[CONTP-1785] chore(instrumentation): Replace container image with name in DDI autodiscovery handler#52803
Open
Mathew-Estafanous wants to merge 7 commits into
Conversation
Contributor
|
@codex review |
dd-octo-sts
Bot
added
internal
github-actions
Bot
added
the
short review
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2bcba41034
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
github-actions
Bot
added
medium review
Contributor
|
🎯 Code Coverage (details) 🔗 Commit SHA: f2a50df | Docs | Datadog PR Page | Give us feedback! |
Contributor
Files inventory check summaryFile checks results against ancestor e8821703: Results for datadog-agent_7.82.0~devel.git.447.f2a50df.pipeline.121598309-1_amd64.deb:No change detected |
Contributor
Static quality checks✅ Please find below the results from static quality gates Successful checksInfo
32 successful checks with minimal change (< 2 KiB)
|
Regression DetectorRegression Detector ResultsMetrics dashboard Baseline: e882170 ❌ Experiments with retried target crashesThis is a critical error. One or more replicates failed with a non-zero exit code. These replicates may have been retried. See Replicate Execution Details for more information.
Optimization Goals: ✅ No significant changes detected
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | quality_gate_logs | % cpu utilization | +1.43 | [+0.35, +2.52] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_metrics_logs | memory utilization | +0.38 | [+0.13, +0.63] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_security_mean_fs_load | memory utilization | +0.19 | [+0.15, +0.23] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_idle_all_features | memory utilization | +0.16 | [+0.12, +0.20] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_idle | memory utilization | +0.01 | [-0.05, +0.07] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_security_idle | memory utilization | -0.02 | [-0.08, +0.04] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_security_no_fs_load | memory utilization | -0.28 | [-0.38, -0.18] | 1 | Logs bounds checks dashboard |
Bounds Checks: ✅ Passed
| perf | experiment | bounds_check_name | replicates_passed | observed_value | links |
|---|---|---|---|---|---|
| ✅ | quality_gate_idle | intake_connections | 10/10 | 3 ≤ 4 | bounds checks dashboard |
| ✅ | quality_gate_idle | memory_usage | 10/10 | 148.98MiB ≤ 154MiB | bounds checks dashboard |
| ✅ | quality_gate_idle | total_bytes_received | 10/10 | 578.60KiB ≤ 819.20KiB | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | intake_connections | 10/10 | 3 ≤ 4 | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 | 487.82MiB ≤ 495MiB | bounds checks dashboard |
| ✅ | quality_gate_idle_all_features | total_bytes_received | 10/10 | 0.89MiB ≤ 1.25MiB | bounds checks dashboard |
| ✅ | quality_gate_logs | intake_connections | 10/10 | 4 ≤ 6 | bounds checks dashboard |
| ✅ | quality_gate_logs | memory_usage | 10/10 | 183.26MiB ≤ 195MiB | bounds checks dashboard |
| ✅ | quality_gate_logs | missed_bytes | 10/10 | 0B = 0B | bounds checks dashboard |
| ✅ | quality_gate_logs | total_bytes_received | 10/10 | 264.16MiB ≤ 292MiB | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | cpu_usage | 10/10 | 337.46 ≤ 2000 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | intake_connections | 10/10 | 3 ≤ 6 | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | memory_usage | 10/10 | 374.14MiB ≤ 430MiB | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | missed_bytes | 10/10 | 0B = 0B | bounds checks dashboard |
| ✅ | quality_gate_metrics_logs | total_bytes_received | 10/10 | 0.86GiB ≤ 1.04GiB | bounds checks dashboard |
| ✅ | quality_gate_security_idle | cpu_usage | 10/10 | 28.79 ≤ 40 | bounds checks dashboard |
| ✅ | quality_gate_security_idle | memory_usage | 10/10 | 296.28MiB ≤ 330MiB | bounds checks dashboard |
| ✅ | quality_gate_security_mean_fs_load | cpu_usage | 10/10 | 61.41 ≤ 80 | bounds checks dashboard |
| ✅ | quality_gate_security_mean_fs_load | memory_usage | 10/10 | 276.15MiB ≤ 310MiB | bounds checks dashboard |
| ✅ | quality_gate_security_no_fs_load | cpu_usage | 10/10 | 22.32 ≤ 40 | bounds checks dashboard |
| ✅ | quality_gate_security_no_fs_load | memory_usage | 10/10 | 282.08MiB ≤ 320MiB | bounds checks dashboard |
Explanation
Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
Replicate Execution Details
We run multiple replicates for each experiment/variant. However, we allow replicates to be automatically retried if there are any failures, up to 8 times, at which point the replicate is marked dead and we are unable to run analysis for the entire experiment. We call each of these attempts at running replicates a replicate execution. This section lists all replicate executions that failed due to the target crashing or being oom killed.
