[SVLS-8054] add integration tests [WIP]

.dockerignore

@@ -1 +1,2 @@
-/bottlecap/target/
+bottlecap/target/
+integration-tests/

.gitlab/Dockerfile

@@ -4,6 +4,10 @@ RUN apt-get update && apt-get install -y --fix-missing --no-install-recommends \
   curl gcc gnupg g++ make cmake unzip openssl g++ uuid-runtime libclang-dev \
   clang llvm-dev
 
+# Install Node.js 20 from NodeSource
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
+  apt-get install -y nodejs
+
 # Install AWS CLI
 RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
 RUN unzip awscliv2.zip && ./aws/install

.gitlab/datasources/flavors.yaml

@@ -1,14 +1,4 @@
 flavors:
-  - name: amd64
-    arch: amd64
-    alpine: 0
-    fips: 0
-    needs_layer_publish: true
-    suffix: amd64
-    layer_name_base_suffix: ""
-    max_layer_compressed_size_mb: 27
-    max_layer_uncompressed_size_mb: 54
-
   - name: arm64
     arch: arm64
     alpine: 0
@@ -19,78 +9,12 @@ flavors:
     max_layer_compressed_size_mb: 24
     max_layer_uncompressed_size_mb: 50
 
-  - name: amd64, alpine
-    arch: amd64
-    alpine: 1
-    fips: 0
-    needs_layer_publish: false
-    suffix: amd64-alpine
-
-  - name: arm64, alpine
-    arch: arm64
-    alpine: 1
-    fips: 0
-    needs_layer_publish: false
-    suffix: arm64-alpine
-
-  - name: amd64, fips
-    arch: amd64
-    alpine: 0
-    fips: 1
-    needs_layer_publish: true
-    suffix: amd64-fips
-    layer_name_base_suffix: "-FIPS"
-    max_layer_compressed_size_mb: 28
-    max_layer_uncompressed_size_mb: 56
-
-  - name: arm64, fips
-    arch: arm64
-    alpine: 0
-    fips: 1
-    needs_layer_publish: true
-    suffix: arm64-fips
-    layer_name_base_suffix: "-ARM-FIPS"
-    max_layer_compressed_size_mb: 25
-    max_layer_uncompressed_size_mb: 52
-
-  - name: amd64, fips, alpine
-    arch: amd64
-    alpine: 1
-    fips: 1
-    needs_layer_publish: false
-    suffix: amd64-alpine-fips
-
-  - name: arm64, fips, alpine
-    arch: arm64
-    alpine: 1
-    fips: 1
-    needs_layer_publish: false
-    suffix: arm64-alpine-fips
-
 # Unfortunately our mutli-arch images don't fit nicely into the flavors
 # structure above. Since we are making multi-arch images, the suffixes here
 # omit the "arch" component and only include the alpine/fips bits.
 multi_arch_image_flavors:
   - name: basic
     alpine: 0
     fips: 0
-    dependency_names: [amd64, arm64]
+    dependency_names: [arm64]
     suffix: ""
-
-  - name: alpine
-    alpine: 1
-    fips: 0
-    dependency_names: ["amd64, alpine", "arm64, alpine"]
-    suffix: "-alpine"
-
-  - name: fips
-    alpine: 0
-    fips: 1
-    dependency_names: ["amd64, fips", "arm64, fips"]
-    suffix: "-fips"
-
-  - name: fips, alpine
-    alpine: 1
-    fips: 1
-    dependency_names: ["amd64, fips, alpine", "arm64, fips, alpine"]
-    suffix: "-alpine-fips"

.gitlab/scripts/get_secrets.sh

@@ -37,6 +37,42 @@ export DD_API_KEY=$(aws ssm get-parameter \
     --query "Parameter.Value" \
     --out text)
 
+if [ -n "$DD_API_KEY" ]; then
+    printf "✓ DD_API_KEY retrieved successfully\n"
+else
+    printf "✗ Failed to retrieve DD_API_KEY\n"
+fi
+
+printf "Getting DD API KEY Secret ARN...\n"
+
+export DATADOG_API_SECRET_ARN=$(aws ssm get-parameter \
+    --region us-east-1 \
+    --name ci.datadog-lambda-extension.dd-api-key-secret-arn \
+    --with-decryption \
+    --query "Parameter.Value" \
+    --out text)
+
+if [ -n "$DATADOG_API_SECRET_ARN" ]; then
+    printf "✓ DATADOG_API_SECRET_ARN retrieved successfully\n"
+else
+    printf "✗ Failed to retrieve DATADOG_API_SECRET_ARN\n"
+fi
+
+printf "Getting DD APP KEY...\n"
+
+export DD_APP_KEY=$(aws ssm get-parameter \
+    --region us-east-1 \
+    --name ci.datadog-lambda-extension.dd-app-key \
+    --with-decryption \
+    --query "Parameter.Value" \
+    --out text)
+
+if [ -n "$DD_APP_KEY" ]; then
+    printf "✓ DD_APP_KEY retrieved successfully\n"
+else
+    printf "✗ Failed to retrieve DD_APP_KEY\n"
+fi
+
 printf "Assuming role...\n"
 
