refractor embeds in an internal package to clean up the root namespac…

…e a little bit

.github/workflows/test.yml

@@ -96,6 +96,26 @@ jobs:
           platforms: arm64
       - run: docker run --platform=linux/arm64 -v $PWD:$PWD -w $PWD -eCGO_ENABLED=${{ matrix.cgo_enabled }} -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v -count=10 -shuffle=on ./...
 
+      linux-i386:
+        runs-on: ubuntu-latest
+        strategy:
+          matrix:
+            cgo_enabled: [ "0", "1" ] # test it compiles with and without the cgo
+          fail-fast: false
+        steps:
+          - uses: actions/checkout@v3
+          - name: Go modules cache
+            uses: actions/cache@v3
+            with:
+              path: ~/go/pkg/mod
+              key: go-pkg-mod-${{ hashFiles('**/go.sum') }}
+              restore-keys: go-pkg-mod-
+          - name: Set up QEMU
+            uses: docker/setup-qemu-action@v2
+            with:
+              platforms: i386
+          - run: docker run --platform=linux/i386 -v $PWD:$PWD -w $PWD -eCGO_ENABLED=${{ matrix.cgo_enabled }} -eDD_APPSEC_WAF_TIMEOUT=$DD_APPSEC_WAF_TIMEOUT golang go test -v -count=10 -shuffle=on ./...
+
   # A simple join target to simplify setting up branch protection settings in GH.
   done:
     name: Done
@@ -104,6 +124,7 @@ jobs:
       - native
       - golang-linux-container
       - linux-arm64
+      - linux-i386
     steps:
       - name: Done
         run: echo "Done!"

_tools/libddwaf-updater/update.go

@@ -21,6 +21,7 @@ import (
 	"path"
 	"runtime"
 	"slices"
+	"strings"
 	"sync"
 
 	"github.com/google/go-github/v56/github"
@@ -66,21 +67,18 @@ func main() {
 	wg := sync.WaitGroup{}
 	wg.Add(len(targets))
 	for _, tgt := range targets {
-		embedDir := path.Join(libDir, tgt.embedName)
+		embedDir := path.Join(libDir, fmt.Sprintf("%s-%s", tgt.os, tgt.arch))
 		if _, err = os.Stat(embedDir); errors.Is(err, os.ErrNotExist) {
 			if err = os.MkdirAll(embedDir, 0755); err != nil {
 				panic(err)
 			}
-			if err = os.WriteFile(path.Join(embedDir, "vendor.go"), []byte(vendorTemplate), 0644); err != nil {
-				panic(err)
-			}
 		}
 		go handleTarget(&wg, version, tgt, embedDir, assets)
 	}
 
 	wg.Wait()
 
-	file, err := os.OpenFile(versionFile, os.O_WRONLY|os.O_TRUNC, 0644)
+	file, err := os.OpenFile(versionFile, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
 	if err != nil {
 		panic(err)
 	}
@@ -93,7 +91,7 @@ func main() {
 		written += wrote
 	}
 
-	fmt.Println("All done! Don't forget to check in changes to include/ and lib/, check the libddwaf upgrade guide to update bindings!")
+	fmt.Println("All done! Don't forget to check in changes to include/ and internal/vendor/, check the libddwaf upgrade guide to update bindings!")
 }
 
 func handleTarget(wg *sync.WaitGroup, version string, tgt target, embedDir string, assets map[string]*github.ReleaseAsset) {
@@ -181,6 +179,31 @@ func handleTarget(wg *sync.WaitGroup, version string, tgt target, embedDir strin
 				defer dest.Close()
 				_, err = io.Copy(dest, arch)
 			}
+			if err == nil {
+				gosource := strings.Join(
+					[]string{
+						"// Unless explicitly stated otherwise all files in this repository are licensed",
+						"// under the Apache License Version 2.0.",
+						"// This product includes software developed at Datadog (https://www.datadoghq.com/).",
+						"// Copyright 2016-present Datadog, Inc.",
+						"",
+						fmt.Sprintf("//go:build %s && %s && !go1.22", tgt.os, tgt.arch),
+						"package vendor",
+						"",
+						`import _ "embed" // Needed for go:embed`,
+						"",
+						fmt.Sprintf("//go:embed %s-%s/%s", tgt.os, tgt.arch, name),
+						"var libddwaf []byte",
+						"",
+						fmt.Sprintf(`const embedNamePattern = "libddwaf-*%s"`, path.Ext(name)),
+						"", // Trailing new line...
+					},
+					"\n",
+				)
+				if err = os.WriteFile(path.Join(embedDir, "..", fmt.Sprintf("vendor_%s_%s.go", tgt.os, tgt.arch)), []byte(gosource), 0644); err != nil {
+					panic(err)
+				}
+			}
 
 			foundLib = true
 		case "ddwaf.h":
@@ -213,35 +236,42 @@ func handleTarget(wg *sync.WaitGroup, version string, tgt target, embedDir strin
 }
 
 type target struct {
-	embedName  string
+	os         string
+	arch       string
 	assetLabel string
 	primary    bool // The one we'll get ddwaf.h from
 }
 
