Skip to content

[POC] Create internal for testing IPv6 network between lib and agent #23032

[POC] Create internal for testing IPv6 network between lib and agent

[POC] Create internal for testing IPv6 network between lib and agent #23032

Workflow file for this run

name: Testing the test
on:
workflow_dispatch: {}
schedule:
- cron: 00 02 * * 2-6
pull_request:
branches:
- '**'
types:
- opened
- synchronize
- labeled
- unlabeled
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run lints
uses: ./.github/actions/lint_code
test_the_test:
name: Test the test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install runner
uses: ./.github/actions/install_runner
# force /bin/bash in order to test against bash 3.2 on macOS
- name: Test the test (direct)
run: /bin/bash run.sh TEST_THE_TEST
- name: Test group parsing
run: |
/bin/bash run.sh ++dry APPSEC_SCENARIOS
/bin/bash run.sh ++dry TRACER_RELEASE_SCENARIOS
scenarios:
name: Get scenarios and groups
uses: ./.github/workflows/compute-scenarios.yml
impacted_libraries:
name: Get impacted libraries
uses: ./.github/workflows/compute-impacted-libraries.yml
get_dev_artifacts:
if: false
needs:
- impacted_libraries
strategy:
matrix:
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }}
fail-fast: false
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get library artifact
run: ./utils/scripts/load-binary.sh ${{ matrix.library }}
- name: Get agent artifact
run: ./utils/scripts/load-binary.sh agent
# ### appsec-event-rules is now a private repo. The GH_TOKEN provided can't read private repos.
# ### skipping this, waiting for a proper solution
# - name: Load WAF rules
# if: matrix.version == 'dev'
# run: ./utils/scripts/load-binary.sh waf_rule_set
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: binaries_dev_${{ matrix.library }}
path: binaries/
system_tests:
name: System Tests
needs:
- lint
- test_the_test
- scenarios
- impacted_libraries
- get_dev_artifacts
strategy:
matrix:
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }}
version:
- prod
- dev
fail-fast: false
uses: ./.github/workflows/system-tests.yml
permissions:
contents: read
packages: write
secrets: inherit
with:
library: ${{ matrix.library }}
scenarios: ${{ needs.scenarios.outputs.scenarios }}
scenarios_groups: ${{ needs.scenarios.outputs.scenarios_groups }}
binaries_artifact: ${{ matrix.version == 'dev' && format('binaries_dev_{0}', matrix.library) || '' }}
ci_environment: ${{ matrix.version }}
build_python_base_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-python-base-images') }}
build_buddies_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-buddies-images') }}
build_proxy_image: ${{ contains(github.event.pull_request.labels.*.name, 'build-proxy-image') }}
build_lib_injection_app_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-lib-injection-app-images') }}
_experimental_parametric_job_count: ${{ matrix.version == 'dev' && 2 || 1 }} # test both use cases
system_tests_docker_mode:
name: Ruby Docker Mode
needs:
- lint
- test_the_test
- impacted_libraries
- get_dev_artifacts # non official set-up, this needs put this job in last
if: contains(needs.impacted_libraries.outputs.impacted_libraries, 'ruby')
uses: ./.github/workflows/run-docker-mode.yml
permissions:
packages: write
secrets: inherit
exotics:
name: Exotics scenarios
if: contains(github.event.pull_request.labels.*.name, 'run-all-scenarios')
uses: ./.github/workflows/run-exotics.yml
secrets: inherit
fancy-report:
runs-on: ubuntu-latest
needs:
- system_tests
if: always()
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- run: pip install requests
- run: python utils/scripts/get-workflow-summary.py ${{ github.run_id }} >> $GITHUB_STEP_SUMMARY
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
update-CI-visibility:
name: Update CI Visibility Dashboard
runs-on: ubuntu-latest
needs:
- system_tests
if: always() && github.ref == 'refs/heads/main'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Update CI Dashboard
run: ./utils/scripts/update_dashboard_CI_visibility.sh system-tests ${{ github.run_id }}-${{ github.run_attempt }}
env:
DD_API_KEY: ${{ secrets.DD_CI_API_KEY }}
DD_APP_KEY: ${{ secrets.DD_CI_APP_KEY }}
tmp-run:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install runner
uses: ./.github/actions/install_runner
- name: Build proxy image
if: inputs.build_proxy_image
run: ./build.sh -i proxy
- name: Build agent
run: SYSTEM_TEST_BUILD_ATTEMPTS=3 ./build.sh -i agent
- name: Build weblog
id: build
run: SYSTEM_TEST_BUILD_ATTEMPTS=3 ./build.sh python -i weblog
- name: Run IPV6 scenario
run: |
# echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json
# sudo systemctl restart docker
./run.sh IPV6
- name: Run DEFAULT scenario
run: |
./run.sh
- name: Compress logs
id: compress_logs
if: always() && steps.build.outcome == 'success'
run: tar -czvf artifact.tar.gz $(ls | grep logs)
- name: Upload artifact
if: always() && steps.compress_logs.outcome == 'success'
uses: actions/upload-artifact@v4
with:
name: logs_ipv6_test
path: artifact.tar.gz
tmp-test:
runs-on: ubuntu-latest
steps:
# - name: Enable IPv6 for Docker
# run: |
# sudo mkdir -p /etc/docker
# echo '{
# "experimental": true,
# "ipv6": true,
# "fixed-cidr-v6": "2001:db8:1::/64"
# }' | sudo tee /etc/docker/daemon.json
# sudo systemctl restart docker
# # sleep 5
# # sudo systemctl status docker
- name: Create Docker Network with IPv6
run: |
docker network create \
--driver bridge \
--ipv6 \
--subnet=2001:db8:2::/64 \
my_ipv6_network
- name: Verify Network
run: docker network inspect my_ipv6_network
- name: Run simple http server
run: docker run --network my_ipv6_network -p 3000:3000 -d lipanski/docker-static-website:latest
- name : curl it
run: curl http://[::1]:3000
# run: curl http://localhost:3000
# docker run --network my_ipv6_network -p 3000:3000 -d lipanski/docker-static-website:latest