ci:upload test results to datadog (#17206)

* WIP

* ci:upload test results to datadog

* fix use of envvar in expression

* getting correct permission in reusable-unit.yml

* getting correct permission in reusable-unit.yml

* fixing DATADOG_API_KEY envvar expresssion

* pass datadog-api-key

* removing type from datadog-api-key
This commit is contained in:
John Murret 2023-05-10 14:49:18 -06:00 committed by GitHub
parent f72d75d6b2
commit 281e1696ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 247 additions and 7 deletions

View file

@ -21,7 +21,6 @@ permissions:
env: env:
TEST_RESULTS: /tmp/test-results TEST_RESULTS: /tmp/test-results
GOTESTSUM_VERSION: 1.8.2
jobs: jobs:
setup: setup:
@ -215,6 +214,7 @@ jobs:
# secrets: # secrets:
# elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} # elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
# consul-license: ${{secrets.CONSUL_LICENSE}} # consul-license: ${{secrets.CONSUL_LICENSE}}
# datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-oss: go-test-oss:
needs: needs:
@ -227,9 +227,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "" go-tags: ""
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-enterprise: go-test-enterprise:
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
@ -243,9 +247,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-race: go-test-race:
needs: needs:
@ -259,9 +267,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-32bit: go-test-32bit:
needs: needs:
@ -275,9 +287,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-envoyextensions: go-test-envoyextensions:
needs: needs:
@ -289,9 +305,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-troubleshoot: go-test-troubleshoot:
needs: needs:
@ -303,9 +323,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-api-1-19: go-test-api-1-19:
needs: needs:
@ -317,9 +341,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-api-1-20: go-test-api-1-20:
needs: needs:
@ -331,9 +359,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-sdk-1-19: go-test-sdk-1-19:
needs: needs:
@ -345,9 +377,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-sdk-1-20: go-test-sdk-1-20:
needs: needs:
@ -359,9 +395,13 @@ jobs:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
noop: noop:
runs-on: ubuntu-latest runs-on: ubuntu-latest

View file

@ -42,6 +42,8 @@ on:
required: true required: true
consul-license: consul-license:
required: true required: true
datadog-api-key:
required: true
env: env:
TEST_RESULTS: /tmp/test-results TEST_RESULTS: /tmp/test-results
GOTESTSUM_VERSION: 1.8.2 GOTESTSUM_VERSION: 1.8.2
@ -49,6 +51,7 @@ env:
TOTAL_RUNNERS: ${{inputs.runner-count}} TOTAL_RUNNERS: ${{inputs.runner-count}}
CONSUL_LICENSE: ${{secrets.consul-license}} CONSUL_LICENSE: ${{secrets.consul-license}}
GOTAGS: ${{ inputs.go-tags}} GOTAGS: ${{ inputs.go-tags}}
DATADOG_API_KEY: ${{secrets.datadog-api-key}}
jobs: jobs:
set-test-package-matrix: set-test-package-matrix:
@ -128,6 +131,36 @@ jobs:
-tags="${{env.GOTAGS}}" -p 2 \ -tags="${{env.GOTAGS}}" -p 2 \
${GO_TEST_FLAGS-} \ ${GO_TEST_FLAGS-} \
-cover -coverprofile=coverage.txt -cover -coverprofile=coverage.txt
# NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
- name: prepare datadog-ci
if: ${{ !endsWith(github.repository, '-enterprise') }}
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: upload coverage
env:
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2 - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
with: with:
name: test-results name: test-results

View file

@ -38,12 +38,15 @@ on:
required: true required: true
consul-license: consul-license:
required: true required: true
datadog-api-key:
required: true
env: env:
TEST_RESULTS: /tmp/test-results TEST_RESULTS: /tmp/test-results
GOTESTSUM_VERSION: 1.8.2 GOTESTSUM_VERSION: 1.8.2
GOARCH: ${{inputs.go-arch}} GOARCH: ${{inputs.go-arch}}
CONSUL_LICENSE: ${{secrets.consul-license}} CONSUL_LICENSE: ${{secrets.consul-license}}
GOTAGS: ${{ inputs.go-tags}} GOTAGS: ${{ inputs.go-tags}}
DATADOG_API_KEY: ${{secrets.datadog-api-key}}
jobs: jobs:
go-test: go-test:
@ -96,6 +99,36 @@ jobs:
-tags="${{env.GOTAGS}}" \ -tags="${{env.GOTAGS}}" \
${GO_TEST_FLAGS-} \ ${GO_TEST_FLAGS-} \
-cover -coverprofile=coverage.txt -cover -coverprofile=coverage.txt
# NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
- name: prepare datadog-ci
if: ${{ !endsWith(github.repository, '-enterprise') }}
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: upload coverage
env:
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2 - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2
with: with:
name: test-results name: test-results

