Skip to content

feat(errortracking): extend agenttelemetry component with error log submission#52486

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 5 commits into
mainfrom
pducolin/coat-errortracking/stack-2-agenttelemetry
Jun 25, 2026
Merged

feat(errortracking): extend agenttelemetry component with error log submission#52486
gh-worker-dd-mergequeue-cf854d[bot] merged 5 commits into
mainfrom
pducolin/coat-errortracking/stack-2-agenttelemetry

Conversation

@pducolin

@pducolin pducolin commented Jun 19, 2026

Copy link
Copy Markdown
Collaborator

Stacked PR 2/4 — part of #50607. Builds on stack-1 #52485.

What does this PR do?

Extends comp/core/agenttelemetry to buffer and forward ErrorLog entries produced by the handler in stack 1:

  • Interface — adds SubmitErrorLog(ErrorLog) to Component (def layer)
  • Buffering — allocates a bounded errLogsCh channel; SubmitErrorLog does a non-blocking send (drops on overflow, never blocks the hot path)
  • Flush job — the existing runner drives a periodic flushErrortracking() job — no new goroutines, no new lifecycle
  • Serialisationerrortracking_sender.go: converts ErrorLog → dd-go Log via enrichErrorLog(), appends commit SHA after scrubbing (to avoid the scrubber stripping it), wraps in LogsPayload
  • Shared transportsender.go: extracts sendPayloadBody() helper reused by both the metrics-payload path and the new logs path

The handler is not yet wired, so no customer facing changes yet.

Stack

  1. [stack-1 feat(errortracking): add core error-tracking package #52485] Core pkg/util/log/errortracking/ package
  2. This PR — agenttelemetry component extensions + sender refactor
  3. [stack-3] Config, log-setup wiring, agent run command
  4. [stack-4] FakeIntake infrastructure + E2E tests + CI

@datadog-official

datadog-official Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

🎯 Code Coverage (details)
Patch Coverage: 50.00%
Overall Coverage: 50.97% (-0.02%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 8b76261 | Docs | Datadog PR Page | Give us feedback!

@dd-octo-sts

dd-octo-sts Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Go Package Import Differences

Baseline: 26694e8
Comparison: 8b76261

binaryosarchchange
agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
agentlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
agentwindowsamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
agentdarwinamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
agentdarwinarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
agentaixppc64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
iot-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
iot-agentlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
heroku-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
cluster-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
cluster-agentlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
cluster-agent-cloudfoundrylinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
cluster-agent-cloudfoundrylinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
dogstatsdlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
dogstatsdlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
process-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
process-agentlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
process-agentwindowsamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
process-agentdarwinamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
process-agentdarwinarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
heroku-process-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
security-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
security-agentlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
security-agentwindowsamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
system-probelinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
system-probelinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
system-probewindowsamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
system-probedarwinamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
system-probedarwinarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
trace-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
trace-agentlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
trace-agentwindowsamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
trace-agentdarwinamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
trace-agentdarwinarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
trace-agentaixppc64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
heroku-trace-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
otel-agentlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
otel-agentlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
host-profilerlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
host-profilerlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
loaderlinuxamd64
+3, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
+hash
+hash/fnv
loaderlinuxarm64
+3, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
+hash
+hash/fnv
loaderdarwinamd64
+3, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
+hash
+hash/fnv
loaderdarwinarm64
+3, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
+hash
+hash/fnv
installerlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
installerlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
installerwindowsamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
privateactionrunnerlinuxamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
privateactionrunnerlinuxarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
privateactionrunnerwindowsamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
privateactionrunnerdarwinamd64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking
privateactionrunnerdarwinarm64
+1, -0
+github.com/DataDog/datadog-agent/pkg/util/log/errortracking

@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-1-core branch from 2ce0920 to f18b1d1 Compare June 19, 2026 13:15
@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-2-agenttelemetry branch 2 times, most recently from be28f36 to 53cf9d6 Compare June 22, 2026 08:28
@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-1-core branch 2 times, most recently from 678c519 to 056ee8f Compare June 22, 2026 08:34
@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-2-agenttelemetry branch from 53cf9d6 to 1b3c60a Compare June 22, 2026 08:34
@dd-octo-sts

dd-octo-sts Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Gitlab CI Configuration Changes

