.github/workflows: cherrypick changes from v2-dev for v2 nightly CI (#…

…2382)

Co-authored-by: Ahmed Mezghani <[email protected]>

.github/workflows/apps/appsec-test-contrib-submodules.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+set -e
+
+# This script is used to test the contrib submodules in the apps directory.
+# It is run by the GitHub Actions CI workflow defined in
+# .github/workflows/appsec.yml.
+
+echo "Running appsec tests for:"
+echo "  V2_BRANCH=$V2_BRANCH"
+echo "  GODEBUG=$GODEBUG"
+echo "  GOEXPERIMENT=$GOEXPERIMENT"
+echo "  CGO_ENABLED=$CGO_ENABLED"
+echo "  DD_APPSEC_ENABLED=$DD_APPSEC_ENABLED"
+echo "  DD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT"
+
+function gotestsum_runner() {
+  report=$1; shift
+  gotestsum --junitfile "$report" -- -v "$@"
+}
+
+function docker_runner() {
+  # ignore the first argument, which is the JUnit report
+  shift
+  docker run --platform=$PLATFORM -v $PWD:$PWD -w $PWD -eCGO_ENABLED=$CGO_ENABLED -eDD_APPSEC_ENABLED=$DD_APPSEC_ENABLED -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v "$@"
+}
+
+runner="gotestsum_runner"
+if [[ "$1" == "docker" ]]; then
+  runner="docker_runner"; shift
+  PLATFORM=$1
+  [[ -z "$PLATFORM" ]] && PLATFORM="linux/arm64"
+fi
+
+$runner "$JUNIT_REPORT.xml" ./appsec/... ./internal/appsec/...
+
+SCOPES=("gin-gonic/gin" "google.golang.org/grpc" "net/http" "gorilla/mux" "go-chi/chi" "go-chi/chi.v5" "labstack/echo.v4")
+for SCOPE in "${SCOPES[@]}"; do
+  contrib=$(basename "$SCOPE")
+  if [[ "$V2_BRANCH" == "true" ]]; then
+    cd "./v2/contrib/$SCOPE"
+    $runner "$JUNIT_REPORT.$contrib.xml" .
+    cd -
+  else
+    $runner "$JUNIT_REPORT.$contrib.xml" "./contrib/$SCOPE/..."
+  fi
+done

.github/workflows/apps/test-contrib-submodules.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+# This script is used to test the contrib submodules in the apps directory.
+# It is run by the GitHub Actions CI workflow defined in
+# .github/workflows/unit-integration-tests.yml.
+
+[[ -d ./v2/contrib ]] || exit 0
+
+CONTRIBS=$(find ./v2/contrib -mindepth 2 -type f -name go.mod -exec dirname {} \;)
+
+for contrib in $CONTRIBS; do
+  echo "Testing contrib module: $contrib"
+  contrib_id=$(echo $contrib | sed 's/^\.\///g;s/[\/\.]/_/g')
+  cd $contrib
+  gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report-$contrib_id.xml -- ./... -v -race -coverprofile=coverage-$contrib_id.txt -covermode=atomic
+  cd -
+done

.github/workflows/appsec.yml

@@ -25,8 +25,8 @@ on:
     branches: release-v*
 env:
   DD_APPSEC_WAF_TIMEOUT: 5s
-  JUNIT_REPORT: gotestsum-report.xml
-  TO_TEST: ./appsec/... ./internal/appsec/... ./contrib/google.golang.org/grpc/... ./contrib/net/http/... ./contrib/gorilla/mux/... ./contrib/go-chi/... ./contrib/labstack/echo.v4/... ./contrib/gin-gonic/gin/...
+  JUNIT_REPORT: /tmp/gotestsum-report
+  V2_BRANCH: false
 jobs:
   native:
     strategy:
@@ -64,15 +64,15 @@ jobs:
       - name: go test
         shell: bash
         run: |
-          env GOBIN=$PWD go install gotest.tools/gotestsum@latest
+          go install gotest.tools/gotestsum@latest
           # Run the tests with gotestsum
-          env ${{ matrix.cgocheck }} CGO_ENABLED=${{ matrix.cgo_enabled }} ${{ matrix.appsec_enabled }} ./gotestsum --junitfile $JUNIT_REPORT -- -v $TO_TEST
+          env ${{ matrix.cgocheck }} CGO_ENABLED=${{ matrix.cgo_enabled }} ${{ matrix.appsec_enabled }} ./.github/workflows/apps/appsec-test-contrib-submodules.sh
 
