Add workflow to manually build the mini agent for testing #261
Conversation
|
@DataDog/security-design-and-guidance , can we get a check here?
I'm not 100% sure if it's necessary, but this is the first time we've had a PR maybe need such a review in libdatadog, and I'd rather be safe than sorry. Edit: feel free to reach out to us on |
There was a problem hiding this comment.
LGTM - Linked to review https://datadoghq.atlassian.net/browse/SDG-910
As the PR concerns GHA, I would recommend to get @DataDog/software-integrity-and-trust approval as part of their CICD security expertise.
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. To override this behavior, add the keep-open label or update the PR. |
github-actions
bot
added
the
stale
| for file in target/release/binaries/*/* | ||
| do | ||
| chmod +x "$file" | ||
| upx "$file" --lzma |
There was a problem hiding this comment.
nit: Using UPX for processes that are started repetitively can add a delay to the FaaS platform warmup. Also UPX packed executable can trigger AV and malware analysis pipelines.
Prefer to ship your binary stripped, and compressed by the archiver, like you do in the next step than artificially reduce the binary size which will run additional code to unpack from memory. To reduce your Rust binary size, I advise you to have a look to this repo - https://github.com/johnthagen/min-sized-rust
github-actions
bot
removed
the
stale
What does this PR do?
Add a manually dispatched workflow that builds the serverless trace mini agent off of a given branch. Defaults to main. Used for testing (build linux + windows binaries on mac).
Motivation
Make testing less painful
Additional Notes
Anything else we should know when reviewing?
How to test the change?
Manually tested
For Reviewers
@DataDog/security-design-and-guidance.