Modified Jobs

variables (configuration)
  variables:
    AGENT_API_KEY_ORG2: agent-api-key-org-2
    AGENT_APP_KEY_ORG2: agent-app-key-org-2
    AGENT_BINARIES_DIR: bin/agent
    AGENT_QA_E2E: agent-qa-e2e
    API_KEY_ORG2: ci.datadog-agent.datadog_api_key_org2
    ARTIFACT_DOWNLOAD_ATTEMPTS: 2
    ATLASSIAN_WRITE: atlassian-write
    BTFHUB_ARCHIVE_BRANCH: main
    BUCKET_BRANCH: dev
    CACHE_COMPRESSION_LEVEL: slowest
    CHANGELOG_COMMIT_SHA: ci.datadog-agent.gitlab_changelog_commit_sha
    CHOCOLATEY_API_KEY: ci.datadog-agent.chocolatey_api_key
-   CI_IMAGE_BTF_GEN: v120029388-43933fee
+   CI_IMAGE_BTF_GEN: v118883148-8fa6a628
    CI_IMAGE_BTF_GEN_SUFFIX: ''
-   CI_IMAGE_DOCKER_ARM64: v120029388-43933fee
+   CI_IMAGE_DOCKER_ARM64: v118883148-8fa6a628
    CI_IMAGE_DOCKER_ARM64_SUFFIX: ''
-   CI_IMAGE_DOCKER_X64: v120029388-43933fee
+   CI_IMAGE_DOCKER_X64: v118883148-8fa6a628
    CI_IMAGE_DOCKER_X64_SUFFIX: ''
-   CI_IMAGE_GITLAB_AGENT_DEPLOY: v120029388-43933fee
+   CI_IMAGE_GITLAB_AGENT_DEPLOY: v118883148-8fa6a628
    CI_IMAGE_GITLAB_AGENT_DEPLOY_SUFFIX: ''
-   CI_IMAGE_LINUX: v120029388-43933fee
+   CI_IMAGE_LINUX: v118883148-8fa6a628
    CI_IMAGE_LINUX_SUFFIX: ''
-   CI_IMAGE_RPM_ARM64: v120029388-43933fee
+   CI_IMAGE_RPM_ARM64: v118883148-8fa6a628
    CI_IMAGE_RPM_ARM64_SUFFIX: ''
-   CI_IMAGE_RPM_ARMHF: v120029388-43933fee
+   CI_IMAGE_RPM_ARMHF: v118883148-8fa6a628
    CI_IMAGE_RPM_ARMHF_SUFFIX: ''
-   CI_IMAGE_RPM_X64: v120029388-43933fee
+   CI_IMAGE_RPM_X64: v118883148-8fa6a628
    CI_IMAGE_RPM_X64_SUFFIX: ''
-   CI_IMAGE_WIN_LTSC2022_X64: v119961810-e18b0f68
?                                  ^ ^^^^  ^^ ^^^^
+   CI_IMAGE_WIN_LTSC2022_X64: v116983866-e2293bec
?                                 + ^^^ ^  ^^^^ ^^
    CI_IMAGE_WIN_LTSC2022_X64_SUFFIX: ''
-   CI_IMAGE_WIN_LTSC2025_X64: v119961810-e18b0f68
?                                  ^ ^^^^  ^^ ^^^^
+   CI_IMAGE_WIN_LTSC2025_X64: v116983866-e2293bec
?                                 + ^^^ ^  ^^^^ ^^
    CI_IMAGE_WIN_LTSC2025_X64_SUFFIX: ''
    CLANG_BUILD_VERSION: v60409452-ee70de70
    CLANG_LLVM_VER: 12.0.1
    CLUSTER_AGENT_BINARIES_DIR: bin/datadog-cluster-agent
    CLUSTER_AGENT_CLOUDFOUNDRY_BINARIES_DIR: bin/datadog-cluster-agent-cloudfoundry
    CODECOV: codecov
    CODECOV_TOKEN: ci.datadog-agent.codecov_token
    COMPARE_TO_BRANCH: main
    CRC_PULL_SECRET: ci.datadog-agent.crc-pull-secret
    CWS_INSTRUMENTATION_BINARIES_DIR: bin/cws-instrumentation
    DATADOG_AGENT_EMBEDDED_PATH: /opt/datadog-agent/embedded
    DDA_CLIENT_TOKEN: dda-feature-flags-client-token
    DDA_FEATURE_FLAGS_CI_SSM_KEY_WINDOWS: ci.datadog-agent.dda-feature-flags-client-token
    DDA_FEATURE_FLAGS_CI_VAULT_KEY: token
    DDA_FEATURE_FLAGS_CI_VAULT_KEY_MACOS: token
    DDA_FEATURE_FLAGS_CI_VAULT_PATH: k8s/gitlab-runner-datadog-agent/datadog-agent/$DDA_CLIENT_TOKEN
    DDA_FEATURE_FLAGS_CI_VAULT_PATH_MACOS: aws/arn:aws:iam::486234852809:role/ci-datadog-agent/$DDA_CLIENT_TOKEN
    DD_AGENT_TESTING_DIR: $CI_PROJECT_DIR/test/new-e2e/tests
    DD_PKG_GITLAB_URL: https://artifact-gateway.us1.ddbuild.io/internal/artifact-gateway/api/v4
    DEB_GPG_KEY_ID: c0962c7d
    DEB_GPG_KEY_NAME: Datadog, Inc. APT key
    DEB_RPM_TESTING_BUCKET_BRANCH: testing
    DEB_S3_BUCKET: apt.datad0g.com
    DEB_TESTING_S3_BUCKET: apttesting.datad0g.com
    DOCKER_REGISTRY_RO: dockerhub-readonly
    DOCKER_REGISTRY_URL: docker.io
    DOGSTATSD_BINARIES_DIR: bin/dogstatsd
    DYNAMIC_TESTS_BREAKGLASS: dynamic-tests-breakglass
    E2E_AZURE: e2e-azure
    E2E_COVERAGE_PIPELINE: false
    E2E_GCP: e2e-gcp
    EXECUTOR_JOB_SECTION_ATTEMPTS: 2
    FF_CLEAN_UP_FAILED_CACHE_EXTRACT: true
    FF_KUBERNETES_HONOR_ENTRYPOINT: true
    FF_SCRIPT_SECTIONS: 1
    FF_TIMESTAMPS: true
    FF_USE_FASTZIP: true
    FF_USE_WINDOWS_JOB_OBJECT: true
    GENERAL_ARTIFACTS_CACHE_BUCKET_URL: https://dd-agent-omnibus.s3.amazonaws.com
    GET_SOURCES_ATTEMPTS: 2
    GIT_STRATEGY: s3
    GO_TEST_SKIP_FLAKE: 'true'
    GPG_TEST_KEY_ID: crypto/k8s/keys/k8s_gitlab-runner-datadog-agent_datadog-agent_testing_signing-key
    INSTALLER_TESTING_S3_BUCKET: installtesting.datad0g.com
    INSTALL_SCRIPT_API_KEY_ORG2: install-script-api-key-org-2
    INTEGRATION_WHEELS_CACHE_BUCKET: dd-agent-omnibus
    KERNEL_MATRIX_TESTING_ARM_AMI_ID: ami-0b5f838a19d37fc61
    KERNEL_MATRIX_TESTING_X86_AMI_ID: ami-05b3973acf5422348
    KITCHEN_INFRASTRUCTURE_FLAKES_RETRY: 2
    MACOS_APPLE_APPLICATION_SIGNING: apple-application-signing
    MACOS_APPLE_DEVELOPER_ACCOUNT: apple-developer-account
    MACOS_APPLE_INSTALLER_SIGNING: apple-installer-signing
    MACOS_KEYCHAIN_PWD: ci-keychain
    MACOS_S3_BUCKET: dd-agent-macostesting
    OMNIBUS_BASE_DIR: /omnibus
    OMNIBUS_GIT_CACHE_DIR: /tmp/omnibus-git-cache
    OMNIBUS_PACKAGE_DIR: $CI_PROJECT_DIR/omnibus/pkg/
    OMNIBUS_PACKAGE_DIR_SUSE: $CI_PROJECT_DIR/omnibus/suse/pkg
    PIPELINE_KEY_ALIAS: alias/ci_datadog-agent_pipeline-key
    PROCESS_S3_BUCKET: datad0g-process-agent
    PYTHONUNBUFFERED: 1
    RESTORE_CACHE_ATTEMPTS: 2
    RPM_GPG_KEY_ID: b01082d3
    RPM_GPG_KEY_NAME: Datadog, Inc. RPM key
    RPM_S3_BUCKET: yum.datad0g.com
    RPM_TESTING_S3_BUCKET: yumtesting.datad0g.com
    RUN_E2E_TESTS: auto
    RUN_KMT_TESTS: auto
    RUN_UNIT_TESTS: auto
    S3_ARTIFACTS_URI: s3://dd-ci-artefacts-build-stable/$CI_PROJECT_NAME/$CI_PIPELINE_ID
    S3_CP_CMD: aws s3 cp $S3_CP_OPTIONS
    S3_CP_OPTIONS: --no-progress --region us-east-1 --sse AES256
    S3_DD_AGENT_OMNIBUS_BTFS_URI: s3://dd-agent-omnibus/btfs
    S3_DD_AGENT_OMNIBUS_JAVA_URI: s3://dd-agent-omnibus/openjdk
    S3_DD_AGENT_OMNIBUS_LLVM_URI: s3://dd-agent-omnibus/llvm
    S3_DSD6_URI: s3://dsd6-staging
    S3_OMNIBUS_CACHE_BUCKET: dd-ci-datadog-agent-omnibus-cache-build-stable
    S3_OMNIBUS_GIT_CACHE_BUCKET: dd-ci-datadog-agent-omnibus-git-cache-build-stable
    S3_PERMANENT_ARTIFACTS_URI: s3://dd-ci-persistent-artefacts-build-stable/$CI_PROJECT_NAME
    S3_PROJECT_ARTIFACTS_URI: s3://dd-ci-artefacts-build-stable/$CI_PROJECT_NAME
    S3_RELEASE_ARTIFACTS_URI: s3://dd-release-artifacts/$CI_PROJECT_NAME/$CI_PIPELINE_ID
    S3_RELEASE_INSTALLER_ARTIFACTS_URI: s3://dd-release-artifacts/datadog-installer/$CI_PIPELINE_ID
    S3_SBOM_STORAGE_URI: s3://sbom-root-us1-ddbuild-io/$CI_PROJECT_NAME/$CI_PIPELINE_ID
    SECRET_GENERIC_CONNECTOR_BINARIES_DIR: bin/secret-generic-connector
    SKIP_WINDOWS: 'false'
    SLACK_AGENT: slack-agent-ci
    SMP_ACCOUNT: smp
    STATIC_BINARIES_DIR: bin/static
    SYSTEM_PROBE_BINARIES_DIR: bin/system-probe
    TEST_KEYS_URL: apttesting.datad0g.com/test-keys
    VCPKG_BLOB_SAS_URL: ci.datadog-agent-buildimages.vcpkg_blob_sas_url
    VIRUS_TOTAL: virus-total
    WINDOWS_BUILDS_S3_BUCKET: $WIN_S3_BUCKET/builds
    WINDOWS_POWERSHELL_DIR: $CI_PROJECT_DIR/signed_scripts
    WINDOWS_SYMBOLS_S3_BUCKET: pipelines/windows-symbols
    WINDOWS_TESTING_S3_BUCKET: pipelines/A7/$CI_PIPELINE_ID
    WINGET_PAT: ci.datadog-agent.winget_pat
    WIN_S3_BUCKET: dd-agent-mstesting
workflow (configuration)
  workflow:
    rules:
    - if: $DDR_WORKFLOW_ID != null && $CI_COMMIT_BRANCH == "main"
      variables:
        BAZEL_CACHE_POLICY_SUFFIX: -push
        GO_TEST_SKIP_FLAKE: 'false'
        WINDOWS_SIGNING_CERT: s3://windows-code-signing-certificates/certs/beta/kms-signed.crt
        WINDOWS_SIGNING_CONFIG: s3://windows-code-signing-certificates/certs/beta/config.json
    - if: $CI_PIPELINE_SOURCE == "trigger" || $CI_PIPELINE_SOURCE == "pipeline"
    - if: $CI_COMMIT_BRANCH == "main"
      variables:
        BAZEL_CACHE_POLICY_SUFFIX: -push
        GO_TEST_SKIP_FLAKE: 'false'
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
    - if: $DEPLOY_AGENT == "true" || $DDR_WORKFLOW_ID != null
    - if: $RUN_E2E_TESTS == "on"
    - if: $DEPLOY_INSTALLER == "true" || $DDR_WORKFLOW_ID != null
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
    - changes:
        compare_to: main
        paths:
        - '**/*_windows.go'
        - pkg/util/winutil/**/*
        - pkg/windowsdriver/**/*
        - pkg/util/pdhutil/**/*
        - pkg/util/crashreport/**/*
        - pkg/collector/corechecks/system/wincrashdetect/**/*
        - pkg/collector/corechecks/system/windowscertificate/**/*
        - pkg/collector/corechecks/system/winkmem/**/*
        - pkg/collector/corechecks/system/winproc/**/*
        - pkg/collector/corechecks/net/wlan/**/*
        - pkg/logs/launchers/windowsevent/**/*
        - pkg/logs/tailers/windowsevent/**/*
        - pkg/logs/util/windowsevent/**/*
        - pkg/network/driver/**/*
        - pkg/config/**/*
        - cmd/agent/**/*
        - cmd/process-agent/**/*
        - cmd/security-agent/**/*
        - cmd/otel-agent/**/*
        - cmd/privateactionrunner/**/*
        - cmd/system-probe/**/*
        - cmd/trace-agent/**/*
        - cmd/installer/**/*
        - cmd/systray/**/*
        - cmd/otel-agent/**/*
      variables:
        SKIP_WINDOWS: 'false'
    - changes:
        compare_to: main
        paths:
        - comp/systray/**/*
        - comp/updater/**/*
        - comp/checks/agentcrashdetect/**/*
        - comp/checks/windowseventlog/**/*
        - comp/checks/winregistry/**/*
        - comp/metadata/hostsysteminfo/**/*
        - comp/trace/etwtracer/**/*
        - comp/etw/**/*
        - comp/notableevents/**/*
        - comp/publishermetadatacache/**/*
        - comp/softwareinventory/**/*
        - tools/windows/**/*
        - omnibus/**/*
        - packages/**/*
        - rtloader/**/*
        - Dockerfiles/agent/windows/**/*
        - Dockerfiles/agent/entrypoint.ps1
        - Dockerfiles/agent/entrypoint.d.windows/**/*
        - chocolatey/**/*
        - tasks/msi.py
        - tasks/winbuild.py
        - tasks/winbuildscripts/**/*
        - tasks/windows_resources.py
        - tasks/systray.py
        - release.json
        - .gitlab-ci.yml
        - .gitlab/**/*
      variables:
        SKIP_WINDOWS: 'false'
    - changes:
        compare_to: main
        paths:
        - test/new-e2e/tests/fleet/**/*
        - test/new-e2e/tests/installer/windows/**/*
        - test/new-e2e/tests/windows/**/*
        - test/new-e2e/tests/sysprobe-functional/**/*
        - test/new-e2e/tests/process/**/*
        - test/new-e2e/tests/agent-runtimes/**/*
      variables:
        SKIP_WINDOWS: 'false'
    - changes:
        compare_to: main
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
      variables:
        SKIP_WINDOWS: 'false'
    - if: $CI_COMMIT_TAG == null
      variables:
        SKIP_WINDOWS: 'true'
.agent_dmg
  .agent_dmg:
    after_script:
    - sudo umount /Volumes/Agent || true
    artifacts:
      expire_in: 2 weeks
      paths:
      - omnibus/pkg/*.dmg
      - omnibus/pkg/version-manifest.json
    before_script:
    - sudo umount /Volumes/Agent || true
    - rm -rf "$OMNIBUS_GIT_CACHE_DIR" || true
    cache:
    - key:
        files:
        - omnibus/Gemfile
        - release.json
        prefix: omnibus-deps-$CI_JOB_IMAGE-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION
      paths:
      - omnibus/vendor/bundle
    id_tokens:
      BUILDBARN_ID_TOKEN:
        aud: buildbarn.us1.ddbuild.io
      CI_IDENTITIES_GITLAB_ID_TOKEN:
        aud: ci-identities
    needs:
    - go_deps
    - go_mod_tidy_check
    rules:
    - if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      variables:
        SIGN: true
    - if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+(-rc\.[0-9]+)?$/
      variables:
        SIGN: true
    - if: $CI_COMMIT_BRANCH =~ /notarization/
      variables:
        SIGN: true
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - comp/core/gui/impl/systray/**/*
        - '**/*.m'
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - .gitlab-ci.yml
        - release.json
        - .gitlab/build/package_build/**/*
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_BRANCH == "main" || $DEPLOY_AGENT == "true" || $RUN_ALL_BUILDS
        == "true" || $DDR_WORKFLOW_ID != null
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - pkg/config/config_template.yaml
        - pkg/config/system-probe_template.yaml
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - allow_failure: true
      when: manual
    script:
    - set -eo pipefail
    - export VAULT_ADDR=https://vault.us1.ddbuild.io
    - vault login -method=aws -no-print
    - "if [ -z \"$TMPDIR\" ]; then\n  echo \"TMPDIR must be set\" >& 2\n  exit 1\nfi\n"
    - export DDA_DIR="$TMPDIR/dda-${CI_JOB_ID}"
    - export PATH="$DDA_DIR:$PATH"
    - export DDA_NO_DYNAMIC_DEPS=1
    - "# Perform installation only if the directory does not exist\nif [ ! -d \"$DDA_DIR\"\
      \ ]; then\n  robust_curl=\"curl -fsSL --retry 4\"  # recommended flags + resist\
      \ transient errors like `Connection reset by peer`\n  # Get the commit from the\
      \ build image variable in the format `vPIPELINE_ID-COMMIT`\n  export BUILDIMAGES_COMMIT=\"\
      ${CI_IMAGE_LINUX#*-}\"\n  export DDA_VERSION=\"$($robust_curl https://raw.githubusercontent.com/DataDog/datadog-agent-buildimages/${BUILDIMAGES_COMMIT}/dda.env\
      \ | awk -F= '/^DDA_VERSION=/ {print $2}')\"\n  # Detect architecture and download\
      \ appropriate binary\n  if [ \"$(uname -m)\" = \"arm64\" ]; then\n    dda_target_triple=\"\
      aarch64-apple-darwin\"\n  else\n    dda_target_triple=\"x86_64-apple-darwin\"\n\
      \  fi\n  $robust_curl -o dda.tar.gz https://github.com/DataDog/datadog-agent-dev/releases/download/${DDA_VERSION}/dda-${dda_target_triple}.tar.gz\n\
      \  tar -xzf dda.tar.gz\n  mkdir -p \"$DDA_DIR\"\n  sudo mv dda $DDA_DIR\n  rm\
      \ -f dda.tar.gz\n  dda self dep sync -f legacy-tasks\n  dda self pip install awscli==1.29.45\n\
      fi\n"
    - echo Setting up Go
    - mkdir -p ~/go
    - export GO_VERSION="$(cat .go-version)"
    - eval "$(gimme $GO_VERSION)"
    - export PATH="$PATH:$GOROOT/bin"
    - echo Go version should be $GO_VERSION
    - go version
    - dda inv check-go-version
    - DD_API_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_API_KEY_ORG2"
      token)" || exit $?; export DD_API_KEY
    - DD_APP_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_APP_KEY_ORG2"
      token)" || exit $?; export DD_APP_KEY
    - 'AWS_TOKEN="$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds:
      21600")"
  