Note: In the below tables we bucket failures by experiment, variant, and failure type. For each of these buckets we list out the replicate indexes that failed with an annotation signifying how many times said replicate failed with the given failure mode. In the below example the baseline variant of the experiment named experiment_with_failures had two replicates that failed by oom kills. Replicate 0, which failed 8 executions, and replicate 1 which failed 6 executions, all with the same failure mode.
| Experiment | Variant | Replicates | Failure | Logs | Debug Dashboard |
|---|---|---|---|---|---|
| experiment_with_failures | baseline | 0 (x8) 1 (x6) | Oom killed | Debug Dashboard |
The debug dashboard links will take you to a debugging dashboard specifically designed to investigate replicate execution failures.
❌ Retried Normal Replicate Execution Failures (non-profiling)
| Experiment | Variant | Replicates | Failure | Debug Dashboard |
|---|---|---|---|---|
| quality_gate_idle | baseline | 5 | Oom killed | Debug Dashboard |
❌ Retried Profiling Replicate Execution Failures (ddprof)
Note: Profiling replicas may still be executing. See the debug dashboard for up to date status.
| Experiment | Variant | Replicates | Failure | Debug Dashboard |
|---|---|---|---|---|
| quality_gate_idle | baseline | 10 | Oom killed | Debug Dashboard |
| quality_gate_idle | comparison | 10 | Oom killed | Debug Dashboard |
| quality_gate_idle_all_features | baseline | 10 | Oom killed | Debug Dashboard |
| quality_gate_idle_all_features | comparison | 10 | Oom killed | Debug Dashboard |
| quality_gate_logs | baseline | 10 | Oom killed | Debug Dashboard |
| quality_gate_logs | comparison | 10 | Oom killed | Debug Dashboard |
| quality_gate_metrics_logs | baseline | 10 | Oom killed | Debug Dashboard |
| quality_gate_metrics_logs | comparison | 10 | Oom killed | Debug Dashboard |
| quality_gate_security_idle | comparison | 10 | Oom killed | Debug Dashboard |
| quality_gate_security_no_fs_load | baseline | 10 | Oom killed | Debug Dashboard |
| quality_gate_security_no_fs_load | comparison | 10 | Oom killed | Debug Dashboard |
CI Pass/Fail Decision
✅ Passed. All Quality Gates passed.
- quality_gate_idle, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_security_mean_fs_load, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_security_mean_fs_load, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_security_idle, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
- quality_gate_security_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
- quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
- quality_gate_idle_all_features, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
- quality_gate_security_no_fs_load, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
- quality_gate_security_no_fs_load, bounds check memory_usage: 10/10 replicas passed. Gate passed.
Mathew-Estafanous
added
the
no-draft-review
Mathew-Estafanous
changed the title
Mathew-Estafanous
force-pushed
the
mathew.estafanous/ad-ddi-container-name
branch
from
627b55e to
0a2508b
Compare
Mathew-Estafanous
force-pushed
the
mathew.estafanous/ad-ddi-container-name
branch
from
feeab67 to
5b3ca7c
Compare
Mathew-Estafanous
changed the base branch from
main
to
mathew.estafanous/revert-ddi-crd-e2e
| } | ||
|
|
||
| svc.adIdentifiers = append(svc.adIdentifiers, entity, containerImg.RawName) | ||
| svc.adIdentifiers = append(svc.adIdentifiers, adtypes.KubeContainerNameIdentifier(containerName), entity, containerImg.RawName) |
Contributor
Author
There was a problem hiding this comment.
