Merge branch 'master' into alejandro.gonzalez/rasp-fli

DataDog · Sep 16, 2024 · b26c58d · b26c58d
2 parents 7a6cea9 + afdbcba
commit b26c58d
Show file tree

Hide file tree

Showing 129 changed files with 3,750 additions and 1,201 deletions.
diff --git a/.circleci/config.continue.yml.j2 b/.circleci/config.continue.yml.j2
@@ -54,7 +54,7 @@ parameters:
   global_pattern:
     # Pattern for files that should always trigger a test jobs
     type: string
-    default: "^build.gradle$|^settings.gradle$|^gradle.properties$|^buildSrc/|^gradle/|.circleci"
+    default: "^build.gradle$|^settings.gradle$|^gradle.properties$|^buildSrc/|^gradle/|.circleci|^gradlew|^mvnw|^.mvn/"
 
   docker_image:
     type: string

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -45,6 +45,7 @@ dd-java-agent/instrumentation/*iast*   @DataDog/asm-java
 dd-java-agent/instrumentation/*appsec* @DataDog/asm-java
 dd-java-agent/instrumentation/json/    @DataDog/asm-java
 dd-java-agent/instrumentation/snakeyaml/    @DataDog/asm-java
+dd-java-agent/instrumentation/freemarker/    @DataDog/asm-java
 dd-smoke-tests/iast-util/              @DataDog/asm-java
 dd-smoke-tests/spring-security/        @DataDog/asm-java
 dd-java-agent/instrumentation/commons-fileupload/    @DataDog/asm-java

diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -1,6 +1,6 @@
 # GitHub Actions Documentation
 
-This lists and describes the repository GitHub actions.
+This lists and describes the repository GitHub actions, how to maintain and test them.
 
 ## Release Management
 
@@ -18,15 +18,16 @@ _Trigger:_ When a release is published.
 
 _Action:_ Append the new release to the Cloud Foundry repository.
 
-_Recovery:_ Manually edit and push the `index.yml` file from [the cloudfoundry branch](https://github.com/DataDog/dd-trace-java/tree/cloudfoundry).
+_Recovery:_ Manually edit and push the `index.yml` file from [the cloudfoundry branch](https://github.com/DataDog/dd-trace-java/tree/cloudfoundry).
 
 ### create-next-milestone [🔗](create-next-milestone.yaml)
 
 _Trigger:_ When closing a milestone.
 
 _Action:_ Create a new milestone by incrementing minor version.
 
-_Comment:_ Already done when closing a tag. To delete?
+_Comment:_ Disabled as also covered by increment-milestone-on-tag.
+This will be removed after some testing.  
 
 ### draft-release-notes-on-tag [🔗](draft-release-notes-on-tag.yaml)
 
@@ -40,18 +41,17 @@ _Actions:_
 
 _Recovery:_ Manually trigger the action again on the relevant tag.
 
-### increment-milestones-on-tag [🔗](increment-milestones-on-tag.yaml)
+### increment-milestone-on-tag [🔗](increment-milestone-on-tag.yaml)
 
-_Trigger:_ When creating a tag. Release Candidate tags containing "-RC" or "-rc" will skip this.
+_Trigger:_ When creating a minor or major version tag.
 
 _Actions:_
 * Close the milestone related to the tag,
 * Create a new milestone by incrementing minor version.
 
-_Recovery:_ Manually close the related milestone and create a new one.
+_Recovery:_ Manually [close the related milestone and create a new one](https://github.com/DataDog/dd-trace-java/milestones).
 
-_Notes:_ This actions will handle _minor_ releases only.
-As there is no milestone for _patch_ releases, it won't close and create _patch_ releated milestone.
+_Notes:_ This action will not apply to release candidate versions using `-RC` tags.
 