      RUNNER_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token:
      $AWS_TOKEN" || hostname)"
  
      datadog-ci tag --level job --tags macos_runner:"$RUNNER_ID"
  
      echo "Reported runner ID to Datadog: $RUNNER_ID"
  
      '
    - "if [ \"$CI_COMMIT_BRANCH\" = \"main\" ] || [[ \"$CI_COMMIT_BRANCH\" =~ ^[0-9]+\\\
      .[0-9]+\\.(x|[0-9]+)$ ]]; then\n  dda inv -- -e macos.report-versions -l all ||\
      \ true\nfi\n"
    - "if [ \"$((RANDOM%20))\" -eq 0 ]; then\n  echo Trying to remove inactive versions\n\
      \  dda inv -- -e macos.remove-inactive-versions -l python -t \"$PYTHON_VERSION\"\
      \ || true\n  dda inv -- -e macos.remove-inactive-versions -l go -t \"$(cat .go-version)\"\
      \ || true\nfi\n"
    - 'export TMPDIR=/tmp/gitlabci
  
      NEWTMPDIR="$RUNNER_TEMP_PROJECT_DIR/gitlabci"
  
      sudo rm -fr "$(realpath $TMPDIR)" "$NEWTMPDIR"
  
      mkdir "$NEWTMPDIR"
  
      sudo ln -fs "$NEWTMPDIR" $TMPDIR
  
      echo "Temporary folder created, TMPDIR=$TMPDIR -> $NEWTMPDIR"
  
      '
    - sudo bash -c "rm -rf /var/cache/omnibus/src/*" || true
    - pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
    - 'export GOPATH="$(go env GOPATH)"
  
      export GOMODCACHE="$GOPATH/pkg/mod"
  
      mkdir -p "$GOMODCACHE"
  
