DataDog · TonyCTHsu · Feb 28, 2023 · Feb 8, 2023 · Feb 15, 2023 · Feb 16, 2023
@@ -0,0 +1,59 @@
+name: "Library Injection"
+on:
+  # Build each branch for testing
+  push:
+
+jobs:
+  build-and-publish-test-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker
+        run: docker login -u publisher -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
+      - name: Docker Build
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: ghcr.io/datadog/dd-trace-rb/dd-lib-ruby-init:${{ github.sha }}
+          platforms: 'linux/amd64,linux/arm64/v8'
+          build-args: DDTRACE_RUBY_SHA=${{ github.sha }}
+          context: ./lib-injection
+
+  test:
+    needs:
+      - build-and-publish-test-image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      matrix:
+        lib-injection-connection: ['network']
+        lib-injection-use-admission-controller: ['', 'use-admission-controller']
+        weblog-variant:
+          - dd-lib-ruby-init-test-rails
+          - dd-lib-ruby-init-test-rails-explicit
+          - dd-lib-ruby-init-test-rails-gemsrb
+      fail-fast: false
+    env:
+      TEST_LIBRARY: ruby
+      WEBLOG_VARIANT: ${{ matrix.weblog-variant }}
+      LIBRARY_INJECTION_CONNECTION: ${{ matrix.lib-injection-connection }}
+      LIBRARY_INJECTION_ADMISSION_CONTROLLER: ${{ matrix.lib-injection-use-admission-controller }}
+      DOCKER_REGISTRY_IMAGES_PATH: ghcr.io/datadog
+      DOCKER_IMAGE_TAG: ${{ github.sha }}
+      BUILDX_PLATFORMS: linux/amd64,linux/arm64/v8
+    steps:
+      - name: lib-injection test runner
+        id: lib-injection-test-runner
+        uses: DataDog/system-tests/lib-injection/runner@1af3241d5b6a928199528a8cbfc5698564f5d260
+        with:
+          docker-registry: ghcr.io
+          docker-registry-username: ${{ github.repository_owner }}
+          docker-registry-password: ${{ secrets.GITHUB_TOKEN }}
+          test-script: ./lib-injection/run-manual-lib-injection.sh
@@ -0,0 +1,33 @@
+
+name: "Release Library Injection"
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  build-and-publish-release-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set version
+        id: version
+        run: echo "version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
+      - name: Get version
+        run: echo "The selected version is ${{ steps.version.outputs.version }}"
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker
+        run: docker login -u publisher -p ${{ secrets.GITHUB_TOKEN }} ghcr.io
+      - name: Docker Build
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: ghcr.io/datadog/dd-trace-rb/dd-lib-ruby-init:${{ steps.version.outputs.version }}
+          platforms: 'linux/amd64,linux/arm64/v8'
+          build-args: DDTRACE_RUBY_VERSION=${{ steps.version.outputs.version }}
+          context: ./lib-injection
+
@@ -25,3 +25,40 @@ deploy_to_reliability_env:
     UPSTREAM_COMMIT_SHA: $CI_COMMIT_SHA
     FORCE_TRIGGER: $FORCE_TRIGGER
 