ℹ️ I only added the container name as an AD Identifier in the kubelet listener. It's possible to do the same for the container runtime listener, but wouldn't be helpful since DDI is a kubernetes specific feature.
| Field: fmt.Sprintf("spec.config.checks[%d].containerImage", i), | ||
| HandlerName: h.Name(), | ||
| }) | ||
| if !isService(cr) { |
Contributor
Author
There was a problem hiding this comment.
ℹ️ Not new to this PR, but just as a reminder, checks targeting a service are turned into endpoint checks, which are matched to the pod instead of a container. That is why we don't need a container name in that case.
Contributor
Gitlab CI Configuration ChangesModified Jobs.on_container_or_e2e_changes .on_container_or_e2e_changes:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_successnew-e2e-containers new-e2e-containers:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- artifacts: false
job: go_e2e_test_binaries
- go_tools_deps
- job: new-e2e-base-coverage
optional: true
- qa_agent_linux
- qa_agent_linux_jmx
- qa_dca
- qa_dogstatsd
parallel:
matrix:
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=1.19
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=1.22
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=1.27
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=1.29
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:osDescriptor=ubuntu:20-04
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:osDescriptor=ubuntu:22-04
- EXTRA_PARAMS: --run TestDockerSuite
- EXTRA_PARAMS: --run "TestK8S(CEL|Legacy)FilteringSuite"
- - EXTRA_PARAMS: --run TestDDIAutodiscoverySuite
- - EXTRA_PARAMS: --skip "Test(Kind|EKS|OpenShiftVM|ECS|Docker|K8SCELFiltering|K8SLegacyFiltering|DDIAutodiscovery)Suite"
? -----------------
+ - EXTRA_PARAMS: --skip "Test(Kind|EKS|OpenShiftVM|ECS|Docker|K8SCELFiltering|K8SLegacyFiltering)Suite"
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
ON_NIGHTLY_FIPS: 'true'
PRE_BUILT_BINARIES_FLAG: --use-prebuilt-binaries
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/containers
TEAM: container-integrationsnew-e2e-containers-ecs new-e2e-containers-ecs:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- artifacts: false
job: go_e2e_test_binaries
- go_tools_deps
- job: new-e2e-base-coverage
optional: true
- qa_agent_linux
- qa_agent_linux_jmx
- qa_dca
- qa_dogstatsd
- job: qa_agent
optional: true
- job: qa_agent_jmx
optional: true
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
EXTRA_PARAMS: --run TestECSSuite
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
ON_NIGHTLY_FIPS: 'true'
PRE_BUILT_BINARIES_FLAG: --use-prebuilt-binaries
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/containers
TEAM: container-integrationsnew-e2e-containers-eks new-e2e-containers-eks:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- artifacts: false
job: go_e2e_test_binaries
- go_tools_deps
- job: new-e2e-base-coverage
optional: true
- qa_agent_linux
- qa_agent_linux_jmx
- qa_dca
- qa_dogstatsd
- job: qa_agent
optional: true
- job: qa_agent_jmx
optional: true
- new-e2e-containers-eks-init
retry:
exit_codes:
- 42
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
- unknown_failure
- api_failure
- scheduler_failure
- stale_schedule
- data_integrity_failure
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_PRE_INITIALIZED: 'true'
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
EXTRA_PARAMS: --run TestEKSSuite
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
ON_NIGHTLY_FIPS: 'true'
PRE_BUILT_BINARIES_FLAG: --use-prebuilt-binaries
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/containers
TEAM: container-integrationsnew-e2e-containers-eks-init new-e2e-containers-eks-init:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
allow_failure: true
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- go_tools_deps
retry:
exit_codes:
- 42
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
- unknown_failure
- api_failure
- scheduler_failure
- stale_schedule
- data_integrity_failure
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e_init
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_INIT_ONLY: 'true'
