Kafka-clients 3.8 support #556

Workflow file for this run

.github/workflows/analyze-changes.yaml at 855401d

	name: Analyze changes

	on:
	push:
	branches: [ master ]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: [ master ]

	jobs:
	datadog-static-analyzer:
	name: Analyze changes with DataDog Static Analyzer
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
	with:
	submodules: 'recursive'
	- name: Check code meets quality standards
	id: datadog-static-analysis
	uses: DataDog/datadog-static-analyzer-github-action@c74aff158c8cc1c3e285660713bcaa5f9c6d696e # v1
	with:
	dd_app_key: ${{ secrets.DD_APP_KEY }}
	dd_api_key: ${{ secrets.DD_API_KEY }}
	dd_site: datad0g.com
	dd_service: "dd-trace-java"
	dd_env: "ci"
	cpu_count: 2
	enable_performance_statistics: false

	codeql:
	name: Analyze changes with GitHub CodeQL
	# Don’t run on PR, only when pushing to master
	if: github.event_name == 'push' && github.ref == 'refs/heads/master'
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write # Required to upload the results to the Security tab

	steps:
	- name: Checkout repository
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
	with:
	submodules: 'recursive'

	- name: Cache Gradle dependencies
	uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
	with:
	path: \|
	~/.gradle/caches
	~/.gradle/wrapper
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle', '*/gradle-wrapper.properties') }}
	restore-keys: \|
	${{ runner.os }}-gradle-

	- name: Initialize CodeQL
	uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
	with:
	languages: 'java'
	build-mode: 'manual'

	- name: Build dd-trace-java for creating the CodeQL database
	run: \|
	GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G'" \
	JAVA_HOME=$JAVA_HOME_8_X64 \
	JAVA_8_HOME=$JAVA_HOME_8_X64 \
	JAVA_11_HOME=$JAVA_HOME_11_X64 \
	JAVA_17_HOME=$JAVA_HOME_17_X64 \
	JAVA_21_HOME=$JAVA_HOME_21_X64 \
	./gradlew clean :dd-java-agent:shadowJar \
	--build-cache --parallel --stacktrace --no-daemon --max-workers=4

	- name: Perform CodeQL Analysis and upload results to GitHub Security tab
	uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6

	# For now, CodeQL SARIF results are not supported by Datadog CI
	# - name: Upload results to Datadog CI Static Analysis
	# run: \|
	# wget --no-verbose https://github.com/DataDog/datadog-ci/releases/download/v2.42.0/datadog-ci_linux-x64 -O datadog-ci
	# chmod +x datadog-ci
	# ./datadog-ci sarif upload /home/runner/work/dd-trace-java/results/java.sarif --service dd-trace-java --env ci
	# env:
	# DD_API_KEY: ${{ secrets.DD_API_KEY }}
	# DD_SITE: datad0g.com

	trivy:
	name: Analyze changes with Trivy
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write # Required to upload the results to the Security tab

	steps:
	- name: Checkout repository
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
	with:
	submodules: 'recursive'

	- name: Cache Gradle dependencies
	uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
	with:
	path: \|
	~/.gradle/caches
	~/.gradle/wrapper
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle', '*/gradle-wrapper.properties') }}
	restore-keys: \|
	${{ runner.os }}-gradle-

	- name: Remove old artifacts
	run: \|
	MVN_LOCAL_REPO=$(./mvnw help:evaluate -Dexpression=settings.localRepository -q -DforceStdout)
	echo "MVN_LOCAL_REPO=${MVN_LOCAL_REPO}" >> "$GITHUB_ENV"
	rm -rf "${MVN_LOCAL_REPO}/com/datadoghq"

	- name: Build and publish artifacts locally
	run: \|
	GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx2G -Xms2G'" \
	JAVA_HOME=$JAVA_HOME_8_X64 \
	JAVA_8_HOME=$JAVA_HOME_8_X64 \
	JAVA_11_HOME=$JAVA_HOME_11_X64 \
	JAVA_17_HOME=$JAVA_HOME_17_X64 \
	JAVA_21_HOME=$JAVA_HOME_21_X64 \
	./gradlew clean publishToMavenLocal \
	--build-cache --parallel --stacktrace --no-daemon --max-workers=4

	- name: Copy published artifacts
	run: \|
	mkdir -p ./workspace/.trivy
	cp -RP "${MVN_LOCAL_REPO}/com/datadoghq" ./workspace/.trivy/
	ls -laR "./workspace/.trivy"

	- name: Run Trivy security scanner
	uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
	with:
	scan-type: rootfs
	scan-ref: './workspace/.trivy/'
	format: 'sarif'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL,HIGH'
	limit-severities-for-sarif: true

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
	if: always()
	with:
	sarif_file: 'trivy-results.sarif'

	- name: Upload results to Datadog CI Static Analysis
	run: \|
	wget --no-verbose https://github.com/DataDog/datadog-ci/releases/download/v2.42.0/datadog-ci_linux-x64 -O datadog-ci
	chmod +x datadog-ci
	./datadog-ci sarif upload trivy-results.sarif --service dd-trace-java --env ci
	env:
	DD_API_KEY: ${{ secrets.DD_API_KEY }}
	DD_SITE: datad0g.com

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kafka-clients 3.8 support #556

Workflow file

Kafka-clients 3.8 support #556

Jobs

Run details

Workflow file for this run