datadog-integrations-core/.github/workflows/test-fips-e2e.yml at master · voltusdev/datadog-integrations-core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: Test FIPS E2E

on:
  workflow_dispatch:
    inputs:
      agent-image:
        description: "Agent image to use"
        required: false
        type: string
      agent-image-fips:
        description: "FIPS Agent image to use"
        required: false
        type: string
      target:
        description: "Target to test"
        required: false
        type: string
  pull_request:
    paths:
    - datadog_checks_base/datadog_checks/**
    - datadog_checks_base/pyproject.toml
  schedule:
    - cron: '0 0,8,16 * * *'

defaults:
  run:
    shell: bash

jobs:
  run:
    name: "Test FIPS"
    runs-on: ["ubuntu-22.04"]

    env:
      FORCE_COLOR: "1"
      PYTHON_VERSION: "3.13"
      # Test results for later processing
      TEST_RESULTS_BASE_DIR: "test-results"
      # Tracing to monitor our test suite
      DD_ENV: "ci"
      DD_SERVICE: "ddev-integrations-core"
      DD_TAGS: "team:agent-integrations"
      DD_TRACE_ANALYTICS_ENABLED: "true"
      # Capture traces for a separate job to do the submission
      TRACE_CAPTURE_BASE_DIR: "trace-captures"
      TRACE_CAPTURE_LOG: "trace-captures/output.log"

    permissions:
       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
       id-token: write
       # needed for compute-matrix in test-target.yml
       contents: read

    steps:

    - name: Set environment variables with sanitized paths
      run: |
        JOB_NAME="test-fips-e2e"

        echo "TEST_RESULTS_DIR=$TEST_RESULTS_BASE_DIR/$JOB_NAME" >> $GITHUB_ENV
        echo "TRACE_CAPTURE_FILE=$TRACE_CAPTURE_BASE_DIR/$JOB_NAME" >> $GITHUB_ENV

    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - name: Set up Python ${{ env.PYTHON_VERSION }}
      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
      with:
        python-version: "${{ env.PYTHON_VERSION }}"
        cache: 'pip'

    - name: Restore cache
      uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      with:
        path: '~/.cache/pip'
        key: >-
          ${{ format(
            'v01-python-{0}-{1}-{2}-{3}',
            env.pythonLocation,
            hashFiles('datadog_checks_base/pyproject.toml'),
            hashFiles('datadog_checks_dev/pyproject.toml'),
            hashFiles('ddev/pyproject.toml')
          )}}
        restore-keys: |-
          v01-python-${{ env.pythonLocation }}

    - name: Install ddev from local folder
      run: |-
        pip install -e ./datadog_checks_dev[cli]
        pip install -e ./ddev

    - name: Configure ddev
      run: |-
        ddev config set repos.core .
        ddev config set repo core

    - name: Prepare for testing
      env:
        PYTHONUNBUFFERED: "1"
        DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
        DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
        ORACLE_DOCKER_USERNAME: ${{ secrets.ORACLE_DOCKER_USERNAME }}
        ORACLE_DOCKER_PASSWORD: ${{ secrets.ORACLE_DOCKER_PASSWORD }}
        DD_GITHUB_USER: ${{ github.actor }}
        DD_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: ddev ci setup ${{ inputs.target || 'tls' }}

    - name: Set up trace capturing
      env:
        PYTHONUNBUFFERED: "1"
      run: |-
        mkdir "${{ env.TRACE_CAPTURE_BASE_DIR }}"
        python .ddev/ci/scripts/traces.py capture --port "8126" --record-file "${{ env.TRACE_CAPTURE_FILE }}" > "${{ env.TRACE_CAPTURE_LOG }}" 2>&1 &

    - name: Run E2E tests with FIPS disabled
      env:
        DDEV_E2E_AGENT: "${{ inputs.agent-image || 'datadog/agent-dev:master-py3' }}"
        DD_API_KEY: "${{ secrets.DD_API_KEY }}"
      run: |
        ddev env test --base --new-env --junit ${{ inputs.target || 'tls' }} -- all -m "fips_off"

    - name: Run E2E tests with FIPS enabled
      env:
        DDEV_E2E_AGENT: "${{ inputs.agent-image-fips || 'datadog/agent-dev:master-fips' }}"
        DD_API_KEY: "${{ secrets.DD_API_KEY }}"
      run: |
        ddev env test --base --new-env --junit ${{ inputs.target || 'tls' }} -- all -k "fips_on"

    - name: View trace log
      if: always()
      run: cat "${{ env.TRACE_CAPTURE_LOG }}"

    - name: Upload captured traces
      if: always()
      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: "traces-${{ inputs.target || 'tls' }}"
        path: "${{ env.TRACE_CAPTURE_FILE }}"

    - name: Finalize test results
      if: always()
      run: |-
        mkdir -p "${{ env.TEST_RESULTS_DIR }}"
        if [[ -d ${{ inputs.target || 'tls' }}/junit ]]; then
          mv ${{ inputs.target || 'tls' }}/junit/*.xml "${{ env.TEST_RESULTS_DIR }}"
        fi

    - name: Upload test results
      if: always()
      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        name: "test-results-${{ inputs.target || 'tls' }}"
        path: "${{ env.TEST_RESULTS_BASE_DIR }}"

    - name: Upload coverage data
      if: >
        !github.event.repository.private &&
        always()
      uses: codecov/codecov-action@15559ed290fa727036809b67ab0f646ffa6c5158
      with:
        use_oidc: true
        files: "${{ inputs.target || 'tls' }}/coverage.xml"
        flags: "${{ inputs.target || 'tls' }}"