feat: use GITHUB_TOKEN if available in Serverless-Init .NET install script (#748)

duncanpharvey · web-flow · commit 70aa67f1e578 · 2025-07-18T13:32:51.000-04:00
Currently the .NET install script for Serverless-Init makes unauthenticated requests to the Github API, sometimes resulting in rate limiting. This PR adds a `GITHUB_TOKEN` to be passed as a [Docker secret](https://docs.docker.com/build/building/secrets/) to the .NET install script to allow for an increased rate limit. If no `GITHUB_TOKEN` is passed then requests will be unauthenticated as they were before this change. ## Motivation #734 ## Additional Notes - Check if a `GITHUB_TOKEN` environment variable is set. If it is, pass it in the `Authorization` header with `Bearer` - Add a `status_code` attribute to the response json and print it for troubleshooting - Use `jq` to parse the response json * Note that control characters needed to be stripped from the Github responses in order to be successfully parsed - If the tracer version is not parsed from the response json, presumably due to rate limiting or some other issue on Github's end, exit the script Github token provided -> success ``` #16 6.759 Github token provided #16 7.243 Status code of version request: 200 #16 7.291 Downloading version 3.21.0 of the .NET tracer into /tmp/datadog-dotnet-apm.tar.gz #16 7.291 Github token provided #16 10.08 Status code of download request: 200 ``` No Github token provided -> success ``` #16 7.664 Github token not provided #16 7.967 Status code of version request: 200 #16 8.018 Downloading version 3.21.0 of the .NET tracer into /tmp/datadog-dotnet-apm.tar.gz #16 8.019 Github token not provided #16 11.10 Status code of download request: 200 ``` No Github token provided -> rate limited ``` 6.518 Github token not provided 6.780 Status code of version request: 403 6.828 Error: Could not determine the tracer version. Exiting. ``` ### Usage - Pass value in `GITHUB_TOKEN` environment variable to the Docker secret `github-token`. ``` docker build -t <image> --secret id=github-token,env=GITHUB_TOKEN . ``` - In the Dockerfile, read the value of the `github-token` secret into the `GITHUB_TOKEN` environment variable so it can be passed in the authentication header of the Github API request. ``` RUN --mount=type=secret,id=github-token,env=GITHUB_TOKEN \ chmod +x /app/dotnet.sh && /app/dotnet.sh ``` Relevant documentation to update following this change: - https://docs.datadoghq.com/serverless/guide/gcr_serverless_init/?tab=dotnet - https://docs.datadoghq.com/serverless/guide/aca_serverless_init/?tab=dotnet - https://docs.datadoghq.com/serverless/guide/azure_app_service_linux_containers_serverless_init/?tab=dotnet
diff --git a/scripts/serverless_init_dotnet.sh b/scripts/serverless_init_dotnet.sh
@@ -6,16 +6,35 @@ if [ -f "/etc/alpine-release" ]; then
     exit 1
 fi
 
-# Make sure curl is installed
-apt-get update && apt-get install -y curl
+# Make sure curl and jq are installed
+apt-get update && apt-get install -y curl jq
+
+ghcurl() {
+  if [ -n "$GITHUB_TOKEN" ]; then
+    echo "Github token provided" >&2
+    curl -sSL -w '{"status_code": %{http_code}}' -H "Authorization: Bearer $GITHUB_TOKEN" "$@" | jq -sre add
+  else
+    echo "Github token not provided" >&2
+    curl -sSL -w '{"status_code": %{http_code}}' "$@" | jq -sre add
+  fi
+}
 
 # Get latest released version of dd-trace-dotnet
-TRACER_VERSION=$(curl -s https://api.github.com/repos/DataDog/dd-trace-dotnet/releases/latest | grep 'tag_name' | cut -d '"' -f 4)
-TRACER_VERSION=${TRACER_VERSION#v} # remove the 'v' prefix
+response=$(ghcurl https://api.github.com/repos/DataDog/dd-trace-dotnet/releases/latest)
+sanitized_response=$(echo "$response" | tr -d '\000-\037') # remove control characters from json response
+echo "Status code of version request: $(echo "$sanitized_response" | jq '.status_code')"
+TRACER_VERSION=$(echo "$sanitized_response" | jq -r '.tag_name // empty'  | sed 's/^v//')
+
+if [ -z "$TRACER_VERSION" ]; then
+  echo "Error: Could not determine the tracer version. Exiting." >&2
+  exit 1
+fi
 
 # Download the tracer to the dd_tracer folder
 echo Downloading version "${TRACER_VERSION}" of the .NET tracer into /tmp/datadog-dotnet-apm.tar.gz
-curl -L "https://github.com/DataDog/dd-trace-dotnet/releases/download/v${TRACER_VERSION}/datadog-dotnet-apm-${TRACER_VERSION}.tar.gz" -o /tmp/datadog-dotnet-apm.tar.gz
+response=$(ghcurl "https://github.com/DataDog/dd-trace-dotnet/releases/download/v${TRACER_VERSION}/datadog-dotnet-apm-${TRACER_VERSION}.tar.gz" \
+    -o /tmp/datadog-dotnet-apm.tar.gz)
+echo "Status code of download request: $(echo "$response" | jq '.status_code')"
 
 # Unarchive the tracer and remove the tmp
 mkdir -p /dd_tracer/dotnet
