From 7bae7f575f0b8ced883852c1b56526c9750612fa Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Wed, 13 Dec 2023 14:59:39 +0100 Subject: [PATCH 1/9] improve test matrix comprehensiveness --- .github/workflows/test.yml | 178 ++++++++++-------- go.mod | 2 +- ...ed_manually.go => waf_manually_disabled.go | 2 +- waf_manually_disabled_test.go | 2 +- waf_support.go | 7 +- waf_unsupported_go.go | 6 +- waf_unsupported_go_test.go | 3 +- waf_unsupported_target.go | 2 +- waf_unsupported_target_test.go | 7 +- 9 files changed, 109 insertions(+), 100 deletions(-) rename waf_disabled_manually.go => waf_manually_disabled.go (82%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1eabe869..a858c7db 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,22 +7,39 @@ on: push: # on push to the main branch branches: - main -env: - DD_APPSEC_WAF_TIMEOUT: 5s + jobs: - native: + bare-metal: strategy: fail-fast: false matrix: - runs-on: [ macos-13, macos-12, macos-11, ubuntu-22.04, ubuntu-20.04 ] + runs-on: [ macos-13, macos-12, macos-11, ubuntu-22.04, ubuntu-20.04, windows-latest ] go-version: [ "1.21", "1.20", "1.19" ] - cgo_enabled: [ "0", "1" ] # test it compiles with and without cgo + cgo-enabled: [ "0", "1" ] # test it compiles with and without cgo + go-tags: + - '' # Default behavior + - 'datadog.no_waf' # Explicitly disabled WAF + - 'go1.22' # Too recent go version (purego compatibility uncertain) + - 'datadog.no_waf,go1.22' # Explicitly disabled & too recent go version (purego compatibility uncertain) include: - - env: - GODEBUG=cgocheck=2 - - go-version: "1.21" - env: - GOEXPERIMENT=cgocheck2 + # gocheck2 is configrued differently in go1.21 than in previous versions + - go-version: 1.21 + go-experiment: cgocheck2 + - go-version: 1.20 + go-debug: cgocheck=2 + - go-version: 1.19 + go-debug: cgocheck=2 + exclude: + # Prune redundant checks (the go-next test needs only run once per platform) + - go-version: 1.20 + go-tags: go1.22 + - go-version: 1.20 + go-tags: datadog.no_waf,go1.22 + - go-version: 1.19 + go-tags: go1.22 + - go-version: 1.19 + go-tags: datadog.no_waf,go1.22 + name: ${{ matrix.runs-on }} go${{ matrix.go-version }} cgo=${{ matrix.cgo-enabled }} tags=${{ matrix.go-tags }} runs-on: ${{ matrix.runs-on }} steps: - uses: actions/checkout@v3 @@ -30,104 +47,99 @@ jobs: with: go-version: ${{ matrix.go-version }} cache: true + - name: Install gotestsum + run: go install gotest.tools/gotestsum@latest - name: go test shell: bash - run: | - # Install gotestsum - env GOBIN=$PWD go install gotest.tools/gotestsum@latest - # Run the tests with gotestsum - env ${{ matrix.env }} CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v -count=10 -shuffle=on ./... + run: |- + gotestsum -- -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' ./... + env: + CGO_ENABLED: ${{ matrix.cgo-enabled }} + DD_APPSEC_WAF_TIMEOUT: 5s + GODEBUG: ${{ matrix.go-debug }} + GOEXPERIMENT: ${{ matrix.go-experiment }} - disabled: - strategy: - fail-fast: false - matrix: - runs-on: [ windows-latest, ubuntu-latest, macos-13 ] - go-args: [ "-tags datadog.no_waf", "-tags go1.22" ] - include: - - runs-on: windows-latest - go-args: "" - runs-on: ${{ matrix.runs-on }} - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: 'stable' # get latest stable version from https://github.com/actions/go-versions/blob/main/versions-manifest.json - cache: true - - name: go test - shell: bash - run: | - # Install gotestsum - env GOBIN=$PWD go install gotest.tools/gotestsum@latest - # Run the tests with gotestsum - ./gotestsum -- -v ${{ matrix.go-tags }} -shuffle=on ./... - - # Same tests but on the official golang container for linux - golang-linux-container: - runs-on: ubuntu-latest - container: - image: golang:${{ matrix.go-version }}-${{ matrix.distribution }} + containerized: strategy: fail-fast: false matrix: + base: [ alpine, bookworm, bullseye, buster ] + arch: [ amd64, arm64 ] go-version: [ "1.21", "1.20", "1.19" ] - distribution: [ bookworm, bullseye, buster, alpine ] - cgo_enabled: [ "0", "1" ] # test it compiles with and without cgo + cgo-enabled: [ "0", "1" ] # test it compiles with and without cgo + go-tags: + - '' # Default behavior + - 'datadog.no_waf' # Explicitly disabled WAF + - 'go1.22' # Too recent go version (purego compatibility uncertain) + - 'datadog.no_waf,go1.22' # Explicitly disabled & too recent go version (purego compatibility uncertain) + include: + # gocheck2 is configrued differently in go1.21 than in previous versions + - go-version: 1.21 + go-experiment: cgocheck2 + - go-version: 1.20 + go-debug: cgocheck=2 + - go-version: 1.19 + go-debug: cgocheck=2 exclude: - - go-version: 1.18 - distribution: bookworm + # Prune redundant checks (the go-next test needs only run once per platform) + - go-version: 1.20 + go-tags: go1.22 + - go-version: 1.20 + go-tags: datadog.no_waf,go1.22 + - go-version: 1.19 + go-tags: go1.22 + - go-version: 1.19 + go-tags: datadog.no_waf,go1.22 + # Prune inexistant build images (debian buster is on LTS but won't get new go version images) - go-version: 1.21 - distribution: buster + base: buster + name: linux/${{ matrix.arch }} golang:${{ matrix.go-version }}-${{ matrix.base }} cgo=${{ matrix.cgo-enabled }} tags=${{ matrix.go-tags }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - # Install gcc and the libc headers on alpine images - - if: ${{ matrix.distribution == 'alpine' }} - run: apk add gcc musl-dev libc6-compat - - - name: Go modules cache - uses: actions/cache@v3 + - uses: actions/cache@v3 with: path: ~/go/pkg/mod key: go-pkg-mod-${{ hashFiles('**/go.sum') }} restore-keys: go-pkg-mod- - - - name: go test - run: | - # Install gotestsum - env GOBIN=$PWD go install gotest.tools/gotestsum@latest - # Run the tests with gotestsum - env CGO_ENABLED=${{ matrix.cgo_enabled }} ./gotestsum -- -v -count=10 -shuffle=on ./... - - linux-other: - runs-on: ubuntu-latest - strategy: - matrix: - arch: ["arm64"] - cgo_enabled: [ "0", "1" ] # test it compiles with and without the cgo - fail-fast: false - steps: - - uses: actions/checkout@v3 - - name: Go modules cache - uses: actions/cache@v3 - with: - path: ~/go/pkg/mod - key: go-pkg-mod-${{ matrix.arch }}-${{ hashFiles('**/go.sum') }} - restore-keys: go-pkg-mod-${{ matrix.arch }} go-pkg-mod- - name: Set up QEMU uses: docker/setup-qemu-action@v2 with: platforms: ${{ matrix.arch }} - - run: docker run --platform=linux/${{ matrix.arch }} -v${HOME}/go/pkg/mod:/root/go/pkg/mod -v $PWD:$PWD -w $PWD -eCGO_ENABLED=${{ matrix.cgo_enabled }} -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v -count=10 -shuffle=on ./... + - name: Create container + id: container + run: |- + docker run --name gha-${{ github.run_id }} --rm -di \ + --platform="linux/${{ matrix.arch }}" \ + -v "${HOME}/go/pkg/mod:/root/go/pkg/mod" \ + -v "$PWD:$PWD" \ + -w "$PWD" \ + -eCGO_ENABLED="${{ matrix.cgo-enabled }}" \ + -eDD_APPSEC_WAF_TIMEOUT="${DD_APPSEC_WAF_TIMEOUT}" \ + -eGODEBUG="${{ matrix.go-debug }}" \ + -eGOEXPERIMENT="${{ matrix.go-experiment }}" \ + "golang:${{ matrix.go-version }}-${{ matrix.base }}" + - name: Install alpine requirements + if: matrix.base == 'alpine' + run: |- + docker exec -i gha-${{ github.run_id }} \ + apk add gcc musl-dev libc6-compat + - name: go test + run: |- + docker exec -i gha-${{ github.run_id }} \ + go test -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' ./... + - name: Stop container + if: always() && steps.container.outcome == 'success' + run: |- + docker stop gha-${{ github.run_id }} # A simple join target to simplify setting up branch protection settings in GH. done: name: Done runs-on: ubuntu-latest needs: - - native - - golang-linux-container - - linux-other + - bare-metal + - containerized steps: - name: Done run: echo "Done!" diff --git a/go.mod b/go.mod index 1bc1bf20..5b1d89ef 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/DataDog/go-libddwaf/v2 -go 1.18 +go 1.19 require ( github.com/ebitengine/purego v0.5.0 diff --git a/waf_disabled_manually.go b/waf_manually_disabled.go similarity index 82% rename from waf_disabled_manually.go rename to waf_manually_disabled.go index 0a37e184..aa46bf53 100644 --- a/waf_disabled_manually.go +++ b/waf_manually_disabled.go @@ -4,7 +4,7 @@ // Copyright 2016-present Datadog, Inc. // Manually set datadog.no_waf build tag -//go:build datadog.no_waf +//go:build datadog.no_waf && (linux || darwin) && (amd64 || arm64) && !go1.22 package waf diff --git a/waf_manually_disabled_test.go b/waf_manually_disabled_test.go index b8dcb4c9..e31e6678 100644 --- a/waf_manually_disabled_test.go +++ b/waf_manually_disabled_test.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build datadog.no_waf +//go:build datadog.no_waf && (linux || darwin) && (amd64 || arm64) && !go1.22 package waf_test diff --git a/waf_support.go b/waf_support.go index 866485f6..e32c2707 100644 --- a/waf_support.go +++ b/waf_support.go @@ -7,6 +7,7 @@ package waf import ( "fmt" + "runtime" "github.com/hashicorp/go-multierror" ) @@ -31,12 +32,10 @@ func (e UnsupportedOSArchError) Error() string { // UnsupportedGoVersionError is a wrapper error type helping to handle the error // case of trying to execute this package when the Go version is not supported. -type UnsupportedGoVersionError struct { - Version string -} +type UnsupportedGoVersionError struct{} func (e UnsupportedGoVersionError) Error() string { - return fmt.Sprintf("unsupported Go version: %s", e.Version) + return fmt.Sprintf("unsupported Go version: %s", runtime.Version()) } // ManuallyDisabledError is a wrapper error type helping to handle the error diff --git a/waf_unsupported_go.go b/waf_unsupported_go.go index 17d8b5e1..24ff6a1b 100644 --- a/waf_unsupported_go.go +++ b/waf_unsupported_go.go @@ -8,10 +8,6 @@ package waf -import ( - "runtime" -) - func init() { - wafSupportErrors = append(wafSupportErrors, UnsupportedGoVersionError{runtime.Version()}) + wafSupportErrors = append(wafSupportErrors, UnsupportedGoVersionError{}) } diff --git a/waf_unsupported_go_test.go b/waf_unsupported_go_test.go index f952b35b..f620dea8 100644 --- a/waf_unsupported_go_test.go +++ b/waf_unsupported_go_test.go @@ -8,9 +8,10 @@ package waf_test import ( + "testing" + waf "github.com/DataDog/go-libddwaf/v2" "github.com/stretchr/testify/require" - "testing" ) func TestSupportsTarget(t *testing.T) { diff --git a/waf_unsupported_target.go b/waf_unsupported_target.go index d8da6e9b..3e56304e 100644 --- a/waf_unsupported_target.go +++ b/waf_unsupported_target.go @@ -5,7 +5,7 @@ // Unsupported target OS or architecture // Unsupported OS Unsupported Arch -//go:build (!linux && !darwin) || (!amd64 && !arm64) +//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.22 package waf diff --git a/waf_unsupported_target_test.go b/waf_unsupported_target_test.go index 78f8eda5..39a5d927 100644 --- a/waf_unsupported_target_test.go +++ b/waf_unsupported_target_test.go @@ -3,15 +3,16 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build (!linux && !darwin) || (!amd64 && !arm64) +//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.22 