 export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \

.gitlab/templates/pipeline.yaml.tpl

@@ -2,6 +2,7 @@ stages:
   - test
   - compile
   - build
+  - integration-tests
   - self-monitoring
   - sign
   - publish
@@ -314,3 +315,160 @@ signed layer bundle:
     - rm -rf datadog_extension-signed-bundle-${CI_JOB_ID}
     - mkdir -p datadog_extension-signed-bundle-${CI_JOB_ID}
     - cp .layers/datadog_extension-*.zip datadog_extension-signed-bundle-${CI_JOB_ID}
+
+# Integration Tests - Publish arm64 layer with integration test prefix
+publish integration layer (arm64):
+  stage: integration-tests
+  tags: ["arch:amd64"]
+  image: ${CI_DOCKER_TARGET_IMAGE}:${CI_DOCKER_TARGET_VERSION}
+  rules:
+    - when: on_success
+  needs:
+    - layer (arm64)
+  dependencies:
+    - layer (arm64)
+  variables:
+    LAYER_NAME_BASE_SUFFIX: ""
+    ARCHITECTURE: arm64
+    LAYER_FILE: datadog_extension-arm64.zip
+    REGION: us-east-1
+    ADD_LAYER_VERSION_PERMISSIONS: "0"
+    AUTOMATICALLY_BUMP_VERSION: "1"
+  {{ with $environment := (ds "environments").environments.sandbox }}
+  before_script:
+    - EXTERNAL_ID_NAME={{ $environment.external_id }} ROLE_TO_ASSUME={{ $environment.role_to_assume }} AWS_ACCOUNT={{ $environment.account }} source .gitlab/scripts/get_secrets.sh
+    - export PIPELINE_LAYER_SUFFIX="ARM-${CI_COMMIT_SHORT_SHA}"
+    - echo "Publishing layer with suffix - ${PIPELINE_LAYER_SUFFIX}"
+  script:
+    - .gitlab/scripts/publish_layers.sh
+    # Get the layer ARN we just published and save it as an artifact
+    - LAYER_ARN=$(aws lambda list-layer-versions --layer-name "Datadog-Extension-ARM-${CI_COMMIT_SHORT_SHA}" --query 'LayerVersions[0].LayerVersionArn' --output text --region us-east-1)
+    - echo "Published layer ARN - ${LAYER_ARN}"
+    - echo "${LAYER_ARN}" > integration_layer_arn.txt
+  artifacts:
+    paths:
+      - integration_layer_arn.txt
+    expire_in: 1 hour
+  {{ end }}
+
+# Integration Tests - Deploy CDK stacks with commit hash prefix
+integration-deploy:
+  stage: integration-tests
+  tags: ["arch:amd64"]
+  image: ${CI_DOCKER_TARGET_IMAGE}:${CI_DOCKER_TARGET_VERSION}
+  rules:
+    - when: on_success
+  needs:
+    - publish integration layer (arm64)
+  dependencies:
+    - publish integration layer (arm64)
+  variables:
+    IDENTIFIER: ${CI_COMMIT_SHORT_SHA}
+    AWS_DEFAULT_REGION: us-east-1
+  {{ with $environment := (ds "environments").environments.sandbox }}
+  before_script:
+    - EXTERNAL_ID_NAME={{ $environment.external_id }} ROLE_TO_ASSUME={{ $environment.role_to_assume }} AWS_ACCOUNT={{ $environment.account }} source .gitlab/scripts/get_secrets.sh
+    - curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+    - apt-get install -y nodejs
+    - cd integration-tests
+    - npm ci
+  {{ end }}
+  script:
+    - echo "Deploying CDK stacks with identifier ${IDENTIFIER}..."
+    - export EXTENSION_LAYER_ARN=$(cat ../integration_layer_arn.txt)
+    - echo "Using integration test layer - ${EXTENSION_LAYER_ARN}"
+    - export CDK_DEFAULT_ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
+    - export CDK_DEFAULT_REGION=us-east-1
+    - npm run build
+    - npx cdk deploy "integ-$IDENTIFIER-*" --require-approval never
+
+# Integration Tests - Run Jest test suite
+integration-test:
+  stage: integration-tests
+  tags: ["arch:amd64"]
+  image: ${CI_DOCKER_TARGET_IMAGE}:${CI_DOCKER_TARGET_VERSION}
+  rules:
+    - when: on_success
+  needs:
+    - integration-deploy
+  variables:
+    IDENTIFIER: ${CI_COMMIT_SHORT_SHA}
+    DD_SITE: datadoghq.com
