Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions .datadog-ci.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"apiKey": "${DATADOG_API_KEY}",
"appKey": "${DD_APP_KEY}",
"site": "${DD_SITE}",
"files": [
"coverage.out"
],
"coverage": {
"format": "go-cover",
"basePath": "."
},
"sast": {
"enabled": true,
"languages": ["go"],
"rules": "recommended"
}
}
208 changes: 101 additions & 107 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,36 +4,92 @@ on:
pull_request:
branches:
- '**'
push:
branches:
- main

permissions:
contents: write # Needed to commit coverage badge on main branch
pull-requests: write
security-events: write # Needed for Datadog SAST results
id-token: write # Needed to federate STS token to upload coverage

env:
DD_ENV: ci
DD_SERVICE: pup

jobs:
test:
name: Test and Coverage
runs-on: ubuntu-latest
env:
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_SITE: ${{ secrets.DD_SITE || 'datadoghq.com' }}
DD_CIVISIBILITY_AGENTLESS_ENABLED: true
DD_CIVISIBILITY_GIT_UPLOAD_ENABLED: true
DD_CIVISIBILITY_ENABLED: true
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
fetch-depth: 0 # Fetch full git history for Datadog CI Visibility

- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: '1.25'
cache: true

- name: Get Datadog credentials
id: dd-sts # Needed to be able to reference this step's output later
uses: DataDog/dd-sts-action@main # Pin to the main branch to get auto updates for free, or to a specific commit hash if you want stability
with:
policy: public-datadog-pup-sts

- name: Configure Datadog Test Optimization
uses: datadog/test-visibility-github-action@v2
with:
languages: go
api_key: ${{ steps.dd-sts.outputs.api_key }}
site: datadoghq.com

- name: Install Datadog CI tools
run: |
# Install orchestrion for Go test instrumentation
go install github.com/DataDog/orchestrion@latest
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH

# Install datadog-ci CLI for coverage upload
npm install -g @datadog/datadog-ci

- name: Install bc for floating-point math
run: sudo apt-get update && sudo apt-get install -y bc

- name: Run tests with coverage
env:
DD_CIVISIBILITY_ENABLED: true
DD_ENV: ci
run: |
# Run tests on all packages with race detection and parallel execution
go test -v -race -parallel 8 ./...
# Calculate coverage only for pkg/ (cmd/ is CLI code with lower test coverage)
# Use -count=1 to disable test caching and get accurate coverage
# Use -parallel 8 for faster execution (4.7x faster than sequential)
go test -count=1 -parallel 8 -coverprofile=coverage.out -covermode=atomic ./pkg/...
# Run tests on all packages with race detection
# Use orchestrion to instrument tests for Datadog CI Visibility
# IMPORTANT: Use -parallel 256 with orchestrion. The test-visibility-github-action
# sets GOFLAGS='-toolexec=orchestrion toolexec' which auto-injects t.Parallel()
# into ALL subtests. With the default parallel limit (GOMAXPROCS=2 on runners),
# this deadlocks table-driven tests where parent tests wait for subtests that are
# blocked waiting for parallel slots. A high limit avoids the deadlock.
if [ -n "$DD_API_KEY" ]; then
echo "Running tests with Datadog CI Visibility enabled"
orchestrion go test -v -race -parallel 256 ./...
# Calculate coverage with orchestrion instrumentation
# Use -count=1 to disable test caching and get accurate coverage
orchestrion go test -count=1 -parallel 256 -coverprofile=coverage.out -covermode=atomic ./pkg/...
else
echo "Running tests without Datadog CI Visibility (DD_API_KEY not set)"
go test -v -race ./...
go test -count=1 -coverprofile=coverage.out -covermode=atomic ./pkg/...
fi

# Generate HTML coverage report
go tool cover -html=coverage.out -o coverage.html

- name: Calculate coverage
Expand All @@ -57,6 +113,15 @@ jobs:
echo "" >> coverage_report.txt
go tool cover -func=coverage.out | tail -1 >> coverage_report.txt

- name: Upload coverage to Datadog
if: env.DD_API_KEY != ''
env:
DATADOG_API_KEY: ${{ steps.dd-sts.outputs.api_key }}
DD_SITE: datadoghq.com
run: |
# Upload coverage reports to Datadog
datadog-ci coverage upload --format=go-coverprofile coverage.out

- name: Check coverage threshold
run: |
COVERAGE=${{ steps.coverage.outputs.coverage }}
Expand All @@ -75,107 +140,6 @@ jobs:
echo "✅ Coverage $COVERAGE% meets threshold $THRESHOLD%"
fi

