Skip to content

Commit 837cd5a

Browse files
juan-fernandezjuan-fernandez
committed
Merge branch 'master' into juan-fernandez/fix-attempt-to-fix-logic-playwright
2 parents 21a272e + 6b0ccd2 commit 837cd5a

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

54 files changed

+2497
-1690
lines changed

.github/workflows/bundle-validate.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
name: Validate vendored bundle
2+
3+
on:
4+
pull_request:
5+
paths:
6+
- 'vendor/**'
7+
push:
8+
branches: [master]
9+
paths:
10+
- 'vendor/**'
11+
workflow_dispatch:
12+
13+
jobs:
14+
validate-vendored-bundle:
15+
runs-on: ubuntu-latest
16+
permissions:
17+
contents: read
18+
steps:
19+
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
20+
- uses: ./.github/actions/node/active-lts
21+
# Running `yarn` also automatically runs Rspack as a postinstall script.
22+
- run: yarn --frozen-lockfile
23+
working-directory: vendor
24+
- run: git diff --exit-code

.github/workflows/dependabot-automation.yml

Lines changed: 26 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,11 @@ on:
44
pull_request:
55
types:
66
- opened
7+
- reopened
78
- synchronize
89

910
env:
11+
# Add Groups here to enable auto-merge for Dependabot PRs
1012
GROUPS: '["dev-minor-and-patch-dependencies", "gh-actions-packages", "test-versions"]'
1113

1214
jobs:
@@ -26,15 +28,15 @@ jobs:
2628
uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # 2.5.0
2729
with:
2830
github-token: "${{ steps.octo-sts.outputs.token }}"
29-
- name: Enable auto-merge for Dependabot PRs
31+
- name: Approve a PR
3032
if: contains(fromJSON(env.GROUPS), steps.metadata.outputs.dependency-group)
31-
run: gh pr merge --auto --squash "$PR_URL"
33+
run: gh pr review --approve "$PR_URL"
3234
env:
3335
PR_URL: ${{ github.event.pull_request.html_url }}
3436
GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
35-
- name: Approve a PR
37+
- name: Enable auto-merge for Dependabot PRs
3638
if: contains(fromJSON(env.GROUPS), steps.metadata.outputs.dependency-group)
37-
run: gh pr review --approve "$PR_URL"
39+
run: gh pr merge --auto --squash "$PR_URL"
3840
env:
3941
PR_URL: ${{ github.event.pull_request.html_url }}
4042
GH_TOKEN: ${{ steps.octo-sts.outputs.token }}
@@ -60,26 +62,33 @@ jobs:
6062
run: |
6163
set -euo pipefail
6264
63-
echo "is_vendor_group=${{ steps.metadata.outputs.dependency-group == 'vendor-minor-and-patch-dependencies' }}" >> $GITHUB_OUTPUT
65+
echo "is_vendor_group=${{ steps.metadata.outputs.directory == '/vendor' && steps.metadata.outputs.dependency-type == 'direct:production' }}" >> $GITHUB_OUTPUT
6466
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
6567
if: steps.ctx.outputs.is_vendor_group == 'true'
6668
with:
6769
repository: ${{ github.event.pull_request.head.repo.full_name }}
6870
ref: ${{ github.event.pull_request.head.sha }}
6971
fetch-depth: 1
7072
persist-credentials: false
73+
- name: Restore trusted Node setup actions
74+
if: steps.ctx.outputs.is_vendor_group == 'true'
75+
run: |
76+
git fetch --no-tags --depth=1 origin "${{ github.event.pull_request.base.sha }}"
77+
git checkout "${{ github.event.pull_request.base.sha }}" -- .github/actions/node
7178
- name: Restore trusted vendoring scripts
7279
if: steps.ctx.outputs.is_vendor_group == 'true'
7380
run: |
7481
git fetch --no-tags --depth=1 origin "${{ github.event.pull_request.base.sha }}"
7582
git checkout "${{ github.event.pull_request.base.sha }}" -- vendor/rspack.js vendor/rspack.config.js
83+
- uses: ./.github/actions/node/active-lts
84+
if: steps.ctx.outputs.is_vendor_group == 'true'
7685
- name: Install vendoring deps (no lifecycle scripts)
7786
if: steps.ctx.outputs.is_vendor_group == 'true'
7887
run: yarn --ignore-scripts --frozen-lockfile --non-interactive
7988
working-directory: ./vendor
8089
- name: Build vendored bundles (trusted script)
8190
if: steps.ctx.outputs.is_vendor_group == 'true'
82-
run: node rspack
91+
run: node ./rspack.js
8392
working-directory: ./vendor
8493
- name: Create patch (restricted paths only)
8594
id: diff
@@ -119,7 +128,7 @@ jobs:
119128
120129
git diff --binary --no-color > vendor.patch
121130
echo "has_changes=true" >> $GITHUB_OUTPUT
122-
- uses: actions/upload-artifact@ea165f8a6f3f9f5b76b7b70ee0fdd3b5d7d3b6a2 # v4.6.2
131+
- uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
123132
if: steps.diff.outputs.has_changes == 'true'
124133
with:
125134
name: vendor-patch
@@ -134,13 +143,20 @@ jobs:
134143
# It only applies the vetted patch artifact and pushes a single commit.
135144
permissions:
136145
contents: write
146+
id-token: write
137147
steps:
148+
- uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
149+
id: octo-sts
150+
with:
151+
scope: DataDog/dd-trace-js
152+
policy: dependabot-automation
138153
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
139154
with:
155+
token: ${{ steps.octo-sts.outputs.token }}
140156
repository: ${{ github.event.pull_request.head.repo.full_name }}
141157
ref: ${{ github.event.pull_request.head.sha }}
142158
persist-credentials: false
143-
- uses: actions/download-artifact@65c5b1180b77f85ea54a67a3d1f4d5f1e2e50bd8 # v4.2.0
159+
- uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
144160
with:
145161
name: vendor-patch
146162
- name: Apply patch
@@ -182,6 +198,8 @@ jobs:
182198
echo "commits=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
183199
- name: Push commit
184200
uses: DataDog/commit-headless@583489e08d78037e7fa256c14adf998d5463f6a0 # action/v2.0.2
201+
env:
202+
GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }}
185203
with:
186204
branch: ${{ github.event.pull_request.head.ref }}
187205
command: push