      '
    - mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache.tar.zst | tar xf - -C $GOPATH/pkg/mod/cache
    - rm -f modcache.tar.zst
    - bash .gitlab/build/package_build/build_agent_dmg.sh
    - $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
    stage: package_build
    timeout: 2h
    variables:
      AWS_SHARED_CREDENTIALS_FILE: ${CI_PROJECT_DIR}/.aws/credentials-by-job-id/${CI_JOB_ID}
      BAZELISK_HOME: $XDG_CACHE_HOME/bazelisk
      INTEGRATION_WHEELS_CACHE_BUCKET: dd-agent-omnibus
      INTEGRATION_WHEELS_SKIP_CACHE_UPLOAD: true
      KEYCHAIN_NAME: build.keychain
      NOTARIZATION_ATTEMPTS: 3
      NOTARIZATION_TIMEOUT: 15m
      NOTARIZATION_WAIT_TIME: 15s
      S3_OMNIBUS_CACHE_BUCKET: dd-ci-datadog-agent-omnibus-cache-build-stable
      XDG_CACHE_HOME: $RUNNER_TEMP_PROJECT_DIR
.bazel_paths
  .bazel_paths:
  - '*.bazel*'
  - deps/**/*
  - bazel/**/*
- - tasks/build_tags.bzl
.deploy_dmg_testing-a7
  .deploy_dmg_testing-a7:
    before_script:
    - ls $OMNIBUS_PACKAGE_DIR
    image: registry.ddbuild.io/ci/datadog-agent-buildimages/gitlab_agent_deploy$CI_IMAGE_GITLAB_AGENT_DEPLOY_SUFFIX:$CI_IMAGE_GITLAB_AGENT_DEPLOY
    rules:
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - comp/core/gui/impl/systray/**/*
        - '**/*.m'
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - .gitlab-ci.yml
        - release.json
        - .gitlab/build/package_build/**/*
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_BRANCH == "main" || $DEPLOY_AGENT == "true" || $RUN_ALL_BUILDS
        == "true" || $DDR_WORKFLOW_ID != null
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - pkg/config/config_template.yaml
        - pkg/config/system-probe_template.yaml
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - allow_failure: true
      when: manual
    script:
    - "echo \"Listing all datadog-agent-7.*.dmg files in $OMNIBUS_PACKAGE_DIR:\"\nls\
      \ -la \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg 2>/dev/null || echo \"No\
      \ datadog-agent-7.*.dmg files found\"\n\ncount=$(ls -1 \"$OMNIBUS_PACKAGE_DIR\"\
      /datadog-agent-7.*.dmg 2>/dev/null | wc -l || true)\nif [ \"$count\" -eq 0 ];\
      \ then\n  echo \"No DMG found in $OMNIBUS_PACKAGE_DIR matching datadog-agent-7.*.dmg\"\
      \ >&2\n  exit 1\nfi\nif [ \"$count\" -gt 1 ]; then\n  echo \"Multiple DMGs found\
      \ for datadog-agent-7.*.dmg pattern:\" >&2\n  ls -1 \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg\
      \ >&2\n  exit 1\nfi\ndmg_src=$(ls -1 \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg\
      \ 2>/dev/null)\necho \"Found single DMG file: $dmg_src\"\n$S3_CP_CMD --acl public-read\
      \ \"$dmg_src\" \"s3://$MACOS_S3_BUCKET/ci/datadog-agent/pipeline-$CI_PIPELINE_ID-$ARCH/datadog-agent-7-latest.dmg\"\
      \n$S3_CP_CMD --acl public-read --content-type \"text/x-shellscript\" \"cmd/agent/macos/install_mac_os.sh\"\
      \ \"s3://$MACOS_S3_BUCKET/ci/datadog-agent/pipeline-$CI_PIPELINE_ID-$ARCH/install_mac_os.sh\"\
      \n"
    stage: e2e_deploy
    tags:
    - arch:amd64
    - specific:true
.on_dev_branches_with_artifact_changes
  .on_dev_branches_with_artifact_changes:
  - if: $CI_COMMIT_BRANCH == "main"
    when: never
  - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
    when: never
  - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
    when: never
  - if: $CI_COMMIT_TAG != null
    when: never
  - changes:
      compare_to: $COMPARE_TO_BRANCH
      paths:
      - go.mod
      - go.sum
      - cmd/**/*
      - comp/**/*
      - internal/**/*
      - pkg/**/*
      - rtloader/**/*
      - tasks/**/*.py
      - omnibus/**/*
      - release.json
      - test/regression/**/*
      - Dockerfiles/**/*
      - .gitlab/test/functional_test/regression_detector.yml
      - .gitlab/childs/smp-regression-child-pipeline.yml
  - changes:
      compare_to: $COMPARE_TO_BRANCH
      paths:
      - '*.bazel*'
      - deps/**/*
      - bazel/**/*
-     - tasks/build_tags.bzl
.on_dev_branches_with_artifact_changes_manual
  .on_dev_branches_with_artifact_changes_manual:
  - if: $CI_COMMIT_BRANCH == "main"
    when: never
  - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
    when: never
  - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
    when: never
  - if: $CI_COMMIT_TAG != null
    when: never
  - allow_failure: true
    changes:
      compare_to: $COMPARE_TO_BRANCH
      paths:
      - go.mod
      - go.sum
      - cmd/**/*
      - comp/**/*
      - internal/**/*
      - pkg/**/*
      - rtloader/**/*
      - tasks/**/*.py
      - omnibus/**/*
      - release.json
      - test/regression/**/*
      - Dockerfiles/**/*
      - .gitlab/test/functional_test/regression_detector.yml
      - .gitlab/childs/smp-regression-child-pipeline.yml
    when: manual
  - allow_failure: true
    changes:
      compare_to: $COMPARE_TO_BRANCH
      paths:
      - '*.bazel*'
      - deps/**/*
      - bazel/**/*
-     - tasks/build_tags.bzl
    when: manual
.on_macos_change
  .on_macos_change:
  - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
    when: never
  - changes:
      compare_to: $COMPARE_TO_BRANCH
      paths:
      - omnibus/**/*
      - .gitlab-ci.yml
      - release.json
      - .gitlab/build/package_build/**/*
  - changes:
      compare_to: $COMPARE_TO_BRANCH
      paths:
      - '*.bazel*'
      - deps/**/*
      - bazel/**/*
-     - tasks/build_tags.bzl
agent_dmg-arm64-a7
  agent_dmg-arm64-a7:
    after_script:
    - sudo umount /Volumes/Agent || true
    artifacts:
      expire_in: 2 weeks
      paths:
      - omnibus/pkg/*.dmg
      - omnibus/pkg/version-manifest.json
    before_script:
    - sudo umount /Volumes/Agent || true
    - rm -rf "$OMNIBUS_GIT_CACHE_DIR" || true
    cache:
    - key:
        files:
        - omnibus/Gemfile
        - release.json
        prefix: omnibus-deps-$CI_JOB_IMAGE-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION
      paths:
      - omnibus/vendor/bundle
    id_tokens:
      BUILDBARN_ID_TOKEN:
        aud: buildbarn.us1.ddbuild.io
      CI_IDENTITIES_GITLAB_ID_TOKEN:
        aud: ci-identities
    needs:
    - go_deps
    - go_mod_tidy_check
    rules:
    - if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      variables:
        SIGN: true
    - if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+(-rc\.[0-9]+)?$/
      variables:
        SIGN: true
    - if: $CI_COMMIT_BRANCH =~ /notarization/
      variables:
        SIGN: true
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - comp/core/gui/impl/systray/**/*
        - '**/*.m'
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - .gitlab-ci.yml
        - release.json
        - .gitlab/build/package_build/**/*
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_BRANCH == "main" || $DEPLOY_AGENT == "true" || $RUN_ALL_BUILDS
        == "true" || $DDR_WORKFLOW_ID != null
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - pkg/config/config_template.yaml
        - pkg/config/system-probe_template.yaml
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - allow_failure: true
      when: manual
    script:
    - set -eo pipefail
    - export VAULT_ADDR=https://vault.us1.ddbuild.io
    - vault login -method=aws -no-print
    - "if [ -z \"$TMPDIR\" ]; then\n  echo \"TMPDIR must be set\" >& 2\n  exit 1\nfi\n"
    - export DDA_DIR="$TMPDIR/dda-${CI_JOB_ID}"
    - export PATH="$DDA_DIR:$PATH"
    - export DDA_NO_DYNAMIC_DEPS=1
    - "# Perform installation only if the directory does not exist\nif [ ! -d \"$DDA_DIR\"\
      \ ]; then\n  robust_curl=\"curl -fsSL --retry 4\"  # recommended flags + resist\
      \ transient errors like `Connection reset by peer`\n  # Get the commit from the\
      \ build image variable in the format `vPIPELINE_ID-COMMIT`\n  export BUILDIMAGES_COMMIT=\"\
      ${CI_IMAGE_LINUX#*-}\"\n  export DDA_VERSION=\"$($robust_curl https://raw.githubusercontent.com/DataDog/datadog-agent-buildimages/${BUILDIMAGES_COMMIT}/dda.env\
      \ | awk -F= '/^DDA_VERSION=/ {print $2}')\"\n  # Detect architecture and download\
      \ appropriate binary\n  if [ \"$(uname -m)\" = \"arm64\" ]; then\n    dda_target_triple=\"\
      aarch64-apple-darwin\"\n  else\n    dda_target_triple=\"x86_64-apple-darwin\"\n\
      \  fi\n  $robust_curl -o dda.tar.gz https://github.com/DataDog/datadog-agent-dev/releases/download/${DDA_VERSION}/dda-${dda_target_triple}.tar.gz\n\
      \  tar -xzf dda.tar.gz\n  mkdir -p \"$DDA_DIR\"\n  sudo mv dda $DDA_DIR\n  rm\
      \ -f dda.tar.gz\n  dda self dep sync -f legacy-tasks\n  dda self pip install awscli==1.29.45\n\
      fi\n"
    - echo Setting up Go
    - mkdir -p ~/go
    - export GO_VERSION="$(cat .go-version)"
    - eval "$(gimme $GO_VERSION)"
    - export PATH="$PATH:$GOROOT/bin"
    - echo Go version should be $GO_VERSION
    - go version
    - dda inv check-go-version
    - DD_API_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_API_KEY_ORG2"
      token)" || exit $?; export DD_API_KEY
    - DD_APP_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_APP_KEY_ORG2"
      token)" || exit $?; export DD_APP_KEY
    - 'AWS_TOKEN="$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds:
      21600")"
  
