[POC] Create internal for testing IPv6 network between lib and agent #23033
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Testing the test | |
on: | |
workflow_dispatch: {} | |
schedule: | |
- cron: 00 02 * * 2-6 | |
pull_request: | |
branches: | |
- '**' | |
types: | |
- opened | |
- synchronize | |
- labeled | |
- unlabeled | |
push: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run lints | |
uses: ./.github/actions/lint_code | |
test_the_test: | |
name: Test the test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install runner | |
uses: ./.github/actions/install_runner | |
# force /bin/bash in order to test against bash 3.2 on macOS | |
- name: Test the test (direct) | |
run: /bin/bash run.sh TEST_THE_TEST | |
- name: Test group parsing | |
run: | | |
/bin/bash run.sh ++dry APPSEC_SCENARIOS | |
/bin/bash run.sh ++dry TRACER_RELEASE_SCENARIOS | |
scenarios: | |
name: Get scenarios and groups | |
uses: ./.github/workflows/compute-scenarios.yml | |
impacted_libraries: | |
name: Get impacted libraries | |
uses: ./.github/workflows/compute-impacted-libraries.yml | |
get_dev_artifacts: | |
if: false | |
needs: | |
- impacted_libraries | |
strategy: | |
matrix: | |
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }} | |
fail-fast: false | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get library artifact | |
run: ./utils/scripts/load-binary.sh ${{ matrix.library }} | |
- name: Get agent artifact | |
run: ./utils/scripts/load-binary.sh agent | |
# ### appsec-event-rules is now a private repo. The GH_TOKEN provided can't read private repos. | |
# ### skipping this, waiting for a proper solution | |
# - name: Load WAF rules | |
# if: matrix.version == 'dev' | |
# run: ./utils/scripts/load-binary.sh waf_rule_set | |
# env: | |
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: binaries_dev_${{ matrix.library }} | |
path: binaries/ | |
system_tests: | |
name: System Tests | |
needs: | |
- lint | |
- test_the_test | |
- scenarios | |
- impacted_libraries | |
- get_dev_artifacts | |
strategy: | |
matrix: | |
library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }} | |
version: | |
- prod | |
- dev | |
fail-fast: false | |
uses: ./.github/workflows/system-tests.yml | |
permissions: | |
contents: read | |
packages: write | |
secrets: inherit | |
with: | |
library: ${{ matrix.library }} | |
scenarios: ${{ needs.scenarios.outputs.scenarios }} | |
scenarios_groups: ${{ needs.scenarios.outputs.scenarios_groups }} | |
binaries_artifact: ${{ matrix.version == 'dev' && format('binaries_dev_{0}', matrix.library) || '' }} | |
ci_environment: ${{ matrix.version }} | |
build_python_base_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-python-base-images') }} | |
build_buddies_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-buddies-images') }} | |
build_proxy_image: ${{ contains(github.event.pull_request.labels.*.name, 'build-proxy-image') }} | |
build_lib_injection_app_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-lib-injection-app-images') }} | |
_experimental_parametric_job_count: ${{ matrix.version == 'dev' && 2 || 1 }} # test both use cases | |
system_tests_docker_mode: | |
name: Ruby Docker Mode | |
needs: | |
- lint | |
- test_the_test | |
- impacted_libraries | |
- get_dev_artifacts # non official set-up, this needs put this job in last | |
if: contains(needs.impacted_libraries.outputs.impacted_libraries, 'ruby') | |
uses: ./.github/workflows/run-docker-mode.yml | |
permissions: | |
packages: write | |
secrets: inherit | |
exotics: | |
name: Exotics scenarios | |
if: contains(github.event.pull_request.labels.*.name, 'run-all-scenarios') | |
uses: ./.github/workflows/run-exotics.yml | |
secrets: inherit | |
fancy-report: | |
runs-on: ubuntu-latest | |
needs: | |
- system_tests | |
if: always() | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- run: pip install requests | |
- run: python utils/scripts/get-workflow-summary.py ${{ github.run_id }} >> $GITHUB_STEP_SUMMARY | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
update-CI-visibility: | |
name: Update CI Visibility Dashboard | |
runs-on: ubuntu-latest | |
needs: | |
- system_tests | |
if: always() && github.ref == 'refs/heads/main' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Update CI Dashboard | |
run: ./utils/scripts/update_dashboard_CI_visibility.sh system-tests ${{ github.run_id }}-${{ github.run_attempt }} | |
env: | |
DD_API_KEY: ${{ secrets.DD_CI_API_KEY }} | |
DD_APP_KEY: ${{ secrets.DD_CI_APP_KEY }} | |
tmp-run: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install runner | |
uses: ./.github/actions/install_runner | |
- name: Build proxy image | |
if: inputs.build_proxy_image | |
run: ./build.sh -i proxy | |
- name: Build agent | |
run: SYSTEM_TEST_BUILD_ATTEMPTS=3 ./build.sh -i agent | |
- name: Build weblog | |
id: build | |
run: SYSTEM_TEST_BUILD_ATTEMPTS=3 ./build.sh python -i weblog | |
- name: Run IPV6 scenario | |
run: | | |
# echo '{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json | |
# sudo systemctl restart docker | |
./run.sh IPV6 | |
- name: Run DEFAULT scenario | |
run: | | |
./run.sh | |
- name: Compress logs | |
id: compress_logs | |
if: always() && steps.build.outcome == 'success' | |
run: tar -czvf artifact.tar.gz $(ls | grep logs) | |
- name: Upload artifact | |
if: always() && steps.compress_logs.outcome == 'success' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: logs_ipv6_test | |
path: artifact.tar.gz | |
tmp-test: | |
runs-on: ubuntu-latest | |
steps: | |
# - name: Enable IPv6 for Docker | |
# run: | | |
# sudo mkdir -p /etc/docker | |
# echo '{ | |
# "experimental": true, | |
# "ipv6": true, | |
# "fixed-cidr-v6": "2001:db8:1::/64" | |
# }' | sudo tee /etc/docker/daemon.json | |
# sudo systemctl restart docker | |
# # sleep 5 | |
# # sudo systemctl status docker | |
- name: Create Docker Network with IPv6 | |
run: | | |
docker network create \ | |
--driver bridge \ | |
--subnet=192.168.1.0/24 \ | |
--ipv6 \ | |
--subnet=2001:db8:2::/64 \ | |
my_ipv6_network | |
- name: Verify Network | |
run: docker network inspect my_ipv6_network | |
- name: Run simple http server | |
run: docker run --network my_ipv6_network -p 3000:3000 -d lipanski/docker-static-website:latest | |
- name : curl it | |
# run: curl http://[::1]:3000 | |
run: curl http://localhost:3000 | |
# docker run --network my_ipv6_network -p 3000:3000 -d lipanski/docker-static-website:latest |