-
Notifications
You must be signed in to change notification settings - Fork 11
73 lines (66 loc) · 2.76 KB
/
X-Reusable-VerifyInstrumentation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# Reusable workflow to run Verify Instrumentation on modules.
# Only processes a fraction of the modules so the they fit into a GHA matrix (which is limited to 255 jobs).
# This workflow does not use the setup-gradle action on purpose. That action retrieves over 1GB from the cache
# and when many runners do that at the same time, the cache server returns 429s (Too many requests).
name: X - Reusable Verify Instrumentation
on:
workflow_call:
inputs:
page:
required: true
type: string
description: 'The page to process (eg: 1/2 or 5/5)'
ref:
required: true
default: main
type: string
description: 'The ref (branch, SHA, tag?) to run the tests on'
jobs:
# this job reads the directories in csec-java-agent/instrumentation-security and creates a JSON with the list of the modules
# this list is paginated and will be used in the verify-module job.
read-modules:
runs-on: ubuntu-20.04
outputs:
modules: ${{ steps.set-modules.outputs.modules }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- id: set-modules
name: get instrumentation modules as json
run: |
cd instrumentation-security
tmpfile=$(mktemp /tmp/dirs.XXXXXXXXXX)
# lists the folders inside instrumentation, and removes the trailing '/'
cat ../settings.gradle | grep "^include 'instrumentation:" | cut -d"'" -f 2 | cut -d : -f 2 > $tmpfile
# creates an envar with the requested page of the instrumentation modules in a JSON format
modules=$((
echo '{ "modules" : '
split -n l/${{ inputs.page }} $tmpfile | jq -R -s -c 'split("\n")[:-1]'
echo " }"
) | jq -c .)
# save the output of the job
echo "modules=$modules" >> $GITHUB_OUTPUT
verify-module:
name: ${{ matrix.modules }}
runs-on: ubuntu-20.04
needs: read-modules
strategy:
fail-fast: false
# GHA's IDE think the line below is broken. It is not.
matrix: ${{ fromJson(needs.read-modules.outputs.modules) }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Setup environment
uses: ./.github/actions/setup-environment-inst-verifier
with:
apm-aws-access-key-id: ${{ secrets.APM_AWS_ACCESS_KEY_ID }}
apm-aws-secret-access-key: ${{ secrets.APM_AWS_SECRET_ACCESS_KEY }}
apm-aws-region: us-east-2
# Verify instrumentation must run with Java 17
- name: Running verifyInstrumentation on (${{ matrix.modules }})
env:
JAVA_HOME: ${{ env.JAVA_HOME_17_X64 }}
run: ./gradlew $GRADLE_OPTIONS --info :instrumentation:${{ matrix.modules }}:verifyInstrumentation