diff --git a/.github/actions/push_to_test_optim/action.yml b/.github/actions/push_to_test_optim/action.yml index 674c391c85c..0502cd4a190 100644 --- a/.github/actions/push_to_test_optim/action.yml +++ b/.github/actions/push_to_test_optim/action.yml @@ -6,9 +6,13 @@ inputs: default: datadoghq.com datadog_api_key: description: "A valid DD_API_KEY" + default: "" ci_environment: description: "CI environment running the tests (dev/prod/custom), used for Test Optimization tagging" default: "" + dd_sts_policy: + description: "dd-sts policy to use to get a datadog API key (required if datadog_api_key is not set)" + default: "" runs: using: composite @@ -19,19 +23,26 @@ runs: run: echo "Skipping TestOptim push for dependabot PRs" - name: Install datadog-ci - if: github.event.pull_request.user.login != 'dependabot[bot]' && inputs.datadog_api_key != '' + if: github.event.pull_request.user.login != 'dependabot[bot]' shell: bash run: npm install -g @datadog/datadog-ci || sleep 60 && npm install -g @datadog/datadog-ci - name: checkout owner repo - if: github.event.pull_request.user.login != 'dependabot[bot]' && inputs.datadog_api_key != '' + if: github.event.pull_request.user.login != 'dependabot[bot]' uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 with: path: repo + - name: Get Datadog credentials + id: dd-sts + if: inputs.dd_sts_policy != '' + uses: DataDog/dd-sts-action@2e8187910199bd93129520183c093e19aa585c75 # v1.0.0 + with: + policy: ${{ inputs.dd_sts_policy }} + # https://docs.datadoghq.com/tests/setup/junit_xml/?tab=linux - name: Push results - if: github.event.pull_request.user.login != 'dependabot[bot]' && inputs.datadog_api_key != '' + if: github.event.pull_request.user.login != 'dependabot[bot]' shell: bash run: | cd repo @@ -43,5 +54,5 @@ runs: --xpath-tag "test.codeowners=/testcase/properties/property[@name='test.codeowners']" env: DATADOG_SITE: ${{ inputs.datadog_site }} - DATADOG_API_KEY: ${{ inputs.datadog_api_key }} + DATADOG_API_KEY: ${{ inputs.datadog_api_key != '' && inputs.datadog_api_key || steps.dd-sts.outputs.api_key }} DD_TAGS: ${{ inputs.ci_environment != '' && format('test.configuration.ci_environment:{0}', inputs.ci_environment) || '' }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49c84e4e4f8..8a51718c084 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -71,6 +71,7 @@ jobs: permissions: contents: read packages: write + id-token: write secrets: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} @@ -92,6 +93,7 @@ jobs: _system_tests_dev_mode: ${{ matrix.version == 'dev' }} _system_tests_library_target_branch_map: ${{ needs.compute_libraries_and_scenarios.outputs.target-branch-map }} push_to_test_optimization: true + dd_sts_policy: system-tests exotics: name: Exotics scenarios diff --git a/.github/workflows/run-end-to-end.yml b/.github/workflows/run-end-to-end.yml index 9019e59f332..5930de82096 100644 --- a/.github/workflows/run-end-to-end.yml +++ b/.github/workflows/run-end-to-end.yml @@ -101,6 +101,11 @@ on: default: "datadoghq.com" required: false type: string + dd_sts_policy: + description: "dd-sts policy to use to get a Datadog API key for Test Optimization" + default: "" + required: false + type: string jobs: main: @@ -546,3 +551,4 @@ jobs: datadog_api_key: ${{ secrets.TEST_OPTIMIZATION_API_KEY }} datadog_site: ${{ inputs.test_optimization_datadog_site }} ci_environment: ${{ inputs.ci_environment }} + dd_sts_policy: ${{ inputs.dd_sts_policy }} diff --git a/.github/workflows/run-parametric.yml b/.github/workflows/run-parametric.yml index 3cf1add1095..b02454efef7 100644 --- a/.github/workflows/run-parametric.yml +++ b/.github/workflows/run-parametric.yml @@ -76,6 +76,11 @@ on: default: "datadoghq.com" required: false type: string + dd_sts_policy: + description: "dd-sts policy to use to get a Datadog API key for Test Optimization" + default: "" + required: false + type: string secrets: TEST_OPTIMIZATION_API_KEY: description: "API key for pushing test results to DataDog Test Optimization" @@ -166,3 +171,4 @@ jobs: datadog_api_key: ${{ secrets.TEST_OPTIMIZATION_API_KEY }} datadog_site: ${{ inputs.test_optimization_datadog_site }} ci_environment: ${{ inputs.ci_environment }} + dd_sts_policy: ${{ inputs.dd_sts_policy }} diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index 2705c561c7c..d7d3646c9db 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -124,6 +124,11 @@ on: default: "datadoghq.com" required: false type: string + dd_sts_policy: + description: "dd-sts policy to use to get a Datadog API key for Test Optimization" + default: "" + required: false + type: string secrets: DOCKERHUB_USERNAME: @@ -170,6 +175,8 @@ jobs: if: needs.compute_parameters.outputs.parametric_enable == 'true' uses: ./.github/workflows/run-parametric.yml secrets: inherit + permissions: + id-token: write with: library: ${{ inputs.library }} ref: ${{ inputs.ref }} @@ -182,6 +189,7 @@ jobs: unique_id: ${{ needs.compute_parameters.outputs.unique_id }} push_to_test_optimization: ${{ inputs.push_to_test_optimization }} test_optimization_datadog_site: ${{ inputs.test_optimization_datadog_site }} + dd_sts_policy: ${{ inputs.dd_sts_policy }} build_end_to_end: name: Build end-to-end (${{ matrix.weblog.name }}) @@ -256,6 +264,8 @@ jobs: fail-fast: false uses: ./.github/workflows/run-end-to-end.yml secrets: inherit + permissions: + id-token: write with: runs_on: ${{ matrix.job.runs_on }} library: ${{ matrix.job.library }} @@ -272,6 +282,7 @@ jobs: artifact_retention_days: ${{ inputs.artifact_retention_days }} push_to_test_optimization: ${{ inputs.push_to_test_optimization }} test_optimization_datadog_site: ${{ inputs.test_optimization_datadog_site }} + dd_sts_policy: ${{ inputs.dd_sts_policy }} _build_buddies_images: ${{ inputs._build_buddies_images }} _build_proxy_image: ${{ inputs._build_proxy_image }} _build_lambda_proxy_image: ${{ inputs._build_lambda_proxy_image }}