       - name: Upload the results to Datadog CI App
         uses: ./.github/actions/dd-ci-upload
         with:
           dd-api-key: ${{ secrets.DD_CI_API_KEY }}
-          files: ${{ env.JUNIT_REPORT }}
+          files: ${{ env.JUNIT_REPORT }}*.xml
           tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }}
 
   # Tests cases were appsec end up being disable
@@ -105,15 +105,15 @@ jobs:
       - name: go test
         shell: bash
         run: |
-          env GOBIN=$PWD go install gotest.tools/gotestsum@latest
+          go install gotest.tools/gotestsum@latest
           # Run the tests with gotestsum
-          env ${{ matrix.appsec_enabled }} ./gotestsum --junitfile $JUNIT_REPORT -- -v $TO_TEST
+          env ${{ matrix.appsec_enabled }} ./.github/workflows/apps/appsec-test-contrib-submodules.sh
 
       - name: Upload the results to Datadog CI App
         uses: ./.github/actions/dd-ci-upload
         with:
           dd-api-key: ${{ secrets.DD_CI_API_KEY }}
-          files: ${{ env.JUNIT_REPORT }}
+          files: ${{ env.JUNIT_REPORT }}*.xml
           tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }}
 
 
@@ -144,7 +144,7 @@ jobs:
           ref: ${{ inputs.ref || github.ref }}
       # Install gcc and the libc headers on alpine images
       - if: ${{ matrix.distribution == 'alpine' }}
-        run: apk add gcc musl-dev libc6-compat git
+        run: apk add gcc musl-dev libc6-compat git bash
 
       - name: Go modules cache
         uses: actions/cache@v3
@@ -156,16 +156,16 @@ jobs:
       - name: go test
         run: |
           # Install gotestsum to get the results in a junit file
-          env GOBIN=$PWD go install gotest.tools/gotestsum@latest
+          go install gotest.tools/gotestsum@latest
           # Run the tests with gotestsum
-          env CGO_ENABLED=${{ matrix.cgo_enabled }} ${{ matrix.appsec_enabled }} ./gotestsum --junitfile $JUNIT_REPORT -- -v $TO_TEST
+          env CGO_ENABLED=${{ matrix.cgo_enabled }} ${{ matrix.appsec_enabled }} /bin/bash ./.github/workflows/apps/appsec-test-contrib-submodules.sh
 
       - name: Upload the results to Datadog CI App
         if: matrix.distribution != 'alpine' # datadog-ci CLI doesn't work on alpine
         uses: ./.github/actions/dd-ci-upload
         with:
           dd-api-key: ${{ secrets.DD_CI_API_KEY }}
-          files: ${{ env.JUNIT_REPORT }}
+          files: ${{ env.JUNIT_REPORT }}*.xml
           tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }},distribution:${{ matrix.distribution }}
 
   linux-arm64:
@@ -193,7 +193,8 @@ jobs:
         uses: docker/setup-qemu-action@v2
         with:
           platforms: arm64
-      - run: docker run --platform=linux/arm64 -v $PWD:$PWD -w $PWD -eCGO_ENABLED=${{ matrix.cgo_enabled }} -eDD_APPSEC_ENABLED=${{ matrix.appsec_enabled }} -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v $TO_TEST
+      - run: |
+          env CGO_ENABLED=${{ matrix.cgo_enabled }} DD_APPSEC_ENABLED=${{ matrix.appsec_enabled }} DD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT ./.github/workflows/apps/appsec-test-contrib-submodules.sh docker linux/arm64
 
   smoke-tests:
     uses: DataDog/appsec-go-test-app/.github/workflows/smoke-tests.yml@main