      RUNNER_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token:
      $AWS_TOKEN" || hostname)"
  
      datadog-ci tag --level job --tags macos_runner:"$RUNNER_ID"
  
      echo "Reported runner ID to Datadog: $RUNNER_ID"
  
      '
    - "if [ \"$CI_COMMIT_BRANCH\" = \"main\" ] || [[ \"$CI_COMMIT_BRANCH\" =~ ^[0-9]+\\\
      .[0-9]+\\.(x|[0-9]+)$ ]]; then\n  dda inv -- -e macos.report-versions -l all ||\
      \ true\nfi\n"
    - "if [ \"$((RANDOM%20))\" -eq 0 ]; then\n  echo Trying to remove inactive versions\n\
      \  dda inv -- -e macos.remove-inactive-versions -l python -t \"$PYTHON_VERSION\"\
      \ || true\n  dda inv -- -e macos.remove-inactive-versions -l go -t \"$(cat .go-version)\"\
      \ || true\nfi\n"
    - 'export TMPDIR=/tmp/gitlabci
  
      NEWTMPDIR="$RUNNER_TEMP_PROJECT_DIR/gitlabci"
  
      sudo rm -fr "$(realpath $TMPDIR)" "$NEWTMPDIR"
  
      mkdir "$NEWTMPDIR"
  
      sudo ln -fs "$NEWTMPDIR" $TMPDIR
  
      echo "Temporary folder created, TMPDIR=$TMPDIR -> $NEWTMPDIR"
  
      '
    - sudo bash -c "rm -rf /var/cache/omnibus/src/*" || true
    - pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
    - 'export GOPATH="$(go env GOPATH)"
  
      export GOMODCACHE="$GOPATH/pkg/mod"
  
      mkdir -p "$GOMODCACHE"
  
