Skip to content

Commit ad2fe25

Browse files
gnufedeemmettbutler
gnufede
and
emmettbutler
authored
ci: parallel system tests (#8813)
CI: Introduces concurrency to System Tests execution in order to decrease wall time. Decreases wall time for system tests from ~37 min to ~23 min. ## Checklist - [x] Change(s) are motivated and described in the PR description - [x] Testing strategy is described if automated tests are not included in the PR - [x] Risks are described (performance impact, potential for breakage, maintainability) - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] [Library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) are followed or label `changelog/no-changelog` is set - [x] Documentation is included (in-code, generated user docs, [public corp docs](https://github.com/DataDog/documentation/)) - [x] Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) - [x] If this PR changes the public interface, I've notified `@DataDog/apm-tees`. - [x] If change touches code that signs or publishes builds or packages, or handles credentials of any kind, I've requested a review from `@DataDog/security-design-and-guidance`. ## Reviewer Checklist - [x] Title is accurate - [x] All changes are related to the pull request's stated goal - [x] Description motivates each change - [x] Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - [x] Testing strategy adequately addresses listed risks - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] Release note makes sense to a user of the library - [x] Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - [x] Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) --------- Co-authored-by: Emmett Butler <[email protected]>
1 parent bf29575 commit ad2fe25

File tree

1 file changed

+109
-42
lines changed

1 file changed

+109
-42
lines changed

.github/workflows/system-tests.yml

Lines changed: 109 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
python -c "import os,sys,fnmatch;sys.exit(not bool([_ for pattern in {'ddtrace/*', 'setup*', 'pyproject.toml', '.github/workflows/system-tests.yml'} for _ in fnmatch.filter(os.environ['PATHS'].splitlines(), pattern)]))"
2525
continue-on-error: true
2626

27-
system-tests:
27+
system-tests-build:
2828
runs-on: ubuntu-latest
2929
needs: needs-run
3030
strategy:
@@ -34,7 +34,7 @@ jobs:
3434
- weblog-variant: uwsgi-poc
3535
- weblog-variant: django-poc
3636
- weblog-variant: fastapi
37-
# runs django-poc for 3.12
37+
# runs django-poc for 3.12
3838
- weblog-variant: python3.12
3939
fail-fast: false
4040
env:
@@ -47,6 +47,7 @@ jobs:
4747
CMAKE_BUILD_PARALLEL_LEVEL: 12
4848
steps:
4949
- name: Setup python 3.9
50+
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
5051
uses: actions/setup-python@v4
5152
with:
5253
python-version: '3.9'
@@ -69,100 +70,165 @@ jobs:
6970
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
7071
run: ./build.sh
7172

72-
- name: Run INTEGRATIONS
73+
- name: Save
74+
id: save
7375
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
74-
run: ./run.sh INTEGRATIONS
76+
run: |
77+
docker image save system_tests/weblog:latest | gzip > ${{ matrix.weblog-variant}}_weblog_${{ github.sha }}.tar.gz
78+
docker image save system_tests/agent:latest | gzip > ${{ matrix.weblog-variant}}_agent_${{ github.sha }}.tar.gz
7579
76-
- name: Run CROSSED_TRACING_LIBRARIES
80+
- uses: actions/upload-artifact@master
7781
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
78-
run: ./run.sh CROSSED_TRACING_LIBRARIES
82+
with:
83+
name: ${{ matrix.weblog-variant }}_${{ github.sha }}
84+
path: |
85+
${{ matrix.weblog-variant}}_weblog_${{ github.sha }}.tar.gz
86+
${{ matrix.weblog-variant}}_agent_${{ github.sha }}.tar.gz
87+
venv
88+
retention-days: 2
7989

80-
- name: Run
90+
system-tests:
91+
runs-on: ubuntu-latest
92+
needs: [needs-run, system-tests-build]
93+
strategy:
94+
matrix:
95+
weblog-variant: [flask-poc, uwsgi-poc , django-poc, fastapi, python3.12]
96+
scenario: [remote-config, appsec, appsec-1, other]
97+
98+
fail-fast: false
99+
env:
100+
TEST_LIBRARY: python
101+
WEBLOG_VARIANT: ${{ matrix.weblog-variant }}
102+
# system-tests requires an API_KEY, but it does not have to be a valid key, as long as we don't run a scenario
103+
# that make assertion on backend data. Using a fake key allow to run system tests on PR originating from forks.
104+
# If ever it's needed, a valid key exists in the repo, using ${{ secrets.DD_API_KEY }}
105+
DD_API_KEY: 1234567890abcdef1234567890abcdef
106+
CMAKE_BUILD_PARALLEL_LEVEL: 12
107+
steps:
108+
- name: Setup python 3.9
81109
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
82-
run: ./run.sh
110+
uses: actions/setup-python@v4
111+
with:
112+
python-version: '3.9'
83113