.github/workflows/platform.yml

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -62,16 +62,6 @@ jobs:
6262
- run: ./node_modules/.bin/bun pm pack --gzip-level 0 --filename bun.tgz && tar -zxf bun.tgz -C bun
6363
- run: diff -r npm bun
6464

65-
bundle-validate:
66-
runs-on: ubuntu-latest
67-
steps:
68-
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
69-
- uses: ./.github/actions/node/active-lts
70-
# Running `yarn` also automatically runs Rspack as a postinstall script.
71-
- run: yarn --frozen-lockfile
72-
working-directory: vendor
73-
- run: git diff --exit-code
74-
7565
core:
7666
runs-on: ubuntu-latest
7767
steps:

docs/test.ts

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -681,7 +681,12 @@ llmobs.annotate({
681681
outputTokens: 5,
682682
totalTokens: 15
683683
},
684-
tags: {}
684+
tags: {},
685+
prompt: {
686+
id: '123',
687+
version: '1.0.0',
688+
template: 'this is a {message}',
689+
}
685690
})
686691
llmobs.annotate(span, {
687692
inputData: 'input',

eslint.config.mjs

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -640,8 +640,14 @@ export default [
640640
plugins: {
641641
mocha: eslintPluginMocha,
642642
},
643+
languageOptions: {
644+
globals: {
645+
afterAll: 'readonly',
646+
expect: 'readonly',
647+
jest: 'readonly',
648+
},
649+
},
643650
rules: {
644-
'no-undef': 'off',
645651
'mocha/max-top-level-suites': 'off',
646652
'mocha/no-pending-tests': 'off',
647653
}

index.d.ts

Lines changed: 92 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -161,18 +161,54 @@ interface Tracer extends opentracing.Tracer {
161161

162162
/**
163163
* @experimental
164+
*
165+
* Set a baggage item and return the new context.
166+
*
167+
* @see https://opentelemetry.io/docs/specs/otel/baggage/api/#set-value
168+
*
169+
* ----
170+
*
164171
* Provide same functionality as OpenTelemetry Baggage:
165172
* https://opentelemetry.io/docs/concepts/signals/baggage/
166173
*
167174
* Since the equivalent of OTel Context is implicit in dd-trace-js,
168175
* these APIs act on the currently active baggage
169176
*
170-
* Work with storage('baggage'), therefore do not follow the same continuity as other APIs
177+
* Work with storage('baggage'), therefore do not follow the same continuity as other APIs.
178+
*/
179+
setBaggageItem (key: string, value: string, metadata?: object): Record<string, string>;
180+
/**
181+
* @experimental
182+
*
183+
* Returns a specific baggage item from the current context.
184+
*
185+
* @see https://opentelemetry.io/docs/specs/otel/baggage/api/#get-value
171186
*/
172-
setBaggageItem (key: string, value: string): Record<string, string>;
173187
getBaggageItem (key: string): string | undefined;
188+
/**
189+
* @experimental
190+
*
191+
* Returns all baggage items from the current context.
192+
*
193+
* @see https://opentelemetry.io/docs/specs/otel/baggage/api/#get-all-values
194+
*/
174195
getAllBaggageItems (): Record<string, string>;
196+
/**
197+
* @experimental
198+
*
199+
* Removes a specific baggage item from the current context and returns the new context.
200+
*
201+
* @see https://opentelemetry.io/docs/specs/otel/baggage/api/#remove-value
202+
*/
175203
removeBaggageItem (key: string): Record<string, string>;
204+
205+
/**
206+
* @experimental
207+
*
208+
* Removes all baggage items from the current context and returns the new context.
209+
*
210+
* @see https://opentelemetry.io/docs/specs/otel/baggage/api/#remove-all-values
211+
*/
176212
removeAllBaggageItems (): Record<string, string>;
177213
}
178214

@@ -3166,6 +3202,49 @@ declare namespace tracer {
31663202
type?: string
31673203
}
31683204

