Merge branch 'master' into kr-igor/dsm-tt-v0

Author: kr-igor

.azure-pipelines/ultimate-pipeline.yml

@@ -146,7 +146,7 @@ variables:
   DD_LOGGER_DD_TAGS: test.configuration.job:$(System.JobDisplayName)
   DD_LOGGER_ENABLED: true
   DD_COLLECTOR_CPU_USAGE: true
-  ToolVersion: 3.41.0
+  ToolVersion: 3.42.0
   # .NET SDK performance optimization variables
   DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
   DOTNET_CLI_TELEMETRY_OPTOUT: 1
@@ -5350,7 +5350,7 @@ stages:
             SNAPSHOT_DIR: $(System.DefaultWorkingDirectory)/tracer/build/smoke_test_snapshots
             SNAPSHOT_CI: 1
             # ignoring 'http.client_ip' and 'network.client.ip' because it's set to '::1' here instead of expected '127.0.0.1'
-            SNAPSHOT_IGNORED_ATTRS: span_id,trace_id,parent_id,duration,start,metrics.system.pid,meta.runtime-id,metrics.process_id,meta._dd.p.dm,meta._dd.p.tid,meta._dd.git.commit.sha,meta._dd.git.repository_url,meta.http.client_ip,meta.network.client.ip,meta._dd.appsec.s.req.params,meta._dd.appsec.s.res.body,meta._dd.appsec.s.req.headers,meta._dd.appsec.s.res.headers #api-security attrs are unfortunately ignored because gzip compression generates different bytes per platform windows/linux
+            SNAPSHOT_IGNORED_ATTRS: span_id,trace_id,parent_id,duration,start,metrics.system.pid,meta.runtime-id,metrics.process_id,meta._dd.p.dm,meta._dd.p.tid,meta._dd.git.commit.sha,meta._dd.git.repository_url,meta._dd.tags.process,meta.http.client_ip,meta.network.client.ip,meta._dd.appsec.s.req.params,meta._dd.appsec.s.res.body,meta._dd.appsec.s.req.headers,meta._dd.appsec.s.res.headers #api-security attrs are unfortunately ignored because gzip compression generates different bytes per platform windows/linux
 
         - script: |
             # Based on variables set in smoke.dotnet-tool.nuget.dockerfile

.github/actions/publish-debug-symbols/action.yml

@@ -38,7 +38,7 @@ runs:
 
     # Use the same go version as in https://github.com/DataDog/profiling-backend/blob/prod/debug-symbol-upload/Dockerfile#L21
     - name: Install Go
-      uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
+      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
       with:
         go-version: '^1.22.3'
 

.github/workflows/auto_bump_test_package_versions.yml

@@ -22,7 +22,7 @@ jobs:
         run: git config --system core.longpaths true
 
       - name: Get dd-octo-sts token
-        uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+        uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
         id: octo-sts
         with:
           scope: DataDog/dd-trace-dotnet
@@ -33,7 +33,7 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.base.sha }}
 
-      - uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
+      - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5.2.0
         with:
           global-json-file: global.json
 
@@ -73,7 +73,7 @@ jobs:
 
       - name: Send Slack notification about generating failure
         if: failure()
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+        uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
         with:
           # This data can be any valid JSON from a previous step in the GitHub Action
           payload: |

.github/workflows/codeql-analysis.yml

@@ -35,7 +35,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+      uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
       with:
         languages: csharp, cpp
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
         ./tracer/build.sh BuildProfilerHome BuildNativeLoader
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+      uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
 
     - name: filter-sarif cpp
       uses: advanced-security/filter-sarif@2da736ff05ef065cb2894ac6892e47b5eac2c3c0 # v1.1
@@ -113,7 +113,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+      uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
       with:
         languages: csharp, cpp
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -134,7 +134,7 @@ jobs:
         ./tracer/build.sh BuildTracerHome
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+      uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
 
     - name: filter-sarif cpp
       uses: advanced-security/filter-sarif@2da736ff05ef065cb2894ac6892e47b5eac2c3c0 # v1.1