      '
    - mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache.tar.zst | tar xf - -C $GOPATH/pkg/mod/cache
    - rm -f modcache.tar.zst
    - bash .gitlab/build/package_build/build_agent_dmg.sh
    - $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
    stage: package_build
    tags:
    - macos:sonoma-arm64
    - specific:true
    timeout: 2h
    variables:
      AWS_SHARED_CREDENTIALS_FILE: ${CI_PROJECT_DIR}/.aws/credentials-by-job-id/${CI_JOB_ID}
      BAZELISK_HOME: $XDG_CACHE_HOME/bazelisk
      INTEGRATION_WHEELS_CACHE_BUCKET: dd-agent-omnibus
      INTEGRATION_WHEELS_SKIP_CACHE_UPLOAD: true
      KEYCHAIN_NAME: build.keychain
      NOTARIZATION_ATTEMPTS: 3
      NOTARIZATION_TIMEOUT: 15m
      NOTARIZATION_WAIT_TIME: 15s
      S3_OMNIBUS_CACHE_BUCKET: dd-ci-datadog-agent-omnibus-cache-build-stable
      XDG_CACHE_HOME: $RUNNER_TEMP_PROJECT_DIR
agent_dmg-x64-a7
  agent_dmg-x64-a7:
    after_script:
    - sudo umount /Volumes/Agent || true
    artifacts:
      expire_in: 2 weeks
      paths:
      - omnibus/pkg/*.dmg
      - omnibus/pkg/version-manifest.json
    before_script:
    - sudo umount /Volumes/Agent || true
    - rm -rf "$OMNIBUS_GIT_CACHE_DIR" || true
    cache:
    - key:
        files:
        - omnibus/Gemfile
        - release.json
        prefix: omnibus-deps-$CI_JOB_IMAGE-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION
      paths:
      - omnibus/vendor/bundle
    id_tokens:
      BUILDBARN_ID_TOKEN:
        aud: buildbarn.us1.ddbuild.io
      CI_IDENTITIES_GITLAB_ID_TOKEN:
        aud: ci-identities
    needs:
    - go_deps
    - go_mod_tidy_check
    rules:
    - if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      variables:
        SIGN: true
    - if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+(-rc\.[0-9]+)?$/
      variables:
        SIGN: true
    - if: $CI_COMMIT_BRANCH =~ /notarization/
      variables:
        SIGN: true
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - comp/core/gui/impl/systray/**/*
        - '**/*.m'
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - .gitlab-ci.yml
        - release.json
        - .gitlab/build/package_build/**/*
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_BRANCH == "main" || $DEPLOY_AGENT == "true" || $RUN_ALL_BUILDS
        == "true" || $DDR_WORKFLOW_ID != null
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - pkg/config/config_template.yaml
        - pkg/config/system-probe_template.yaml
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - allow_failure: true
      when: manual
    script:
    - set -eo pipefail
    - export VAULT_ADDR=https://vault.us1.ddbuild.io
    - vault login -method=aws -no-print
    - "if [ -z \"$TMPDIR\" ]; then\n  echo \"TMPDIR must be set\" >& 2\n  exit 1\nfi\n"
    - export DDA_DIR="$TMPDIR/dda-${CI_JOB_ID}"
    - export PATH="$DDA_DIR:$PATH"
    - export DDA_NO_DYNAMIC_DEPS=1
    - "# Perform installation only if the directory does not exist\nif [ ! -d \"$DDA_DIR\"\
      \ ]; then\n  robust_curl=\"curl -fsSL --retry 4\"  # recommended flags + resist\
      \ transient errors like `Connection reset by peer`\n  # Get the commit from the\
      \ build image variable in the format `vPIPELINE_ID-COMMIT`\n  export BUILDIMAGES_COMMIT=\"\
      ${CI_IMAGE_LINUX#*-}\"\n  export DDA_VERSION=\"$($robust_curl https://raw.githubusercontent.com/DataDog/datadog-agent-buildimages/${BUILDIMAGES_COMMIT}/dda.env\
      \ | awk -F= '/^DDA_VERSION=/ {print $2}')\"\n  # Detect architecture and download\
      \ appropriate binary\n  if [ \"$(uname -m)\" = \"arm64\" ]; then\n    dda_target_triple=\"\
      aarch64-apple-darwin\"\n  else\n    dda_target_triple=\"x86_64-apple-darwin\"\n\
      \  fi\n  $robust_curl -o dda.tar.gz https://github.com/DataDog/datadog-agent-dev/releases/download/${DDA_VERSION}/dda-${dda_target_triple}.tar.gz\n\
      \  tar -xzf dda.tar.gz\n  mkdir -p \"$DDA_DIR\"\n  sudo mv dda $DDA_DIR\n  rm\
      \ -f dda.tar.gz\n  dda self dep sync -f legacy-tasks\n  dda self pip install awscli==1.29.45\n\
      fi\n"
    - echo Setting up Go
    - mkdir -p ~/go
    - export GO_VERSION="$(cat .go-version)"
    - eval "$(gimme $GO_VERSION)"
    - export PATH="$PATH:$GOROOT/bin"
    - echo Go version should be $GO_VERSION
    - go version
    - dda inv check-go-version
    - DD_API_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_API_KEY_ORG2"
      token)" || exit $?; export DD_API_KEY
    - DD_APP_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_APP_KEY_ORG2"
      token)" || exit $?; export DD_APP_KEY
    - 'AWS_TOKEN="$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds:
      21600")"
  
      RUNNER_ID="$(curl -s http://169.254.169.254/latest/meta-data/instance-id -H "X-aws-ec2-metadata-token:
      $AWS_TOKEN" || hostname)"
  
      datadog-ci tag --level job --tags macos_runner:"$RUNNER_ID"
  
      echo "Reported runner ID to Datadog: $RUNNER_ID"
  
      '
    - "if [ \"$CI_COMMIT_BRANCH\" = \"main\" ] || [[ \"$CI_COMMIT_BRANCH\" =~ ^[0-9]+\\\
      .[0-9]+\\.(x|[0-9]+)$ ]]; then\n  dda inv -- -e macos.report-versions -l all ||\
      \ true\nfi\n"
    - "if [ \"$((RANDOM%20))\" -eq 0 ]; then\n  echo Trying to remove inactive versions\n\
      \  dda inv -- -e macos.remove-inactive-versions -l python -t \"$PYTHON_VERSION\"\
      \ || true\n  dda inv -- -e macos.remove-inactive-versions -l go -t \"$(cat .go-version)\"\
      \ || true\nfi\n"
    - 'export TMPDIR=/tmp/gitlabci
  
      NEWTMPDIR="$RUNNER_TEMP_PROJECT_DIR/gitlabci"
  
      sudo rm -fr "$(realpath $TMPDIR)" "$NEWTMPDIR"
  
      mkdir "$NEWTMPDIR"
  
      sudo ln -fs "$NEWTMPDIR" $TMPDIR
  
      echo "Temporary folder created, TMPDIR=$TMPDIR -> $NEWTMPDIR"
  
      '
    - sudo bash -c "rm -rf /var/cache/omnibus/src/*" || true
    - pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
    - 'export GOPATH="$(go env GOPATH)"
  
      export GOMODCACHE="$GOPATH/pkg/mod"
  
      mkdir -p "$GOMODCACHE"
  
