From 77b96bd419c763dad34fb528313f9f40ae44ee84 Mon Sep 17 00:00:00 2001
From: Damien Mehala <damien.mehala@datadoghq.com>
Date: Sun, 14 Sep 2025 11:59:17 +0200
Subject: [PATCH] chore(ci): fix main workflow

---
 .github/actions/fuzzer/action.yml  | 46 ++++++++++++++++++++++++++++++
 .github/workflows/dev.yml          | 10 +++----
 .github/workflows/main.yml         | 36 ++++++++++++++---------
 CMakeLists.txt                     |  7 ++---
 Dockerfile                         |  2 +-
 fuzz/CMakeLists.txt                |  1 +
 fuzz/remote-configuration/main.cpp |  1 +
 fuzz/w3c-propagation/fuzz.cpp      | 29 +++++++++++++++++++
 test/CMakeLists.txt                | 12 ++++++--
 9 files changed, 116 insertions(+), 28 deletions(-)
 create mode 100644 .github/actions/fuzzer/action.yml

diff --git a/.github/actions/fuzzer/action.yml b/.github/actions/fuzzer/action.yml
new file mode 100644
index 00000000..2b83b152
--- /dev/null
+++ b/.github/actions/fuzzer/action.yml
@@ -0,0 +1,46 @@
+name: 'Fuzzer'
+description: 'Run Fuzzer'
+inputs:
+  binary:  # id of input
+    description: 'Fuzzer binary to execute'
+    required: true
+  duration_seconds:
+    description: 'How long the fuzzer should run in seconds'
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Check inputs
+      shell: bash
+      run: |
+        if [ ! -f "${{ inputs.binary }}" ]; then
+          echo "Binary \"${{ inputs.binary }}\" not found"
+          exit 1
+        fi
+
+    - name: Prepare
+      id: prepare
+      shell: bash
+      run: |
+        echo "cache-key=${{ runner.os }}-${{ hashFiles(inputs.binary) }}" >> $GITHUB_OUTPUT
+        echo "corpus-dir=corpus-${{ hashFiles(inputs.binary) }}" >> $GITHUB_OUTPUT
+
+    - uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+      id: cache
+      with:
+        path: ${{ steps.prepare.outputs.corpus-dir }}
+        key: ${{ steps.prepare.outputs.cache-key }}
+
+    - name: Initialize corpus
+      if: steps.cache.outputs.cache-hit != 'true'
+      shell: bash
+      run: mkdir -p ${{ steps.prepare.outputs.corpus-dir }}
+
+    - name: Run
+      run: ${{ inputs.binary }} -max_total_time=${{ inputs.duration_seconds }} ${{ steps.prepare.outputs.corpus-dir }}
+      shell: bash
+
+    - uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+      with:
+        path: ${{ steps.prepare.outputs.corpus-dir }}
+        key: ${{ steps.prepare.outputs.cache-key }}
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
index a9de41f9..a37b2f5c 100644
--- a/.github/workflows/dev.yml
+++ b/.github/workflows/dev.yml
@@ -3,9 +3,9 @@ on: [pull_request, workflow_dispatch, workflow_call]
 
 jobs:
   format:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-22.04-arm
     container:
-      image: datadog/docker-library:dd-trace-cpp-ci
+      image: datadog/docker-library:dd-trace-cpp-ci-5f5c273-arm64
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Check format
@@ -29,7 +29,7 @@ jobs:
     needs: format
     runs-on: ${{ matrix.runner }}
     container:
-      image: datadog/docker-library:dd-trace-cpp-ci-91c12776-${{matrix.docker-arch}}
+      image: datadog/docker-library:dd-trace-cpp-ci-5f5c273-${{matrix.docker-arch}}
     environment:
       name: dev
     permissions:
@@ -68,7 +68,7 @@ jobs:
             docker-arch: amd64
     runs-on: ${{ matrix.runner }}
     container:
-      image: datadog/docker-library:dd-trace-cpp-ci-91c12776-${{matrix.docker-arch}}
+      image: datadog/docker-library:dd-trace-cpp-ci-5f5c273-${{matrix.docker-arch}}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Build
@@ -144,7 +144,7 @@ jobs:
     needs: build-linux-cmake 
     runs-on: ubuntu-22.04-arm
     container:
-      image: datadog/docker-library:dd-trace-cpp-ci-91c12776-arm64
+      image: datadog/docker-library:dd-trace-cpp-ci-5f5c273-arm64
     environment:
       name: dev
     permissions:
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9df2a241..20fff1c4 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -8,14 +8,13 @@ on:
 jobs:
   call-dev-workflow:
     uses: ./.github/workflows/dev.yml
-      # - name: Upload artifact
-      #   uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-      #   with:
-      #     name: binaries
-      #     path: .musl-build/ngx_http_datadog_module.so
+    secrets: inherit
+    permissions:
+      contents: read
+      packages: write
 