 var targets = []target{
 	{
-		embedName:  "darwin-amd64",
+		os:         "darwin",
+		arch:       "amd64",
 		assetLabel: "darwin-x86_64",
 	},
 	{
-		embedName:  "darwin-arm64",
+		os:         "darwin",
+		arch:       "arm64",
 		assetLabel: "darwin-arm64",
 	},
 	{
-		embedName:  "linux-amd64",
+		os:         "linux",
+		arch:       "amd64",
 		assetLabel: "x86_64-linux-musl",
 		primary:    true,
 	},
 	{
-		embedName:  "linux-arm64",
+		os:         "linux",
+		arch:       "arm64",
 		assetLabel: "aarch64-linux-musl",
 	},
 	{
-		embedName:  "linux-armv7",
+		os:         "linux",
+		arch:       "armv7",
 		assetLabel: "armv7-linux-musl",
 	},
 	{
-		embedName:  "linux-i386",
+		os:         "linux",
+		arch:       "i386",
 		assetLabel: "i386-linux-musl",
 	},
 }
@@ -250,9 +280,14 @@ func init() {
 	_, filename, _, _ := runtime.Caller(0)
 	dir := path.Dir(filename)
 	rootDir = path.Join(dir, "..", "..")
-	libDir = path.Join(rootDir, "lib")
+	libDir = path.Join(rootDir, "internal", "vendor")
 	versionFile = path.Join(libDir, ".version")
+
 	file, err := os.Open(versionFile)
+	if errors.Is(err, os.ErrNotExist) {
+		currentVersion = "<none>"
+		return
+	}
 	if err != nil {
 		panic(err)
 	}
@@ -264,13 +299,3 @@ func init() {
 
 	currentVersion = string(data)
 }
-
-const vendorTemplate = `// Unless explicitly stated otherwise all files in this repository are licensed
-// under the Apache License Version 2.0.
-// This product includes software developed at Datadog (https://www.datadoghq.com/).
-// Copyright 2016-present Datadog, Inc.
-
-// Package vendor is required to help go tools support vendoring.
-// DO NOT REMOVE
-package vendor
-`

embed.go → internal/vendor/vendor.go

@@ -3,18 +3,21 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2016-present Datadog, Inc.
 
-//go:build (linux || darwin) && (amd64 || arm64) && !go1.22
+//go:build !go1.22 && ((darwin && (amd64 || arm64)) || (linux && (amd64 || arm64 || armv7 || i386)))
 
-package waf
+package vendor
 
 import (
 	"fmt"
 	"os"
+
+	_ "embed"
 )
 
-// dumpWafLibrary dumps the bundled libddwaf shared library to a temporary file on the file system.
-// The caller is responsible for properly disposing of the temporary file once it is no longer needed.
-func dumpWafLibrary() (path string, err error) {
+//go:embed .version
+var EmbeddedWAFVersion string
+
+func DumpEmbeddedWAF() (path string, err error) {
 	file, err := os.CreateTemp("", embedNamePattern)
 	if err != nil {
 		return path, fmt.Errorf("error creating temp file: %w", err)

embed_darwin_amd64.go → internal/vendor/vendor_darwin_amd64.go

@@ -4,12 +4,11 @@
 // Copyright 2016-present Datadog, Inc.
 
 //go:build darwin && amd64 && !go1.22
-
-package waf
+package vendor
 
 import _ "embed" // Needed for go:embed
 
-//go:embed lib/darwin-amd64/libddwaf.dylib
+//go:embed darwin-amd64/libddwaf.dylib
 var libddwaf []byte
 
 const embedNamePattern = "libddwaf-*.dylib"

embed_darwin_arm64.go → internal/vendor/vendor_darwin_arm64.go

@@ -4,12 +4,11 @@
 // Copyright 2016-present Datadog, Inc.
 
 //go:build darwin && arm64 && !go1.22
-
-package waf
+package vendor
 
 import _ "embed" // Needed for go:embed
 
-//go:embed lib/darwin-arm64/libddwaf.dylib
+//go:embed darwin-arm64/libddwaf.dylib
 var libddwaf []byte
 
 const embedNamePattern = "libddwaf-*.dylib"

embed_linux_amd64.go → internal/vendor/vendor_linux_amd64.go

@@ -4,12 +4,11 @@
 // Copyright 2016-present Datadog, Inc.
 
 //go:build linux && amd64 && !go1.22
-
-package waf
+package vendor
 
 import _ "embed" // Needed for go:embed
 
-//go:embed lib/linux-amd64/libddwaf.so
+//go:embed linux-amd64/libddwaf.so
 var libddwaf []byte
 
 const embedNamePattern = "libddwaf-*.so"

embed_linux_arm64.go → internal/vendor/vendor_linux_arm64.go

@@ -4,12 +4,11 @@
 // Copyright 2016-present Datadog, Inc.
 
 //go:build linux && arm64 && !go1.22
-
-package waf
+package vendor
 
 import _ "embed" // Needed for go:embed
 
-//go:embed lib/linux-arm64/libddwaf.so
+//go:embed linux-arm64/libddwaf.so
 var libddwaf []byte
 
 const embedNamePattern = "libddwaf-*.so"

internal/vendor/vendor_linux_armv7.go

@@ -0,0 +1,14 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build linux && armv7 && !go1.22
+package vendor
+
+import _ "embed" // Needed for go:embed
+
+//go:embed linux-armv7/libddwaf.so
+var libddwaf []byte
+
+const embedNamePattern = "libddwaf-*.so"

internal/vendor/vendor_linux_i386.go

@@ -0,0 +1,14 @@
+// Unless explicitly stated otherwise all files in this repository are licensed
+// under the Apache License Version 2.0.
+// This product includes software developed at Datadog (https://www.datadoghq.com/).
+// Copyright 2016-present Datadog, Inc.
+
+//go:build linux && i386 && !go1.22
+package vendor
+
+import _ "embed" // Needed for go:embed
+
+//go:embed linux-i386/libddwaf.so
+var libddwaf []byte
+
+const embedNamePattern = "libddwaf-*.so"