - golang-linux-container: - runs-on: ubuntu-latest - container: - image: golang:${{ matrix.go-version }}-${{ matrix.distribution }} + containerized: strategy: fail-fast: false matrix: + base: [ alpine, bookworm, bullseye, buster ] + arch: [ amd64, arm64 ] go-version: [ "1.21", "1.20", "1.19" ] - distribution: [ bookworm, bullseye, buster, alpine ] - cgo_enabled: [ "0", "1" ] # test it compiles with and without cgo - exclude: - - go-version: 1.18 - distribution: bookworm - - go-version: 1.21 - distribution: buster + cgo-enabled: [ "0", "1" ] # test it compiles with and without cgo + go-tags: + - '' # Default behavior + - 'datadog.no_waf' # Explicitly disabled WAF + - 'go1.22' # Too recent go version (purego compatibility uncertain) + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - # Install gcc and the libc headers on alpine images - - if: ${{ matrix.distribution == 'alpine' }} - run: apk add gcc musl-dev libc6-compat - - - name: Go modules cache - uses: actions/cache@v3 + - uses: actions/cache@v3 with: path: ~/go/pkg/mod key: go-pkg-mod-${{ hashFiles('**/go.sum') }} restore-keys: go-pkg-mod- - - - name: go test - run: | - # Install gotestsum - env GOBIN=$PWD go install gotest.tools/gotestsum@latest - # Run the tests with gotestsum - env CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v -count=10 -shuffle=on ./... - - linux-other: - runs-on: ubuntu-latest - strategy: - matrix: - arch: ["arm64"] - cgo_enabled: [ "0", "1" ] # test it compiles with and without the cgo - fail-fast: false - steps: - - uses: actions/checkout@v3 - - name: Go modules cache - uses: actions/cache@v3 - with: - path: ~/go/pkg/mod - key: go-pkg-mod-${{ matrix.arch }}-${{ hashFiles('**/go.sum') }} - restore-keys: go-pkg-mod-${{ matrix.arch }} go-pkg-mod- - name: Set up QEMU uses: docker/setup-qemu-action@v2 with: platforms: ${{ matrix.arch }} - - run: docker run --platform=linux/${{ matrix.arch }} -v${HOME}/go/pkg/mod:/root/go/pkg/mod -v $PWD:$PWD -w $PWD -eCGO_ENABLED=${{ matrix.cgo_enabled }} -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v -count=10 -shuffle=on ./... + - name: Create container + id: container + run: |- + docker run --name gha-${{ github.run_id }} --rm -dit \ + --platform="linux/${{ matrix.arch }}" \ + -v "${HOME}/go/pkg/mod:/root/go/pkg/mod" \ + -v "$PWD:$PWD" \ + -w "$PWD" \ + -eGODEBUG="gocheck=2" \ + -eGOEXPERIMENT=cgocheck2 \ + -eCGO_ENABLED="${{ matrix.cgo-enabled }}" \ + -eDD_APPSEC_WAF_TIMEOUT="${DD_APPSEC_WAF_TIMEOUT}" \ + "golang:${{ matrix.go-version }}-${{ matrix.base }}" + - name: Install alpine requirements + if: matrix.base == 'alpine' + run: |- + docker exec -it gha-${{ github.run_id }} \ + apk add gcc musl-dev libc6-compat + - name: go test + run: |- + docker exec -it gha-${{ github.run_id }} \ + go test -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' ./... + - name: Stop container + if: always() && steps.container.outcome == 'success' + run: |- + docker stop gha-${{ github.run_id }} # A simple join target to simplify setting up branch protection settings in GH. done: name: Done runs-on: ubuntu-latest needs: - - native - - golang-linux-container - - linux-other + - bare-metal + - containerized steps: - name: Done run: echo "Done!" diff --git a/go.mod b/go.mod index 1bc1bf20..5b1d89ef 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/DataDog/go-libddwaf/v2 -go 1.18 +go 1.19 require ( github.com/ebitengine/purego v0.5.0 diff --git a/waf_disabled_manually.go b/waf_manually_disabled.go similarity index 82% rename from waf_disabled_manually.go rename to waf_manually_disabled.go index 0a37e184..aa46bf53 100644 --- a/waf_disabled_manually.go +++ b/waf_manually_disabled.go @@ -4,7 +4,7 @@ // Copyright 2016-present Datadog, Inc. // Manually set datadog.no_waf build tag -//go:build datadog.no_waf +//go:build datadog.no_waf && (linux || darwin) && (amd64 || arm64) && !go1.22 package waf diff --git a/waf_manually_disabled_test.go b/waf_manually_disabled_test.go index b8dcb4c9..e31e6678 100644 --- a/waf_manually_disabled_test.go +++ b/waf_manually_disabled_test.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build datadog.no_waf +//go:build datadog.no_waf && (linux || darwin) && (amd64 || arm64) && !go1.22 package waf_test diff --git a/waf_support.go b/waf_support.go index 866485f6..e32c2707 100644 --- a/waf_support.go +++ b/waf_support.go @@ -7,6 +7,7 @@ package waf import ( "fmt" + "runtime" "github.com/hashicorp/go-multierror" ) @@ -31,12 +32,10 @@ func (e UnsupportedOSArchError) Error() string { // UnsupportedGoVersionError is a wrapper error type helping to handle the error // case of trying to execute this package when the Go version is not supported. -type UnsupportedGoVersionError struct { - Version string -} +type UnsupportedGoVersionError struct{} func (e UnsupportedGoVersionError) Error() string { - return fmt.Sprintf("unsupported Go version: %s", e.Version) + return fmt.Sprintf("unsupported Go version: %s", runtime.Version()) } // ManuallyDisabledError is a wrapper error type helping to handle the error diff --git a/waf_unsupported_go.go b/waf_unsupported_go.go index 17d8b5e1..24ff6a1b 100644 --- a/waf_unsupported_go.go +++ b/waf_unsupported_go.go @@ -8,10 +8,6 @@ package waf -import ( - "runtime" -) - func init() { - wafSupportErrors = append(wafSupportErrors, UnsupportedGoVersionError{runtime.Version()}) + wafSupportErrors = append(wafSupportErrors, UnsupportedGoVersionError{}) } diff --git a/waf_unsupported_go_test.go b/waf_unsupported_go_test.go index f952b35b..f620dea8 100644 --- a/waf_unsupported_go_test.go +++ b/waf_unsupported_go_test.go @@ -8,9 +8,10 @@ package waf_test import ( + "testing" + waf "github.com/DataDog/go-libddwaf/v2" "github.com/stretchr/testify/require" - "testing" ) func TestSupportsTarget(t *testing.T) { diff --git a/waf_unsupported_target.go b/waf_unsupported_target.go index d8da6e9b..3e56304e 100644 --- a/waf_unsupported_target.go +++ b/waf_unsupported_target.go @@ -5,7 +5,7 @@ // Unsupported target OS or architecture // Unsupported OS Unsupported Arch -//go:build (!linux && !darwin) || (!amd64 && !arm64) +//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.22 package waf diff --git a/waf_unsupported_target_test.go b/waf_unsupported_target_test.go index 78f8eda5..39a5d927 100644 --- a/waf_unsupported_target_test.go +++ b/waf_unsupported_target_test.go @@ -3,15 +3,16 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build (!linux && !darwin) || (!amd64 && !arm64) +//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.22 package waf_test import ( - waf "github.com/DataDog/go-libddwaf/v2" - "github.com/stretchr/testify/require" "runtime" "testing" + + waf "github.com/DataDog/go-libddwaf/v2" + "github.com/stretchr/testify/require" ) func TestSupportsTarget(t *testing.T) {