ConnectionMaster · pull · Aug 5, 2025 · Aug 5, 2025 · Aug 5, 2025 · Aug 5, 2025
diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
@@ -48,6 +48,35 @@ jobs:
     uses: ./.github/workflows/test-results-master.yml
     secrets: inherit
 
+  upload-coverage:
+    needs:
+    - test
+    if: >
+      !github.event.repository.private &&
+      (success() || failure())
+    runs-on: ubuntu-latest
+    permissions:
+      # needed for codecov, allows the action to get a JWT signed by Github
+      id-token: write
+      contents: read
+
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    - name: Download all coverage artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      with:
+        pattern: coverage-*
+        path: coverage-reports
+        merge-multiple: false
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@15559ed290fa727036809b67ab0f646ffa6c5158
+      with:
+        use_oidc: true
+        directory: coverage-reports
+        fail_ci_if_error: false
+
   submit-traces:
     needs:
     - test

diff --git a/.github/workflows/nightly-base-package.yml b/.github/workflows/nightly-base-package.yml
@@ -15,6 +15,8 @@ jobs:
     uses: ./.github/workflows/test-all.yml
 
     permissions:
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
        # needed for compute-matrix in test-target.yml
        contents: read
 

diff --git a/.github/workflows/pr-all.yml b/.github/workflows/pr-all.yml
@@ -34,6 +34,35 @@ jobs:
 
     uses: ./.github/workflows/save-event.yml
 
+  upload-coverage:
+    needs:
+    - test
+    if: >
+      !github.event.repository.private &&
+      (success() || failure())
+    runs-on: ubuntu-latest
+    permissions:
+      # needed for codecov, allows the action to get a JWT signed by Github
+      id-token: write
+      contents: read
+
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    - name: Download all coverage artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      with:
+        pattern: coverage-*
+        path: coverage-reports
+        merge-multiple: false
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@15559ed290fa727036809b67ab0f646ffa6c5158
+      with:
+        use_oidc: true
+        directory: coverage-reports
+        fail_ci_if_error: false
+
   submit-traces:
     needs:
     - test

diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml
@@ -76,6 +76,36 @@ jobs:
     uses: ./.github/workflows/submit-traces.yml
     secrets: inherit
 
+  upload-coverage:
+    needs:
+    - test
+    if: >
+      !github.event.repository.private &&
+      (success() || failure()) &&
+      inputs.pytest-args != '-m flaky'
+    runs-on: ubuntu-latest
+    permissions:
+      # needed for codecov, allows the action to get a JWT signed by Github
+      id-token: write
+      contents: read
+
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+    - name: Download all coverage artifacts
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      with:
+        pattern: coverage-*
+        path: coverage-reports
+        merge-multiple: false
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@15559ed290fa727036809b67ab0f646ffa6c5158
+      with:
+        use_oidc: true
+        directory: coverage-reports
+        fail_ci_if_error: false
+
   check:
     needs:
     - test

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -24,5 +24,7 @@ jobs:
     secrets: inherit
 
     permissions:
+       # needed for codecov in pr-test.yml, allows the action to get a JWT signed by Github
+       id-token: write
        # needed for compute-matrix in test-target.yml
        contents: read
diff --git a/.github/workflows/test-agent.yml b/.github/workflows/test-agent.yml
@@ -50,6 +50,8 @@ jobs:
       skip-ddev-tests: true
     secrets: inherit
     permissions:
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
        # needed for compute-matrix in test-target.yml
        contents: read
 

diff --git a/.github/workflows/test-fips-e2e.yml b/.github/workflows/test-fips-e2e.yml
@@ -46,6 +46,8 @@ jobs:
       TRACE_CAPTURE_LOG: "trace-captures/output.log"
 
     permissions:
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
        # needed for compute-matrix in test-target.yml
        contents: read
 
@@ -149,3 +151,12 @@ jobs:
         name: "test-results-${{ inputs.target || 'tls' }}"
         path: "${{ env.TEST_RESULTS_BASE_DIR }}"
 