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
EXTRA_PARAMS: --run TestEKSSuite
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
PRE_BUILT_BINARIES_FLAG: ''
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'false'
TARGETS: ./tests/containers
TEAM: container-integrationsnew-e2e-containers-k8s-latest new-e2e-containers-k8s-latest:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- artifacts: false
job: go_e2e_test_binaries
- go_tools_deps
- job: new-e2e-base-coverage
optional: true
- qa_agent_linux
- qa_agent_linux_jmx
- qa_dca
- qa_dogstatsd
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=v1.36.1@sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
ON_NIGHTLY_FIPS: 'true'
PRE_BUILT_BINARIES_FLAG: --use-prebuilt-binaries
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/containers
TEAM: container-integrationsChanges Summary
ℹ️ Diff available in the job log. |
Contributor
Gitlab CI Configuration ChangesModified Jobs.on_container_or_e2e_changes .on_container_or_e2e_changes:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_successnew-e2e-containers new-e2e-containers:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- artifacts: false
job: go_e2e_test_binaries
- go_tools_deps
- job: new-e2e-base-coverage
optional: true
- qa_agent_linux
- qa_agent_linux_jmx
- qa_dca
- qa_dogstatsd
parallel:
matrix:
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=1.19
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=1.22
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=1.27
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=1.29
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:osDescriptor=ubuntu:20-04
- EXTRA_PARAMS: --run TestKindSuite -c ddinfra:osDescriptor=ubuntu:22-04
- EXTRA_PARAMS: --run TestDockerSuite
- EXTRA_PARAMS: --run "TestK8S(CEL|Legacy)FilteringSuite"
- - EXTRA_PARAMS: --run TestDDIAutodiscoverySuite
- - EXTRA_PARAMS: --skip "Test(Kind|EKS|OpenShiftVM|ECS|Docker|K8SCELFiltering|K8SLegacyFiltering|DDIAutodiscovery)Suite"
? -----------------
+ - EXTRA_PARAMS: --skip "Test(Kind|EKS|OpenShiftVM|ECS|Docker|K8SCELFiltering|K8SLegacyFiltering)Suite"
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
ON_NIGHTLY_FIPS: 'true'
PRE_BUILT_BINARIES_FLAG: --use-prebuilt-binaries
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/containers
TEAM: container-integrationsnew-e2e-containers-ecs new-e2e-containers-ecs:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- artifacts: false
job: go_e2e_test_binaries
- go_tools_deps
- job: new-e2e-base-coverage
optional: true
- qa_agent_linux
- qa_agent_linux_jmx
- qa_dca
- qa_dogstatsd
- job: qa_agent
optional: true
- job: qa_agent_jmx
optional: true
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
EXTRA_PARAMS: --run TestECSSuite
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
ON_NIGHTLY_FIPS: 'true'
PRE_BUILT_BINARIES_FLAG: --use-prebuilt-binaries
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/containers
TEAM: container-integrationsnew-e2e-containers-eks new-e2e-containers-eks:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- artifacts: false
job: go_e2e_test_binaries
- go_tools_deps
- job: new-e2e-base-coverage
optional: true
- qa_agent_linux
- qa_agent_linux_jmx
- qa_dca
- qa_dogstatsd
- job: qa_agent
optional: true
- job: qa_agent_jmx
optional: true
- new-e2e-containers-eks-init
retry:
exit_codes:
- 42
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
- unknown_failure
- api_failure
- scheduler_failure
- stale_schedule
- data_integrity_failure
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_PRE_INITIALIZED: 'true'
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
EXTRA_PARAMS: --run TestEKSSuite
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
ON_NIGHTLY_FIPS: 'true'
PRE_BUILT_BINARIES_FLAG: --use-prebuilt-binaries
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/containers
TEAM: container-integrationsnew-e2e-containers-eks-init new-e2e-containers-eks-init:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
allow_failure: true
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- go_tools_deps
retry:
exit_codes:
- 42
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
