From 814425685b0e1dddcf9c1e4384f14276b497bd01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Tue, 19 Aug 2025 10:14:27 +0200 Subject: [PATCH 01/16] chore(ci): ensure merge queue runs the same CI checks when testing the soon-to-be merged PR as they ran on it --- .github/workflows/api-check.yml | 4 ++++ .github/workflows/appsec.yml | 12 +++++++--- .github/workflows/codeql-analysis.yml | 13 +++++----- .github/workflows/ecosystems-label-pr.yml | 4 ++-- .github/workflows/generate.yml | 9 +++---- .github/workflows/govulncheck.yml | 5 +++- .github/workflows/main-branch-tests.yml | 5 +++- .github/workflows/orchestrion.yml | 8 ++++++- .github/workflows/parametric-tests.yml | 12 ++++++---- .../pull-request-title-validation.yml | 5 +++- .github/workflows/pull-request.yml | 13 ++++------ .github/workflows/smoke-tests.yml | 11 ++++++--- .github/workflows/static-checks.yml | 15 ++++++++---- .github/workflows/system-tests.yml | 24 +++++++++++-------- .../update-supported-versions-doc.yml | 3 ++- 15 files changed, 92 insertions(+), 51 deletions(-) diff --git a/.github/workflows/api-check.yml b/.github/workflows/api-check.yml index 1176b35c43..b4b592429d 100644 --- a/.github/workflows/api-check.yml +++ b/.github/workflows/api-check.yml @@ -2,6 +2,10 @@ name: API Stability Check on: pull_request: + types: + - opened + - synchronize + - reopened paths: - 'ddtrace/tracer/**' - 'scripts/apiextractor/**' diff --git a/.github/workflows/appsec.yml b/.github/workflows/appsec.yml index 4644d0956c..a7a7c55118 100644 --- a/.github/workflows/appsec.yml +++ b/.github/workflows/appsec.yml @@ -10,19 +10,25 @@ on: schedule: # nightly - cron: "0 0 * * *" pull_request: # on pull requests touching appsec files + types: + - opened + - synchronize + - reopened paths: - '.github/workflows/appsec.yml' - 'internal/appsec/**' - 'appsec/**' - 'contrib/**/appsec.go' - '**/go.mod' - merge_group: push: - branches: release-v* + branches: + - release-v* tags-ignore: - 'contrib/**' - 'instrumentation/**' - + - 'internal/**' + - 'orchestrion/**' + - 'scripts/**' env: DD_APPSEC_WAF_TIMEOUT: 1m PACKAGES: >- diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 68bb519c96..68f870dfbc 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -8,14 +8,13 @@ on: required: true type: string push: - branches: [ main, master ] - tags-ignore: - - 'contrib/**' - - 'instrumentation/**' + branches: + - mq-working-branch-** pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - merge_group: + types: + - opened + - synchronize + - reopened jobs: analyze: diff --git a/.github/workflows/ecosystems-label-pr.yml b/.github/workflows/ecosystems-label-pr.yml index 2945d18268..5978af88d3 100644 --- a/.github/workflows/ecosystems-label-pr.yml +++ b/.github/workflows/ecosystems-label-pr.yml @@ -1,12 +1,12 @@ name: Label APM Ecosystems Pull Requests on: pull_request: - paths: - - "contrib/**" types: - opened - reopened - edited + paths: + - "contrib/**" permissions: contents: read pull-requests: write diff --git a/.github/workflows/generate.yml b/.github/workflows/generate.yml index 14f36525d9..728f70e040 100644 --- a/.github/workflows/generate.yml +++ b/.github/workflows/generate.yml @@ -3,12 +3,13 @@ name: Generate on: push: branches: - - main - release-* + - mq-working-branch-** pull_request: - branches: - - main - - release-* + types: + - opened + - synchronize + - reopened workflow_call: inputs: go-version: diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index f353c930e8..a0dd3ed45a 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -8,11 +8,14 @@ on: type: string push: branches: - - main - release-v* + - mq-working-branch-** tags-ignore: - 'contrib/**' - 'instrumentation/**' + - 'internal/**' + - 'orchestrion/**' + - 'scripts/**' schedule: - cron: '00 00 * * *' workflow_dispatch: diff --git a/.github/workflows/main-branch-tests.yml b/.github/workflows/main-branch-tests.yml index 84470e14a9..d6207fb575 100644 --- a/.github/workflows/main-branch-tests.yml +++ b/.github/workflows/main-branch-tests.yml @@ -9,11 +9,14 @@ on: type: string push: branches: - - main - release-v* + - mq-working-branch-** tags-ignore: - 'contrib/**' - 'instrumentation/**' + - 'internal/**' + - 'orchestrion/**' + - 'scripts/**' concurrency: group: ${{ github.ref }} diff --git a/.github/workflows/orchestrion.yml b/.github/workflows/orchestrion.yml index 7e880bd420..36286a1291 100644 --- a/.github/workflows/orchestrion.yml +++ b/.github/workflows/orchestrion.yml @@ -15,13 +15,19 @@ on: DD_API_KEY: required: false pull_request: - merge_group: + types: + - opened + - synchronize + - reopened push: branches: - release-v* tags-ignore: - 'contrib/**' - 'instrumentation/**' + - 'internal/**' + - 'orchestrion/**' + - 'scripts/**' permissions: read-all diff --git a/.github/workflows/parametric-tests.yml b/.github/workflows/parametric-tests.yml index a8a08e3eff..4fa69f69e1 100644 --- a/.github/workflows/parametric-tests.yml +++ b/.github/workflows/parametric-tests.yml @@ -9,15 +9,19 @@ on: type: string push: branches: - - main - release-v* + - mq-working-branch-** tags-ignore: - 'contrib/**' - 'instrumentation/**' + - 'internal/**' + - 'orchestrion/**' + - 'scripts/**' pull_request: - branches: - - "**" - merge_group: + types: + - opened + - synchronize + - reopened workflow_dispatch: inputs: ref: diff --git a/.github/workflows/pull-request-title-validation.yml b/.github/workflows/pull-request-title-validation.yml index 6015bc8eaf..449e5e8100 100644 --- a/.github/workflows/pull-request-title-validation.yml +++ b/.github/workflows/pull-request-title-validation.yml @@ -2,7 +2,10 @@ name: Validate PR Title on: pull_request: - types: [opened, edited,reopened,synchronize] + types: + - opened + - edited + - reopened jobs: check-title: diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 0a3e4b18c1..4fe876dc7e 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -2,15 +2,10 @@ name: Pull Request Tests on: pull_request: - branches: - - "**" - merge_group: - push: - branches: - - 'mq-working-branch-**' - tags-ignore: - - 'contrib/**' - - 'instrumentation/**' + types: + - opened + - synchronize + - reopened concurrency: group: ${{ github.ref }} diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index f1d900a913..9d8df226ac 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -13,17 +13,22 @@ on: type: string push: branches: - - main - release-v* + - mq-working-branch-** tags-ignore: - 'contrib/**' - 'instrumentation/**' + - 'internal/**' + - 'orchestrion/**' + - 'scripts/**' schedule: # nightly - cron: "0 0 * * *" workflow_dispatch: { } # manually pull_request: - branches: - - '**' + types: + - opened + - synchronize + - reopened env: TEST_RESULTS: /tmp/test-results # path to where test results will be saved diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml index 1669304c65..1f98a8388c 100644 --- a/.github/workflows/static-checks.yml +++ b/.github/workflows/static-checks.yml @@ -3,12 +3,19 @@ name: Static Checks on: push: branches: - - main - release-* + - mq-working-branch-** + tags-ignore: + - 'contrib/**' + - 'instrumentation/**' + - 'internal/**' + - 'orchestrion/**' + - 'scripts/**' pull_request: - branches: - - main - - release-* + types: + - opened + - synchronize + - reopened workflow_call: inputs: go-version: diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index 26caff2fc3..23af51c75b 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -9,22 +9,26 @@ on: type: string push: branches: - - main - release-v* + - mq-working-branch-** tags-ignore: - 'contrib/**' - 'instrumentation/**' + - 'internal/**' + - 'orchestrion/**' + - 'scripts/**' pull_request: - branches: - - "**" - merge_group: + types: + - opened + - synchronize + - reopened workflow_dispatch: - inputs: - ref: - description: 'System Tests ref/tag/branch' - required: true - default: main - type: string + inputs: + ref: + description: 'System Tests ref/tag/branch' + required: true + default: main + type: string schedule: - cron: '00 04 * * 2-6' diff --git a/.github/workflows/update-supported-versions-doc.yml b/.github/workflows/update-supported-versions-doc.yml index b688bfe545..483dc7bbc7 100644 --- a/.github/workflows/update-supported-versions-doc.yml +++ b/.github/workflows/update-supported-versions-doc.yml @@ -4,7 +4,8 @@ on: # Every time we run smoke tests, we check what version of each library was used to run the tests and this will # be used as the latest supported version in our docs. workflows: ["Smoke Tests"] - branches: [main] + branches: + - mq-working-branch-** types: - completed From 36c24cb0f4fa8033955fcbbdc4da5c738e5cbd14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Thu, 21 Aug 2025 12:06:55 +0200 Subject: [PATCH 02/16] feat(.github/workflows): swap pull-request and main-branch-tests, so flakiness is more probable while testing the PR --- .github/workflows/main-branch-tests.yml | 25 ++++------------ .github/workflows/pull-request.yml | 39 +++++++++++++++++++++---- 2 files changed, 39 insertions(+), 25 deletions(-) diff --git a/.github/workflows/main-branch-tests.yml b/.github/workflows/main-branch-tests.yml index d6207fb575..d29c6a8ccc 100644 --- a/.github/workflows/main-branch-tests.yml +++ b/.github/workflows/main-branch-tests.yml @@ -24,24 +24,11 @@ concurrency: jobs: unit-integration-tests: - strategy: - matrix: - go-version: [ "1.25", "1.24" ] - fail-fast: false uses: ./.github/workflows/unit-integration-tests.yml + permissions: + contents: read + id-token: write + pull-requests: write with: - go-version: ${{ matrix.go-version }} - ref: ${{ inputs.ref || github.ref }} - secrets: inherit - multios-unit-tests: - strategy: - matrix: - runs-on: [ macos-latest, windows-latest, ubuntu-latest ] - go-version: [ "1.25", "1.24" ] - fail-fast: false - uses: ./.github/workflows/multios-unit-tests.yml - with: - go-version: ${{ matrix.go-version }} - runs-on: ${{ matrix.runs-on }} - ref: ${{ inputs.ref || github.ref }} - secrets: inherit + go-version: "1.25" # Should be the highest supported version of Go + ref: ${{ github.sha }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 4fe876dc7e..3530801ece 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -14,12 +14,39 @@ concurrency: jobs: unit-integration-tests: name: PR Unit and Integration Tests + strategy: + matrix: + go-version: [ "1.24", "1.25" ] + fail-fast: false uses: ./.github/workflows/unit-integration-tests.yml - permissions: - contents: read - id-token: write - pull-requests: write with: - go-version: "1.24" - ref: ${{ github.ref }} + go-version: ${{ matrix.go-version }} + ref: ${{ github.sha }} secrets: inherit + multios-unit-tests: + strategy: + matrix: + runs-on: [ macos-latest, windows-latest, ubuntu-latest ] + go-version: [ "1.24", "1.25" ] + fail-fast: false + uses: ./.github/workflows/multios-unit-tests.yml + with: + go-version: ${{ matrix.go-version }} + runs-on: ${{ matrix.runs-on }} + ref: ${{ github.sha }} + secrets: inherit + # This is a simple join point to make it easy to set up branch protection rules in GitHub. + pull-request-tests-done: + name: PR Unit and Integration Tests + needs: + - unit-integration-tests + - multios-unit-tests + runs-on: ubuntu-latest + if: success() || failure() + steps: + - name: Success + if: needs.unit-integration-tests.result == 'success' && needs.multios-unit-tests.result == 'success' + run: echo "Success!" + - name: Failure + if: needs.unit-integration-tests.result != 'success' || needs.multios-unit-tests.result != 'success' + run: echo "Failure!" && exit 1 \ No newline at end of file From 2845b9ae32fa69fe8227963133254229d576e27a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Thu, 21 Aug 2025 13:07:00 +0200 Subject: [PATCH 03/16] hack(.github/workflows): fake the name of the done check for PR Unit and Integration Tests --- .github/workflows/pull-request.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 3530801ece..35dc2f9d71 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -37,7 +37,10 @@ jobs: secrets: inherit # This is a simple join point to make it easy to set up branch protection rules in GitHub. pull-request-tests-done: - name: PR Unit and Integration Tests + name: PR Unit and Integration Tests / ${{ matrix.name }} + strategy: + matrix: + name: [ "test-contrib", "test-core" ] needs: - unit-integration-tests - multios-unit-tests From 58b7fa292fe0af19e7bc78f979318e03d4b60070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Thu, 21 Aug 2025 18:17:37 +0200 Subject: [PATCH 04/16] fix(.github/workflows): reuse cached .git repository for branch HEAD commit (#3893) --- .github/workflows/main-branch-tests.yml | 7 ---- .github/workflows/multios-unit-tests.yml | 20 +++++------ .github/workflows/pull-request.yml | 18 ++++++++-- .github/workflows/system-tests.yml | 35 +++++++++++++++++--- .github/workflows/unit-integration-tests.yml | 30 ++++++++++++----- 5 files changed, 78 insertions(+), 32 deletions(-) diff --git a/.github/workflows/main-branch-tests.yml b/.github/workflows/main-branch-tests.yml index d29c6a8ccc..d2af52c746 100644 --- a/.github/workflows/main-branch-tests.yml +++ b/.github/workflows/main-branch-tests.yml @@ -1,12 +1,6 @@ name: Main Branch and Release Tests on: - workflow_call: # allows to reuse this workflow - inputs: - ref: - description: 'The branch to run the workflow on' - required: true - type: string push: branches: - release-v* @@ -31,4 +25,3 @@ jobs: pull-requests: write with: go-version: "1.25" # Should be the highest supported version of Go - ref: ${{ github.sha }} diff --git a/.github/workflows/multios-unit-tests.yml b/.github/workflows/multios-unit-tests.yml index 2fefae2d62..1da774b1ad 100644 --- a/.github/workflows/multios-unit-tests.yml +++ b/.github/workflows/multios-unit-tests.yml @@ -4,13 +4,11 @@ on: workflow_dispatch: # manually inputs: go-version: + description: The Go version to use required: true type: string runs-on: - required: true - type: string - ref: - description: 'The branch to run the workflow on' + description: The OS to run the tests on required: true type: string workflow_call: @@ -21,10 +19,6 @@ on: runs-on: required: true type: string - ref: - description: 'The branch to run the workflow on' - required: true - type: string env: DD_APPSEC_WAF_TIMEOUT: 1m # Increase time WAF time budget to reduce CI flakiness @@ -50,10 +44,16 @@ jobs: shell: pwsh run: | "normalized_workspace=${{ github.workspace }}" >> $env:GITHUB_ENV + - name: Restore repo cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: .git + key: gitdb-${{ github.repository_id }}-${{ github.sha }} - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v2.7.0 with: - ref: ${{ inputs.ref || github.ref }} + ref: ${{ github.sha }} + clean: false - name: Setup Go and development tools uses: ./.github/actions/setup-go with: @@ -63,7 +63,7 @@ jobs: - name: Mac OS Coreutils if: inputs.runs-on == 'macos-latest' run: brew install coreutils - - name: "Runner ${{ matrix.runner-index }}: Test Core and Contrib (No Integration Tests)" + - name: "Runner: Test Core and Contrib (No Integration Tests)" shell: bash run: | export PATH="${{ github.workspace }}/bin:${PATH}" diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 35dc2f9d71..107cd15679 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -12,8 +12,22 @@ concurrency: cancel-in-progress: true jobs: + warm-repo-cache: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: .git + key: gitdb-${{ github.repository_id }}-${{ github.sha }} unit-integration-tests: name: PR Unit and Integration Tests + needs: + - warm-repo-cache strategy: matrix: go-version: [ "1.24", "1.25" ] @@ -21,9 +35,10 @@ jobs: uses: ./.github/workflows/unit-integration-tests.yml with: go-version: ${{ matrix.go-version }} - ref: ${{ github.sha }} secrets: inherit multios-unit-tests: + needs: + - warm-repo-cache strategy: matrix: runs-on: [ macos-latest, windows-latest, ubuntu-latest ] @@ -33,7 +48,6 @@ jobs: with: go-version: ${{ matrix.go-version }} runs-on: ${{ matrix.runs-on }} - ref: ${{ github.sha }} secrets: inherit # This is a simple join point to make it easy to set up branch protection rules in GitHub. pull-request-tests-done: diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index 23af51c75b..8bfdbc55d7 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -37,11 +37,32 @@ permissions: packages: write jobs: + warm-repo-cache: + runs-on: ubuntu-latest + outputs: + sha: ${{ steps.pin.outputs.sha }} + steps: + - name: Checkout system-tests + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + repository: 'DataDog/system-tests' + ref: ${{ inputs.ref }} + - name: Pin exact commit SHA for system-tests + id: pin + run: | + echo "sha=$(git rev-parse FETCH_HEAD)" >> "$GITHUB_OUTPUT" + - name: Cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: .git + key: gitdb-system-tests-${{ steps.pin.outputs.sha }} system-tests: if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'DataDog/dd-trace-go') # Note: Not using large runners because the jobs spawned by this pipeline # don't seem to get a noticable speedup from using larger runners. runs-on: ubuntu-latest + needs: + - warm-repo-cache strategy: matrix: weblog-variant: @@ -128,11 +149,17 @@ jobs: SYSTEM_TESTS_E2E_DD_APP_KEY: ${{ secrets.SYSTEM_TESTS_E2E_DD_APP_KEY }} name: Test (${{ matrix.weblog-variant }}, ${{ matrix.scenario }}) steps: - - name: Checkout system tests - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Restore repo cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: - repository: 'DataDog/system-tests' - ref: ${{ inputs.ref }} + path: .git + key: gitdb-system-tests-${{ needs.warm-repo-cache.outputs.sha }} + + - name: Checkout system tests + shell: bash + run: | + git config safe.directory "$GITHUB_WORKSPACE" + git checkout -f ${{ needs.warm-repo-cache.outputs.sha }} - name: Checkout dd-trace-go uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/unit-integration-tests.yml b/.github/workflows/unit-integration-tests.yml index e74789ef6f..03b792ae42 100644 --- a/.github/workflows/unit-integration-tests.yml +++ b/.github/workflows/unit-integration-tests.yml @@ -6,10 +6,6 @@ on: go-version: required: true type: string - ref: - description: 'The branch to run the workflow on' - required: true - type: string env: DD_APPSEC_WAF_TIMEOUT: 1m # Increase time WAF time budget to reduce CI flakiness @@ -31,10 +27,16 @@ jobs: outputs: matrix: ${{ steps.matrix.outputs.matrix }} steps: + - name: Restore repo cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: .git + key: gitdb-${{ github.repository_id }}-${{ github.sha }} - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - ref: ${{ inputs.ref || github.ref }} + ref: ${{ github.sha }} + clean: false - name: Compute Matrix id: matrix @@ -201,11 +203,16 @@ jobs: ports: - 4566:4566 steps: + - name: Restore repo cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: .git + key: gitdb-${{ github.repository_id }}-${{ github.sha }} - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - ref: ${{ inputs.ref || github.ref }} - fetch-depth: $(( ${{ github.event_name == 'pull_request' && github.event.pull_request.commits || 0 }} + 1 )) + ref: ${{ github.sha }} + clean: false - name: Setup Go and development tools uses: ./.github/actions/setup-go @@ -273,11 +280,16 @@ jobs: - 8125:8125/udp - 8126:8126 steps: + - name: Restore repo cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: .git + key: gitdb-${{ github.repository_id }}-${{ github.sha }} - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - ref: ${{ inputs.ref || github.ref }} - fetch-depth: $(( ${{ github.event_name == 'pull_request' && github.event.pull_request.commits || 0 }} + 1 )) + ref: ${{ github.sha }} + clean: false - name: Setup Go and development tools uses: ./.github/actions/setup-go with: From c0fc8093f9480d96b037c46cedf69bd936967fe5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Fri, 22 Aug 2025 12:55:28 +0200 Subject: [PATCH 05/16] chore(.github/workflows): reuse datadog-agent service definition with anchor --- .github/workflows/unit-integration-tests.yml | 33 ++------------------ 1 file changed, 3 insertions(+), 30 deletions(-) diff --git a/.github/workflows/unit-integration-tests.yml b/.github/workflows/unit-integration-tests.yml index 03b792ae42..056a68e15e 100644 --- a/.github/workflows/unit-integration-tests.yml +++ b/.github/workflows/unit-integration-tests.yml @@ -54,7 +54,7 @@ jobs: matrix: chunk: ${{ fromJson(needs.set-up.outputs.matrix) }} services: - datadog-agent: + datadog-agent: &datadog-agent image: datadog/agent:latest env: DD_HOSTNAME: "github-actions-worker" @@ -264,21 +264,7 @@ jobs: env: INTEGRATION: true services: - datadog-agent: - image: datadog/agent:latest - env: - DD_HOSTNAME: "github-actions-worker" - DD_APM_ENABLED: true - DD_BIND_HOST: "0.0.0.0" - DD_API_KEY: "invalid_key_but_this_is_fine" - # We need to specify a custom health-check. By default, this container will remain "unhealthy" since - # we don't fully configure it with a valid API key (and possibly other reasons) - # This command just checks for our ability to connect to port 8126 - options: >- - --health-cmd "bash -c '- - --health-cmd "bash -c ' Date: Fri, 22 Aug 2025 18:03:28 +0200 Subject: [PATCH 06/16] feat(.github/actions): allow to cache and run Docker images --- .github/actions/run-service/action.yml | 34 +++++++++++++++ .github/workflows/pull-request.yml | 12 ++++++ .github/workflows/unit-integration-tests.yml | 15 +++++-- .github/workflows/warm-up-service.yml | 44 ++++++++++++++++++++ 4 files changed, 101 insertions(+), 4 deletions(-) create mode 100644 .github/actions/run-service/action.yml create mode 100644 .github/workflows/warm-up-service.yml diff --git a/.github/actions/run-service/action.yml b/.github/actions/run-service/action.yml new file mode 100644 index 0000000000..5267c7ce25 --- /dev/null +++ b/.github/actions/run-service/action.yml @@ -0,0 +1,34 @@ +name: Run service +description: Runs a Docker image from cache +inputs: + repository: + required: true + description: The repository of the image to warm up + tag: + required: true + description: The tag of the image to warm up (latest tag not supported) + flags: + required: true + description: The flags to pass to the service +runs: + using: "composite" + steps: + - name: Build cache filename + id: build_cache_filename + shell: bash + run: | + cache_filename=$(printf '%s_%s' "${{ inputs.repository }}" "${{ inputs.tag }}" | tr -cs '[:alnum:]_' '_') + echo "cache_filename=$cache_filename" >> $GITHUB_OUTPUT + - name: Restore image cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: ${{ steps.build_cache_filename.outputs.cache_filename }}.tar + key: ${{ inputs.repository }}:${{ inputs.tag }} + - name: Load image + shell: bash + run: | + docker load -i ${{ steps.build_cache_filename.outputs.cache_filename }}.tar + - name: Run service + shell: bash + run: | + docker run -d ${{ inputs.flags }} ${{ inputs.repository }}:${{ inputs.tag }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 107cd15679..72d578f72b 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -24,10 +24,21 @@ jobs: with: path: .git key: gitdb-${{ github.repository_id }}-${{ github.sha }} + warm-services-cache: + strategy: + matrix: + image: + - repository: datadog/agent + tag: 7.69.2 + uses: ./.github/workflows/warm-up-service.yml + with: + repository: ${{ matrix.image.repository }} + tag: ${{ matrix.image.tag }} unit-integration-tests: name: PR Unit and Integration Tests needs: - warm-repo-cache + - warm-services-cache strategy: matrix: go-version: [ "1.24", "1.25" ] @@ -39,6 +50,7 @@ jobs: multios-unit-tests: needs: - warm-repo-cache + - warm-services-cache strategy: matrix: runs-on: [ macos-latest, windows-latest, ubuntu-latest ] diff --git a/.github/workflows/unit-integration-tests.yml b/.github/workflows/unit-integration-tests.yml index 056a68e15e..cf445c56f7 100644 --- a/.github/workflows/unit-integration-tests.yml +++ b/.github/workflows/unit-integration-tests.yml @@ -37,7 +37,6 @@ jobs: with: ref: ${{ github.sha }} clean: false - - name: Compute Matrix id: matrix run: |- @@ -45,7 +44,8 @@ jobs: go run ./scripts/ci_contrib_matrix.go >> "${GITHUB_OUTPUT}" test-contrib-matrix: - needs: set-up + needs: + - set-up runs-on: group: "APM Larger Runners" env: @@ -263,8 +263,6 @@ jobs: group: "APM Larger Runners" env: INTEGRATION: true - services: - datadog-agent: *datadog-agent steps: - name: Restore repo cache uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 @@ -282,6 +280,15 @@ jobs: go-version: ${{ inputs.go-version }} tools-dir: ${{ github.workspace }}/_tools tools-bin: ${{ github.workspace }}/bin + - name: Start datadog/agent + uses: ./.github/actions/run-service + with: + repository: datadog/agent + tag: 7.69.2 + # We need to specify a custom health-check. By default, this container will remain "unhealthy" since + # we don't fully configure it with a valid API key (and possibly other reasons) + # This command just checks for our ability to connect to port 8126 + flags: --name datadog-agent -e DD_HOSTNAME=github-actions-worker -e DD_APM_ENABLED=true -e DD_BIND_HOST=0.0.0.0 -e DD_API_KEY=invalid_key_but_this_is_fine -e DD_TEST_AGENT_HOST=localhost -e DD_TEST_AGENT_PORT=9126 --health-cmd "bash -c '> $GITHUB_OUTPUT + docker save $image > $cache_filename.tar + - name: Cache Docker image + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: "${{ steps.pull_image.outputs.cache_filename }}.tar" + key: "${{ inputs.repository }}:${{ inputs.tag }}" From 9d77f94ab8092f01174213273bd6c04d8ebf8f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Mon, 25 Aug 2025 17:47:38 +0200 Subject: [PATCH 07/16] feat(.github/workflows): migrate pull-request and unit-integration-tests to CUE --- .github/actions/warm-up-service/action.yml | 35 +++ .github/workflows/go-versions.cue | 6 + .github/workflows/pull-request.cue | 115 ++++++++ .github/workflows/pull-request.yml | 37 +-- .github/workflows/services.cue | 265 +++++++++++++++++++ .github/workflows/unit-integration-tests.cue | 257 ++++++++++++++++++ .github/workflows/unit-integration-tests.yml | 203 +++++++------- .github/workflows/warm-up-service.yml | 44 --- 8 files changed, 790 insertions(+), 172 deletions(-) create mode 100644 .github/actions/warm-up-service/action.yml create mode 100644 .github/workflows/go-versions.cue create mode 100644 .github/workflows/pull-request.cue create mode 100644 .github/workflows/services.cue create mode 100644 .github/workflows/unit-integration-tests.cue delete mode 100644 .github/workflows/warm-up-service.yml diff --git a/.github/actions/warm-up-service/action.yml b/.github/actions/warm-up-service/action.yml new file mode 100644 index 0000000000..1bbb2c3f38 --- /dev/null +++ b/.github/actions/warm-up-service/action.yml @@ -0,0 +1,35 @@ +name: Warm up service +inputs: + repository: + required: true + description: The repository of the image to warm up + tag: + required: true + description: The tag of the image to warm up (latest tag not supported) +runs: + using: "composite" + steps: + - name: Restore repo cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: .git + key: gitdb-${{ github.repository_id }}-${{ github.sha }} + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + ref: ${{ github.sha }} + clean: false + - name: Pull Docker image + id: pull_image + shell: bash + run: | + image=${{ inputs.repository }}:${{ inputs.tag }} + docker pull $image + cache_filename=$(printf '%s_%s' "${{ inputs.repository }}" "${{ inputs.tag }}" | tr -cs '[:alnum:]_' '_') + echo "cache_filename=$cache_filename" >> $GITHUB_OUTPUT + docker save $image > $cache_filename.tar + - name: Cache Docker image + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + with: + path: "${{ steps.pull_image.outputs.cache_filename }}.tar" + key: "${{ inputs.repository }}:${{ inputs.tag }}" diff --git a/.github/workflows/go-versions.cue b/.github/workflows/go-versions.cue new file mode 100644 index 0000000000..fe8616ab2c --- /dev/null +++ b/.github/workflows/go-versions.cue @@ -0,0 +1,6 @@ +package workflows + +_go_versions: [ + "1.24", + "1.25", +] diff --git a/.github/workflows/pull-request.cue b/.github/workflows/pull-request.cue new file mode 100644 index 0000000000..c1fdafa45a --- /dev/null +++ b/.github/workflows/pull-request.cue @@ -0,0 +1,115 @@ +package workflows + +"name": "Pull Request Tests" + +"on": "pull_request": "types": [ + "opened", + "synchronize", + "reopened", +] + +"concurrency": { + "group": "${{ github.ref }}" + "cancel-in-progress": true +} + +"jobs": { + "warm-repo-cache": { + "runs-on": "ubuntu-latest" + "steps": [ + { + "name": "Checkout" + "uses": "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" + "with": { + "ref": "${{ github.event.pull_request.head.sha }}" + } + }, + { + "name": "Cache" + "uses": "actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809" + "with": { + "path": ".git" + "key": "gitdb-${{ github.repository_id }}-${{ github.sha }}" + } + }, + ] + } + "warm-services-cache": { + "strategy": { + "matrix": { + "image": [ + #ToImage & {_svc: _datadog_agent_svc}, + ] + } + } + "uses": "./.github/actions/warm-up-service" + "with": { + "repository": "${{ matrix.image.repository }}" + "tag": "${{ matrix.image.tag }}" + } + } + "unit-integration-tests": { + "name": "PR Unit and Integration Tests" + "needs": [ + "warm-repo-cache", + "warm-services-cache", + ] + "strategy": { + "matrix": { + "go-version": _go_versions + } + "fail-fast": false + } + "uses": "./.github/workflows/unit-integration-tests.yml" + "with": { + "go-version": "${{ matrix.go-version }}" + } + "secrets": "inherit" + } + "multios-unit-tests": { + "needs": [ + "warm-repo-cache", + "warm-services-cache", + ] + "strategy": { + "matrix": { + "runs-on": ["macos-latest", "windows-latest", "ubuntu-latest"] + "go-version": _go_versions + } + "fail-fast": false + } + "uses": "./.github/workflows/multios-unit-tests.yml" + "with": { + "go-version": "${{ matrix.go-version }}" + "runs-on": "${{ matrix.runs-on }}" + } + "secrets": "inherit" + } + // This is a simple join point to make it easy to set up branch protection rules in GitHub. + "pull-request-tests-done": { + "name": "PR Unit and Integration Tests / ${{ matrix.name }}" + "strategy": { + "matrix": { + "name": ["test-contrib", "test-core"] + } + } + "needs": [ + "unit-integration-tests", + "multios-unit-tests", + ] + "runs-on": "ubuntu-latest" + "if": "success() || failure()" + "steps": [ + { + "name": "Success" + "if": "needs.unit-integration-tests.result == 'success' && needs.multios-unit-tests.result == 'success'" + "run": "echo 'Success!'" + }, + { + "name": "Failure" + "if": "needs.unit-integration-tests.result != 'success' || needs.multios-unit-tests.result != 'success'" + "run": "echo 'Failure!' && exit 1" + }, + ] + } +} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 72d578f72b..fc1c1a9b20 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,26 +1,23 @@ name: Pull Request Tests - -on: +"on": pull_request: types: - opened - synchronize - reopened - concurrency: group: ${{ github.ref }} cancel-in-progress: true - jobs: warm-repo-cache: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: ref: ${{ github.event.pull_request.head.sha }} - name: Cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 with: path: .git key: gitdb-${{ github.repository_id }}-${{ github.sha }} @@ -28,9 +25,9 @@ jobs: strategy: matrix: image: - - repository: datadog/agent - tag: 7.69.2 - uses: ./.github/workflows/warm-up-service.yml + - repository: datadog/agent + tag: 7.69.2 + uses: ./.github/actions/warm-up-service with: repository: ${{ matrix.image.repository }} tag: ${{ matrix.image.tag }} @@ -41,7 +38,9 @@ jobs: - warm-services-cache strategy: matrix: - go-version: [ "1.24", "1.25" ] + go-version: + - "1.24" + - "1.25" fail-fast: false uses: ./.github/workflows/unit-integration-tests.yml with: @@ -53,20 +52,26 @@ jobs: - warm-services-cache strategy: matrix: - runs-on: [ macos-latest, windows-latest, ubuntu-latest ] - go-version: [ "1.24", "1.25" ] + runs-on: + - macos-latest + - windows-latest + - ubuntu-latest + go-version: + - "1.24" + - "1.25" fail-fast: false uses: ./.github/workflows/multios-unit-tests.yml with: go-version: ${{ matrix.go-version }} runs-on: ${{ matrix.runs-on }} secrets: inherit - # This is a simple join point to make it easy to set up branch protection rules in GitHub. pull-request-tests-done: name: PR Unit and Integration Tests / ${{ matrix.name }} strategy: matrix: - name: [ "test-contrib", "test-core" ] + name: + - test-contrib + - test-core needs: - unit-integration-tests - multios-unit-tests @@ -75,7 +80,7 @@ jobs: steps: - name: Success if: needs.unit-integration-tests.result == 'success' && needs.multios-unit-tests.result == 'success' - run: echo "Success!" + run: echo 'Success!' - name: Failure if: needs.unit-integration-tests.result != 'success' || needs.multios-unit-tests.result != 'success' - run: echo "Failure!" && exit 1 \ No newline at end of file + run: echo 'Failure!' && exit 1 diff --git a/.github/workflows/services.cue b/.github/workflows/services.cue new file mode 100644 index 0000000000..e79a1350c6 --- /dev/null +++ b/.github/workflows/services.cue @@ -0,0 +1,265 @@ +package workflows + +import "strings" + +#Service: { + image: string + env?: {[string]: string | number | bool} + options?: string + ports?: [...string] + volumes?: [...string] +} + +#Image: { + repository: string + tag?: string +} + +#ToImage: { + _svc: #Service + _parts: [...string] & strings.Split(_svc.image, ":") + + repository: _parts[0] + tag: _parts[1] +} & #Image + +_datadog_agent_svc: #Service & { + "image": "datadog/agent:7.69.2" + "env": { + "DD_HOSTNAME": "github-actions-worker" + "DD_APM_ENABLED": true + "DD_BIND_HOST": "0.0.0.0" + "DD_API_KEY": "invalid_key_but_this_is_fine" + "DD_TEST_AGENT_HOST": "localhost" + "DD_TEST_AGENT_PORT": 9126 + } + "options": """ + --health-cmd "bash -c '> "${GITHUB_OUTPUT}" + """ + }, + ] + } + "test-contrib-matrix": { + "needs": [ + "set-up", + ] + "runs-on": "group": "APM Larger Runners" + "env": { + "INTEGRATION": true + } + "strategy": { + "matrix": { + "chunk": "${{ fromJson(needs.set-up.outputs.matrix) }}" + } + } + "services": { + for key, svc in _services { + "\(key)": svc + } + } + "steps": [ + { + "name": "Restore repo cache" + "uses": "actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809" + "with": { + "path": ".git" + "key": "gitdb-${{ github.repository_id }}-${{ github.sha }}" + } + }, + { + "name": "Checkout" + "uses": "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" + "with": { + "ref": "${{ github.sha }}" + "clean": false + } + }, + { + "name": "Setup Go and development tools" + "uses": "./.github/actions/setup-go" + "with": { + "go-version": "${{ inputs.go-version }}" + "tools-dir": "${{ github.workspace }}/_tools" + "tools-bin": "${{ github.workspace }}/bin" + } + }, + { + "name": "Test Contrib" + "if": "always()" + "env": { + "TEST_RESULTS": "${{ env.TEST_RESULT_PATH }}" + } + "run": """ + export PATH="${{ github.workspace }}/bin:${PATH}" + ./scripts/ci_test_contrib.sh default ${{ toJson(matrix.chunk) }} + """ + }, + { + "name": "Upload the results to Datadog CI App" + "if": "always()" + "continue-on-error": true + "uses": "./.github/actions/dd-ci-upload" + "with": { + "dd-api-key": "${{ secrets.DD_CI_API_KEY }}" + "path": "${{ env.TEST_RESULT_PATH }}" + "tags": "go:${{ inputs.go-version }},arch:${{ runner.arch }},os:${{ runner.os }},distribution:${{ runner.distribution }}" + } + }, + { + "name": "Upload Coverage" + "if": "always()" + "continue-on-error": true + "shell": "bash" + "run": "bash <(curl -s https://codecov.io/bash) -t ${{ secrets.CODECOV_TOKEN }}" + }, + ] + } + "test-contrib": { + "needs": [ + "test-contrib-matrix", + ] + "runs-on": "group": "APM Larger Runners" + "if": "success() || failure()" + "continue-on-error": true + "steps": [ + { + "name": "Success" + "if": "needs.test-contrib-matrix.result == 'success'" + "run": "echo 'Success!'" + }, + { + "name": "Failure" + "if": "needs.test-contrib-matrix.result != 'success'" + "run": "echo 'Failure!' && exit 1" + }, + ] + } + "test-core": { + "runs-on": "group": "APM Larger Runners" + "env": { + "INTEGRATION": true + } + "steps": [ + { + "name": "Restore repo cache" + "uses": "actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809" + "with": { + "path": ".git" + "key": "gitdb-${{ github.repository_id }}-${{ github.sha }}" + } + }, + { + "name": "Checkout" + "uses": "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" + "with": { + "ref": "${{ github.sha }}" + "clean": false + } + }, + { + "name": "Start datadog/agent" + "uses": "./.github/actions/run-service" + "with": { + #ToImage & {_svc: _datadog_agent_svc} + } + }, + { + "name": "Test Core" + "env": { + "DD_APPSEC_WAF_TIMEOUT": "1h" + "TEST_RESULTS": "${{ env.TEST_RESULT_PATH }}" + } + "run": """ + export PATH="${{ github.workspace }}/bin:${PATH}" + ls -al "${{ github.workspace }}/bin" + ./scripts/ci_test_core.sh + """ + }, + { + "name": "Upload the results to Datadog CI App" + "if": "always()" + "continue-on-error": true + "uses": "./.github/actions/dd-ci-upload" + "with": { + "dd-api-key": "${{ secrets.DD_CI_API_KEY }}" + "path": "${{ env.TEST_RESULT_PATH }}" + "tags": "go:${{ inputs.go-version }},arch:${{ runner.arch }},os:${{ runner.os }},distribution:${{ runner.distribution }}" + } + }, + { + "name": "Upload Coverage" + "if": "always()" + "continue-on-error": true + "shell": "bash" + "run": "bash <(curl -s https://codecov.io/bash) -t ${{ secrets.CODECOV_TOKEN }}" + }, + ] + } + "upload-test-results": { + "needs": [ + "test-contrib", + "test-core", + ] + "if": "always()" + "runs-on": "group": "APM Larger Runners" + "services": { + "datadog-agent": _datadog_agent_svc + "testagent": _testagent_svc + } + "steps": [ + { + "name": "Get Datadog APM Test Agent Logs" + "if": "always()" + "shell": "bash" + "run": "docker logs ${{ job.services.testagent.id }}" + }, + { + "name": "Get Datadog APM Test Agent Trace Check Summary Results" + "if": "always()" + "shell": "bash" + "run": """ + RESPONSE=$(curl -s -w "\\n%{http_code}" -o response.txt "http://127.0.0.1:9126/test/trace_check/failures?return_all=true") + RESPONSE_CODE=$(echo "$RESPONSE" | awk 'END {print $NF}') + SUMMARY_RESPONSE=$(curl -s -w "\\n%{http_code}" -o summary_response.txt "http://127.0.0.1:9126/test/trace_check/summary?return_all=true") + SUMMARY_RESPONSE_CODE=$(echo "$SUMMARY_RESPONSE" | awk 'END {print $NF}') + if [[ $RESPONSE_CODE -eq 200 ]]; then + echo " " + cat response.txt + echo " - All APM Test Agent Check Traces returned successful!" + echo "APM Test Agent Check Traces Summary Results:" + cat summary_response.txt | jq "." + else + echo "APM Test Agent Check Traces failed with response code: $RESPONSE_CODE" + echo "Failures:" + cat response.txt + echo "APM Test Agent Check Traces Summary Results:" + cat summary_response.txt | jq "." + exit 1 + fi + """ + }, + ] + } +} diff --git a/.github/workflows/unit-integration-tests.yml b/.github/workflows/unit-integration-tests.yml index cf445c56f7..e8e7247474 100644 --- a/.github/workflows/unit-integration-tests.yml +++ b/.github/workflows/unit-integration-tests.yml @@ -1,26 +1,17 @@ name: Unit and Integration Tests - -on: +"on": workflow_call: inputs: go-version: required: true type: string - env: - DD_APPSEC_WAF_TIMEOUT: 1m # Increase time WAF time budget to reduce CI flakiness - # Users may build our library with GOTOOLCHAIN=local. If they do, and our - # go.mod file specifies a newer Go version than their local toolchain, their - # build will break. Run our tests with GOTOOLCHAIN=local to ensure that - # our library builds with all of the Go versions we claim to support, - # without having to download a newer one. + DD_APPSEC_WAF_TIMEOUT: 1m GOTOOLCHAIN: local - GODEBUG: "x509negativeserial=1" + GODEBUG: x509negativeserial=1 TEST_RESULT_PATH: /tmp/test-results - permissions: contents: read - jobs: set-up: runs-on: ubuntu-latest @@ -28,53 +19,46 @@ jobs: matrix: ${{ steps.matrix.outputs.matrix }} steps: - name: Restore repo cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 with: path: .git key: gitdb-${{ github.repository_id }}-${{ github.sha }} - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: ref: ${{ github.sha }} clean: false - name: Compute Matrix id: matrix - run: |- - echo -n "matrix=" >> "${GITHUB_OUTPUT}" - go run ./scripts/ci_contrib_matrix.go >> "${GITHUB_OUTPUT}" - + run: |2- + echo -n "matrix=" >> "${GITHUB_OUTPUT}" + go run ./scripts/ci_contrib_matrix.go >> "${GITHUB_OUTPUT}" test-contrib-matrix: needs: - set-up runs-on: - group: "APM Larger Runners" + group: APM Larger Runners env: INTEGRATION: true strategy: matrix: chunk: ${{ fromJson(needs.set-up.outputs.matrix) }} services: - datadog-agent: &datadog-agent - image: datadog/agent:latest + datadog-agent: + image: datadog/agent:7.69.2 env: - DD_HOSTNAME: "github-actions-worker" + DD_HOSTNAME: github-actions-worker DD_APM_ENABLED: true - DD_BIND_HOST: "0.0.0.0" - DD_API_KEY: "invalid_key_but_this_is_fine" - DD_TEST_AGENT_HOST: "localhost" + DD_BIND_HOST: 0.0.0.0 + DD_API_KEY: invalid_key_but_this_is_fine + DD_TEST_AGENT_HOST: localhost DD_TEST_AGENT_PORT: 9126 - # We need to specify a custom health-check. By default, this container will remain "unhealthy" since - # we don't fully configure it with a valid API key (and possibly other reasons) - # This command just checks for our ability to connect to port 8126 - options: >- - --health-cmd "bash -c '- - --name "kafka" + - "9092:9092" + - "9093:9093" localstack: image: localstack/localstack:latest ports: - - 4566:4566 + - "4566:4566" steps: - name: Restore repo cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 with: path: .git key: gitdb-${{ github.repository_id }}-${{ github.sha }} - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: ref: ${{ github.sha }} clean: false - - name: Setup Go and development tools uses: ./.github/actions/setup-go with: @@ -224,10 +208,9 @@ jobs: if: always() env: TEST_RESULTS: ${{ env.TEST_RESULT_PATH }} - run: | - export PATH="${{ github.workspace }}/bin:${PATH}" - ./scripts/ci_test_contrib.sh default ${{ toJson(matrix.chunk) }} - + run: |2- + export PATH="${{ github.workspace }}/bin:${PATH}" + ./scripts/ci_test_contrib.sh default ${{ toJson(matrix.chunk) }} - name: Upload the results to Datadog CI App if: always() continue-on-error: true @@ -236,67 +219,54 @@ jobs: dd-api-key: ${{ secrets.DD_CI_API_KEY }} path: ${{ env.TEST_RESULT_PATH }} tags: go:${{ inputs.go-version }},arch:${{ runner.arch }},os:${{ runner.os }},distribution:${{ runner.distribution }} - - name: Upload Coverage if: always() continue-on-error: true shell: bash run: bash <(curl -s https://codecov.io/bash) -t ${{ secrets.CODECOV_TOKEN }} - test-contrib: needs: - test-contrib-matrix runs-on: - group: "APM Larger Runners" + group: APM Larger Runners if: success() || failure() continue-on-error: true steps: - name: Success if: needs.test-contrib-matrix.result == 'success' - run: echo "Success!" + run: echo 'Success!' - name: Failure if: needs.test-contrib-matrix.result != 'success' - run: echo "Failure!" && exit 1 - + run: echo 'Failure!' && exit 1 test-core: runs-on: - group: "APM Larger Runners" + group: APM Larger Runners env: - INTEGRATION: true + INTEGRATION: true steps: - name: Restore repo cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 with: path: .git key: gitdb-${{ github.repository_id }}-${{ github.sha }} - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: ref: ${{ github.sha }} clean: false - - name: Setup Go and development tools - uses: ./.github/actions/setup-go - with: - go-version: ${{ inputs.go-version }} - tools-dir: ${{ github.workspace }}/_tools - tools-bin: ${{ github.workspace }}/bin - name: Start datadog/agent uses: ./.github/actions/run-service with: repository: datadog/agent tag: 7.69.2 - # We need to specify a custom health-check. By default, this container will remain "unhealthy" since - # we don't fully configure it with a valid API key (and possibly other reasons) - # This command just checks for our ability to connect to port 8126 - flags: --name datadog-agent -e DD_HOSTNAME=github-actions-worker -e DD_APM_ENABLED=true -e DD_BIND_HOST=0.0.0.0 -e DD_API_KEY=invalid_key_but_this_is_fine -e DD_TEST_AGENT_HOST=localhost -e DD_TEST_AGENT_PORT=9126 --health-cmd "bash -c '> $GITHUB_OUTPUT - docker save $image > $cache_filename.tar - - name: Cache Docker image - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 - with: - path: "${{ steps.pull_image.outputs.cache_filename }}.tar" - key: "${{ inputs.repository }}:${{ inputs.tag }}" From 97079acb75b8e29ff253619f74d1195e141f4906 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Mon, 25 Aug 2025 18:01:22 +0200 Subject: [PATCH 08/16] feat(.github/workflows): add Makefile to generate pull-request and unit-integration-test --- .github/workflows/Makefile | 8 +++++++- .github/workflows/pull-request.yml | 1 + .github/workflows/unit-integration-tests.yml | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Makefile b/.github/workflows/Makefile index 78c7fc7129..ddeda44381 100644 --- a/.github/workflows/Makefile +++ b/.github/workflows/Makefile @@ -8,4 +8,10 @@ clean: rm -rf test-apps.yml test-apps.yml: test-apps.cue - cat <(echo "# Code generated via \`make test-apps.yml\`; DO NOT EDIT.") <(cue export --out=yaml $<) > $@ \ No newline at end of file + cat <(echo "# Code generated via \`make test-apps.yml\`; DO NOT EDIT.") <(cue export --out=yaml $<) > $@ + +unit-integration-tests.yml: unit-integration-tests.cue + cat <(echo "# Code generated via \`make unit-integration-tests.yml\`; DO NOT EDIT.") <(cue export services.cue go-versions.cue --out=yaml $<) > $@ + +pull-request.yml: pull-request.cue + cat <(echo "# Code generated via \`make pull-request.yml\`; DO NOT EDIT.") <(cue export services.cue go-versions.cue --out=yaml $<) > $@ diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index fc1c1a9b20..d7527c6a6d 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -1,3 +1,4 @@ +# Code generated via `make pull-request.yml`; DO NOT EDIT. name: Pull Request Tests "on": pull_request: diff --git a/.github/workflows/unit-integration-tests.yml b/.github/workflows/unit-integration-tests.yml index e8e7247474..607db774b0 100644 --- a/.github/workflows/unit-integration-tests.yml +++ b/.github/workflows/unit-integration-tests.yml @@ -1,3 +1,4 @@ +# Code generated via `make unit-integration-tests.yml`; DO NOT EDIT. name: Unit and Integration Tests "on": workflow_call: From 773e033f255c6a40668367ab6928e75a293e1735 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Mon, 25 Aug 2025 18:07:44 +0200 Subject: [PATCH 09/16] fix(.github/workflows): simplify services inclusion in unit-integration-tests/test-contrib-matrix --- .github/workflows/unit-integration-tests.cue | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/unit-integration-tests.cue b/.github/workflows/unit-integration-tests.cue index 14e91ed157..2520b88b8d 100644 --- a/.github/workflows/unit-integration-tests.cue +++ b/.github/workflows/unit-integration-tests.cue @@ -66,11 +66,7 @@ "chunk": "${{ fromJson(needs.set-up.outputs.matrix) }}" } } - "services": { - for key, svc in _services { - "\(key)": svc - } - } + "services": _services "steps": [ { "name": "Restore repo cache" From fbda6607e5f70e06ab515e09dc9e0e02460d00b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Mon, 25 Aug 2025 18:14:50 +0200 Subject: [PATCH 10/16] fix(.github/workflows): migrate warm-services-cache to use action as step --- .github/workflows/pull-request.cue | 16 +++++++++++----- .github/workflows/pull-request.yml | 11 +++++++---- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/.github/workflows/pull-request.cue b/.github/workflows/pull-request.cue index c1fdafa45a..6d922ae7f1 100644 --- a/.github/workflows/pull-request.cue +++ b/.github/workflows/pull-request.cue @@ -35,6 +35,7 @@ package workflows ] } "warm-services-cache": { + "runs-on": "ubuntu-latest" "strategy": { "matrix": { "image": [ @@ -42,11 +43,16 @@ package workflows ] } } - "uses": "./.github/actions/warm-up-service" - "with": { - "repository": "${{ matrix.image.repository }}" - "tag": "${{ matrix.image.tag }}" - } + "steps": [ + { + "name": "Warm up service" + "uses": "./.github/actions/warm-up-service" + "with": { + "repository": "${{ matrix.image.repository }}" + "tag": "${{ matrix.image.tag }}" + } + } + ] } "unit-integration-tests": { "name": "PR Unit and Integration Tests" diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index d7527c6a6d..0a344bdede 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -23,15 +23,18 @@ jobs: path: .git key: gitdb-${{ github.repository_id }}-${{ github.sha }} warm-services-cache: + runs-on: ubuntu-latest strategy: matrix: image: - repository: datadog/agent tag: 7.69.2 - uses: ./.github/actions/warm-up-service - with: - repository: ${{ matrix.image.repository }} - tag: ${{ matrix.image.tag }} + steps: + - name: Warm up service + uses: ./.github/actions/warm-up-service + with: + repository: ${{ matrix.image.repository }} + tag: ${{ matrix.image.tag }} unit-integration-tests: name: PR Unit and Integration Tests needs: From 5c9a6146fecdc225b87aa1c842e21e7a86011208 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Mon, 25 Aug 2025 18:20:33 +0200 Subject: [PATCH 11/16] fix(.github/workflows): add repo checkout to run action in pull-request --- .github/actions/warm-up-service/action.yml | 10 ---------- .github/workflows/pull-request.cue | 16 ++++++++++++++++ .github/workflows/pull-request.yml | 10 ++++++++++ 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/.github/actions/warm-up-service/action.yml b/.github/actions/warm-up-service/action.yml index 1bbb2c3f38..cd45df5627 100644 --- a/.github/actions/warm-up-service/action.yml +++ b/.github/actions/warm-up-service/action.yml @@ -9,16 +9,6 @@ inputs: runs: using: "composite" steps: - - name: Restore repo cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 - with: - path: .git - key: gitdb-${{ github.repository_id }}-${{ github.sha }} - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - ref: ${{ github.sha }} - clean: false - name: Pull Docker image id: pull_image shell: bash diff --git a/.github/workflows/pull-request.cue b/.github/workflows/pull-request.cue index 6d922ae7f1..2910d01d2c 100644 --- a/.github/workflows/pull-request.cue +++ b/.github/workflows/pull-request.cue @@ -44,6 +44,22 @@ package workflows } } "steps": [ + { + "name": "Restore repo cache" + "uses": "actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809" + "with": { + "path": ".git" + "key": "gitdb-${{ github.repository_id }}-${{ github.sha }}" + } + }, + { + "name": "Checkout" + "uses": "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683" + "with": { + "ref": "${{ github.sha }}" + "clean": false + } + }, { "name": "Warm up service" "uses": "./.github/actions/warm-up-service" diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 0a344bdede..2294ba3641 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -30,6 +30,16 @@ jobs: - repository: datadog/agent tag: 7.69.2 steps: + - name: Restore repo cache + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 + with: + path: .git + key: gitdb-${{ github.repository_id }}-${{ github.sha }} + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + with: + ref: ${{ github.sha }} + clean: false - name: Warm up service uses: ./.github/actions/warm-up-service with: From 6db13ef9d2d5a627129f6bb7db77b29a480cbec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Tue, 26 Aug 2025 10:55:47 +0200 Subject: [PATCH 12/16] fix(.github/workflows): close string in services.cue --- .github/workflows/Makefile | 4 ++-- .github/workflows/services.cue | 2 +- .github/workflows/unit-integration-tests.