[java] Flag bug declaration with ticket APPSEC-54966 (#3072) #19209
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Testing the test | |
| on: | |
| workflow_dispatch: {} | |
| schedule: | |
| - cron: 00 02 * * 2-6 | |
| pull_request: | |
| branches: | |
| - '**' | |
| types: | |
| - opened | |
| - synchronize | |
| - labeled | |
| - unlabeled | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run lints | |
| uses: ./.github/actions/lint_code | |
| test_the_test: | |
| name: Test the test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install runner | |
| uses: ./.github/actions/install_runner | |
| # force /bin/bash in order to test against bash 3.2 on macOS | |
| - name: Test the test (direct) | |
| run: /bin/bash run.sh TEST_THE_TEST | |
| - name: Test group parsing | |
| run: | | |
| /bin/bash run.sh ++dry APPSEC_SCENARIOS | |
| /bin/bash run.sh ++dry TRACER_RELEASE_SCENARIOS | |
| test_the_test_legacy_39: | |
| runs-on: | |
| group: "APM Larger Runners" | |
| name: Test the test legacy python3.9 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install runner | |
| uses: ./.github/actions/install_runner | |
| with: | |
| legacy_python_39: true | |
| - name: Test the test (direct) | |
| run: ./run.sh TEST_THE_TEST | |
| - name: Build | |
| run: ./build.sh | |
| - name: Test idiomatics scenarios | |
| run: | | |
| ./run.sh DEFAULT | |
| ./run.sh PARAMETRIC -L golang --splits=8 --group=1 | |
| env: | |
| DD_API_KEY: ${{ secrets.DD_API_KEY }} | |
| scenarios: | |
| name: Get scenarios and groups | |
| uses: ./.github/workflows/compute-scenarios.yml | |
| impacted_libraries: | |
| name: Get impacted libraries | |
| uses: ./.github/workflows/compute-impacted-libraries.yml | |
| get_dev_artifacts: | |
| needs: | |
| - impacted_libraries | |
| strategy: | |
| matrix: | |
| library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }} | |
| fail-fast: false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get library artifact | |
| run: ./utils/scripts/load-binary.sh ${{ matrix.library }} | |
| - name: Get agent artifact | |
| run: ./utils/scripts/load-binary.sh agent | |
| # ### appsec-event-rules is now a private repo. The GH_TOKEN provided can't read private repos. | |
| # ### skipping this, waiting for a proper solution | |
| # - name: Load WAF rules | |
| # if: matrix.version == 'dev' | |
| # run: ./utils/scripts/load-binary.sh waf_rule_set | |
| # env: | |
| # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: binaries_dev_${{ matrix.library }} | |
| path: binaries/ | |
| system_tests: | |
| name: System Tests | |
| needs: | |
| - lint | |
| - test_the_test | |
| - scenarios | |
| - impacted_libraries | |
| - get_dev_artifacts | |
| strategy: | |
| matrix: | |
| library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }} | |
| version: | |
| - prod | |
| - dev | |
| fail-fast: false | |
| uses: ./.github/workflows/system-tests.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| secrets: inherit | |
| with: | |
| library: ${{ matrix.library }} | |
| scenarios: ${{ needs.scenarios.outputs.scenarios }} | |
| scenarios_groups: ${{ needs.scenarios.outputs.scenarios_groups }} | |
| binaries_artifact: ${{ matrix.version == 'dev' && format('binaries_dev_{0}', matrix.library) || '' }} | |
| ci_environment: ${{ matrix.version }} | |
| build_python_base_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-python-base-images') }} | |
| build_buddies_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-buddies-images') }} | |
| build_proxy_image: ${{ contains(github.event.pull_request.labels.*.name, 'build-proxy-image') }} | |
| build_lib_injection_app_images: ${{ contains(github.event.pull_request.labels.*.name, 'build-lib-injection-app-images') }} | |
| _experimental_parametric_job_count: ${{ matrix.version == 'dev' && 2 || 1 }} # test both use cases | |
| system_tests_docker_mode: | |
| name: Ruby Docker Mode | |
| needs: | |
| - lint | |
| - test_the_test | |
| - impacted_libraries | |
| - get_dev_artifacts # non official set-up, this needs put this job in last | |
| if: contains(needs.impacted_libraries.outputs.impacted_libraries, 'ruby') | |
| uses: ./.github/workflows/run-docker-mode.yml | |
| permissions: | |
| packages: write | |
| secrets: inherit | |
| exotics: | |
| name: Exotics scenarios | |
| if: contains(github.event.pull_request.labels.*.name, 'run-all-scenarios') | |
| uses: ./.github/workflows/run-exotics.yml | |
| secrets: inherit | |
| fancy-report: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - system_tests | |
| if: always() | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - run: pip install requests | |
| - run: python utils/scripts/get-workflow-summary.py ${{ github.run_id }} >> $GITHUB_STEP_SUMMARY | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| update-CI-visibility: | |
| name: Update CI Visibility Dashboard | |
| runs-on: ubuntu-latest | |
| needs: | |
| - system_tests | |
| if: always() && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Update CI Dashboard | |
| run: ./utils/scripts/update_dashboard_CI_visibility.sh system-tests ${{ github.run_id }}-${{ github.run_attempt }} | |
| env: | |
| DD_API_KEY: ${{ secrets.DD_CI_API_KEY }} | |
| DD_APP_KEY: ${{ secrets.DD_CI_APP_KEY }} |