- unknown_failure
- api_failure
- scheduler_failure
- stale_schedule
- data_integrity_failure
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e_init
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_INIT_ONLY: 'true'
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
EXTRA_PARAMS: --run TestEKSSuite
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
PRE_BUILT_BINARIES_FLAG: ''
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'false'
TARGETS: ./tests/containers
TEAM: container-integrationsnew-e2e-containers-k8s-latest new-e2e-containers-k8s-latest:
after_script:
- CODECOV_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $CODECOV token) || exit
$?; export CODECOV_TOKEN
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh "junit-${CI_JOB_ID}.tgz" "$E2E_RESULT_JSON"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n dda inv -- -e coverage.process-e2e-coverage-folders\
\ $E2E_COVERAGE_OUT_DIR\n dda inv -- -e dyntest.compute-and-upload-job-index\
\ --bucket-uri $S3_PERMANENT_ARTIFACTS_URI --coverage-folder $E2E_COVERAGE_OUT_DIR\
\ --commit-sha $CI_COMMIT_SHA --job-id $CI_JOB_ID\nfi\n"
- "if [ -d \"$E2E_COVERAGE_OUT_DIR\" ]; then\n DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh\
\ $AGENT_API_KEY_ORG2 token) || exit $?; export DD_API_KEY\n for coverage in\
\ \"$E2E_COVERAGE_OUT_DIR\"/*/coverage.txt; do\n datadog-ci coverage upload\
\ --format=go-coverprofile \"$coverage\" || true\n done\nfi\n"
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- $E2E_RESULT_JSON
- junit-*.tgz
- $E2E_COVERAGE_OUT_DIR
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache_e2e.tar.zst | tar xf - -C
$GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.zst
- mkdir -p ~/.pulumi && zstd -dc pulumi_plugins.tar.zst | tar xf - -C ~/.pulumi
- rm -f pulumi_plugins.tar.zst
- "go_bin=\"$(go env GOBIN)\"\nif [ -z \"$go_bin\" ]; then\n go_bin=\"$(go env\
\ GOPATH)/bin\"\nfi\nmkdir -p \"$go_bin\" \"$GOPATH/pkg/mod/cache\"\nzstd -dc\
\ go_tools_bin.tar.zst | tar xf - -C \"$go_bin\"\nzstd -dc modcache_tools.tar.zst\
\ | tar xf - -C \"$GOPATH/pkg/mod/cache\"\n"
- rm -f go_tools_bin.tar.zst modcache_tools.tar.zst
- export PATH=$PATH:$go_bin
- mkdir -p ~/.aws
- "if [ -n \"$E2E_USE_AWS_PROFILE\" ]; then\n echo Using agent-qa-ci aws profile\n\
\ $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config\
\ || exit $?\n # Now all `aws` commands target the agent-qa profile\n export\
\ AWS_PROFILE=agent-qa-ci\nelse\n # Assume role to fetch only once credentials\
\ and avoid rate limits\n echo Assuming ddbuild-agent-ci role\n roleoutput=\"\
$(aws sts assume-role --role-arn arn:aws:iam::669783387624:role/ddbuild-agent-ci\
\ --external-id ddbuild-agent-ci --role-session-name RoleSession)\"\n export\
\ AWS_ACCESS_KEY_ID=\"$(echo \"$roleoutput\" | jq -r '.Credentials.AccessKeyId')\"\
\n export AWS_SECRET_ACCESS_KEY=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SecretAccessKey')\"\
\n export AWS_SESSION_TOKEN=\"$(echo \"$roleoutput\" | jq -r '.Credentials.SessionToken')\"\
\nfi\n"
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AWS_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AWS_PRIVATE_KEY_PATH && chmod 600 $E2E_AWS_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_AWS_PRIVATE_KEY_PATH || exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_AZURE_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_AZURE_PRIVATE_KEY_PATH && chmod 600 $E2E_AZURE_PRIVATE_KEY_PATH &&
$CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_key_rsa > $E2E_AZURE_PRIVATE_KEY_PATH
|| exit $?
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_GCP_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_GCP_PRIVATE_KEY_PATH && chmod 600 $E2E_GCP_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_GCP_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE client_id)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE token)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE tenant_id)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_AZURE subscription_id)
|| exit $?; export ARM_SUBSCRIPTION_ID
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_json > ~/gcp-credentials.json
|| exit $?