.gitlab/benchmarks/macrobenchmarks.yml

@@ -71,6 +71,10 @@ build-dd-trace-dotnet-macrobenchmarks-ami:
   when: manual
   timeout: 3h
   variables:
+    # Adding managed-by:bp-infra lets us filter CI runner metrics to monitor bp-infra-managed jobs.
+    # See https://datadoghq.atlassian.net/wiki/spaces/DEVX/pages/2889355451/Gitlab+Runner+fork#Metrics
+    DD_METRICS_TAGS: "managed-by:bp-infra"
+
     AWS_REGION: "us-east-1"
 
     # Branch containing a provision for building the macrobenchmarks AMI
@@ -533,6 +537,10 @@ profiler_cpu_timer_create-arm64:
       - reports/
     expire_in: 3 months
   variables:
+    # Adding managed-by:bp-infra lets us filter CI runner metrics to monitor bp-infra-managed jobs.
+    # See https://datadoghq.atlassian.net/wiki/spaces/DEVX/pages/2889355451/Gitlab+Runner+fork#Metrics
+    DD_METRICS_TAGS: "managed-by:bp-infra"
+
     RUNNER_AFTER_SCRIPT_TIMEOUT: 1h
 
     # Allows ephemeral instances to read content from benchmarking-platform

.gitlab/benchmarks/microbenchmarks.yml

@@ -32,6 +32,10 @@ build-dd-trace-dotnet-microbenchmarks-ami:
     DDOCTOSTS_ID_TOKEN:
       aud: dd-octo-sts
   variables:
+    # Adding managed-by:bp-infra lets us filter CI runner metrics to monitor bp-infra-managed jobs.
+    # See https://datadoghq.atlassian.net/wiki/spaces/DEVX/pages/2889355451/Gitlab+Runner+fork#Metrics
+    DD_METRICS_TAGS: "managed-by:bp-infra"
+
     # Allows ephemeral instances to read content from dd-trace-dotnet
     # This is not strictly necessary in the current AMI build
     DDOCTOSTS_SCOPE: "DataDog/dd-trace-dotnet"
@@ -78,8 +82,7 @@ run-benchmarks:
   stage: benchmarks
   tags: ["arch:amd64"]
   timeout: 2h
-  # Image created in the following job https://gitlab.ddbuild.io/DataDog/benchmarking-platform-tools/-/jobs/869830045
-  image: registry.ddbuild.io/images/benchmarking-platform-tools-ubuntu:dd-trace-dotnet-micro
+  image: registry.ddbuild.io/images/benchmarking-platform-tools-ubuntu:latest
   id_tokens:
     DDOCTOSTS_ID_TOKEN:
       aud: dd-octo-sts
@@ -93,52 +96,56 @@ run-benchmarks:
     name: "artifacts"
     when: always
     paths:
-      - reports/
+      - artifacts/
     expire_in: 3 months
   variables:
-    # Allows ephemeral instances to read content from benchmarking-platform
-    DDOCTOSTS_SCOPE: "DataDog/benchmarking-platform"
-    DDOCTOSTS_POLICY: "gitlab.github-access.read-contents"
+    # Adding managed-by:bp-infra lets us filter CI runner metrics to monitor bp-infra-managed jobs.
+    # See https://datadoghq.atlassian.net/wiki/spaces/DEVX/pages/2889355451/Gitlab+Runner+fork#Metrics
+    DD_METRICS_TAGS: "managed-by:bp-infra"
 