 ### update-download-releases [🔗](update-download-releases.yaml)
 
@@ -117,3 +117,12 @@ Run the following script to get the list of actions to declare according the sta
 ```bash
 find .github/workflows -name "*.yaml" -exec  awk '/uses:/{print $2 ","}' {} \; | grep -vE '^(actions|github)/' | sort | uniq
 ```
+
+## Testing
+
+Workflows can be locally tested using the [`act` CLI](https://github.com/nektos/act/).
+The [.github/workflows/tests/](./tests) folder contains test scripts and event payloads to locally trigger workflows.
+
+> [!WARNING]
+> Locally running workflows will still query GitHub backend and will update the GitHub project accordingly.
+> Pay extra attention to the workflow jobs you trigger to not create development disruption.
diff --git a/.github/workflows/analyze-changes.yaml b/.github/workflows/analyze-changes.yaml
@@ -44,7 +44,8 @@ jobs:
         with:
           submodules: 'recursive'
 
-      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      - name: Cache Gradle dependencies
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: |
             ~/.gradle/caches
@@ -97,7 +98,8 @@ jobs:
         with:
           submodules: 'recursive'
 
-      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      - name: Cache Gradle dependencies
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: |
             ~/.gradle/caches

diff --git a/.github/workflows/comment-on-submodule-update.yaml b/.github/workflows/comment-on-submodule-update.yaml
@@ -12,6 +12,7 @@ jobs:
   comment_on_submodule_update:
     permissions:
       issues: write # Required to create a comment on the pull request
+      pull-requests: write # Required to create a comment on the pull request
     runs-on: ubuntu-latest
 
     steps:

diff --git a/.github/workflows/increment-milestone-on-tag.yaml b/.github/workflows/increment-milestone-on-tag.yaml
@@ -0,0 +1,64 @@
+name: Increment milestones on tag
+on:
+  create
+permissions:
+  issues: write # Required to update milestones
+
+jobs:
+  increment_milestone:
+    if: github.event.ref_type == 'tag' && contains(github.event.ref,'-RC') == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Close current milestone
+        id: close-milestone
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1
+        with:
+          script: |
+            // Get the milestone title ("X.Y.Z") from tag name ("vX.Y.Z")
+            const match = '${{github.event.ref}}'.match(/v(\d+\.\d+\.\d+)/i)
+            if (!match) {
+              core.setFailed('Failed to parse tag name into milestone title: ${{github.event.ref}}')
+              return
+            }
+            const milestoneTitle = match[1]
+            // Look for the milestone from its title
+            const response = await github.rest.issues.listMilestones({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open'
+            })
+            if (!response.data || response.data.length == 0) {
+              core.setFailed(`Failed to list milestones: ${response.status}`)
+              return
+            }
+            const milestone = response.data.find(milestone => milestone.title == milestoneTitle)
+            if (!milestone) {
+              core.setFailed(`Failed to find milestone: ${milestoneTitle}`)
+              return
+            }
+            // Close the milestone
+            await github.rest.issues.updateMilestone({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'closed',
+              milestone_number: milestone.number
+            }).catch(error => {
+              core.setFailed(`Failed to close milestone: ${error}`)
+            })
+            // Compute the next milestone version
+            const versionNumbers = milestoneTitle.split('.').map(Number)
+            if (versionNumbers[2] != 0) {
+              core.info('Closing a patch version milestone. Not opening a new one.')
+              return
+            }
+            versionNumbers[1]++
+            const nextMilestoneTitle = versionNumbers.join('.')
+            core.info(`Creating next version milestone: ${nextMilestoneTitle}`)
+            // Create the next milestone
+            await github.issues.createMilestone({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: nextMilestoneTitle
+            }).catch(error => {
+              core.setFailed(`Failed to create milestone ${nextMilestoneTitle}: ${error}`)
+            })
diff --git a/.github/workflows/increment-milestones-on-tag.yaml b/.github/workflows/increment-milestones-on-tag.yaml
diff --git a/.github/workflows/tests/add-milestone-to-pull-requests/payload-pull-request.json b/.github/workflows/tests/add-milestone-to-pull-requests/payload-pull-request.json
@@ -0,0 +1,9 @@
+{
+    "pull_request": {
+        "number": 7549,
+        "base": {
+            "ref": "master"
+        },
+        "merged": true
+    }
+}
diff --git a/.github/workflows/tests/add-milestone-to-pull-requests/test-pull-request.sh b/.github/workflows/tests/add-milestone-to-pull-requests/test-pull-request.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source "$(dirname "$0")/../env.sh"
+testworkflow pull_request
diff --git a/.github/workflows/tests/env.sh b/.github/workflows/tests/env.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+function testworkflow() {
+    local EVENT_TYPE=$1
+    # Get workflow name
+    local TEST_PATH
+    TEST_PATH=$(dirname "$(readlink -f "${BASH_SOURCE[1]}")")
+    local WORKFLOW_NAME
+    WORKFLOW_NAME=$(basename "$TEST_PATH")
+    local WORKFLOW_FILE=.github/workflows/${WORKFLOW_NAME}.yaml
+    local PAYLOAD_FILE=${TEST_PATH}/payload-${EVENT_TYPE//_/-}.json
+    # Move to project root directory
+    local FILE_PATH
+    FILE_PATH=$(dirname "$0")
+    cd "$FILE_PATH/../../../../" || exit 1
+    # Check if workflow file and payload file exist
+    if [ ! -f "$WORKFLOW_FILE" ]; then
+        echo "Workflow file not found: $WORKFLOW_FILE"
+        exit 1
+    fi
+    if [ ! -f "$PAYLOAD_FILE" ]; then
+        echo "Payload file not found: $PAYLOAD_FILE"
+        exit 1
+    fi
+    # Run workflow using act
+    act "${EVENT_TYPE}" \
+        --workflows "${WORKFLOW_FILE}" \
+        --eventpath "${PAYLOAD_FILE}" \
+        --container-architecture linux/amd64 \
+        --secret GITHUB_TOKEN="$(gh auth token)" \
+        --verbose
+}
diff --git a/.github/workflows/tests/increment-milestone-on-tag/payload-create.json b/.github/workflows/tests/increment-milestone-on-tag/payload-create.json
@@ -0,0 +1,4 @@
+{
+    "ref_type": "tag",
+    "ref": "v1.40.0"
+}
diff --git a/.github/workflows/tests/increment-milestone-on-tag/test-create.sh b/.github/workflows/tests/increment-milestone-on-tag/test-create.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source "$(dirname "$0")/../env.sh"
+testworkflow create
diff --git a/.github/workflows/tests/update-issues-on-release/payload-release.json b/.github/workflows/tests/update-issues-on-release/payload-release.json
@@ -0,0 +1,6 @@
+{
+    "release": {
+        "name": "1.39.0",
+        "html_url": "https://github.com/DataDog/dd-trace-java/releases/tag/v1.39.0"
+    }
+}
diff --git a/.github/workflows/tests/update-issues-on-release/payload-workflow-dispatch.json b/.github/workflows/tests/update-issues-on-release/payload-workflow-dispatch.json
@@ -0,0 +1,5 @@
+{
+    "inputs": {
+        "milestone": "1.39.0"
+    }
+}
diff --git a/.github/workflows/tests/update-issues-on-release/test-release.sh b/.github/workflows/tests/update-issues-on-release/test-release.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source "$(dirname "$0")/../env.sh"
+testworkflow release
diff --git a/.github/workflows/tests/update-issues-on-release/test-workflow-dispatch.sh b/.github/workflows/tests/update-issues-on-release/test-workflow-dispatch.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+source "$(dirname "$0")/../env.sh"
+testworkflow workflow_dispatch
diff --git a/.github/workflows/update-gradle-dependencies.yaml b/.github/workflows/update-gradle-dependencies.yaml
@@ -59,6 +59,10 @@ jobs:
               COUNT=0
             fi
           done
+          # Check at uncommited files
+          echo "Checking uncommited files"
+          git status
+          # Create a PR from the created branch
           if [ $COUNT -gt 0 ]; then
             echo "Creating a commit to $BRANCH_NAME@$BRANCH_HEAD with $GH_ADD_ARGS"
             ghcommit --repository ${{ github.repository }} --branch $BRANCH_NAME --sha $BRANCH_HEAD $GH_ADD_ARGS --message "chore: Update Gradle dependencies"