Skip to content

fix: add nullptr checks for new_pyobject_id [backport 2.10] (#10133) #54600

fix: add nullptr checks for new_pyobject_id [backport 2.10] (#10133)

fix: add nullptr checks for new_pyobject_id [backport 2.10] (#10133) #54600

Workflow file for this run

name: "Library Injection"
on:
# Build each branch for testing
push:
pull_request:
paths:
- ddtrace/**
- lib-injection/**
- setup*
- pyproject.toml
- .github/workflows/lib-injection.yml
jobs:
build-and-publish-test-image:
uses: ./.github/workflows/lib-inject-publish.yml
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
with:
ddtrace-version: v2.6.3
image-tag: ${{ github.sha }}
build-and-publish-latest-snapshot-image:
if: github.ref == 'refs/heads/main'
uses: ./.github/workflows/lib-inject-publish.yml
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
with:
ddtrace-version: v2.6.3
image-tag: latest_snapshot
test-runner-test:
needs:
- build-and-publish-test-image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
matrix:
weblog-variant: ['dd-lib-python-init-test-django','dd-lib-python-init-test-django-gunicorn','dd-lib-python-init-test-django-uvicorn']
fail-fast: false
env:
TEST_LIBRARY: python
WEBLOG_VARIANT: ${{ matrix.weblog-variant }}
DOCKER_REGISTRY_IMAGES_PATH: ghcr.io/datadog
DOCKER_IMAGE_TAG: ${{ github.sha }}
BUILDX_PLATFORMS: linux/amd64
steps:
- name: Checkout system tests
uses: actions/checkout@v4
with:
repository: 'DataDog/system-tests'
- name: Install runner
uses: ./.github/actions/install_runner
- name: Run K8s Lib Injection Tests
run: ./run.sh K8S_LIB_INJECTION_BASIC
- name: Compress logs
id: compress_logs
if: always()
run: tar -czvf artifact.tar.gz $(ls | grep logs)
- name: Upload artifact
if: always()
uses: actions/upload-artifact@v4
with:
name: logs_k8s_lib_injection_${{ matrix.weblog-variant }}
path: artifact.tar.gz
test_unit:
runs-on: ubuntu-latest
strategy:
matrix:
variant: [
'dd-lib-python-init-test-django',
'dd-lib-python-init-test-django-gunicorn',
'dd-lib-python-init-test-django-gunicorn-alpine',
'dd-lib-python-init-test-django-uvicorn',
'dd-lib-python-init-test-django-no-perms',
'dd-lib-python-init-test-django-pre-installed',
'dd-lib-python-init-test-django-unsupported-package-force',
]
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Build and run the app
run: |
SRC="$(pwd)"
cd lib-injection
export DDTRACE_PYTHON_VERSION="v2.6.3"
export APP_CONTEXT="${SRC}/tests/lib-injection/${{matrix.variant}}"
export TEMP_DIR="${SRC}/tmp/ddtrace"
mkdir -p "${TEMP_DIR}"
# Give the temp dir permissions, by default the docker user doesn't have permissions
# to write to the filesystem.
chmod 777 $TEMP_DIR
# Start the lib_inject to get the files copied. This avoids a race condition with the startup of the
# application.
docker compose up --build lib_inject
docker compose up --build -d
# Wait for the app to start
sleep 60
docker compose logs
- name: Check Permissions on ddtrace pkgs
run: |
cd lib-injection
# Ensure /datadog-lib/ddtrace_pkgs is a valid directory that is not empty
docker compose run lib_inject find /datadog-init/ddtrace_pkgs -maxdepth 0 -empty | wc -l && if [ $? -ne 0 ]; then exit 1; fi
# Ensure files are not world writeable
docker compose run lib_inject find /datadog-init/ddtrace_pkgs ! -perm /o+w | wc -l && if [ $? -ne 0 ]; then exit 1; fi
# Ensure all users have read and execute permissions to files stored in /datadog-lib/ddtrace_pkgs
docker compose run lib_inject find /datadog-init/ddtrace_pkgs ! -perm u=rwx,o=rx | wc -l && if [ $? -ne 0 ]; then exit 1; fi
- name: Test the app
run: |
curl http://localhost:18080
sleep 1 # wait for traces to be sent
- name: Check mocked telemetry
run: |
cd lib-injection
docker exec lib-injection-app_local-1 sh -c "cd .. && [ ! -f src/validate_telemetry.py ] || cat src/mock-telemetry.out | python src/validate_telemetry.py"
- name: Print traces
run: curl http://localhost:8126/test/traces
- name: Check test agent received a trace
run: |
N=$(curl http://localhost:8126/test/traces | jq -r -e 'length')
[[ $N == "1" ]]
test_unit_no_instrumentation:
runs-on: ubuntu-latest
strategy:
matrix:
variant: [
'dd-lib-python-init-test-django-unsupported-python',
'dd-lib-python-init-test-django-unsupported-package',
]
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Build and run the app
run: |
SRC="$(pwd)"
cd lib-injection
export DDTRACE_PYTHON_VERSION="v2.6.3"
export APP_CONTEXT="${SRC}/tests/lib-injection/${{matrix.variant}}"
export TEMP_DIR="${SRC}/tmp/ddtrace"
mkdir -p "${TEMP_DIR}"
# Give the temp dir permissions, by default the docker user doesn't have permissions
# to write to the filesystem.
chmod 777 $TEMP_DIR
# Start the lib_inject to get the files copied. This avoids a race condition with the startup of the
# application.
docker compose up --build lib_inject
docker compose up --build -d
# Wait for the app to start
sleep 60
docker compose logs
- name: Check Permissions on ddtrace pkgs
run: |
cd lib-injection
# Ensure /datadog-lib/ddtrace_pkgs is a valid directory that is not empty
docker compose run lib_inject find /datadog-init/ddtrace_pkgs -maxdepth 0 -empty | wc -l && if [ $? -ne 0 ]; then exit 1; fi
# Ensure files are not world writeable
docker compose run lib_inject find /datadog-init/ddtrace_pkgs ! -perm /o+w | wc -l && if [ $? -ne 0 ]; then exit 1; fi
# Ensure all users have read and execute permissions to files stored in /datadog-lib/ddtrace_pkgs
docker compose run lib_inject find /datadog-init/ddtrace_pkgs ! -perm u=rwx,o=rx | wc -l && if [ $? -ne 0 ]; then exit 1; fi
- name: Test the app
run: |
curl http://localhost:18080
sleep 1 # wait for traces to be sent
- name: Check mocked telemetry
run: |
cd lib-injection
docker exec lib-injection-app_local-1 sh -c "cd .. && [ ! -f src/validate_telemetry.py ] || cat src/mock-telemetry.out | python src/validate_telemetry.py"
- name: Check test agent received no trace
run: |
N=$(curl http://localhost:8126/test/traces | jq -r -e 'length')
[[ $N == "0" ]]