Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable JDK binaries caching in CI #159

Merged
merged 6 commits into from
Dec 18, 2024
Merged

Enable JDK binaries caching in CI #159

merged 6 commits into from
Dec 18, 2024

Conversation

jbachorik
Copy link
Collaborator

@jbachorik jbachorik commented Dec 18, 2024
edited by jira bot
Loading

What does this PR do?:
Add JDK binaries caching in CI

Motivation:
Decrease the network traffic, slightly speed up the CI jobs

Additional Notes:
Some additional test failures showed up while working on this PR. They were addressed in separate commits to have a clean CI run.

For Datadog employees:

  • If this PR touches code that signs or publishes builds or packages, or handles
    credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.
  • This PR doesn't touch any of that.
  • JIRA: PROF-11056

Unsure? Have a question? Request a review!

@jbachorik jbachorik requested a review from r1viollet December 18, 2024 11:06
datadog-datadog-prod-us1[bot]
datadog-datadog-prod-us1 bot reviewed Dec 18, 2024
View reviewed changes
.github/workflows/test_workflow.yml
@@ -313,14 +341,22 @@ jobs:
with:
distribution: 'temurin'
java-version: "11"
- name: Cache JDK Oracle JDK 8
uses: actions/cache@v3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 Code Vulnerability

Workflow depends on a GitHub actions pinned by tag (...read more)

When using a third party action, one needs to provide its GitHub path (owner/project) and can eventually pin it to a Git ref (a branch name, a Git tag, or a commit hash).

No pinned Git ref means the action uses the latest commit of the default branch each time it runs, eventually running newer versions of the code that were not audited by Datadog. Specifying a Git tag is better, but since they are not immutable, using a full length hash is recommended to make sure the action content is actually frozen to some reviewed state.

Be careful however, as even pinning an action by hash can be circumvented by attackers still. For instance, if an action relies on a Docker image which is itself not pinned to a digest, it becomes possible to alter its behaviour through the Docker image without actually changing its hash. You can learn more about this kind of attacks in Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows. Pinning actions by hash is still a good first line of defense against supply chain attacks.

Additionally, pinning by hash or tag means the action won’t benefit from newer version updates if any, including eventual security patches. Make sure to regularly check if newer versions for an action you use are available. For actions coming from a very trustworthy source, it can make sense to use a laxer pinning policy to benefit from updates as soon as possible.

View in Datadog  Leave us feedback  Documentation

@github-actions GitHub Actions
Copy link

🔧 Report generated by pr-comment-scanbuild

Scan-Build Report

User:runner@fv-az1768-88
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 clean all
Clang Version:Ubuntu clang version 18.1.3 (1ubuntu1)
Date:Wed Dec 18 11:07:29 2024

Bug Summary

Bug TypeQuantityDisplay?
All Bugs5
Logic error
Dereference of null pointer3
Suspicious operation
Bitwise shift1
Unused code
Dead nested assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Suspicious operationBitwise shiftvmStructs.cppfind84616
Unused codeDead nested assignmentvmStructs.cppcheckNativeBinding9511
Logic errorDereference of null pointersafeAccess.hload3318
Logic errorDereference of null pointersymbols_linux.hElfParser12928
Logic errorDereference of null pointerflightRecorder.cppflush15048

@github-actions GitHub Actions
Copy link

🔧 Report generated by pr-comment-cppcheck

CppCheck Report

Warnings (7)

Style Violations (402)

@jbachorik
Copy link
Collaborator Author

/merge

@jbachorik jbachorik merged commit f70398f into main Dec 18, 2024
39 checks passed
@dd-devflow
Copy link

dd-devflow bot commented Dec 18, 2024
edited
Loading

Devflow running: /merge

View all feedbacks in Devflow UI.

2024-12-18 12:34:35 UTC ℹ️ MergeQueue: waiting for PR to be ready

This merge request is not mergeable yet, because of pending checks/missing approvals. It will be added to the queue as soon as checks pass and/or get approvals.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

2024-12-18 12:34:39 UTC ℹ️ MergeQueue: This merge request was already merged

This pull request was merged directly.

@jbachorik jbachorik deleted the jb/caching branch December 18, 2024 12:34
@github-actions github-actions bot added this to the 1.18.0 milestone Dec 18, 2024
@jbachorik jbachorik mentioned this pull request Dec 18, 2024
Draft
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@datadog-datadog-prod-us1 datadog-datadog-prod-us1[bot] datadog-datadog-prod-us1[bot] left review comments

@r1viollet r1viollet Awaiting requested review from r1viollet

Assignees
No one assigned
Labels
mergequeue-status: done
Projects
None yet
Milestone
1.18.0
Development

Successfully merging this pull request may close these issues.
1 participant
@jbachorik