+  {{ with $environment := (ds "environments").environments.sandbox }}
+  before_script:
+    - EXTERNAL_ID_NAME={{ $environment.external_id }} ROLE_TO_ASSUME={{ $environment.role_to_assume }} AWS_ACCOUNT={{ $environment.account }} source .gitlab/scripts/get_secrets.sh
+    - curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+    - apt-get install -y nodejs
+    - cd integration-tests
+    - npm ci
+  script:
+    - echo "Running integration tests with identifier ${IDENTIFIER}..."
+    - npm run test:ci
+  {{ end }}
+  artifacts:
+    when: always
+    paths:
+      - integration-tests/test-results/
+    reports:
+      junit: integration-tests/test-results/junit.xml
+    expire_in: 30 days
+
+# Integration Tests - Cleanup stacks
+integration-cleanup-stacks:
+  stage: integration-tests
+  tags: ["arch:amd64"]
+  image: ${CI_DOCKER_TARGET_IMAGE}:${CI_DOCKER_TARGET_VERSION}
+  when: always
+  rules:
+    - when: always
+  needs:
+    - integration-test
+  variables:
+    IDENTIFIER: ${CI_COMMIT_SHORT_SHA}
+  {{ with $environment := (ds "environments").environments.sandbox }}
+  before_script:
+    - EXTERNAL_ID_NAME={{ $environment.external_id }} ROLE_TO_ASSUME={{ $environment.role_to_assume }} AWS_ACCOUNT={{ $environment.account }} source .gitlab/scripts/get_secrets.sh
+    - curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+    - apt-get install -y nodejs
+    - cd integration-tests
+  {{ end }}
+  script:
+    - echo "Destroying CDK stacks with identifier ${IDENTIFIER}..."
+    - npx cdk destroy "integ-$IDENTIFIER-*" --force || echo "Failed to destroy some stacks, but continuing..."
+
+# Integration Tests - Cleanup layer
+integration-cleanup-layer:
+  stage: integration-tests
+  tags: ["arch:amd64"]
+  image: ${CI_DOCKER_TARGET_IMAGE}:${CI_DOCKER_TARGET_VERSION}
+  when: always
+  rules:
+    - when: always
+  needs:
+    - integration-cleanup-stacks
+  variables:
+    IDENTIFIER: ${CI_COMMIT_SHORT_SHA}
+  {{ with $environment := (ds "environments").environments.sandbox }}
+  before_script:
+    - EXTERNAL_ID_NAME={{ $environment.external_id }} ROLE_TO_ASSUME={{ $environment.role_to_assume }} AWS_ACCOUNT={{ $environment.account }} source .gitlab/scripts/get_secrets.sh
+  {{ end }}
+  script:
+    - echo "Deleting integration test layer with identifier ${IDENTIFIER}..."
+    - |
+      LAYER_NAME="Datadog-Extension-${IDENTIFIER}"
+      echo "Looking for layer: ${LAYER_NAME}"
+
+      # Get all versions of the layer
+      VERSIONS=$(aws lambda list-layer-versions --layer-name "${LAYER_NAME}" --query 'LayerVersions[*].Version' --output text --region us-east-1 2>/dev/null || echo "")
+
+      if [ -z "$VERSIONS" ]; then
+        echo "No versions found for layer ${LAYER_NAME}"
+      else
+        echo "Found versions: ${VERSIONS}"
+        for VERSION in $VERSIONS; do
+          echo "Deleting ${LAYER_NAME} version ${VERSION}..."
+          aws lambda delete-layer-version --layer-name "${LAYER_NAME}" --version-number "${VERSION}" --region us-east-1 || echo "Failed to delete version ${VERSION}, continuing..."
+        done
+        echo "Successfully deleted all versions of ${LAYER_NAME}"
+      fi
+

integration-tests/.gitignore

@@ -0,0 +1,40 @@
+# CDK
+*.js
+!jest.config.js
+!lambda/**/*.js
+*.d.ts
+node_modules
+cdk.out
+.cdk.staging
+
+# Compiled output
+dist/
+*.tsbuildinfo
+
+# Logs
+*.log
+npm-debug.log*
+
+# Testing
+coverage/
+.nyc_output/
+test-results/
+
+# Environment
+.env
+.env.local
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Lambda artifacts
+response.json
+lambda-bundle.zip