Skip to content

scaffold matrix of arch/libc/runtime for PHP injection tests [INPLAT-48] #20672

scaffold matrix of arch/libc/runtime for PHP injection tests [INPLAT-48]

scaffold matrix of arch/libc/runtime for PHP injection tests [INPLAT-48] #20672

Workflow file for this run

name: Testing the test
on:
workflow_dispatch: {}
schedule:
- cron: 00 02 * * 2-6
pull_request:
branches:
- '**'
types:
- opened
- synchronize
- labeled
- unlabeled
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run lints
uses: ./.github/actions/lint_code
test_the_test:
name: Test the test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install runner
uses: ./.github/actions/install_runner
# force /bin/bash in order to test against bash 3.2 on macOS
- name: Test the test (direct)
run: /bin/bash run.sh TEST_THE_TEST
- name: Test group parsing
run: |
/bin/bash run.sh ++dry APPSEC_SCENARIOS
/bin/bash run.sh ++dry TRACER_RELEASE_SCENARIOS
scenarios:
name: Get scenarios and groups
uses: ./.github/workflows/compute-scenarios.yml
impacted_libraries:
name: Get impacted libraries
uses: ./.github/workflows/compute-impacted-libraries.yml
get_dev_artifacts:
needs:
- impacted_libraries
strategy:
matrix:
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }}
fail-fast: false
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get library artifact
run: ./utils/scripts/load-binary.sh ${{ matrix.library }}
- name: Get agent artifact
run: ./utils/scripts/load-binary.sh agent
# ### appsec-event-rules is now a private repo. The GH_TOKEN provided can't read private repos.
# ### skipping this, waiting for a proper solution
# - name: Load WAF rules
# if: matrix.version == 'dev'
# run: ./utils/scripts/load-binary.sh waf_rule_set
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: binaries_dev_${{ matrix.library }}
path: binaries/
system_tests:
name: System Tests
needs:
- lint
- test_the_test
- scenarios
- impacted_libraries
- get_dev_artifacts
strategy:
matrix:
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }}
version:
- prod
- dev
fail-fast: false
uses: ./.github/workflows/system-tests.yml
permissions:
contents: read
packages: write
secrets: inherit
with:
library: ${{ matrix.library }}
scenarios: ${{ needs.scenarios.outputs.scenarios }}
scenarios_groups: ${{ needs.scenarios.outputs.scenarios_groups }}
binaries_artifact: ${{ matrix.version == 'dev' && format('binaries_dev_{0}', matrix.library) || '' }}
ci_environment: ${{ matrix.version }}
build_python_base_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-python-base-images') }}
build_buddies_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-buddies-images') }}
build_proxy_image: ${{ contains(github.event.pull_request.labels.*.name, 'build-proxy-image') }}
build_lib_injection_app_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-lib-injection-app-images') }}
_experimental_parametric_job_count: ${{ matrix.version == 'dev' && 2 || 1 }} # test both use cases
system_tests_docker_mode:
name: Ruby Docker Mode
needs:
- lint
- test_the_test
- impacted_libraries
- get_dev_artifacts # non official set-up, this needs put this job in last
if: contains(needs.impacted_libraries.outputs.impacted_libraries, 'ruby')
uses: ./.github/workflows/run-docker-mode.yml
permissions:
packages: write
secrets: inherit
exotics:
name: Exotics scenarios
if: contains(github.event.pull_request.labels.*.name, 'run-all-scenarios')
uses: ./.github/workflows/run-exotics.yml
secrets: inherit
fancy-report:
runs-on: ubuntu-latest
needs:
- system_tests
if: always()
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- run: pip install requests
- run: python utils/scripts/get-workflow-summary.py ${{ github.run_id }} >> $GITHUB_STEP_SUMMARY
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
update-CI-visibility:
name: Update CI Visibility Dashboard
runs-on: ubuntu-latest
needs:
- system_tests
if: always() && github.ref == 'refs/heads/main'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Update CI Dashboard
run: ./utils/scripts/update_dashboard_CI_visibility.sh system-tests ${{ github.run_id }}-${{ github.run_attempt }}
env:
DD_API_KEY: ${{ secrets.DD_CI_API_KEY }}
DD_APP_KEY: ${{ secrets.DD_CI_APP_KEY }}