   system-tests:
-    uses:  DataDog/system-tests/.github/workflows/system-tests.yml@main
+    uses: DataDog/system-tests/.github/workflows/system-tests.yml@main
     secrets: inherit
     permissions:
       contents: read
@@ -24,10 +23,10 @@ jobs:
       library: cpp
       binaries_artifact: binaries
       desired_execution_time: 300  # 5 minutes
-      scenarios_groups: appsec
-      scenarios: DEFAULT
-      excluded_scenarios: INTEGRATIONS  # no test activated, and long warm-up
+      scenarios: PARAMETRIC
       skip_empty_scenarios: true
+      _system_tests_dev_mode: true
+      display_summary: true
 
   # Ensure the main job is run to completion
   check-system-tests:
@@ -41,19 +40,28 @@ jobs:
     needs: call-dev-workflow
     runs-on: ubuntu-22.04-arm
     container:
-      image: datadog/docker-library:dd-trace-cpp-ci-91c12776-arm64
+      image: datadog/docker-library:dd-trace-cpp-ci-5f5c273-arm64
     env:
       DURATION_SEC: 300 # 5min
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Configure
-        run: bin/with-toolchain llvm cmake . -B .build -DCMAKE_BUILD_TYPE=Debug -DDD_TRACE_BUILD_FUZZERS=1 -DDD_TRACE_ENABLE_SANITIZE=1
+        run: bin/with-toolchain llvm cmake . -B .build -DCMAKE_BUILD_TYPE=Debug -DDD_TRACE_BUILD_FUZZERS=1 -DDD_TRACE_ENABLE_SANITIZE=1 -DDD_TRACE_TRANSPORT=none
       - name: Build
         run: cmake --build .build -j --target dd_trace_cpp-fuzzers
       - name: Run W3C propagation fuzzer
-        run: ./.build/fuzz/w3c-propagation/w3c-propagation-fuzz -max_total_time=${DURATION_SEC}
+        uses: ./.github/actions/fuzzer
+        with:
+          binary: ./.build/fuzz/w3c-propagation/w3c-propagation-fuzz
+          duration_seconds: ${DURATION_SEC}
       - name: Run Base64 fuzzer
-        run: ./.build/fuzz/base64/base64-fuzz -max_total_time=${DURATION_SEC}
+        uses: ./.github/actions/fuzzer
+        with:
+          binary: ./.build/fuzz/base64/base64-fuzz
+          duration_seconds: ${DURATION_SEC}
       - name: Run Remote Configuration fuzzer
-        run: ./.build/fuzz/remote-configuration/remote-config-fuzz -max_total_time=${DURATION_SEC}
+        uses: ./.github/actions/fuzzer
+        with:
+          binary: ./.build/fuzz/remote-configuration/remote-config-fuzz
+          duration_seconds: ${DURATION_SEC}
 
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0a6936f2..ac20c2c9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -198,12 +198,9 @@ if (BUILD_SHARED_LIBS)
     )
   endif ()
 
-  add_dependencies(dd_trace_cpp-shared dd_trace_cpp-objects CURL::libcurl_shared)
-
   target_link_libraries(dd_trace_cpp-shared
     PUBLIC
       dd_trace::obj
-      CURL::libcurl_shared
     PRIVATE
       dd_trace::specs
   )
@@ -221,6 +218,8 @@ if (BUILD_STATIC_LIBS)
   add_library(dd_trace_cpp-static STATIC $<TARGET_OBJECTS:dd_trace_cpp-objects>)
   add_library(dd_trace::static ALIAS dd_trace_cpp-static)
 
+  add_dependencies(dd_trace_cpp-static dd_trace_cpp-objects)
+
   if (DD_TRACE_TRANSPORT STREQUAL "curl")
     add_dependencies(dd_trace_cpp-static CURL::libcurl_static)
 