+    - name: Upload coverage data
+      if: >
+        !github.event.repository.private &&
+        always()
+      uses: codecov/codecov-action@15559ed290fa727036809b67ab0f646ffa6c5158
+      with:
+        use_oidc: true
+        files: "${{ inputs.target || 'tls' }}/coverage.xml"
+        flags: "${{ inputs.target || 'tls' }}"
diff --git a/.github/workflows/test-target.yml b/.github/workflows/test-target.yml
@@ -411,3 +411,15 @@ jobs:
       with:
         name: "test-results-${{ inputs.target }}${{ inputs.target-env && format('-{0}', inputs.target-env) || '' }}-${{ inputs.platform }}"
         path: "${{ env.TEST_RESULTS_BASE_DIR }}"
+
+    - name: Upload coverage data as artifact
+      if: >
+        !github.event.repository.private &&
+        always() &&
+        inputs.pytest-args != '-m flaky'
+      # Flaky tests will have low coverage, don't include in artifacts to avoid pipeline issues
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      with:
+        name: "coverage-${{ inputs.target }}${{ inputs.target-env && format('-{0}', inputs.target-env) || '' }}-${{ inputs.platform }}"
+        path: "${{ inputs.target }}/coverage.xml"
+        if-no-files-found: ignore
diff --git a/.github/workflows/weekly-latest.yml b/.github/workflows/weekly-latest.yml
@@ -15,6 +15,8 @@ jobs:
       latest: true
     secrets: inherit
     permissions:
+       # needed for codecov in test-target.yml, allows the action to get a JWT signed by Github
+       id-token: write
        # needed for compute-matrix in test-target.yml
        contents: read
 

diff --git a/activemq_xml/changelog.d/20878.fixed b/activemq_xml/changelog.d/20878.fixed
@@ -0,0 +1 @@
+Improve descriptions and examples
diff --git a/activemq_xml/datadog_checks/activemq_xml/data/conf.yaml.example b/activemq_xml/datadog_checks/activemq_xml/data/conf.yaml.example
@@ -112,7 +112,7 @@ instances:
 
     ## @param auth_type - string - optional - default: basic
     ## The type of authentication to use. The available types (and related options) are:
-    ##
+    ## ```
     ##   - basic
     ##     |__ username
     ##     |__ password
@@ -135,7 +135,7 @@ instances:
     ##     |__ aws_region
     ##     |__ aws_host
     ##     |__ aws_service
-    ##
+    ## ```
     ## The `aws` auth type relies on boto3 to automatically gather AWS credentials, for example: from `.aws/credentials`.
     ## Details: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#configuring-credentials
     #

diff --git a/aerospike/changelog.d/20878.fixed b/aerospike/changelog.d/20878.fixed
@@ -0,0 +1 @@
+Improve descriptions and examples
diff --git a/aerospike/datadog_checks/aerospike/data/conf.yaml.example b/aerospike/datadog_checks/aerospike/data/conf.yaml.example
@@ -63,30 +63,32 @@ instances:
     ##
     ## 1. If the item is a string, then it represents the exposed metric name, and
     ##    the sent metric name will be identical. For example:
-    ##
+    ##      ```
     ##      extra_metrics:
     ##      - <METRIC_1>
     ##      - <METRIC_2>
+    ##      ```
     ## 2. If the item is a mapping, then the keys represent the exposed metric names.
     ##
-    ##      a. If a value is a string, then it represents the sent metric name. For example:
-    ##
+    ##      1. If a value is a string, then it represents the sent metric name. For example:
+    ##           ```
     ##           extra_metrics:
     ##           - <EXPOSED_METRIC_1>: <SENT_METRIC_1>
     ##           - <EXPOSED_METRIC_2>: <SENT_METRIC_2>
-    ##      b. If a value is a mapping, then it must have a `name` and/or `type` key.
+    ##           ```
+    ##      2. If a value is a mapping, then it must have a `name` and/or `type` key.
     ##         The `name` represents the sent metric name, and the `type` represents how
     ##         the metric should be handled, overriding any type information the endpoint
     ##         may provide. For example:
-    ##
+    ##           ```
     ##           extra_metrics:
     ##           - <EXPOSED_METRIC_1>:
     ##               name: <SENT_METRIC_1>
     ##               type: <METRIC_TYPE_1>
     ##           - <EXPOSED_METRIC_2>:
     ##               name: <SENT_METRIC_2>
     ##               type: <METRIC_TYPE_2>
-    ##
+    ##           ```
     ##         The supported native types are `gauge`, `counter`, `histogram`, and `summary`.
     ##
     ## Note: To collect counter metrics with names ending in `_total`, specify the metric name without the `_total`
@@ -96,13 +98,19 @@ instances:
     ## https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md#suffixes
     ##
     ## Regular expressions may be used to match the exposed metric names, for example:
-    ##
+    ##   ```
     ##   extra_metrics:
     ##   - ^network_(ingress|egress)_.+
     ##   - .+:
     ##       type: gauge
+    ##   ```
     #
-    # extra_metrics: []
+    # extra_metrics:
+    #   - <METRIC_1>
+    #   - <EXPOSED_METRIC_2>: <SENT_METRIC_2>
+    #   - <EXPOSED_METRIC_3>:
+    #       name: <SENT_METRIC_3>
+    #       type: <METRIC_TYPE_3>
 