84-
- name: Run REMOTE_CONFIG_MOCKED_BACKEND_ASM_FEATURES
114+
- name: Checkout system tests
115+
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
116+
uses: actions/checkout@v3
117+
with:
118+
repository: 'DataDog/system-tests'
119+
120+
- uses: actions/download-artifact@master
121+
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
122+
with:
123+
name: ${{ matrix.weblog-variant }}_${{ github.sha }}
124+
path: ${{ matrix.weblog-variant}}_${{ github.sha }}.tar.gz
125+
126+
- name: docker load
127+
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
128+
run: |
129+
docker load < ${{ matrix.weblog-variant}}_${{ github.sha }}.tar.gz/${{ matrix.weblog-variant}}_weblog_${{ github.sha }}.tar.gz
130+
docker load < ${{ matrix.weblog-variant}}_${{ github.sha }}.tar.gz/${{ matrix.weblog-variant}}_agent_${{ github.sha }}.tar.gz
131+
132+
- name: move venv
85133
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
134+
run: |
135+
mv ${{ matrix.weblog-variant}}_${{ github.sha }}.tar.gz/venv venv
136+
chmod -R +x venv/bin/*
137+
138+
- name: Run DEFAULT
139+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'other'
140+
run: ./run.sh DEFAULT
141+
142+
- name: Run SAMPLING
143+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'other'
144+
run: ./run.sh SAMPLING
145+
146+
- name: Run INTEGRATIONS
147+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'other'
148+
run: ./run.sh INTEGRATIONS
149+
150+
- name: Run CROSSED_TRACING_LIBRARIES
151+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'other'
152+
run: ./run.sh CROSSED_TRACING_LIBRARIES
153+
154+
- name: Run REMOTE_CONFIG_MOCKED_BACKEND_ASM_FEATURES
155+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'remote-config'
86156
run: ./run.sh REMOTE_CONFIG_MOCKED_BACKEND_ASM_FEATURES
87157

88158
- name: Run REMOTE_CONFIG_MOCKED_BACKEND_LIVE_DEBUGGING
89-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
159+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'remote-config'
90160
run: ./run.sh REMOTE_CONFIG_MOCKED_BACKEND_LIVE_DEBUGGING
91161

92162
- name: Run REMOTE_CONFIG_MOCKED_BACKEND_ASM_DD
93-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
163+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'remote-config'
94164
run: ./run.sh REMOTE_CONFIG_MOCKED_BACKEND_ASM_DD
95165

96166
- name: Run APPSEC_MISSING_RULES
97-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
167+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec'
98168
run: ./run.sh APPSEC_MISSING_RULES
99169

100170
- name: Run APPSEC_CUSTOM_RULES
101-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
171+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec'
102172
run: ./run.sh APPSEC_CUSTOM_RULES
103173

104174
- name: Run APPSEC_CORRUPTED_RULES
105-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
175+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec'
106176
run: ./run.sh APPSEC_CORRUPTED_RULES
107177

108178
- name: Run APPSEC_RULES_MONITORING_WITH_ERRORS
109-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
179+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec'
110180
run: ./run.sh APPSEC_RULES_MONITORING_WITH_ERRORS
111181

112-
- name: Run APPSEC_BLOCKING
113-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
114-
run: ./run.sh APPSEC_BLOCKING
115-
116-
- name: Run APPSEC_DISABLED
117-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
118-
run: ./run.sh APPSEC_DISABLED
119-
120182
- name: Run APPSEC_LOW_WAF_TIMEOUT
121-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
183+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec'
122184
run: ./run.sh APPSEC_LOW_WAF_TIMEOUT
123185

124186
- name: Run APPSEC_CUSTOM_OBFUSCATION
125-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
187+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec'
126188
run: ./run.sh APPSEC_CUSTOM_OBFUSCATION
127189

128190
- name: Run APPSEC_RATE_LIMITER
129-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
191+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec'
130192
run: ./run.sh APPSEC_RATE_LIMITER
131193

132-
- name: Run APPSEC_BLOCKING_FULL_DENYLIST
133-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
134-
run: ./run.sh APPSEC_BLOCKING_FULL_DENYLIST
135-
136-
- name: Run APPSEC_REQUEST_BLOCKING
137-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
138-
run: ./run.sh APPSEC_REQUEST_BLOCKING
139-
140194
- name: Run APPSEC_RUNTIME_ACTIVATION
141-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
195+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec-1'
142196
run: ./run.sh APPSEC_RUNTIME_ACTIVATION
143197

144198
- name: Run APPSEC_WAF_TELEMETRY
145-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
199+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec-1'
146200
run: ./run.sh APPSEC_WAF_TELEMETRY
147201

148-
- name: Run SAMPLING
149-
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
150-
run: ./run.sh SAMPLING
202+
- name: Run APPSEC_DISABLED
203+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec-1'
204+
run: ./run.sh APPSEC_DISABLED
205+
206+
- name: Run APPSEC_BLOCKING
207+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec-1'
208+
209+
run: ./run.sh APPSEC_BLOCKING
210+
- name: Run APPSEC_BLOCKING_FULL_DENYLIST
211+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec-1'
212+
run: ./run.sh APPSEC_BLOCKING_FULL_DENYLIST
213+
214+
- name: Run APPSEC_REQUEST_BLOCKING
215+
if: (needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule') && matrix.scenario == 'appsec-1'
216+
run: ./run.sh APPSEC_REQUEST_BLOCKING
151217

152-
# even on failures, we want to have artifact to be able to investigate, so run if build was a success
153218
# The compress step speed up a lot the upload artifact process
154219
- name: Compress artifact
220+
if: needs.needs-run.outputs.outcome == 'success' || github.event_name == 'schedule'
155221
id: compress-artifact
156-
if: steps.build.outcome == 'success' || github.event_name == 'schedule'
157222
run: tar -czvf artifact.tar.gz $(ls | grep logs)
158223

159224
- name: Upload artifact
160225
uses: actions/upload-artifact@v3
161226
if: steps.compress-artifact.outcome == 'success' || github.event_name == 'schedule'
162227
with:
163-
name: logs_${{ matrix.weblog-variant }}
228+
name: logs_${{ matrix.weblog-variant }}_${{ matrix.scenario }}
164229
path: artifact.tar.gz
165230

231+
166232
parametric:
167233
runs-on: ubuntu-latest
168234
needs: needs-run
@@ -203,3 +269,4 @@ jobs:
203269
with:
204270
name: logs_parametric
205271
path: artifact.tar.gz
272+

0 commit comments

Comments
 (0)