- export GOOGLE_APPLICATION_CREDENTIALS=~/gcp-credentials.json
- 'gcp_acr_key=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_GCP credentials_acr_readonly)
|| exit $?
export E2E_GCP_IMAGE_PULL_PASSWORD="b64=$(printf ''%s'' "$gcp_acr_key" | base64
-w 0)"
'
- dda inv -- -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
- export DD_ENV=nativetest
- export DD_CIVISIBILITY_ENABLED=true
- export DD_CIVISIBILITY_AGENTLESS_ENABLED=true
- export DD_CIVISIBILITY_FLAKY_RETRY_ENABLED=false
- export DD_TAGS="gitlab.pipeline_source:${CI_PIPELINE_SOURCE}"
- DD_API_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_API_KEY_ORG2 token)
|| exit $?; export DD_API_KEY
- export WINDOWS_DDNPM_DRIVER=${WINDOWS_DDNPM_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDNPM_DRIVER" --no-worktree)}
- export WINDOWS_DDPROCMON_DRIVER=${WINDOWS_DDPROCMON_DRIVER:-$(dda inv release.get-release-json-value
"dependencies::WINDOWS_DDPROCMON_DRIVER" --no-worktree)}
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
needs:
- go_e2e_deps
- artifacts: false
job: go_e2e_test_binaries
- go_tools_deps
- job: new-e2e-base-coverage
optional: true
- qa_agent_linux
- qa_agent_linux_jmx
- qa_dca
- qa_dogstatsd
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- .gitlab/test/e2e/e2e.yml
- test/e2e-framework/**/*
- test/new-e2e/go.mod
- flakes.yaml
- release.json
- changes:
compare_to: $COMPARE_TO_BRANCH
paths:
- comp/core/tagger/**/*
- comp/core/workloadmeta/**/*
- comp/core/autodiscovery/listeners/**/*
- comp/core/autodiscovery/providers/**/*
- comp/forwarder/defaultforwarder/**/*
- comp/serializer/**/*
- pkg/aggregator/*/**
- comp/languagedetection/**/*
- pkg/clusteragent/admission/mutate/**/*
- - pkg/clusteragent/admission/validate/datadoginstrumentation/*
- - pkg/clusteragent/instrumentation/**/*
- pkg/clusteragent/languagedetection/**/*
- - cmd/cluster-agent/api/v1/instrumentationchecks.go
- pkg/collector/corechecks/cluster/**/*
- pkg/collector/corechecks/containers/**/*
- pkg/collector/corechecks/containerimage/**/*
- pkg/collector/corechecks/containerlifecycle/**/*
- pkg/collector/corechecks/sbom/**/*
- pkg/sbom/**/*
- pkg/util/clusteragent/**/*
- pkg/util/containerd/**/*
- pkg/util/containers/**/*
- pkg/util/docker/**/*
- pkg/util/ecs/**/*
- pkg/util/kubernetes/**/*
- pkg/util/cgroups/**/*
- pkg/util/trivy/**/*
- test/new-e2e/tests/containers/**/*
- test/new-e2e/go.mod
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- export IS_DEV_BRANCH="$(dda inv -- -e pipeline.is-dev-branch)"
- DYNAMIC_TESTS_BREAKGLASS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DYNAMIC_TESTS_BREAKGLASS
value) || exit $?; export DYNAMIC_TESTS_BREAKGLASS
- "if [ \"$DYNAMIC_TESTS_BREAKGLASS\" == \"true\" ] || [ \"$IS_DEV_BRANCH\" == \"\
false\" ] || [ \"$RUN_E2E_TESTS\" == \"on\" ]; then\n export DYNAMIC_TESTS_FLAG=\"\
\"\nfi\n"
- export E2E_IMAGE_PULL_PASSWORD=$(aws ecr get-login-password),$E2E_GCP_IMAGE_PULL_PASSWORD
- dda inv -- -e new-e2e-tests.run $DYNAMIC_TESTS_FLAG $PRE_BUILT_BINARIES_FLAG $MAX_RETRIES_FLAG
--local-package $CI_PROJECT_DIR/$OMNIBUS_BASE_DIR --result-json $E2E_RESULT_JSON
--targets $TARGETS --junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
--logs-folder=$E2E_OUTPUT_DIR/logs --logs-post-processing --logs-post-processing-test-depth=$E2E_LOGS_PROCESSING_TEST_DEPTH
stage: e2e
tags:
- arch:amd64
- specific:true
variables:
DYNAMIC_TESTS_FLAG: --impacted
E2E_AWS_PRIVATE_KEY_PATH: /tmp/agent-qa-aws-ssh-key
E2E_AWS_PUBLIC_KEY_PATH: /tmp/agent-qa-aws-ssh-key.pub