     ## @param exclude_metrics - list of strings - optional
     ## A list of metrics to exclude, with each entry being either
@@ -215,30 +223,28 @@ instances:
     ## exposed metrics from which to share labels, and the values are mappings that configure the
     ## sharing behavior. Each mapping must have at least one of the following keys:
     ##
-    ##   labels - This is a list of labels to share. All labels are shared if this is not set.
-    ##   match - This is a list of labels to match on other metrics as a condition for sharing.
-    ##   values - This is a list of allowed values as a condition for sharing.
+    ##   - labels - This is a list of labels to share. All labels are shared if this is not set.
+    ##   - match - This is a list of labels to match on other metrics as a condition for sharing.
+    ##   - values - This is a list of allowed values as a condition for sharing.
     ##
     ## To unconditionally share all labels of a metric, set it to `true`.
     ##
     ## For example, the following configuration instructs the check to apply all labels from `metric_a`
     ## to all other metrics, the `node` label from `metric_b` to only those metrics that have a `pod`
     ## label value that matches the `pod` label value of `metric_b`, and all labels from `metric_c`
     ## to all other metrics if their value is equal to `23` or `42`.
-    ##
-    ##   share_labels:
-    ##     metric_a: true
-    ##     metric_b:
-    ##       labels:
-    ##       - node
-    ##       match:
-    ##       - pod
-    ##     metric_c:
-    ##       values:
-    ##       - 23
-    ##       - 42
     #
-    # share_labels: {}
+    # share_labels:
+    #   metric_a: true
+    #   metric_b:
+    #     labels:
+    #     - node
+    #     match:
+    #     - pod
+    #   metric_c:
+    #     values:
+    #     - 23
+    #     - 42
 
     ## @param cache_shared_labels - boolean - optional - default: true
     ## When `share_labels` is set, it instructs the check to cache labels collected from the first payload
@@ -306,7 +312,7 @@ instances:
 
     ## @param auth_type - string - optional - default: basic
     ## The type of authentication to use. The available types (and related options) are:
-    ##
+    ## ```
     ##   - basic
     ##     |__ username
     ##     |__ password
@@ -329,7 +335,7 @@ instances:
     ##     |__ aws_region
     ##     |__ aws_host
     ##     |__ aws_service
-    ##
+    ## ```
     ## The `aws` auth type relies on boto3 to automatically gather AWS credentials, for example: from `.aws/credentials`.
     ## Details: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#configuring-credentials
     #

diff --git a/airflow/changelog.d/20878.fixed b/airflow/changelog.d/20878.fixed
@@ -0,0 +1 @@
+Improve descriptions and examples
diff --git a/airflow/datadog_checks/airflow/data/conf.yaml.example b/airflow/datadog_checks/airflow/data/conf.yaml.example
@@ -88,7 +88,7 @@ instances:
 
     ## @param auth_type - string - optional - default: basic
     ## The type of authentication to use. The available types (and related options) are:
-    ##
+    ## ```
     ##   - basic
     ##     |__ username
     ##     |__ password
@@ -111,7 +111,7 @@ instances:
     ##     |__ aws_region
     ##     |__ aws_host
     ##     |__ aws_service
-    ##
+    ## ```
     ## The `aws` auth type relies on boto3 to automatically gather AWS credentials, for example: from `.aws/credentials`.
     ## Details: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#configuring-credentials
     #

diff --git a/amazon_msk/changelog.d/20878.fixed b/amazon_msk/changelog.d/20878.fixed
@@ -0,0 +1 @@
+Improve descriptions and examples