@@ -241,8 +240,6 @@ if (BUILD_STATIC_LIBS)
     ) 
   endif ()
 
-  add_dependencies(dd_trace_cpp-static dd_trace_cpp-objects)
-
   target_link_libraries(dd_trace_cpp-static 
     PUBLIC
       dd_trace::obj
diff --git a/Dockerfile b/Dockerfile
index 03cfb4aa..81dad396 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,7 +20,7 @@ run apt-get update && apt-get install --yes software-properties-common && \
     apt-get update && apt-get upgrade --yes && \
     apt-get install --yes \
         wget build-essential clang sed gdb clang-format git ssh shellcheck \
-        libc++-dev libc++abi-dev python3 pip coreutils curl gnupg
+        libc++-dev libc++abi-dev python3 pip coreutils curl gnupg nodejs
 
 # bazelisk, a launcher for bazel. `bazelisk --help` will cause the latest
 # version to be downloaded.
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
index 23e618da..df851169 100644
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -1,4 +1,5 @@
 add_subdirectory(base64)
 add_subdirectory(tracing)
 add_subdirectory(w3c-propagation)
+add_subdirectory(remote-configuration)
 
diff --git a/fuzz/remote-configuration/main.cpp b/fuzz/remote-configuration/main.cpp
index da1e6c25..af21fb5b 100644
--- a/fuzz/remote-configuration/main.cpp
+++ b/fuzz/remote-configuration/main.cpp
@@ -3,6 +3,7 @@
 #include <datadog/string_view.h>
 
 #include <cstdint>
+#include <mutex>
 #include <sstream>
 #include <string>
 
diff --git a/fuzz/w3c-propagation/fuzz.cpp b/fuzz/w3c-propagation/fuzz.cpp
index 9a5b25df..4a33931a 100644
--- a/fuzz/w3c-propagation/fuzz.cpp
+++ b/fuzz/w3c-propagation/fuzz.cpp
@@ -15,12 +15,41 @@ namespace dd = datadog::tracing;
 
 namespace {
 
+// TODO: Move in `src` and be the default client if transport is `none`.
+class NullHttpClient : public dd::HTTPClient {
+ public:
+  dd::Expected<void> post(
+      const URL& url, HeadersSetter set_headers, std::string body,
+      ResponseHandler on_response, ErrorHandler on_error,
+      std::chrono::steady_clock::time_point deadline) override {
+    return {};
+  }
+
+  // Wait until there are no more outstanding requests, or until the specified
+  // `deadline`.
+  void drain(std::chrono::steady_clock::time_point deadline) override {}
+
+  // Return a JSON representation of this object's configuration. The JSON
+  // representation is an object with the following properties:
+  //
+  // - "type" is the unmangled, qualified name of the most-derived class, e.g.
+  //   "datadog::tracing::Curl".
+  // - "config" is an object containing this object's configuration. "config"
+  //   may be omitted if the derived class has no configuration.
+  std::string config() const override {
+    return R"({"type": "NullHttpClient"})";
+  };
+
+  ~NullHttpClient() override = default;
+};
+
 dd::Tracer& tracer_singleton() {
   thread_local auto tracer = []() {
     dd::TracerConfig config;
     config.service = "fuzzer";
     config.collector = std::make_shared<dd::NullCollector>();
     config.extraction_styles = {dd::PropagationStyle::W3C};
+    config.agent.http_client = std::make_shared<NullHttpClient>();
 
     const auto finalized_config = dd::finalize_config(config);
     if (!finalized_config) {
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 60f83671..6415f792 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -24,7 +24,6 @@ add_executable(tests
     test_baggage.cpp
     test_base64.cpp
     test_cerr_logger.cpp
-    test_curl.cpp
     test_config_manager.cpp
     test_datadog_agent.cpp
     test_glob.cpp
@@ -62,10 +61,17 @@ target_compile_definitions(tests
 
 target_link_libraries(tests 
   PRIVATE
-    # TODO: Remove dependency on libcurl
-    CURL::libcurl_static
     dd_trace_cpp-static
     dd_trace::specs
 )
 
+if(DD_TRACE_TRANSPORT STREQUAL "curl")
+  target_sources(tests PRIVATE test_curl.cpp)
+  target_link_libraries(tests 
+    PRIVATE
+      # TODO: Remove dependency on libcurl
+      CURL::libcurl_static
+  )
+endif()
+
 add_subdirectory(system-tests)