.github/workflows/govulncheck.yml

@@ -15,7 +15,7 @@ on:
   workflow_dispatch:
 
 env:
-  V2_BRANCH: ${{ inputs.ref == 'refs/heads/v2-dev' }}
+  V2_BRANCH: false
 
 jobs:
   govulncheck-tests:
@@ -43,6 +43,6 @@ jobs:
       - name: Run govulncheck-contribs (v2)
         if: ${{ env.V2_BRANCH == 'true' }}
         run: |
-          go list -f '{{.Dir}}' ./contrib/... | while read dir ; do
+          find ./v2/contrib -mindepth 2 -type f -name go.mod -exec dirname {} \; | while read dir ; do
             govulncheck -C $dir .
           done

.github/workflows/multios-unit-tests.yml

@@ -27,7 +27,7 @@ on:
         type: string
 
 env:
-  V2_BRANCH: ${{ inputs.ref == 'refs/heads/v2-dev' }}
+  V2_BRANCH: false
 
 jobs:
   test-multi-os:

.github/workflows/parametric-tests.yml

@@ -28,7 +28,7 @@ jobs:
       group: "APM Larger Runners"
     env:
       TEST_LIBRARY: golang
-      V2_BRANCH: ${{ inputs.ref == 'refs/heads/v2-dev' }}
+      V2_BRANCH: false
     steps:
       - name: Checkout system tests
         uses: actions/checkout@v3

.github/workflows/system-tests.yml

@@ -93,7 +93,7 @@ jobs:
       DD_API_KEY: ${{ secrets.DD_API_KEY }}
       SYSTEM_TESTS_E2E_DD_API_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_API_KEY }}
       SYSTEM_TESTS_E2E_DD_APP_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_APP_KEY }}
-      V2_BRANCH: ${{ inputs.branch_ref == 'refs/heads/v2-dev' }}
+      V2_BRANCH: false
     name: Test (${{ matrix.weblog-variant }}, ${{ matrix.scenario }})
     steps:
       - name: Checkout system tests
@@ -103,6 +103,7 @@ jobs:
           repository: 'DataDog/system-tests'
           ref: ${{ inputs.ref }}
 
+      # TODO(darccio): remove ref on v2 release
       - name: Checkout system tests (v2)
         uses: actions/checkout@v3
         if: ${{ env.V2_BRANCH == 'true' }}

.github/workflows/unit-integration-tests.yml

@@ -51,7 +51,7 @@ jobs:
     env:
        TEST_RESULTS: /tmp/test-results # path to where test results will be saved
        INTEGRATION: true
-       V2_BRANCH: ${{ inputs.ref == 'refs/heads/v2-dev' }}
+       V2_BRANCH: false
     services:
       datadog-agent:
         image: datadog/agent:latest
@@ -199,20 +199,17 @@ jobs:
             PACKAGE_NAMES=$(go list ./contrib/... | grep -v -e grpc.v12 -e google.golang.org/api)
             gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES -v -race -coverprofile=coverage.txt -covermode=atomic
 
-      - name: Test Contrib (v2)
-        if: ${{ env.V2_BRANCH == 'true' }}
-        run: |
-          mkdir -p $TEST_RESULTS
-          PACKAGE_NAMES=$(go list ./contrib/... | grep -v -e google.golang.org/api)
-          gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES -v -race -coverprofile=coverage.txt -covermode=atomic
+      - name: Test Contrib Submodules
+        if: always()
+        run: ./.github/workflows/apps/test-contrib-submodules.sh
 
       - name: Upload the results to Datadog CI App
         if: always()
         continue-on-error: true
         uses: ./.github/actions/dd-ci-upload
         with:
           dd-api-key: ${{ secrets.DD_CI_API_KEY }}
-          files: ${{ env.TEST_RESULTS }}/gotestsum-report.xml
+          files: ${{ env.TEST_RESULTS }}/gotestsum-report*.xml
           tags: go:${{ inputs.go-version }},arch:${{ runner.arch }},os:${{ runner.os }},distribution:${{ runner.distribution }}
 
       - name: Upload Coverage