From 77d83ef3a5a1872633fa4e6aa0e8bccb8aeb29c8 Mon Sep 17 00:00:00 2001 From: Tony Hsu Date: Wed, 5 Mar 2025 11:37:41 +0100 Subject: [PATCH] Add actionlint --- .github/workflows/_unit_test.yml | 6 +-- .../add-milestone-to-pull-requests.yml | 2 +- .github/workflows/build-gem.yml | 4 +- .github/workflows/cache-cleanup.yml | 40 ++++++++++--------- .github/workflows/check.yml | 14 ++++++- .github/workflows/publish.yml | 8 ++-- .github/workflows/system-tests.yml | 21 ++++++---- .github/workflows/test-memory-leaks.yaml | 6 ++- .github/workflows/test.yml | 6 +-- 9 files changed, 67 insertions(+), 40 deletions(-) diff --git a/.github/workflows/_unit_test.yml b/.github/workflows/_unit_test.yml index ce60c0b8be1..bbac737293d 100644 --- a/.github/workflows/_unit_test.yml +++ b/.github/workflows/_unit_test.yml @@ -42,7 +42,7 @@ jobs: LOCKFILE: lockfile-${{ inputs.alias }}-${{ github.run_id }} run: | bundle lock - echo "lockfile=$LOCKFILE" >> $GITHUB_OUTPUT + echo "lockfile=$LOCKFILE" >> "$GITHUB_OUTPUT" - name: Upload lockfile uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 @@ -73,8 +73,8 @@ jobs: batches_data=$(echo "$data" | ruby -rjson -e 'puts JSON.parse(STDIN.read)["batches"].to_json') misc_data=$(echo "$data" | ruby -rjson -e 'puts JSON.parse(STDIN.read)["misc"].to_json') - echo "batches=$batches_data" >> $GITHUB_OUTPUT - echo "misc=$misc_data" >> $GITHUB_OUTPUT + echo "batches=$batches_data" >> "$GITHUB_OUTPUT" + echo "misc=$misc_data" >> "$GITHUB_OUTPUT" - name: Generate batch summary run: bundle exec rake github:generate_batch_summary env: diff --git a/.github/workflows/add-milestone-to-pull-requests.yml b/.github/workflows/add-milestone-to-pull-requests.yml index 39bec233579..3ce9fc77c29 100644 --- a/.github/workflows/add-milestone-to-pull-requests.yml +++ b/.github/workflows/add-milestone-to-pull-requests.yml @@ -23,7 +23,7 @@ jobs: # Parse the gemspec and return the major version id: version run: | - echo "::set-output name=version::$(find . -name *.gemspec | ruby -ne 'puts Gem::Specification.load($_.chomp).version.to_s.split(".").first')" + echo "name=version::$(find . -name "*.gemspec" | ruby -ne "puts Gem::Specification.load($_.chomp).version.to_s.split(\".\").first")" >> "$GITHUB_OUTPUT" - name: Get project milestones id: milestones diff --git a/.github/workflows/build-gem.yml b/.github/workflows/build-gem.yml index 2fa9e43b804..1f6db924b96 100644 --- a/.github/workflows/build-gem.yml +++ b/.github/workflows/build-gem.yml @@ -47,7 +47,7 @@ jobs: GIT_REF: ${{ github.ref }} GIT_SHA: ${{ github.sha }} run: | - .gitlab/patch_gem_version.sh gha $GHA_RUN_ID $GIT_REF $GIT_SHA; + .gitlab/patch_gem_version.sh gha "$GHA_RUN_ID" "$GIT_REF" "$GIT_SHA"; - name: Patch gem host if: ${{ matrix.type != 'final' }} @@ -56,7 +56,7 @@ jobs: sed datadog.gemspec -i -e "s,^\([\t ]*spec\.metadata\['allowed_push_host'\]\) *= *,\1 = \'${GEM_HOST}\' # ," # Test result - cat datadog.gemspec | grep -e allowed_push_host + grep -e allowed_push_host datadog.gemspec - name: Build gem run: bundle exec rake build - name: List gem diff --git a/.github/workflows/cache-cleanup.yml b/.github/workflows/cache-cleanup.yml index df671052580..6095d345346 100644 --- a/.github/workflows/cache-cleanup.yml +++ b/.github/workflows/cache-cleanup.yml @@ -16,46 +16,50 @@ jobs: steps: - name: Cleanup run: | - echo "# Cache Cleanup Summary" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY - echo "**PR Number:** #${{ github.event.pull_request.number }}" >> $GITHUB_STEP_SUMMARY - echo "**Branch:** \`$BRANCH\`" >> $GITHUB_STEP_SUMMARY - echo "" >> $GITHUB_STEP_SUMMARY + { + echo "# Cache Cleanup Summary" + echo "" + echo "**PR Number:** #${{ github.event.pull_request.number }}" + echo "**Branch:** \`$BRANCH\`" + echo "" + } >> "$GITHUB_STEP_SUMMARY" echo "[DEBUG] Fetching cache list..." # Get full cache details - CACHE_LIST=$(gh cache list --ref $BRANCH --limit 100 --json key,sizeInBytes,id) + CACHE_LIST=$(gh cache list --ref "$BRANCH" --limit 100 --json key,sizeInBytes,id) if [ -z "$CACHE_LIST" ] || [ "$CACHE_LIST" = "[]" ]; then echo "[DEBUG] No caches found" - echo "No caches found for this PR" >> $GITHUB_STEP_SUMMARY + echo "No caches found for this PR" >> "$GITHUB_STEP_SUMMARY" exit 0 fi - # Create table header - echo "| Cache ID | Cache Key | Size |" >> $GITHUB_STEP_SUMMARY - echo "|----------|-----------|------|" >> $GITHUB_STEP_SUMMARY + { + echo "| Cache ID | Cache Key | Size |" + echo "|----------|-----------|------|" + } >> "$GITHUB_STEP_SUMMARY" # Extract IDs and process deletions echo "$CACHE_LIST" | jq -r '.[] | [.id, .key, .sizeInBytes] | @tsv' | while IFS=$'\t' read -r id key size; do # Convert size to human readable format - if [ $size -ge 1048576 ]; then - readable_size=$(echo "scale=2; $size/1048576" | bc)"MB" + if [ "$size" -ge 1048576 ]; then + readable_size=$(echo "scale=2; $size/1048576" | bc 2>/dev/null || echo "$size")"MB" else - readable_size=$(echo "scale=2; $size/1024" | bc)"KB" + readable_size=$(echo "scale=2; $size/1024" | bc 2>/dev/null || echo "$size")"KB" fi echo "[DELETE] Processing cache ID: $id" - gh cache delete $id + gh cache delete "$id" echo "[INFO] Processed cache $id" # Add row to summary table - echo "| \`$id\` | \`$key\` | $readable_size |" >> $GITHUB_STEP_SUMMARY + echo "| \`$id\` | \`$key\` | $readable_size |" >> "$GITHUB_STEP_SUMMARY" done - # Add completion timestamp - echo "" >> $GITHUB_STEP_SUMMARY - echo "Cleanup completed at: $(date -u '+%Y-%m-%d %H:%M:%S UTC')" >> $GITHUB_STEP_SUMMARY + { + echo "" + echo "Cleanup completed at: $(date -u '+%Y-%m-%d %H:%M:%S UTC')" + } >> "$GITHUB_STEP_SUMMARY" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_REPO: ${{ github.repository }} diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index ad3ab27c699..76a340bdb91 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -77,7 +77,7 @@ jobs: - name: Check types run: bundle exec rake steep:check - name: Record stats - run: bundle exec rake steep:stats[md] >> $GITHUB_STEP_SUMMARY + run: bundle exec rake steep:stats[md] >> "$GITHUB_STEP_SUMMARY" # Dogfooding Datadog SBOM Analysis dd-software-composition-analysis: @@ -147,6 +147,17 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + actionlint: + name: actionlint + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - uses: docker://rhysd/actionlint:1.7.7 + with: + args: -color + complete: name: Static Analysis (complete) needs: @@ -157,6 +168,7 @@ jobs: - 'dd-software-composition-analysis' - 'dd-static-analysis' - 'zizmor' + - 'actionlint' runs-on: ubuntu-24.04 steps: - run: echo "Done" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8da6a97f627..71b80384332 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -25,7 +25,7 @@ jobs: ruby-version: '3.3.7' - id: version - run: echo "version=$(ruby -e 'puts Gem::Specification::load(Dir.glob("*.gemspec").first).version')" >> $GITHUB_OUTPUT + run: echo "version=$(ruby -e 'puts Gem::Specification::load(Dir.glob("*.gemspec").first).version')" >> "$GITHUB_OUTPUT" # Check if the gem version is already published - name: Verify gem version @@ -138,10 +138,10 @@ jobs: steps: - name: Download from RubyGems run: | - gem fetch datadog --version ${GEM_VERSION} --verbose + gem fetch datadog --version "${GEM_VERSION}" --verbose - name: Attach to existing release draft run: | - gh release upload "v${GEM_VERSION}" *.gem --clobber + gh release upload "v${GEM_VERSION}" -- *.gem --clobber gh release edit "v${GEM_VERSION}" --draft=false update-gem-version: @@ -167,7 +167,7 @@ jobs: - run: bundle install - id: next_version run: | - echo "next_version=$(bundle exec rake version:next)" >> $GITHUB_OUTPUT + echo "next_version=$(bundle exec rake version:next)" >> "$GITHUB_OUTPUT" # https://docs.github.com/en/rest/issues/milestones?apiVersion=2022-11-28 milestone: diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index c36f4747bc3..48764276f43 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -172,9 +172,11 @@ jobs: - name: Read forced-tests-list.json file id: read_forced_tests_list run: | - echo "FORCED_TESTS_LIST<> $GITHUB_OUTPUT - echo "$(cat binaries/dd-trace-rb/.github/forced-tests-list.json)" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT + { + printf "FORCED_TESTS_LIST<> "$GITHUB_OUTPUT" - name: Login to Docker Hub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -201,12 +203,17 @@ jobs: for tag in latest; do cache_from+=(--cache-from "${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:${tag}") done + parents="$(cd 'binaries/${{ matrix.library.path }}' && git rev-list --parents -n 1 ${{ github.sha }})" - for sha in $parents; do - cache_from+=(--cache-from ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:g${sha}) + + # Use read to properly split the string into an array + read -ra parent_shas <<< "$parents" + for sha in "${parent_shas[@]}"; do + cache_from+=(--cache-from "${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:g${sha}") done + echo "cache args: ${cache_from[*]}" - ./build.sh --library ${{ matrix.library.name }} --weblog-variant ${{ matrix.app }} --images ${{ matrix.image }} --extra-docker-args "${cache_from[*]}" + ./build.sh --library "${{ matrix.library.name }}" --weblog-variant "${{ matrix.app }}" --images "${{ matrix.image }}" --extra-docker-args "${cache_from[*]}" - name: Tag image for CI run run: docker tag system_tests/${{ matrix.image }}:latest ${{ env.REPO }}/system-tests/${{ matrix.library.name }}/${{ matrix.image }}-${{ matrix.app }}:gha${{ github.run_id }}-g${{ github.sha }} - name: Push image for CI run @@ -444,7 +451,7 @@ jobs: - name: Print fancy log report run: | find logs* - python utils/scripts/markdown_logs.py >> $GITHUB_STEP_SUMMARY + python utils/scripts/markdown_logs.py >> "$GITHUB_STEP_SUMMARY" cleanup: strategy: diff --git a/.github/workflows/test-memory-leaks.yaml b/.github/workflows/test-memory-leaks.yaml index d687da5851a..7f8bc9191c9 100644 --- a/.github/workflows/test-memory-leaks.yaml +++ b/.github/workflows/test-memory-leaks.yaml @@ -38,7 +38,11 @@ jobs: bundler-cache: true # runs 'bundle install' and caches installed gems automatically bundler: latest cache-version: v2 # bump this to invalidate cache - - run: env RUBY_FREE_AT_EXIT=1 LSAN_OPTIONS=verbosity=0:log_threads=1:suppressions=`pwd`/suppressions/lsan.supp ASAN_OPTIONS=detect_leaks=1 bundle exec rake spec:profiling:main + - run: bundle exec rake spec:profiling:main + env: + RUBY_FREE_AT_EXIT: 1 + LSAN_OPTIONS: verbosity=0:log_threads=1:suppressions=${{ github.workspace }}/suppressions/lsan.supp + ASAN_OPTIONS: detect_leaks=1 complete: name: Test for memory leaks (complete) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 86c02df47de..4a8d862697c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -152,12 +152,12 @@ jobs: - if: github.event_name == 'pull_request' env: DD_GIT_COMMIT_SHA: ${{ github.event.pull_request.head.sha }} - run: echo "DD_GIT_COMMIT_SHA=$DD_GIT_COMMIT_SHA" >> $GITHUB_ENV + run: echo "DD_GIT_COMMIT_SHA=$DD_GIT_COMMIT_SHA" >> "$GITHUB_ENV" - if: github.event_name != 'pull_request' env: DD_GIT_COMMIT_SHA: ${{ github.sha }} - run: echo "DD_GIT_COMMIT_SHA=$DD_GIT_COMMIT_SHA" >> $GITHUB_ENV - - run: echo $DD_GIT_COMMIT_SHA + run: echo "DD_GIT_COMMIT_SHA=$DD_GIT_COMMIT_SHA" >> "$GITHUB_ENV" + - run: echo "$DD_GIT_COMMIT_SHA" - name: Upload junit reports run: datadog-ci junit upload --verbose tmp/rspec/