Fix workflow

dkirov-dd · dkirov-dd · commit a8c24654af17 · 2025-01-21T14:21:58.000+01:00
diff --git a/.github/workflows/fips-test.yml b/.github/workflows/fips-test.yml
@@ -1,16 +1,6 @@
 name: Test FIPS
 
 on:
-  workflow_dispatch:
-    inputs:
-      agent-image:
-        description: "Agent image to use"
-        required: false
-        type: string
-      target:
-        description: "Target to test"
-        required: false
-        type: string
   pull_request:
     path:
     - datadog_checks_base/datadog_checks/**
@@ -26,20 +16,49 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-22.04, windows-2022]
+        agent-image: ["datadog/agent-dev:master-py3", "datadog/agent-dev:master-fips", "datadog/agent-dev:master-py3-win-servercore"]
+        server-image: ["alpine:3.14", "mcr.microsoft.com/windows/nanoserver:ltsc2022"]
+        exclude:
+          - os: windows-2022
+            agent-image: "datadog/agent-dev:master-fips"
+          - os: windows-2022
+            server-image: "alpine:3.14"
+          - os: windows-2022
+            agent-image: "datadog/agent-dev:master-py3"
+          - os: ubuntu-22.04
+            agent-image: "datadog/agent-dev:master-py3-win-servercore"
+          - os: ubuntu-22.04
+            server-image: "windows:ltsc2022"
+    runs-on: ${{ matrix.os }}
     name: "Test FIPS"
 
     env:
       FORCE_COLOR: "1"
       PYTHON_VERSION: "3.12"
-      AGENT_IMAGE: "${{ inputs.agent-image }}"
 
     steps:
 
+    - uses: actions/checkout@v4
+
+    - name: Set up Python ${{ env.PYTHON_VERSION }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: "${{ env.PYTHON_VERSION }}"
+        cache: 'pip'
+
+    - name: Install pytest
+      run: |
+        pip install pytest
+
     - name: Set up containers
+      env:
+        AGENT_IMAGE: "${{ matrix.agent-image }}"
+        SERVER_IMAGE: "${{ matrix.server-image }}"
+        DD_API_KEY: ${{ secrets.DD_API_KEY }}
       run: |
-        docker compose up -d ./compose/docker-compose.yml
+        docker compose -f .github/workflows/fips/compose/docker-compose.yml up -d
 
     - name: Run tests
       run: |
-        pytest -v ./tests
+        pytest -v .github/workflows/fips/tests
 
diff --git a/.github/workflows/fips/compose/agent/Dockerfile b/.github/workflows/fips/compose/agent/Dockerfile
@@ -0,0 +1,8 @@
+ARG BASE_IMAGE
+
+FROM ${BASE_IMAGE}
+
+RUN echo "Using base image: ${BASE_IMAGE}"
+
+ADD conf.d/connections.yaml /etc/datadog-agent/conf.d/connections.yaml
+ADD checks.d/connections.py /etc/datadog-agent/checks.d/connections.py
diff --git a/.github/workflows/fips/compose/agent/checks.d/connections.py b/.github/workflows/fips/compose/agent/checks.d/connections.py
@@ -3,4 +3,10 @@
 
 class HelloCheck(AgentCheck):
     def check(self, instance):
-        self.gauge('hello.world', 1)
+        try:
+            self.http.get(instance.get('http_endpoint'))
+        except Exception as e:
+            self.gauge('http_status', 1)
+            print(f"Exception when trying to connect to {instance.get('http_endpoint')}: {e}")
+        else:
+            self.gauge('https_status', 0)
diff --git a/.github/workflows/fips/compose/agent/conf.d/connections.yaml b/.github/workflows/fips/compose/agent/conf.d/connections.yaml
@@ -0,0 +1,5 @@
+init_config:
+
+instances:
+  - http_endpoint: http://localhost:8080
+
diff --git a/.github/workflows/fips/compose/docker-compose.yml b/.github/workflows/fips/compose/docker-compose.yml
@@ -1,36 +1,36 @@
 services:
   agent:
-    image: ${AGENT_IMAGE}
+    build:
+      context: agent
+      dockerfile: Dockerfile
+      args:
+        - BASE_IMAGE=$AGENT_IMAGE
+    pid: host
+    environment:
+      - DD_API_KEY=$DD_API_KEY
+      - DD_SITE=datad0g.com
     volumes:
-      - ./agent/checks.d:/etc/datadog-agent/checks.d
-      - ./agent/conf.d:/etc/datadog-agent/conf.d
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /proc/:/host/proc/:ro
+      - /sys/fs/cgroup:/host/sys/fs/cgroup:ro
     healthcheck:
-      test: ["CMD", "agent", "status"]
+      test: ["CMD", "agent", "run"]
       interval: 5s
       timeout: 2s
       retries: 3
-  fips-server:
-    build: ./server
+  http-server:
+    build:
+      context: server
+      dockerfile: Dockerfile
+      args:
+        - BASE_IMAGE=$SERVER_IMAGE
+        - CIPHER=$CIPHER
     ports:
       - "8443:443"
     volumes:
       - ./server/ca.crt:/etc/ssl/certs/server.crt
       - ./server/ca.key:/etc/ssl/private/server.key
-    command: ["/usr/local/bin/start-server.sh", "ECDHE-RSA-AES128-SHA256"]
-    healthcheck:
-      test: ["CMD", "curl", "-f", "https://localhost:443"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-
-  non-fips-server:
-    build: ./server
-    ports:
-      - "9443:443"
-    volumes:
-      - ./server/ca.crt:/etc/ssl/certs/server.crt
-      - ./server/ca.key:/etc/ssl/private/server.key
-    command: ["/usr/local/bin/start-server.sh", "ECDHE-RSA-CHACHA20-POLY1305"]
+    command: ["/usr/local/bin/start-server.sh", $CIPHER]
     healthcheck:
       test: ["CMD", "curl", "-f", "https://localhost:443"]
       interval: 30s
diff --git a/.github/workflows/fips/compose/server/Dockerfile b/.github/workflows/fips/compose/server/Dockerfile
@@ -1,11 +1,15 @@
-FROM alpine:3.18
+ARG BASE_IMAGE
 
-# Install OpenSSL and necessary tools
-RUN apk add --no-cache openssl bash
+FROM ${BASE_IMAGE}
+
+SHELL ["sh", "-c"]
 
 COPY start-server.sh /usr/local/bin/start-server.sh
 COPY ca.* /tmp/
 RUN chmod +x /usr/local/bin/start-server.sh
 
+# Install OpenSSL and necessary tools
+RUN apk add --no-cache openssl bash
+
 # Expose port 443
 EXPOSE 443
diff --git a/.github/workflows/fips/tests/test_connections.py b/.github/workflows/fips/tests/test_connections.py
@@ -1,2 +1,6 @@
+import subprocess
+
+
 def test_connections():
+    subprocess.run(["docker", "exec", "compose-agent-1", "agent", "check", "connections", "--json"], check=True)
     pass
