-
Notifications
You must be signed in to change notification settings - Fork 1.4k
151 lines (130 loc) · 4.52 KB
/
test-fips.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Test FIPS E2E
on:
workflow_dispatch:
inputs:
agent-image:
description: "Agent image to use"
required: false
type: string
target:
description: "Target to test"
required: false
type: string
pull_request:
path:
- datadog_checks_base/datadog_checks/**
schedule:
- cron: '0 0,8,16 * * *'
defaults:
run:
shell: bash
jobs:
run:
name: "Test FIPS"
runs-on: ["ubuntu-22.04"]
env:
FORCE_COLOR: "1"
PYTHON_VERSION: "3.12"
DDEV_E2E_AGENT: "${{ inputs.agent-image || 'datadog/agent-dev:master-fips' }}"
# Test results for later processing
TEST_RESULTS_BASE_DIR: "test-results"
# Tracing to monitor our test suite
DD_ENV: "ci"
DD_SERVICE: "ddev-integrations-core"
DD_TAGS: "team:agent-integrations"
DD_TRACE_ANALYTICS_ENABLED: "true"
# Capture traces for a separate job to do the submission
TRACE_CAPTURE_BASE_DIR: "trace-captures"
TRACE_CAPTURE_LOG: "trace-captures/output.log"
steps:
- name: Set environment variables with sanitized paths
run: |
JOB_NAME="test-fips"
echo "TEST_RESULTS_DIR=$TEST_RESULTS_BASE_DIR/$JOB_NAME" >> $GITHUB_ENV
echo "TRACE_CAPTURE_FILE=$TRACE_CAPTURE_BASE_DIR/$JOB_NAME" >> $GITHUB_ENV
- uses: actions/checkout@v4
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: "${{ env.PYTHON_VERSION }}"
cache: 'pip'
- name: Restore cache
uses: actions/cache/restore@v4
with:
path: '~/.cache/pip'
key: >-
${{ format(
'v01-python-{0}-{1}-{2}-{3}',
env.pythonLocation,
hashFiles('datadog_checks_base/pyproject.toml'),
hashFiles('datadog_checks_dev/pyproject.toml'),
hashFiles('ddev/pyproject.toml')
)}}
restore-keys: |-
v01-python-${{ env.pythonLocation }}
- name: Install ddev from local folder
run: |-
pip install -e ./datadog_checks_dev[cli]
pip install -e ./ddev
- name: Configure ddev
run: |-
ddev config set repos.core .
ddev config set repo core
- name: Prepare for testing
env:
PYTHONUNBUFFERED: "1"
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
ORACLE_DOCKER_USERNAME: ${{ secrets.ORACLE_DOCKER_USERNAME }}
ORACLE_DOCKER_PASSWORD: ${{ secrets.ORACLE_DOCKER_PASSWORD }}
SINGLESTORE_LICENSE: ${{ secrets.SINGLESTORE_LICENSE }}
DD_GITHUB_USER: ${{ github.actor }}
DD_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ddev ci setup ${{ inputs.target || 'tls' }}
- name: Set up trace capturing
env:
PYTHONUNBUFFERED: "1"
run: |-
mkdir "${{ env.TRACE_CAPTURE_BASE_DIR }}"
python .ddev/ci/scripts/traces.py capture --port "8126" --record-file "${{ env.TRACE_CAPTURE_FILE }}" > "${{ env.TRACE_CAPTURE_LOG }}" 2>&1 &
- name: Run E2E tests with FIPS disabled
env:
DD_API_KEY: "${{ secrets.DD_API_KEY }}"
run: |
ddev env test -e GOFIPS=0 --new-env --junit ${{ inputs.target || 'tls' }} -- all -m "fips_off"
- name: Run E2E tests with FIPS enabled
env:
DD_API_KEY: "${{ secrets.DD_API_KEY }}"
run: |
ddev env test -e GOFIPS=1 --new-env --junit ${{ inputs.target || 'tls' }} -- all -k "fips_on"
- name: View trace log
if: always()
run: cat "${{ env.TRACE_CAPTURE_LOG }}"
- name: Upload captured traces
if: always()
uses: actions/upload-artifact@v4
with:
name: "traces-${{ inputs.target || 'tls' }}"
path: "${{ env.TRACE_CAPTURE_FILE }}"
- name: Finalize test results
if: always()
run: |-
mkdir -p "${{ env.TEST_RESULTS_DIR }}"
if [[ -d ${{ inputs.target || 'tls' }}/.junit ]]; then
mv ${{ inputs.target || 'tls' }}/.junit/*.xml "${{ env.TEST_RESULTS_DIR }}"
fi
- name: Upload test results
if: always()
uses: actions/upload-artifact@v4
with:
name: "test-results-${{ inputs.target || 'tls' }}"
path: "${{ env.TEST_RESULTS_BASE_DIR }}"
- name: Upload coverage data
if: >
!github.event.repository.private &&
always()
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: "${{ inputs.target || 'tls' }}/coverage.xml"
flags: "${{ inputs.target || 'tls' }}"