fix: use WeakRef for storing req and res for AppSec #28278
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Project | |
| on: | |
| pull_request: | |
| push: | |
| branches: [master] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| actionlint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: ./.github/actions/node/latest | |
| # NOTE: Ok this next bit seems unnecessary, right? The problem is that | |
| # this repo is currently incompatible with npm, at least with the | |
| # devDependencies. While this is intended to be corrected, it hasn't yet, | |
| # so the easiest thing to do here is just use a fresh package.json. This | |
| # is needed because actionlint runs an `npm install` at the beginning. | |
| - name: Clear package.json | |
| run: | | |
| rm package.json | |
| npm init -y | |
| - name: actionlint | |
| id: actionlint | |
| uses: raven-actions/actionlint@963d4779ef039e217e5d0e6fd73ce9ab7764e493 # v2.1.0 | |
| with: | |
| matcher: true | |
| fail-on-error: true | |
| shellcheck: false # TODO should we enable this? | |
| - name: actionlint Summary | |
| if: ${{ steps.actionlint.outputs.exit-code != 0 }} | |
| run: | | |
| echo "Used actionlint version ${{ steps.actionlint.outputs.version-semver }}" | |
| echo "Used actionlint release ${{ steps.actionlint.outputs.version-tag }}" | |
| echo "actionlint ended with ${{ steps.actionlint.outputs.exit-code }} exit code" | |
| echo "actionlint ended because '${{ steps.actionlint.outputs.exit-message }}'" | |
| echo "actionlint found ${{ steps.actionlint.outputs.total-errors }} errors" | |
| echo "actionlint checked ${{ steps.actionlint.outputs.total-files }} files" | |
| echo "actionlint cache used: ${{ steps.actionlint.outputs.cache-hit }}" | |
| exit ${{ steps.actionlint.outputs.exit-code }} | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: ./.github/actions/node/latest | |
| - uses: ./.github/actions/install | |
| - run: npm run lint | |
| verify-exercised-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: ./.github/actions/node/latest | |
| - uses: ./.github/actions/install | |
| - run: npm run verify-exercised-tests | |
| # The package size is especially useful in constrained environments, so the | |
| # computation is done only on the package that would be installed there. | |
| # In order to do that, the current folder is wiped and replaced with what | |
| # would be installed is those environments before running the computation. | |
| package-size-report: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: ./.github/actions/node/latest | |
| - run: FILENAME=$(npm pack --pack-destination /tmp) && mv /tmp/$FILENAME /tmp/dd-trace.tgz | |
| - run: rm -rf * | |
| - run: tar -zxf /tmp/dd-trace.tgz -C $(pwd) --strip-components=1 | |
| - run: yarn --prod --ignore-optional | |
| - run: ls -lisa | |
| - name: Compute module size tree and report | |
| uses: qard/heaviest-objects-in-the-universe@1e02edbdda803a45537a808ede97866db47756d3 # Unreleased | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| static-analysis: | |
| runs-on: ubuntu-latest | |
| name: Datadog Static Analyzer | |
| if: github.actor != 'dependabot[bot]' && github.event_name != 'pull_request' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Check code meets quality and security standards | |
| id: datadog-static-analysis | |
| uses: DataDog/datadog-static-analyzer-github-action@2cc0e0621ea2863272b29d9aea230d9aad238086 # v2.0.0 | |
| with: | |
| dd_api_key: ${{ secrets.DD_API_KEY }} | |
| dd_app_key: ${{ secrets.DD_APP_KEY }} | |
| dd_site: datadoghq.com | |
| cpu_count: 2 | |
| typescript: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: ./.github/actions/node/latest | |
| - uses: ./.github/actions/install | |
| - run: npm run type:doc:test | |
| - run: npm run type:doc:build | |
| # TODO: Remove need for `npm show` before re-enabling to avoid rate limit errors. | |
| # verify-yaml: | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| # - uses: ./.github/actions/node/latest | |
| # - uses: ./.github/actions/install | |
| # - run: node scripts/verify-ci-config.js | |
| yarn-dedupe: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 | |
| - name: Setup Node.js | |
| uses: ./.github/actions/node/latest | |
| - name: Install dependencies | |
| uses: ./.github/actions/install | |
| - name: Run yarn dependencies:dedupe | |
| run: yarn dependencies:dedupe | |
| - name: Run yarn dedupe check | |
| run: ./.github/scripts/yarn-dedupe.sh | |
| env: | |
| PR_AUTHOR: ${{ github.event.pull_request.user.login }} | |
| PR_USER_TYPE: ${{ github.event.pull_request.user.type }} | |
| GITHUB_EVENT_NAME: ${{ github.event_name }} |