fix(internal): hold rate limiter native implementation in a mutex [ba… #54615
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Library Injection" | |
| on: | |
| # Build each branch for testing | |
| push: | |
| pull_request: | |
| paths: | |
| - ddtrace/** | |
| - lib-injection/** | |
| - setup* | |
| - pyproject.toml | |
| - .github/workflows/lib-injection.yml | |
| jobs: | |
| build-and-publish-test-image: | |
| uses: ./.github/workflows/lib-inject-publish.yml | |
| secrets: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| ddtrace-version: v2.6.3 | |
| image-tag: ${{ github.sha }} | |
| build-and-publish-latest-snapshot-image: | |
| if: github.ref == 'refs/heads/main' | |
| uses: ./.github/workflows/lib-inject-publish.yml | |
| secrets: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| ddtrace-version: v2.6.3 | |
| image-tag: latest_snapshot | |
| test-runner-test: | |
| needs: | |
| - build-and-publish-test-image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| strategy: | |
| matrix: | |
| weblog-variant: ['dd-lib-python-init-test-django','dd-lib-python-init-test-django-gunicorn','dd-lib-python-init-test-django-uvicorn'] | |
| fail-fast: false | |
| env: | |
| TEST_LIBRARY: python | |
| WEBLOG_VARIANT: ${{ matrix.weblog-variant }} | |
| DOCKER_REGISTRY_IMAGES_PATH: ghcr.io/datadog | |
| DOCKER_IMAGE_TAG: ${{ github.sha }} | |
| BUILDX_PLATFORMS: linux/amd64 | |
| steps: | |
| - name: Checkout system tests | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: 'DataDog/system-tests' | |
| - name: Install runner | |
| uses: ./.github/actions/install_runner | |
| - name: Run K8s Lib Injection Tests | |
| run: ./run.sh K8S_LIB_INJECTION_BASIC | |
| - name: Compress logs | |
| id: compress_logs | |
| if: always() | |
| run: tar -czvf artifact.tar.gz $(ls | grep logs) | |
| - name: Upload artifact | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: logs_k8s_lib_injection_${{ matrix.weblog-variant }} | |
| path: artifact.tar.gz | |
| test_unit: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| variant: [ | |
| 'dd-lib-python-init-test-django', | |
| 'dd-lib-python-init-test-django-gunicorn', | |
| 'dd-lib-python-init-test-django-gunicorn-alpine', | |
| 'dd-lib-python-init-test-django-uvicorn', | |
| 'dd-lib-python-init-test-django-no-perms', | |
| 'dd-lib-python-init-test-django-pre-installed', | |
| 'dd-lib-python-init-test-django-unsupported-package-force', | |
| ] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build and run the app | |
| run: | | |
| SRC="$(pwd)" | |
| cd lib-injection | |
| export DDTRACE_PYTHON_VERSION="v2.6.3" | |
| export APP_CONTEXT="${SRC}/tests/lib-injection/${{matrix.variant}}" | |
| export TEMP_DIR="${SRC}/tmp/ddtrace" | |
| mkdir -p "${TEMP_DIR}" | |
| # Give the temp dir permissions, by default the docker user doesn't have permissions | |
| # to write to the filesystem. | |
| chmod 777 $TEMP_DIR | |
| # Start the lib_inject to get the files copied. This avoids a race condition with the startup of the | |
| # application. | |
| docker compose up --build lib_inject | |
| docker compose up --build -d | |
| # Wait for the app to start | |
| sleep 60 | |
| docker compose logs | |
| - name: Check Permissions on ddtrace pkgs | |
| run: | | |
| cd lib-injection | |
| # Ensure /datadog-lib/ddtrace_pkgs is a valid directory that is not empty | |
| docker compose run lib_inject find /datadog-init/ddtrace_pkgs -maxdepth 0 -empty | wc -l && if [ $? -ne 0 ]; then exit 1; fi | |
| # Ensure files are not world writeable | |
| docker compose run lib_inject find /datadog-init/ddtrace_pkgs ! -perm /o+w | wc -l && if [ $? -ne 0 ]; then exit 1; fi | |
| # Ensure all users have read and execute permissions to files stored in /datadog-lib/ddtrace_pkgs | |
| docker compose run lib_inject find /datadog-init/ddtrace_pkgs ! -perm u=rwx,o=rx | wc -l && if [ $? -ne 0 ]; then exit 1; fi | |
| - name: Test the app | |
| run: | | |
| curl http://localhost:18080 | |
| sleep 1 # wait for traces to be sent | |
| - name: Check mocked telemetry | |
| run: | | |
| cd lib-injection | |
| docker exec lib-injection-app_local-1 sh -c "cd .. && [ ! -f src/validate_telemetry.py ] || cat src/mock-telemetry.out | python src/validate_telemetry.py" | |
| - name: Print traces | |
| run: curl http://localhost:8126/test/traces | |
| - name: Check test agent received a trace | |
| run: | | |
| N=$(curl http://localhost:8126/test/traces | jq -r -e 'length') | |
| [[ $N == "1" ]] | |
| test_unit_no_instrumentation: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| variant: [ | |
| 'dd-lib-python-init-test-django-unsupported-python', | |
| 'dd-lib-python-init-test-django-unsupported-package', | |
| ] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build and run the app | |
| run: | | |
| SRC="$(pwd)" | |
| cd lib-injection | |
| export DDTRACE_PYTHON_VERSION="v2.6.3" | |
| export APP_CONTEXT="${SRC}/tests/lib-injection/${{matrix.variant}}" | |
| export TEMP_DIR="${SRC}/tmp/ddtrace" | |
| mkdir -p "${TEMP_DIR}" | |
| # Give the temp dir permissions, by default the docker user doesn't have permissions | |
| # to write to the filesystem. | |
| chmod 777 $TEMP_DIR | |
| # Start the lib_inject to get the files copied. This avoids a race condition with the startup of the | |
| # application. | |
| docker compose up --build lib_inject | |
| docker compose up --build -d | |
| # Wait for the app to start | |
| sleep 60 | |
| docker compose logs | |
| - name: Check Permissions on ddtrace pkgs | |
| run: | | |
| cd lib-injection | |
| # Ensure /datadog-lib/ddtrace_pkgs is a valid directory that is not empty | |
| docker compose run lib_inject find /datadog-init/ddtrace_pkgs -maxdepth 0 -empty | wc -l && if [ $? -ne 0 ]; then exit 1; fi | |
| # Ensure files are not world writeable | |
| docker compose run lib_inject find /datadog-init/ddtrace_pkgs ! -perm /o+w | wc -l && if [ $? -ne 0 ]; then exit 1; fi | |
| # Ensure all users have read and execute permissions to files stored in /datadog-lib/ddtrace_pkgs | |
| docker compose run lib_inject find /datadog-init/ddtrace_pkgs ! -perm u=rwx,o=rx | wc -l && if [ $? -ne 0 ]; then exit 1; fi | |
| - name: Test the app | |
| run: | | |
| curl http://localhost:18080 | |
| sleep 1 # wait for traces to be sent | |
| - name: Check mocked telemetry | |
| run: | | |
| cd lib-injection | |
| docker exec lib-injection-app_local-1 sh -c "cd .. && [ ! -f src/validate_telemetry.py ] || cat src/mock-telemetry.out | python src/validate_telemetry.py" | |
| - name: Check test agent received no trace | |
| run: | | |
| N=$(curl http://localhost:8126/test/traces | jq -r -e 'length') | |
| [[ $N == "0" ]] |