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/Makefile b/.github/workflows/Makefile index ddeda44381..6c1493c1b6 100644 --- a/.github/workflows/Makefile +++ b/.github/workflows/Makefile @@ -10,8 +10,8 @@ clean: test-apps.yml: test-apps.cue cat <(echo "# Code generated via \`make test-apps.yml\`; DO NOT EDIT.") <(cue export --out=yaml $<) > $@ -unit-integration-tests.yml: unit-integration-tests.cue +unit-integration-tests.yml: unit-integration-tests.cue services.cue go-versions.cue cat <(echo "# Code generated via \`make unit-integration-tests.yml\`; DO NOT EDIT.") <(cue export services.cue go-versions.cue --out=yaml $<) > $@ -pull-request.yml: pull-request.cue +pull-request.yml: pull-request.cue services.cue go-versions.cue cat <(echo "# Code generated via \`make pull-request.yml\`; DO NOT EDIT.") <(cue export services.cue go-versions.cue --out=yaml $<) > $@ diff --git a/.github/workflows/services.cue b/.github/workflows/services.cue index e79a1350c6..bfd9fb009c 100644 --- a/.github/workflows/services.cue +++ b/.github/workflows/services.cue @@ -34,7 +34,7 @@ _datadog_agent_svc: #Service & { "DD_TEST_AGENT_PORT": 9126 } "options": """ - --health-cmd "bash -c ' Date: Tue, 26 Aug 2025 11:32:16 +0200 Subject: [PATCH 13/16] fix(.github/workflows): add missing bits in unit-integration-tests --- .github/workflows/unit-integration-tests.cue | 10 ++++++++++ .github/workflows/unit-integration-tests.yml | 8 +++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/unit-integration-tests.cue b/.github/workflows/unit-integration-tests.cue index 2520b88b8d..75672fb5c7 100644 --- a/.github/workflows/unit-integration-tests.cue +++ b/.github/workflows/unit-integration-tests.cue @@ -15,6 +15,7 @@ "DD_APPSEC_WAF_TIMEOUT": "1m" "GOTOOLCHAIN": "local" "GODEBUG": "x509negativeserial=1" + "GOEXPERIMENT": "synctest" // TODO: remove once go1.25 is the minimum supported version "TEST_RESULT_PATH": "/tmp/test-results" } @@ -166,6 +167,15 @@ "clean": false } }, + { + "name": "Setup Go and development tools" + "uses": "./.github/actions/setup-go" + "with": { + "go-version": "${{ inputs.go-version }}" + "tools-dir": "${{ github.workspace }}/_tools" + "tools-bin": "${{ github.workspace }}/bin" + } + }, { "name": "Start datadog/agent" "uses": "./.github/actions/run-service" diff --git a/.github/workflows/unit-integration-tests.yml b/.github/workflows/unit-integration-tests.yml index fc40a3ad51..a4f7e47b6a 100644 --- a/.github/workflows/unit-integration-tests.yml +++ b/.github/workflows/unit-integration-tests.yml @@ -10,7 +10,7 @@ env: DD_APPSEC_WAF_TIMEOUT: 1m GOTOOLCHAIN: local GODEBUG: x509negativeserial=1 - GOEXPERIMENT: synctest # TODO: remove once go1.25 is the minimum supported version + GOEXPERIMENT: synctest TEST_RESULT_PATH: /tmp/test-results permissions: contents: read @@ -256,6 +256,12 @@ jobs: with: ref: ${{ github.sha }} clean: false + - name: Setup Go and development tools + uses: ./.github/actions/setup-go + with: + go-version: ${{ inputs.go-version }} + tools-dir: ${{ github.workspace }}/_tools + tools-bin: ${{ github.workspace }}/bin - name: Start datadog/agent uses: ./.github/actions/run-service with: From 66d2f1c1f7b6bf1e697eb1006db68cf87f47dd95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Tue, 26 Aug 2025 12:14:58 +0200 Subject: [PATCH 14/16] chore(.github/workflows): cue fmt pull-request.cue --- .github/workflows/pull-request.cue | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.cue b/.github/workflows/pull-request.cue index 2910d01d2c..efd5135878 100644 --- a/.github/workflows/pull-request.cue +++ b/.github/workflows/pull-request.cue @@ -44,7 +44,7 @@ package workflows } } "steps": [ - { + { "name": "Restore repo cache" "uses": "actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809" "with": { @@ -67,7 +67,7 @@ package workflows "repository": "${{ matrix.image.repository }}" "tag": "${{ matrix.image.tag }}" } - } + }, ] } "unit-integration-tests": { From b4b76ffe1b4336ba5fa7ace5511c0526b48348df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Tue, 26 Aug 2025 12:24:21 +0200 Subject: [PATCH 15/16] feat(.github/workflows): ensure that nobody forgets to run make commands when editing CUE files --- .github/workflows/Makefile | 3 +++ .github/workflows/go-versions.cue | 2 ++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/Makefile b/.github/workflows/Makefile index 6c1493c1b6..26216b890c 100644 --- a/.github/workflows/Makefile +++ b/.github/workflows/Makefile @@ -15,3 +15,6 @@ unit-integration-tests.yml: unit-integration-tests.cue services.cue go-versions. pull-request.yml: pull-request.cue services.cue go-versions.cue cat <(echo "# Code generated via \`make pull-request.yml\`; DO NOT EDIT.") <(cue export services.cue go-versions.cue --out=yaml $<) > $@ + +.PHONY: cue +cue: test-apps.yml unit-integration-tests.yml pull-request.yml diff --git a/.github/workflows/go-versions.cue b/.github/workflows/go-versions.cue index fe8616ab2c..5f9c57bb09 100644 --- a/.github/workflows/go-versions.cue +++ b/.github/workflows/go-versions.cue @@ -1,5 +1,7 @@ package workflows +// If you bump the supported versions here, you need to run `make cue` to +// update the YAML files. _go_versions: [ "1.24", "1.25", From 93f203b0ccfafcc371ddb10e73766dc0fe14517b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dario=20Casta=C3=B1=C3=A9?= Date: Tue, 26 Aug 2025 13:28:17 +0200 Subject: [PATCH 16/16] feat(.github/workflows): small refactor around services --- .github/workflows/pull-request.cue | 8 +------- .github/workflows/services.cue | 21 +++++++++++++++++++- .github/workflows/unit-integration-tests.cue | 9 +++------ 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/.github/workflows/pull-request.cue b/.github/workflows/pull-request.cue index efd5135878..d09767c46b 100644 --- a/.github/workflows/pull-request.cue +++ b/.github/workflows/pull-request.cue @@ -36,13 +36,7 @@ package workflows } "warm-services-cache": { "runs-on": "ubuntu-latest" - "strategy": { - "matrix": { - "image": [ - #ToImage & {_svc: _datadog_agent_svc}, - ] - } - } + "strategy": "matrix": "image": [#ToImage & {_svc: _datadog_agent_svc}] "steps": [ { "name": "Restore repo cache" diff --git a/.github/workflows/services.cue b/.github/workflows/services.cue index bfd9fb009c..43e9068d53 100644 --- a/.github/workflows/services.cue +++ b/.github/workflows/services.cue @@ -1,6 +1,9 @@ package workflows -import "strings" +import ( + "list" + "strings" +) #Service: { image: string @@ -10,6 +13,22 @@ import "strings" volumes?: [...string] } +#Services: {[string]: #Service} + +#Services: { + _names: [...string] + + if len(_names) == 0 { + _services + } + if len(_names) > 0 { + for name in _names + if list.Contains(_names, name) { + "\(name)": _services[name] + } + } +} + #Image: { repository: string tag?: string diff --git a/.github/workflows/unit-integration-tests.cue b/.github/workflows/unit-integration-tests.cue index 75672fb5c7..746e7f9374 100644 --- a/.github/workflows/unit-integration-tests.cue +++ b/.github/workflows/unit-integration-tests.cue @@ -67,7 +67,7 @@ "chunk": "${{ fromJson(needs.set-up.outputs.matrix) }}" } } - "services": _services + "services": #Services "steps": [ { "name": "Restore repo cache" @@ -220,12 +220,9 @@ "test-contrib", "test-core", ] - "if": "always()" + "if": "always()" // Make sure this always runs, even if test-contrib or test-core fails "runs-on": "group": "APM Larger Runners" - "services": { - "datadog-agent": _datadog_agent_svc - "testagent": _testagent_svc - } + "services": #Services & {_names: ["datadog-agent", "testagent"]} "steps": [ { "name": "Get Datadog APM Test Agent Logs"