E2E_AZURE_PRIVATE_KEY_PATH: /tmp/agent-qa-azure-ssh-key
E2E_AZURE_PUBLIC_KEY_PATH: /tmp/agent-qa-azure-ssh-key.pub
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_COVERAGE_OUT_DIR: $CI_PROJECT_DIR/coverage
E2E_GCP_PRIVATE_KEY_PATH: /tmp/agent-qa-gcp-ssh-key
E2E_GCP_PUBLIC_KEY_PATH: /tmp/agent-qa-gcp-ssh-key.pub
E2E_IMAGE_PULL_REGISTRY: 669783387624.dkr.ecr.us-east-1.amazonaws.com,us-central1-docker.pkg.dev
E2E_IMAGE_PULL_USERNAME: AWS,_json_key
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_LOGS_PROCESSING_TEST_DEPTH: 1
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PREBUILD_S3_URI: $S3_PERMANENT_ARTIFACTS_URI/e2e-pre-build/$CI_PIPELINE_ID
E2E_RESULT_JSON: $CI_PROJECT_DIR/e2e_test_output.json
E2E_SKIP_WINDOWS: $SKIP_WINDOWS
E2E_USE_AWS_PROFILE: 'true'
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
EXTRA_PARAMS: --run TestKindSuite -c ddinfra:kubernetesVersion=v1.36.1@sha256:3489c7674813ba5d8b1a9977baea8a6e553784dab7b84759d1014dbd78f7ebd5
FLAKY_PATTERNS_CONFIG: $CI_PROJECT_DIR/flaky-patterns-runtime.yaml
GIT_STRATEGY: clone
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
MAX_RETRIES_FLAG: ''
ON_NIGHTLY_FIPS: 'true'
PRE_BUILT_BINARIES_FLAG: --use-prebuilt-binaries
REMOTE_STACK_CLEANING: 'true'
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/containers
TEAM: container-integrationsChanges Summary
ℹ️ Diff available in the job log. |
Mathew-Estafanous
added
changelog/no-changelog
Mathew-Estafanous
force-pushed
the
mathew.estafanous/ad-ddi-container-name
branch
from
e0af191 to
2da7119
Compare
Mathew-Estafanous
changed the title
gabedos
reviewed
Jun 26, 2026
| func buildCELSelector(ref autoscalingv2.CrossVersionObjectReference, namespace string) workloadfilter.Rules { | ||
| expr := fmt.Sprintf( | ||
| `container.pod.rootowner.kind == %q && container.pod.rootowner.name == %q && container.pod.namespace == %q`, | ||
| `container.pod.rootowner.kind == %q && container.pod.rootowner.name == %q && container.pod.namespace == %q && container.image.reference != ""`, |
Contributor
There was a problem hiding this comment.
note: container.image.reference != "" is a hack to override the current hardcoding safety restrictions in the cel rules. We can consider removing the restrictions, or maybe modifying them to consider it safe when you restrict down to the name + namespace.
gabedos
approved these changes
Jun 26, 2026
Mathew-Estafanous
force-pushed
the
mathew.estafanous/revert-ddi-crd-e2e
branch
from
57a30f1 to
0fab80d
Compare
Mathew-Estafanous
force-pushed
the
mathew.estafanous/ad-ddi-container-name
branch
from
2da7119 to
f2a50df
Compare
aiuto
approved these changes
Jun 29, 2026
gabedos
approved these changes
Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Updates DDI autodiscovery checks to target Kubernetes containers by
containerNameinstead ofcontainerImage. The AD Identifier is set withkube_container_name://<containerName>instead of the image name to avoid pure CEL config matching.Added container name to the AD Identifier list in
listeners/kubelet.gobut not the docker runtime listener because DDI CR is purely a kubernetes feature so adding container name to the AD ID incontainers.gowould be futile.Motivation
containerNamematches how users configure Kubernetes pod specs better than requiring an exact container image.Describe how you validated your changes
DDI CRD spec
Validated check is scheduled
Service has container name in AD ID
Config created in instrumentation check source