package waf_test import ( - waf "github.com/DataDog/go-libddwaf/v2" - "github.com/stretchr/testify/require" "runtime" "testing" + + waf "github.com/DataDog/go-libddwaf/v2" + "github.com/stretchr/testify/require" ) func TestSupportsTarget(t *testing.T) { From d1c4c2c0464085554ae4681c3e8922ab9057ca60 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Thu, 14 Dec 2023 12:59:28 +0100 Subject: [PATCH 2/9] set LD_DEBUG=all in Docker environments --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a858c7db..a3f86ddb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -118,6 +118,7 @@ jobs: -eDD_APPSEC_WAF_TIMEOUT="${DD_APPSEC_WAF_TIMEOUT}" \ -eGODEBUG="${{ matrix.go-debug }}" \ -eGOEXPERIMENT="${{ matrix.go-experiment }}" \ + -eLD_DEBUG=all \ "golang:${{ matrix.go-version }}-${{ matrix.base }}" - name: Install alpine requirements if: matrix.base == 'alpine' From 26cba1c5089e0c5180c1b1d31b44cb66fda51aa5 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Thu, 14 Dec 2023 13:38:18 +0100 Subject: [PATCH 3/9] only install gcc/musl-dev/libc6-compat on alpine if cgo is enabled --- .github/workflows/test.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a3f86ddb..16933de2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -111,7 +111,7 @@ jobs: run: |- docker run --name gha-${{ github.run_id }} --rm -di \ --platform="linux/${{ matrix.arch }}" \ - -v "${HOME}/go/pkg/mod:/root/go/pkg/mod" \ + -v "${HOME}/go/pkg/mod:/go/pkg/mod" \ -v "$PWD:$PWD" \ -w "$PWD" \ -eCGO_ENABLED="${{ matrix.cgo-enabled }}" \ @@ -121,14 +121,18 @@ jobs: -eLD_DEBUG=all \ "golang:${{ matrix.go-version }}-${{ matrix.base }}" - name: Install alpine requirements - if: matrix.base == 'alpine' + if: matrix.base == 'alpine' && matrix.cgo-enabled == '1' run: |- docker exec -i gha-${{ github.run_id }} \ apk add gcc musl-dev libc6-compat + - name: Install gotestsum + run: |- + docker exec -i gha-${{ github.run_id }} \ + go install gotest.tools/gotestsum@latest - name: go test run: |- docker exec -i gha-${{ github.run_id }} \ - go test -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' ./... + gotestsum -- -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' ./... - name: Stop container if: always() && steps.container.outcome == 'success' run: |- From 061e7b426bc64cb65d4a38afaa1b9b25d8f3e52c Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Thu, 14 Dec 2023 13:49:36 +0100 Subject: [PATCH 4/9] remove LD_DEBUG=all now that it works --- .github/workflows/test.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 16933de2..5c966aa0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -118,7 +118,6 @@ jobs: -eDD_APPSEC_WAF_TIMEOUT="${DD_APPSEC_WAF_TIMEOUT}" \ -eGODEBUG="${{ matrix.go-debug }}" \ -eGOEXPERIMENT="${{ matrix.go-experiment }}" \ - -eLD_DEBUG=all \ "golang:${{ matrix.go-version }}-${{ matrix.base }}" - name: Install alpine requirements if: matrix.base == 'alpine' && matrix.cgo-enabled == '1' From 353be2a6e4f55be45a6c1e5de48ad19e88c11102 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Fri, 15 Dec 2023 10:16:29 +0100 Subject: [PATCH 5/9] Update .github/workflows/test.yml Co-authored-by: Eliott Bouhana <47679741+eliottness@users.noreply.github.com> --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5c966aa0..26528e2c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -73,7 +73,7 @@ jobs: - 'go1.22' # Too recent go version (purego compatibility uncertain) - 'datadog.no_waf,go1.22' # Explicitly disabled & too recent go version (purego compatibility uncertain) include: - # gocheck2 is configrued differently in go1.21 than in previous versions + # gocheck2 is configured differently in go1.21 than in previous