chore: use dd-sts for secrets #31454
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: System Tests | |
| on: | |
| pull_request: | |
| push: | |
| branches: [master, mq-working-branch-master-*] | |
| workflow_dispatch: | |
| schedule: | |
| - cron: 0 4 * * * | |
| concurrency: | |
| # this ensures that only one workflow runs at a time for a given branch on pull requests | |
| # as the group key is the workflow name and the branch name | |
| # for scheduled runs and pushes to master, we use the run id to ensure that all runs are executed | |
| group: ${{ (github.event_name == 'pull_request' && format('{0}-{1}', github.workflow, github.ref)) || format('{0}-{1}', github.workflow, github.run_id) }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-artifacts: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout dd-trace-js | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| path: dd-trace-js | |
| - name: Pack dd-trace-js | |
| run: mkdir -p ./binaries && echo /binaries/$(npm pack --silent --pack-destination ./binaries ./dd-trace-js) > ./binaries/nodejs-load-from-npm | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: system_tests_binaries | |
| path: ./binaries/**/* | |
| get-credentials: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| outputs: | |
| api_key: ${{ steps.dd-sts.outputs.api_key }} | |
| steps: | |
| - name: Get Datadog credentials | |
| id: dd-sts | |
| uses: DataDog/dd-sts-action@2e8187910199bd93129520183c093e19aa585c75 # v1.0.0 | |
| with: | |
| policy: dd-trace-js | |
| main: | |
| needs: | |
| - build-artifacts | |
| - get-credentials | |
| uses: DataDog/system-tests/.github/workflows/system-tests.yml@main | |
| secrets: | |
| TEST_OPTIMIZATION_API_KEY: ${{ needs.get-credentials.outputs.api_key }} | |
| DD_API_KEY: ${{ needs.get-credentials.outputs.api_key }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| with: | |
| library: nodejs | |
| binaries_artifact: system_tests_binaries | |
| desired_execution_time: 300 # 5 minutes | |
| scenarios_groups: tracer-release | |
| excluded_scenarios: APM_TRACING_E2E_OTEL,APM_TRACING_E2E_SINGLE_SPAN # require AWS and datadog credentials | |
| parametric_job_count: 8 | |
| skip_empty_scenarios: true | |
| push_to_test_optimization: ${{ github.actor != 'dependabot[bot]' }} |