Skip to content

appsec: update the security event rules to v1.8.0 #1346

appsec: update the security event rules to v1.8.0

appsec: update the security event rules to v1.8.0 #1346

Workflow file for this run

name: AppSec Tests
on:
workflow_dispatch: # manually
schedule: # nightly
- cron: "0 0 * * *"
pull_request: # on pull requests touching appsec files
paths:
- '.github/workflows/appsec.yml'
- 'internal/appsec/**'
- 'appsec/**'
- 'contrib/**/appsec.go'
merge_group: # on merge groups touching appsec files
paths:
- '.github/workflows/appsec.yml'
- 'internal/appsec/**'
- 'appsec/**'
- 'contrib/**/appsec.go'
push:
branches: release-v*
env:
DD_APPSEC_WAF_TIMEOUT: 5s
JUNIT_REPORT: gotestsum-report.xml
TO_TEST: ./appsec/... ./internal/appsec/... ./contrib/google.golang.org/grpc/... ./contrib/net/http/... ./contrib/gorilla/mux/... ./contrib/go-chi/... ./contrib/labstack/echo.v4/... ./contrib/gin-gonic/gin/...
jobs:
native:
strategy:
matrix:
runs-on: [ macos-13, macos-12, macos-11, ubuntu-22.04, ubuntu-20.04, windows-latest ]
go-version: [ "1.21", "1.20", "1.19" ]
cgo_enabled: # test it compiles with and without cgo
- 0
- 1
build_tags: # test it compiles with and without the appsec build tag
- ""
- "appsec"
appsec_enabled: # test it compiles with and without appsec enabled
- true
- false
fail-fast: false
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
- name: Go modules cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
restore-keys: go-pkg-mod-
- name: go test
shell: bash
run: |
# 1.21 deprecates the GODEBUG=cgocheck=2 value, replacing it with GOEXPERIMENT=cgocheck2
# https://go.dev/doc/go1.21 (runtime section)
if [[ ${{matrix['go-version']}} == '1.21' ]]; then
export GOEXPERIMENT=cgocheck2
else
export GODEBUG=cgocheck=2
fi
# Install gotestsum to get the results in a junit file
env GOBIN=$PWD go install gotest.tools/gotestsum@latest
# Run the tests with gotestsum
env CGO_ENABLED=${{ matrix.cgo_enabled }} DD_APPSEC_ENABLED=${{ matrix.appsec_enabled }} ./gotestsum --junitfile $JUNIT_REPORT -- -v -tags="${{matrix.build_tags}}" $TO_TEST
- name: Upload the results to Datadog CI App
uses: ./.github/actions/dd-ci-upload
with:
dd-api-key: ${{ secrets.DD_CI_API_KEY }}
files: ${{ env.JUNIT_REPORT }}
tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }}
# Same tests but on the official golang container for linux
golang-linux-container:
runs-on: ubuntu-latest
container:
image: golang:${{ matrix.go-version }}-${{ matrix.distribution }}
strategy:
matrix:
go-version: [ "1.21", "1.20", "1.19" ]
distribution: [ bookworm, bullseye, buster, alpine ]
build_tags: # test it compiles with and without the appsec build tag
- ""
- "appsec"
cgo_enabled: # test it compiles with and without cgo
- 0
- 1
appsec_enabled: # test it compiles with and without appsec enabled
- DD_APPSEC_ENABLED=true
- DD_APPSEC_ENABLED=false
- "" # the env var is not defined so that the remote-config path can be taken
exclude:
- go-version: "1.21"
distribution: buster
fail-fast: false
steps:
- uses: actions/checkout@v3
# Install gcc and the libc headers on alpine images
- if: ${{ matrix.distribution == 'alpine' }}
run: apk add gcc musl-dev libc6-compat git
- name: Go modules cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
restore-keys: go-pkg-mod-
- name: go test
run: |
# Install gotestsum to get the results in a junit file
env GOBIN=$PWD go install gotest.tools/gotestsum@latest
# Run the tests with gotestsum
env CGO_ENABLED=${{ matrix.cgo_enabled }} DD_APPSEC_ENABLED=${{ matrix.appsec_enabled }} ./gotestsum --junitfile $JUNIT_REPORT -- -v -tags="${{matrix.build_tags}}" $TO_TEST
- name: Upload the results to Datadog CI App
if: matrix.distribution != 'alpine' # datadog-ci CLI doesn't work on alpine
uses: ./.github/actions/dd-ci-upload
with:
dd-api-key: ${{ secrets.DD_CI_API_KEY }}
files: ${{ env.JUNIT_REPORT }}
tags: go:${{ matrix.go-version }},arch:${{ runner.arch }},os:${{ runner.os }},distribution:${{ runner.distribution }}
linux-arm64:
runs-on: ubuntu-latest
strategy:
matrix:
cgo_enabled: # test it compiles with and without the cgo
- 0
- 1
appsec_enabled: # test it compiles with and without appsec enabled
- true
- false
fail-fast: false
steps:
- uses: actions/checkout@v3
- name: Go modules cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
restore-keys: go-pkg-mod-
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: arm64
- run: docker run --platform=linux/arm64 -v $PWD:$PWD -w $PWD -eCGO_ENABLED=${{ matrix.cgo_enabled }} -eDD_APPSEC_ENABLED=${{ matrix.appsec_enabled }} -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v -tags appsec $TO_TEST
smoke-tests:
uses: DataDog/appsec-go-test-app/.github/workflows/smoke-tests.yml@main
with:
dd-trace-go-version: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}