versions - go-version: 1.21 go-experiment: cgocheck2 - go-version: 1.20 From 29edfa385b226b1aa27049970f5774d2e7f296a9 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Fri, 15 Dec 2023 10:44:19 +0100 Subject: [PATCH 6/9] add AmazonLinux 2 test image --- .github/workflows/test.yml | 59 ++++++++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 26528e2c..be513897 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,22 +22,22 @@ jobs: - 'go1.22' # Too recent go version (purego compatibility uncertain) - 'datadog.no_waf,go1.22' # Explicitly disabled & too recent go version (purego compatibility uncertain) include: - # gocheck2 is configrued differently in go1.21 than in previous versions - - go-version: 1.21 + # gocheck2 is configured differently in go1.21 than in previous versions + - go-version: '1.21' go-experiment: cgocheck2 - - go-version: 1.20 + - go-version: '1.20' go-debug: cgocheck=2 - - go-version: 1.19 + - go-version: '1.19' go-debug: cgocheck=2 exclude: # Prune redundant checks (the go-next test needs only run once per platform) - - go-version: 1.20 + - go-version: '1.20' go-tags: go1.22 - - go-version: 1.20 + - go-version: '1.20' go-tags: datadog.no_waf,go1.22 - - go-version: 1.19 + - go-version: '1.19' go-tags: go1.22 - - go-version: 1.19 + - go-version: '1.19' go-tags: datadog.no_waf,go1.22 name: ${{ matrix.runs-on }} go${{ matrix.go-version }} cgo=${{ matrix.cgo-enabled }} tags=${{ matrix.go-tags }} runs-on: ${{ matrix.runs-on }} @@ -63,7 +63,14 @@ jobs: strategy: fail-fast: false matrix: - base: [ alpine, bookworm, bullseye, buster ] + image: + # Standard golang image + - golang:{0}-alpine + - golang:{0}-bookworm + - golang:{0}-bullseye + - golang:{0}-buster + # RPM-based image + - amazonlinux:2 # pretty popular on AWS workloads arch: [ amd64, arm64 ] go-version: [ "1.21", "1.20", "1.19" ] cgo-enabled: [ "0", "1" ] # test it compiles with and without cgo @@ -74,26 +81,31 @@ jobs: - 'datadog.no_waf,go1.22' # Explicitly disabled & too recent go version (purego compatibility uncertain) include: # gocheck2 is configured differently in go1.21 than in previous versions - - go-version: 1.21 + - go-version: '1.21' go-experiment: cgocheck2 - - go-version: 1.20 + - go-version: '1.20' go-debug: cgocheck=2 - - go-version: 1.19 + - go-version: '1.19' go-debug: cgocheck=2 exclude: # Prune redundant checks (the go-next test needs only run once per platform) - - go-version: 1.20 + - go-version: '1.20' go-tags: go1.22 - - go-version: 1.20 + - go-version: '1.20' go-tags: datadog.no_waf,go1.22 - - go-version: 1.19 + - go-version: '1.19' go-tags: go1.22 - - go-version: 1.19 + - go-version: '1.19' go-tags: datadog.no_waf,go1.22 # Prune inexistant build images (debian buster is on LTS but won't get new go version images) - - go-version: 1.21 - base: buster - name: linux/${{ matrix.arch }} golang:${{ matrix.go-version }}-${{ matrix.base }} cgo=${{ matrix.cgo-enabled }} tags=${{ matrix.go-tags }} + - go-version: '1.21' + image: golang:{0}-buster + # The amazonlinux:2 variant is only relevant for the default go version yum ships + - go-version: '1.19' + image: amazonlinux:2 + - go-version: '1.20' + image: amazonlinux:2 + name: linux/${{ matrix.arch }} ${{ format(matrix.image, matrix.go-version) }} cgo=${{ matrix.cgo-enabled }} tags=${{ matrix.go-tags }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -118,12 +130,17 @@ jobs: -eDD_APPSEC_WAF_TIMEOUT="${DD_APPSEC_WAF_TIMEOUT}" \ -eGODEBUG="${{ matrix.go-debug }}" \ -eGOEXPERIMENT="${{ matrix.go-experiment }}" \ - "golang:${{ matrix.go-version }}-${{ matrix.base }}" + "${{ format(matrix.image, matrix.go-version) }}" - name: Install alpine requirements - if: matrix.base == 'alpine' && matrix.cgo-enabled == '1' + if: endsWith(matrix.image, '-alpine') && matrix.cgo-enabled == '1' run: |- docker exec -i gha-${{ github.run_id }} \ apk add gcc musl-dev libc6-compat + - name: Install AmazonLinux 2 requirements + if: matrix.image == 'amazonlinux:2' + run: |- + docker exec -i gha-${{ github.run_id }} \ + yum install -y golang - name: Install gotestsum run: |- docker exec -i gha-${{ github.run_id }} \ From b9a92706e14af88587da6649c802c2d811dc952a Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Fri, 15 Dec 2023 10:50:53 +0100 Subject: [PATCH 7/9] make tests work when multiple disabling conditions coexist --- waf_manually_disabled.go | 2 +- waf_manually_disabled_test.go | 24 ++++++++++++----------- waf_unsupported_go_test.go | 32 ++++++++++++++++--------------- waf_unsupported_target.go | 2 +- waf_unsupported_target_test.go | 35 ++++++++++++++++++---------------- 5 files changed, 51 insertions(+), 44 deletions(-) diff --git a/waf_manually_disabled.go b/waf_manually_disabled.go index aa46bf53..0a37e184 100644 --- a/waf_manually_disabled.go +++ b/waf_manually_disabled.go @@ -4,7 +4,7 @@ // Copyright 2016-present Datadog, Inc. // Manually set datadog.no_waf build tag -//go:build datadog.no_waf && (linux || darwin) && (amd64 || arm64) && !go1.22 +//go:build datadog.no_waf package waf diff --git a/waf_manually_disabled_test.go b/waf_manually_disabled_test.go index e31e6678..221dc52b 100644 --- a/waf_manually_disabled_test.go +++ b/waf_manually_disabled_test.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build datadog.no_waf && (linux || darwin) && (amd64 || arm64) && !go1.22 +//go:build datadog.no_waf package waf_test @@ -14,15 +14,17 @@ import ( "github.com/stretchr/testify/require" ) -func TestLoad(t *testing.T) { - ok, err := waf.Load() - require.False(t, ok) - require.Error(t, err) -} +func TestManuallyDisabled(t *testing.T) { + t.Run("TestLoad", func(t *testing.T) { + ok, err := waf.Load() + require.False(t, ok) + require.Error(t, err) + }) -func TestHealth(t *testing.T) { - ok, err := waf.Health() - require.False(t, ok) - require.Error(t, err) - require.ErrorIs(t, err, waf.ManuallyDisabledError{}) + t.Run("TestHealth", func(t *testing.T) { + ok, err := waf.Health() + require.False(t, ok) + require.Error(t, err) + require.ErrorIs(t, err, waf.ManuallyDisabledError{}) + }) } diff --git a/waf_unsupported_go_test.go b/waf_unsupported_go_test.go index f620dea8..a6dff15c 100644 --- a/waf_unsupported_go_test.go +++ b/waf_unsupported_go_test.go @@ -14,21 +14,23 @@ import ( "github.com/stretchr/testify/require" ) -func TestSupportsTarget(t *testing.T) { - supported, err := waf.SupportsTarget() - require.False(t, supported) - require.Error(t, err) - require.ErrorIs(t, err, waf.UnsupportedGoVersionError{}) -} +func TestUnsupportedGoRuntime(t *testing.T) { + t.Run("TestSupportsTarget", func(t *testing.T) { + supported, err := waf.SupportsTarget() + require.False(t, supported) + require.Error(t, err) + require.ErrorIs(t, err, waf.UnsupportedGoVersionError{}) + }) -func TestLoad(t *testing.T) { - ok, err := waf.Load() - require.False(t, ok) - require.Error(t, err) -} + t.Run("TestLoad", func(t *testing.T) { + ok, err := waf.Load() + require.False(t, ok) + require.Error(t, err) + }) -func TestHealth(t *testing.T) { - ok, err := waf.Health() - require.False(t, ok) - require.Error(t, err) + t.Run("TestHealth", func(t *testing.T) { + ok, err := waf.Health() + require.False(t, ok) + require.Error(t, err) + }) } diff --git a/waf_unsupported_target.go b/waf_unsupported_target.go index 3e56304e..d8da6e9b 100644 --- a/waf_unsupported_target.go +++ b/waf_unsupported_target.go @@ -5,7 +5,7 @@ // Unsupported target OS or architecture // Unsupported OS Unsupported Arch -//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.22 +//go:build (!linux && !darwin) || (!amd64 && !arm64) package waf diff --git a/waf_unsupported_target_test.go b/waf_unsupported_target_test.go index 39a5d927..c1f78dfc 100644 --- a/waf_unsupported_target_test.go +++ b/waf_unsupported_target_test.go @@ -3,7 +3,7 @@ // This product includes software developed at Datadog (https://www.datadoghq.com/). // Copyright 2016-present Datadog, Inc. -//go:build ((!linux && !darwin) || (!amd64 && !arm64)) && !go1.22 +//go:build (!linux && !darwin) || (!amd64 && !arm64) package waf_test @@ -15,21 +15,24 @@ import ( "github.com/stretchr/testify/require" ) -func TestSupportsTarget(t *testing.T) { - supported, err := waf.SupportsTarget() - require.False(t, supported) - require.Error(t, err) - require.ErrorIs(t, err, waf.UnsupportedOSArchError{runtime.GOOS, runtime.GOARCH}) -} +func TestUnsupportedPlatform(t *testing.T) { -func TestLoad(t *testing.T) { - ok, err := waf.Load() - require.False(t, ok) - require.Error(t, err) -} + t.Run("SupportsTarget", func(t *testing.T) { + supported, err := waf.SupportsTarget() + require.False(t, supported) + require.Error(t, err) + require.ErrorIs(t, err, waf.UnsupportedOSArchError{runtime.GOOS, runtime.GOARCH}) + }) + + t.Run("Load", func(t *testing.T) { + ok, err := waf.Load() + require.False(t, ok) + require.Error(t, err) + }) -func TestHealth(t *testing.T) { - ok, err := waf.Health() - require.False(t, ok) - require.Error(t, err) + t.Run("Health", func(t *testing.T) { + ok, err := waf.Health() + require.False(t, ok) + require.Error(t, err) + }) } From b92eca23393d46a5c7dca7e8f2ced2501a6822c4 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Fri, 15 Dec 2023 10:57:20 +0100 Subject: [PATCH 8/9] fixup go version in amazonlinux:2 --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index be513897..9a75f851 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -100,10 +100,10 @@ jobs: # Prune inexistant build images (debian buster is on LTS but won't get new go version images) - go-version: '1.21' image: golang:{0}-buster - # The amazonlinux:2 variant is only relevant for the default go version yum ships + # The amazonlinux:2 variant is only relevant for the default go version yum ships (currently 1.20) - go-version: '1.19' image: amazonlinux:2 - - go-version: '1.20' + - go-version: '1.21' image: amazonlinux:2 name: linux/${{ matrix.arch }} ${{ format(matrix.image, matrix.go-version) }} cgo=${{ matrix.cgo-enabled }} tags=${{ matrix.go-tags }} runs-on: ubuntu-latest From b40a73938a0bedfbcc03da4d1b6297e1f9b69ed4 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Fri, 15 Dec 2023 11:06:17 +0100 Subject: [PATCH 9/9] make amazonlinux:2 target work --- .github/workflows/test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9a75f851..d7ec2833 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -130,6 +130,7 @@ jobs: -eDD_APPSEC_WAF_TIMEOUT="${DD_APPSEC_WAF_TIMEOUT}" \ -eGODEBUG="${{ matrix.go-debug }}" \ -eGOEXPERIMENT="${{ matrix.go-experiment }}" \ + -eGOMODCACHE="/go/pkg/mod" \ "${{ format(matrix.image, matrix.go-version) }}" - name: Install alpine requirements if: endsWith(matrix.image, '-alpine') && matrix.cgo-enabled == '1' @@ -148,7 +149,9 @@ jobs: - name: go test run: |- docker exec -i gha-${{ github.run_id }} \ - gotestsum -- -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' ./... + go run gotest.tools/gotestsum@latest -- \ + -v -count=10 -shuffle=on -tags='${{ matrix.go-tags }}' \ + ./... - name: Stop container if: always() && steps.container.outcome == 'success' run: |-