3205+
/**
3206+
* A Prompt object that represents the prompt template used for an LLM call.
3207+
* Used to power LLM Observability prompts and hallucination evaluations.
3208+
*/
3209+
interface Prompt {
3210+
/**
3211+
* Version of the prompt
3212+
*/
3213+
version?: string,
3214+
3215+
3216+
/**
3217+
* The id of the prompt set by the user. Should be unique per mlApp.
3218+
*/
3219+
id?: string,
3220+
3221+
/**
3222+
* An object of string key-value pairs that will be used to render the prompt
3223+
*/
3224+
variables?: Record<string, string>,
3225+
3226+
/**
3227+
* List of tags to add to the prompt run.
3228+
*/
3229+
tags?: Record<string, string>,
3230+
3231+
3232+
/**
3233+
* A list of variable key names that contains query information
3234+
*/
3235+
queryVariables?: string[],
3236+
3237+
/**
3238+
* A list of variable key names that contain ground truth context information.
3239+
*/
3240+
contextVariables?: string[],
3241+
3242+
/**
3243+
* A template string or chat message template list.
3244+
*/
3245+
template?: string | Message[]
3246+
}
3247+
31693248
/**
31703249
* Annotation options for LLM Observability spans.
31713250
*/
@@ -3199,7 +3278,12 @@ declare namespace tracer {
31993278
/**
32003279
* Object of JSON serializable key-value tag pairs to set or update on the LLM Observability span regarding the span's context.
32013280
*/
3202-
tags?: { [key: string]: any }
3281+
tags?: { [key: string]: any },
3282+
3283+
/**
3284+
* A Prompt object that represents the prompt used for an LLM call. Only used on `llm` spans.
3285+
*/
3286+
prompt?: Prompt,
32033287
}
32043288

32053289
interface AnnotationContextOptions {
@@ -3212,6 +3296,11 @@ declare namespace tracer {
32123296
* Set to override the span name for any spans annotated within the returned context.
32133297
*/
32143298
name?: string,
3299+
3300+
/**
3301+
* A Prompt object that represents the prompt used for an LLM call. Only used on `llm` spans.
3302+
*/
3303+
prompt?: Prompt,
32153304
}
32163305

32173306
interface RoutingContextOptions {

integration-tests/appsec/iast-esbuild.spec.js

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
const assert = require('node:assert/strict')
44

5+
const { setTimeout } = require('timers/promises')
56
const childProcess = require('child_process')
67
const fs = require('fs')
78
const path = require('path')
@@ -12,23 +13,33 @@ const msgpack = require('@msgpack/msgpack')
1213
const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../helpers')
1314

1415
const exec = promisify(childProcess.exec)
16+
const retry = async fn => {
17+
try {
18+
await fn()
19+
} catch {
20+
await setTimeout(60_000)
21+
await fn()
22+
}
23+
}
1524

1625
describe('esbuild support for IAST', () => {
1726
let cwd, craftedNodeModulesDir
1827

1928
useSandbox()
2029

21-
before(async () => {
30+
before(async function () {
31+
this.timeout(120_000)
32+
2233
cwd = sandboxCwd()
2334
craftedNodeModulesDir = path.join(cwd, 'tmp_node_module')
2435

2536
// Craft node_modules directory to ship native modules
2637
fs.mkdirSync(craftedNodeModulesDir)
2738
await exec('npm init -y', { cwd: craftedNodeModulesDir })
28-
await exec('npm install @datadog/wasm-js-rewriter @datadog/native-iast-taint-tracking', {
39+
await retry(() => exec('npm install @datadog/wasm-js-rewriter @datadog/native-iast-taint-tracking', {
2940
cwd: craftedNodeModulesDir,
30-
timeout: 10e3
31-
})
41+
timeout: 3e3
42+
}))
3243
})
3344

3445
function assertVulnerabilityDetected (agent, expectedPath, expectedLine) {
@@ -63,10 +74,10 @@ describe('esbuild support for IAST', () => {
6374
const applicationDir = path.join(cwd, 'appsec', appDirName)
6475

6576
// Install app deps
66-
await exec('npm install || npm install', {
77+
await retry(() => exec('npm install', {
6778
cwd: applicationDir,
68-
timeout: 10e3
69-
})
79+
timeout: 6e3
80+
}))
7081

7182
// Bundle the application
7283
await exec('npm run build', {

integration-tests/ci-visibility-intake.js

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -261,6 +261,16 @@ class FakeCiVisIntake extends FakeAgent {
261261
})
262262
})
263263

264+
app.post('/telemetry/proxy/api/v2/apmtelemetry', express.json(), (req, res) => {
265+
res.status(200).send()
266+
if (req.body?.payload?.namespace !== 'civisibility') return
267+
this.emit('message', {
268+
headers: req.headers,
269+
payload: req.body,
270+
url: req.url
271+
})
272+
})
273+
264274
return new Promise((resolve, reject) => {
265275
const timeoutObj = setTimeout(() => {
266276
reject(new Error('Intake timed out starting up'))

0 commit comments

Comments
 (0)