- name: Generate coverage badge data
if: github.event_name == 'pull_request'
id: badge
run: |
COVERAGE=${{ steps.coverage.outputs.coverage }}

# Determine badge color based on coverage
if [ $(echo "$COVERAGE >= 90" | bc -l) -eq 1 ]; then
COLOR="brightgreen"
elif [ $(echo "$COVERAGE >= 80" | bc -l) -eq 1 ]; then
COLOR="green"
elif [ $(echo "$COVERAGE >= 70" | bc -l) -eq 1 ]; then
COLOR="yellow"
elif [ $(echo "$COVERAGE >= 60" | bc -l) -eq 1 ]; then
COLOR="orange"
else
COLOR="red"
fi

echo "color=$COLOR" >> $GITHUB_OUTPUT

- name: Generate PR comment body
if: github.event_name == 'pull_request'
id: comment
env:
COVERAGE: ${{ steps.coverage.outputs.coverage }}
BADGE_COLOR: ${{ steps.badge.outputs.color }}
COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
run: |
# Determine status
if [ $(echo "$COVERAGE >= 80" | bc -l) -eq 1 ]; then
STATUS="✅ PASSED - Coverage meets minimum threshold"
STATUS_EMOJI="✅"
else
STATUS="❌ FAILED - Coverage below minimum threshold"
STATUS_EMOJI="❌"
fi

# Create comment body using heredoc
cat > comment_final.txt << EOF
## 📊 Test Coverage Report

**Overall Coverage:** ${COVERAGE}% ![Coverage](https://img.shields.io/badge/coverage-${COVERAGE}%25-${BADGE_COLOR})

**Threshold:** 80% ${STATUS_EMOJI}

<details>
<summary>Coverage by Package</summary>

\`\`\`
$(cat coverage_report.txt)
\`\`\`

</details>

---
📈 **Coverage Status:** ${STATUS}

<sub>Updated for commit ${COMMIT_SHA}</sub>
EOF

- name: Comment on PR
if: github.event_name == 'pull_request'
continue-on-error: true # Don't fail CI if comment posting fails
uses: actions/github-script@v8
env:
COMMENT_BODY: ${{ steps.comment.outputs.comment_body }}
with:
script: |
const fs = require('fs');
const commentBody = fs.readFileSync('comment_final.txt', 'utf8');

// Find existing comment
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});

const botComment = comments.find(comment =>
comment.user.type === 'Bot' && comment.body.includes('📊 Test Coverage Report')
);

if (botComment) {
// Update existing comment
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: commentBody
});
} else {
// Create new comment
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: commentBody
});
}

- name: Generate coverage badge for main branch
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
env:
Expand Down Expand Up @@ -262,3 +226,33 @@ jobs:

- name: Verify binary
run: ./pup --version

sast:
name: Datadog Static Analysis
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
env:
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_APP_KEY: ${{ secrets.DD_APP_KEY }}
DD_SITE: ${{ secrets.DD_SITE || 'datadoghq.com' }}
steps:
- name: Checkout code
uses: actions/checkout@v6
with:
fetch-depth: 0 # Full history for better SAST analysis

- name: Run Datadog Static Analysis
if: env.DD_API_KEY != ''
run: |
# Install datadog-ci if not already installed
npm install -g @datadog/datadog-ci

# Run static analysis
# This will analyze the code for security vulnerabilities, code quality issues, etc.
datadog-ci sast scan --service=${{ env.DD_SERVICE }} --env=${{ env.DD_ENV }}

- name: SAST disabled notice
if: env.DD_API_KEY == ''
run: |
echo "⚠️ Datadog Static Analysis skipped: DD_API_KEY not configured"
echo "To enable SAST, add DD_API_KEY and DD_APP_KEY as repository secrets"
1 change: 1 addition & 0 deletions CLAUDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Go-based CLI wrapper for Datadog APIs. Provides OAuth2 + API key authentication
- **[COMMANDS.md](docs/COMMANDS.md)** - Complete command reference with all 33 domains
- **[CONTRIBUTING.md](docs/CONTRIBUTING.md)** - Git workflow, PR process, commit format
- **[TESTING.md](docs/TESTING.md)** - Test strategy, coverage requirements, CI/CD
- **[DATADOG_CI.md](docs/DATADOG_CI.md)** - Datadog CI products integration (Test Visibility, Code Coverage, SAST)
- **[OAUTH2.md](docs/OAUTH2.md)** - OAuth2 implementation details (DCR, PKCE, token storage)
- **[EXAMPLES.md](docs/EXAMPLES.md)** - Usage examples and common workflows
- **[ARCHITECTURE.md](docs/ARCHITECTURE.md)** - Design decisions and technical details
Expand Down
Loading