+    # Scope for dd-octo-sts to get GitHub token for cloning dd-trace-dotnet
+    DDOCTOSTS_SCOPE: "DataDog/dd-trace-dotnet"
+    DDOCTOSTS_POLICY: "gitlab.github-access.read-contents"
     AWS_REGION: "us-east-1"
-
-    # Branch containing 1. scripts to launch Windows benchmarks on ephemeral 
-    # instances (to be used by GitLab CI runners) and 2. scripts to run Windows 
-    # benchmarks (to be used by the ephemeral instances).
-    BP_INFRA_BENCHMARKING_PLATFORM_BRANCH: "dd-trace-dotnet/micro"
-
-    # Where benchmarking results will be stored
     BP_INFRA_ARTIFACTS_BUCKET_NAME: "windows-benchmarking-results-us-east-1"
-
-    # Whether to mock benchmark execution by simply copying the latest 
-    # master results. Useful for testing the after_script steps
-    BP_INFRA_TEST: "false"
-
-    # Whether to cleanup ephemeral instances after benchmarks are run
+    # Cleanup instances after benchmarks
     CLEANUP: "true"
-
-    # Where to look for benchmarking artifacts for uploading to the BP UI
-    ARTIFACTS_DIR: "reports"
+    # Set to "true" to skip actual benchmarks and use _latest results (for testing the pipeline)
+    BP_INFRA_TEST: "false"
   before_script:
     - !reference [.dd-octo-sts-setup, before_script]
   script:
+    - mkdir -p artifacts
     - export GITHUB_TOKEN=$(cat /tmp/github-token)
-    - git clone --branch $BP_INFRA_BENCHMARKING_PLATFORM_BRANCH https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.ddbuild.io/DataDog/benchmarking-platform platform
-    - mkdir -p reports
-    - ./platform/steps/run-windows-benchmarks.sh
+    # Fetch DD_API_KEY from SSM (in GitLab runner's AWS account) and export for bp-infra
+    - export DD_API_KEY=$(aws ssm get-parameter --name "ci.dd-trace-dotnet.dd_api_key" --with-decryption --query "Parameter.Value" --output text --region "${AWS_REGION}")
+    - CLEANUP_ARG=$([[ "$CLEANUP" == "false" ]] && echo "--no-cleanup" || echo "")
+    # Run benchmarks on ephemeral instance
+    - |
+      bp-infra launch \
+        --provision .gitlab/benchmarks/microbenchmarks/infrastructure/instance.yml \
+        --region "${AWS_REGION}" \
+        --os windows \
+        --env-regex "^(CI_|DD_|BP_|GITHUB_|ARTIFACTS_)" \
+        --bypass-stack-destroy \
+        $CLEANUP_ARG
+    # Fetch results from S3, analyze, upload, and post PR comment
+    - export ARTIFACTS_DIR="$(pwd)/artifacts"
+    - .gitlab/benchmarks/microbenchmarks/scripts/fetch-results.sh
+    - .gitlab/benchmarks/microbenchmarks/scripts/analyze-results.sh
+    - .gitlab/benchmarks/microbenchmarks/scripts/upload-to-bp-ui.sh
+    - .gitlab/benchmarks/microbenchmarks/scripts/post-pr-comment.sh
   after_script:
     - |
       if [ "$CLEANUP" == "true" ]; then
-        bp-infra cleanup --provision ./platform/ephemeral-infra/instance.yaml \
+        bp-infra cleanup \
+          --provision .gitlab/benchmarks/microbenchmarks/infrastructure/instance.yml \
           --region "${AWS_REGION}" \
-          --bypass-stack-destroy
+          --os windows \
+          --bypass-stack-destroy || true
       else
         echo "'CLEANUP' is set to 'false'. Will not cleanup."
       fi
-    - ./platform/steps/fetch-results.sh
-    - ./platform/steps/analyze-results.sh
-    - ./platform/steps/post-pr-comment.sh
-    - ./platform/steps/upload-to-bp-ui.sh
 
 # This repository is using PR-level performance quality gates.
 # Verify that the check-big-regressions CI job has passed. If any regression happened, merging this PR will be blocked.
@@ -162,15 +169,15 @@ run-benchmarks:
     name: "artifacts"
     when: always
     paths:
-      - reports/
+      - artifacts/
     expire_in: "30 days"
   variables:
     BP_INFRA_BENCHMARKING_PLATFORM_BRANCH: "dd-trace-dotnet/micro"
 
     # Regex to ignore benchmarks identified as unstable
     IGNORED_BENCHMARKS_REGEX: "Trace.Iast.StringAspectsBenchmark|Trace.CharSliceBenchmark|Trace.Asm.AppSecWafBenchmark|Trace.Asm.AppSecBodyBenchmark|Trace.CIVisibilityProtocolWriterBenchmark"
   script: |
-    export ARTIFACTS_DIR="$(pwd)/reports"
+    export ARTIFACTS_DIR="$(pwd)/artifacts"
 
     if [ -n "${IGNORED_BENCHMARKS_REGEX}" ]; then
       echo "Adding the 'ignored.' prefix to benchmarks matching IGNORED_BENCHMARKS_REGEX:"