View file

@ -54,6 +54,9 @@ jobs:
needs: needs:
- setup - setup
- dev-build - dev-build
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
strategy: strategy:
matrix: matrix:
nomad-version: ['v1.3.3', 'v1.2.10', 'v1.1.16'] nomad-version: ['v1.3.3', 'v1.2.10', 'v1.1.16']
@ -92,12 +95,45 @@ jobs:
--packages="./command/agent/consul" \ --packages="./command/agent/consul" \
--junitfile $TEST_RESULTS_DIR/results.xml -- \ --junitfile $TEST_RESULTS_DIR/results.xml -- \
-run TestConsul -run TestConsul
# NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
- name: prepare datadog-ci
if: ${{ !endsWith(github.repository, '-enterprise') }}
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: upload coverage
env:
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
vault-integration-test: vault-integration-test:
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
needs: needs:
- setup - setup
- dev-build - dev-build
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
strategy: strategy:
matrix: matrix:
vault-version: ["1.13.1", "1.12.5", "1.11.9", "1.10.11"] vault-version: ["1.13.1", "1.12.5", "1.11.9", "1.10.11"]
@ -139,6 +175,48 @@ jobs:
--junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-agent.xml" \ --junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-agent.xml" \
-- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage-agent.txt -run Vault ./agent -- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage-agent.txt -run Vault ./agent
# NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: ${{ steps.vault-auth.outputs.addr }}
caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
- name: prepare datadog-ci
if: ${{ !endsWith(github.repository, '-enterprise') }}
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: upload coverage
env:
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report.xml"
- name: upload leader coverage
env:
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-leader.xml"
- name: upload agent coverage
env:
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-agent.xml"
generate-envoy-job-matrices: generate-envoy-job-matrices:
needs: [setup] needs: [setup]
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
@ -181,6 +259,9 @@ jobs:
- setup - setup
- generate-envoy-job-matrices - generate-envoy-job-matrices
- dev-build - dev-build
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -232,10 +313,35 @@ jobs:
--packages=./test/integration/connect/envoy \ --packages=./test/integration/connect/envoy \
-- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})" -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 # NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v2.5.0
with: with:
name: ${{ env.TEST_RESULTS_ARTIFACT_NAME }} url: ${{ steps.vault-auth.outputs.addr }}
path: ${{ env.TEST_RESULTS_DIR }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
- name: prepare datadog-ci
if: ${{ !endsWith(github.repository, '-enterprise') }}
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: upload coverage
env:
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
generate-compatibility-job-matrices: generate-compatibility-job-matrices:
needs: [setup] needs: [setup]
@ -274,6 +380,9 @@ jobs:
- setup - setup
- dev-build - dev-build
- generate-compatibility-job-matrices - generate-compatibility-job-matrices
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
@ -335,10 +444,35 @@ jobs:
# tput complains if this isn't set to something. # tput complains if this isn't set to something.
TERM: ansi TERM: ansi
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 # NOTE: ENT specific step as we store secrets in Vault.
- name: Authenticate to Vault
if: ${{ endsWith(github.repository, '-enterprise') }}
id: vault-auth
run: vault-auth
# NOTE: ENT specific step as we store secrets in Vault.
- name: Fetch Secrets
if: ${{ endsWith(github.repository, '-enterprise') }}
id: secrets
uses: hashicorp/vault-action@v2.5.0
with: with:
name: ${{ env.TEST_RESULTS_ARTIFACT_NAME }} url: ${{ steps.vault-auth.outputs.addr }}
path: ${{ env.TEST_RESULTS_DIR }} caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
token: ${{ steps.vault-auth.outputs.token }}
secrets: |
kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;
- name: prepare datadog-ci
if: ${{ !endsWith(github.repository, '-enterprise') }}
run: |
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
chmod +x /usr/local/bin/datadog-ci
- name: upload coverage
env:
DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}"
DD_ENV: ci
run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml
generate-upgrade-job-matrices: generate-upgrade-job-matrices:
needs: [setup] needs: [setup]