+deploy_to_docker_registries:
+  stage: deploy
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: '$CI_COMMIT_TAG =~ /^v.*/'
+      when: delayed
+      start_in: 1 day
+    - when: manual
+      allow_failure: true
+  trigger:
+    project: DataDog/public-images
+    branch: main
+    strategy: depend
+  variables:
+    IMG_SOURCES: ghcr.io/datadog/dd-trace-rb/dd-lib-ruby-init:$CI_COMMIT_TAG
+    IMG_DESTINATIONS: dd-lib-ruby-init:$CI_COMMIT_TAG
+    IMG_SIGNING: "false"
+
+deploy_latest_tag_to_docker_registries:
+  stage: deploy
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: '$CI_COMMIT_TAG =~ /^v.*/'
+      when: delayed
+      start_in: 1 day
+    - when: manual
+      allow_failure: true
+  trigger:
+    project: DataDog/public-images
+    branch: main
+    strategy: depend
+  variables:
+    IMG_SOURCES: ghcr.io/datadog/dd-trace-rb/dd-lib-ruby-init:$CI_COMMIT_TAG
+    IMG_DESTINATIONS: dd-lib-ruby-init:latest
+    IMG_SIGNING: "false"
@@ -0,0 +1,24 @@
+# This image provides the files needed to install the dd-trace-rb
+# and auto instrument Ruby applications in containerized environments.
+FROM busybox
+
+# Set high UID to prevent possible conflict with existing users: http://www.linfo.org/uid.html
+ARG UID=10000
+
+ARG DDTRACE_RUBY_VERSION
+ENV DDTRACE_RUBY_VERSION=$DDTRACE_RUBY_VERSION
+
+ARG DDTRACE_RUBY_SHA
+ENV DDTRACE_RUBY_SHA=$DDTRACE_RUBY_SHA
+
+RUN addgroup -g 10000 -S datadog && \
+    adduser -u ${UID} -S datadog -G datadog
+
+USER ${UID}
+WORKDIR /datadog-init
+ADD auto_inject.rb /datadog-init/auto_inject.rb
+
+RUN sed -i "s~<DD_TRACE_SHA_TO_BE_REPLACED>~${DDTRACE_RUBY_SHA}~g"  /datadog-init/auto_inject.rb
+RUN sed -i "s~<DD_TRACE_VERSION_TO_BE_REPLACED>~${DDTRACE_RUBY_VERSION}~g"  /datadog-init/auto_inject.rb
+
+ADD copy-lib.sh /datadog-init/copy-lib.sh
@@ -0,0 +1,84 @@
+return if ENV['skip_autoinject']
+
+begin
+  require 'open3'
+
+  _, status = Open3.capture2e({'skip_autoinject' => 'true'}, 'bundle show ddtrace')
+
+  if status.success?
+    puts '[DATADOG LIB INJECTION] ddtrace already installed... skipping auto-injection'
+    return
+  end
+
+  require 'bundler'
+  require 'shellwords'
+
+  if Bundler.frozen_bundle?
+    puts "[DATADOG LIB INJECTION] Cannot inject with frozen Bundler"
+    return
+  end
+
+  version = "<DD_TRACE_VERSION_TO_BE_REPLACED>"
+  sha = "<DD_TRACE_SHA_TO_BE_REPLACED>"
+
+  # Stronger restrict
+  condition = if !version.empty?
+    # For public release
+    "--version #{version.gsub(/^v/, '').shellescape}"
+  elsif !sha.empty?
+    # For internal testing
+    "--github datadog/dd-trace-rb --ref #{sha.shellescape}"
+  end
+
+  unless condition
+    puts "[DATADOG LIB INJECTION] NO VERSION"
+    return
+  end
+
+  puts "[DATADOG LIB INJECTION] ddtrace is not installed... Perform lib injection for dd-trace-rb."
+
+  gemfile   = Bundler::SharedHelpers.default_gemfile
+  lockfile  = Bundler::SharedHelpers.default_lockfile
+
+  if gemfile.basename.to_s == 'gems.rb'
+    datadog_gemfile = gemfile.dirname + "datadog-Gemfile"
+    datadog_lockfile = lockfile.dirname + "datadog-Gemfile.lock"
+  else
+    datadog_gemfile = gemfile.dirname + ("datadog-#{gemfile.basename}")
+    datadog_lockfile = lockfile.dirname + ("datadog-#{lockfile.basename}")
+  end
+
+  require 'fileutils'
+
+  begin
+    # Copies for trial
+    FileUtils.cp gemfile, datadog_gemfile
+    FileUtils.cp lockfile, datadog_lockfile
+
+    output, status = Open3.capture2e(
+      { 'skip_autoinject' => 'true', 'BUNDLE_GEMFILE' => datadog_gemfile.to_s },
+      "bundle add ddtrace #{condition} --require ddtrace/auto_instrument"
+    )
+
+    if status.success?
+      puts '[DATADOG LIB INJECTION] ddtrace added to bundle...'
+
+      FileUtils.cp datadog_gemfile, gemfile
+      FileUtils.cp datadog_lockfile, lockfile
+    else
+      puts "[DATADOG LIB INJECTION] #{output}"
+    end
+  rescue => e
+    puts "[DATADOG LIB INJECTION] trial error: #{e}"
+  ensure
+    # Remove the copies
+    FileUtils.rm datadog_gemfile
+    FileUtils.rm datadog_lockfile
+  end
+rescue Bundler::BundlerError => e
+  puts "[DATADOG LIB INJECTION] BundlerError: #{e}"
+rescue LoadError => e
+  puts "[DATADOG LIB INJECTION] LoadError: #{e}"
+rescue Exception => e
+  puts "[DATADOG LIB INJECTION] Exception: #{e}"
+end
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# This script is used by the admission controller to install the library from the
+# init container into the application container.
+cp auto_inject.rb "$1/auto_inject.rb"
@@ -35,7 +35,7 @@
         /x
 
         directories_excluded = %r{
-          ^(sig|spec|docs|\.circleci|\.github|benchmarks|gemfiles|integration|tasks|yard|vendor/rbs)/
+          ^(sig|spec|docs|\.circleci|\.github|lib-injection|benchmarks|gemfiles|integration|tasks|yard|vendor/rbs)/
         }x
 
         expect(files)