Instrument vm for code injection vulnerability #16594
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Project | |
on: | |
pull_request: | |
push: | |
branches: [master] | |
schedule: | |
- cron: "0 4 * * *" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
integration: | |
strategy: | |
# when one version fails, say 14, all the other versions are stopped | |
# setting fail-fast to false in an attempt to prevent this from happening | |
fail-fast: false | |
matrix: | |
version: [18, 20, 22, latest] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.version }} | |
# Disable core dumps since some integration tests intentionally abort and core dump generation takes around 5-10s | |
- uses: ./.github/actions/install | |
- run: sudo sysctl -w kernel.core_pattern='|/bin/false' | |
- run: yarn test:integration | |
# We'll run these separately for earlier (i.e. unsupported) versions | |
integration-guardrails: | |
strategy: | |
matrix: | |
version: [12, 14.0.0, 14, 16.0.0, 16, 18.0.0, 18.1.0, 20.0.0, 22.0.0] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.version }} | |
- uses: ./.github/actions/install | |
- run: node node_modules/.bin/mocha --colors --timeout 30000 integration-tests/init.spec.js | |
integration-guardrails-unsupported: | |
strategy: | |
matrix: | |
version: ['0.8', '0.10', '0.12', '4', '6', '8', '10', '12.0.0'] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.version }} | |
- run: node ./init | |
- run: node ./init | |
env: | |
DD_INJECTION_ENABLED: 'true' | |
integration-ci: | |
strategy: | |
matrix: | |
version: [18, latest] | |
framework: [cucumber, playwright, selenium, jest, mocha] | |
runs-on: ubuntu-latest | |
env: | |
DD_SERVICE: dd-trace-js-integration-tests | |
DD_CIVISIBILITY_AGENTLESS_ENABLED: 1 | |
DD_API_KEY: ${{ secrets.DD_API_KEY_CI_APP }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.version }} | |
- name: Install Google Chrome | |
run: | | |
sudo sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list' | |
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add - | |
if [ $? -ne 0 ]; then echo "Failed to add Google key"; exit 1; fi | |
sudo apt-get update | |
sudo apt-get install -y google-chrome-stable | |
if [ $? -ne 0 ]; then echo "Failed to install Google Chrome"; exit 1; fi | |
if: ${{ matrix.framework == 'selenium' }} | |
- name: Install ChromeDriver | |
run: | | |
export CHROME_VERSION=$(google-chrome --version) | |
CHROME_DRIVER_DOWNLOAD_URL=$(node --experimental-fetch scripts/get-chrome-driver-download-url.js) | |
wget -q "$CHROME_DRIVER_DOWNLOAD_URL" | |
if [ $? -ne 0 ]; then echo "Failed to download ChromeDriver"; exit 1; fi | |
unzip chromedriver-linux64.zip | |
sudo mv chromedriver-linux64/chromedriver /usr/bin/chromedriver | |
sudo chmod +x /usr/bin/chromedriver | |
if: ${{ matrix.framework == 'selenium' }} | |
- uses: ./.github/actions/install | |
- run: yarn test:integration:${{ matrix.framework }} | |
env: | |
NODE_OPTIONS: '-r ./ci/init' | |
integration-cypress: | |
strategy: | |
matrix: | |
# Important: This is outside the minimum supported version of dd-trace-js | |
# Node > 16 does not work with [email protected] (not even without our plugin) | |
# TODO: figure out what to do with this: we might have to deprecate support for [email protected] | |
version: [16, latest] | |
# 6.7.0 is the minimum version we support | |
cypress-version: [6.7.0, latest] | |
module-type: ['commonJS', 'esm'] | |
runs-on: ubuntu-latest | |
env: | |
DD_SERVICE: dd-trace-js-integration-tests | |
DD_CIVISIBILITY_AGENTLESS_ENABLED: 1 | |
DD_API_KEY: ${{ secrets.DD_API_KEY_CI_APP }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/node/setup | |
- uses: ./.github/actions/install | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.version }} | |
- run: yarn config set ignore-engines true | |
- run: yarn test:integration:cypress --ignore-engines | |
env: | |
CYPRESS_VERSION: ${{ matrix.cypress-version }} | |
NODE_OPTIONS: '-r ./ci/init' | |
CYPRESS_MODULE_TYPE: ${{ matrix.module-type }} | |
integration-vitest: | |
runs-on: ubuntu-latest | |
env: | |
DD_SERVICE: dd-trace-js-integration-tests | |
DD_CIVISIBILITY_AGENTLESS_ENABLED: 1 | |
DD_API_KEY: ${{ secrets.DD_API_KEY_CI_APP }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/node/setup | |
- uses: ./.github/actions/install | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
- run: yarn test:integration:vitest | |
env: | |
NODE_OPTIONS: '-r ./ci/init' | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/node/setup | |
- uses: ./.github/actions/install | |
- run: yarn lint | |
typescript: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/node/setup | |
- uses: ./.github/actions/install | |
- run: yarn type:test | |
- run: yarn type:doc | |
verify-yaml: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/node/setup | |
- uses: ./.github/actions/install | |
- run: node scripts/verify-ci-config.js |