      '
    - mkdir -p $GOPATH/pkg/mod/cache && zstd -dc modcache.tar.zst | tar xf - -C $GOPATH/pkg/mod/cache
    - rm -f modcache.tar.zst
    - bash .gitlab/build/package_build/build_agent_dmg.sh
    - $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
    stage: package_build
    tags:
    - macos:sonoma-amd64
    - specific:true
    timeout: 2h
    variables:
      AWS_SHARED_CREDENTIALS_FILE: ${CI_PROJECT_DIR}/.aws/credentials-by-job-id/${CI_JOB_ID}
      BAZELISK_HOME: $XDG_CACHE_HOME/bazelisk
      INTEGRATION_WHEELS_CACHE_BUCKET: dd-agent-omnibus
      INTEGRATION_WHEELS_SKIP_CACHE_UPLOAD: true
      KEYCHAIN_NAME: build.keychain
      NOTARIZATION_ATTEMPTS: 3
      NOTARIZATION_TIMEOUT: 15m
      NOTARIZATION_WAIT_TIME: 15s
      S3_OMNIBUS_CACHE_BUCKET: dd-ci-datadog-agent-omnibus-cache-build-stable
      XDG_CACHE_HOME: $RUNNER_TEMP_PROJECT_DIR
deploy_dmg_testing-a7_arm64
  deploy_dmg_testing-a7_arm64:
    before_script:
    - ls $OMNIBUS_PACKAGE_DIR
    image: registry.ddbuild.io/ci/datadog-agent-buildimages/gitlab_agent_deploy$CI_IMAGE_GITLAB_AGENT_DEPLOY_SUFFIX:$CI_IMAGE_GITLAB_AGENT_DEPLOY
    needs:
    - agent_dmg-arm64-a7
    rules:
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - comp/core/gui/impl/systray/**/*
        - '**/*.m'
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - .gitlab-ci.yml
        - release.json
        - .gitlab/build/package_build/**/*
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_BRANCH == "main" || $DEPLOY_AGENT == "true" || $RUN_ALL_BUILDS
        == "true" || $DDR_WORKFLOW_ID != null
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - pkg/config/config_template.yaml
        - pkg/config/system-probe_template.yaml
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - allow_failure: true
      when: manual
    script:
    - "echo \"Listing all datadog-agent-7.*.dmg files in $OMNIBUS_PACKAGE_DIR:\"\nls\
      \ -la \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg 2>/dev/null || echo \"No\
      \ datadog-agent-7.*.dmg files found\"\n\ncount=$(ls -1 \"$OMNIBUS_PACKAGE_DIR\"\
      /datadog-agent-7.*.dmg 2>/dev/null | wc -l || true)\nif [ \"$count\" -eq 0 ];\
      \ then\n  echo \"No DMG found in $OMNIBUS_PACKAGE_DIR matching datadog-agent-7.*.dmg\"\
      \ >&2\n  exit 1\nfi\nif [ \"$count\" -gt 1 ]; then\n  echo \"Multiple DMGs found\
      \ for datadog-agent-7.*.dmg pattern:\" >&2\n  ls -1 \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg\
      \ >&2\n  exit 1\nfi\ndmg_src=$(ls -1 \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg\
      \ 2>/dev/null)\necho \"Found single DMG file: $dmg_src\"\n$S3_CP_CMD --acl public-read\
      \ \"$dmg_src\" \"s3://$MACOS_S3_BUCKET/ci/datadog-agent/pipeline-$CI_PIPELINE_ID-$ARCH/datadog-agent-7-latest.dmg\"\
      \n$S3_CP_CMD --acl public-read --content-type \"text/x-shellscript\" \"cmd/agent/macos/install_mac_os.sh\"\
      \ \"s3://$MACOS_S3_BUCKET/ci/datadog-agent/pipeline-$CI_PIPELINE_ID-$ARCH/install_mac_os.sh\"\
      \n"
    stage: e2e_deploy
    tags:
    - arch:amd64
    - specific:true
    variables:
      ARCH: arm64
deploy_dmg_testing-a7_x64
  deploy_dmg_testing-a7_x64:
    before_script:
    - ls $OMNIBUS_PACKAGE_DIR
    image: registry.ddbuild.io/ci/datadog-agent-buildimages/gitlab_agent_deploy$CI_IMAGE_GITLAB_AGENT_DEPLOY_SUFFIX:$CI_IMAGE_GITLAB_AGENT_DEPLOY
    needs:
    - agent_dmg-x64-a7
    rules:
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - comp/core/gui/impl/systray/**/*
        - '**/*.m'
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - .gitlab-ci.yml
        - release.json
        - .gitlab/build/package_build/**/*
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_BRANCH == "main" || $DEPLOY_AGENT == "true" || $RUN_ALL_BUILDS
        == "true" || $DDR_WORKFLOW_ID != null
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - omnibus/**/*
        - pkg/config/config_template.yaml
        - pkg/config/system-probe_template.yaml
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - allow_failure: true
      when: manual
    script:
    - "echo \"Listing all datadog-agent-7.*.dmg files in $OMNIBUS_PACKAGE_DIR:\"\nls\
      \ -la \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg 2>/dev/null || echo \"No\
      \ datadog-agent-7.*.dmg files found\"\n\ncount=$(ls -1 \"$OMNIBUS_PACKAGE_DIR\"\
      /datadog-agent-7.*.dmg 2>/dev/null | wc -l || true)\nif [ \"$count\" -eq 0 ];\
      \ then\n  echo \"No DMG found in $OMNIBUS_PACKAGE_DIR matching datadog-agent-7.*.dmg\"\
      \ >&2\n  exit 1\nfi\nif [ \"$count\" -gt 1 ]; then\n  echo \"Multiple DMGs found\
      \ for datadog-agent-7.*.dmg pattern:\" >&2\n  ls -1 \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg\
      \ >&2\n  exit 1\nfi\ndmg_src=$(ls -1 \"$OMNIBUS_PACKAGE_DIR\"/datadog-agent-7.*.dmg\
      \ 2>/dev/null)\necho \"Found single DMG file: $dmg_src\"\n$S3_CP_CMD --acl public-read\
      \ \"$dmg_src\" \"s3://$MACOS_S3_BUCKET/ci/datadog-agent/pipeline-$CI_PIPELINE_ID-$ARCH/datadog-agent-7-latest.dmg\"\
      \n$S3_CP_CMD --acl public-read --content-type \"text/x-shellscript\" \"cmd/agent/macos/install_mac_os.sh\"\
      \ \"s3://$MACOS_S3_BUCKET/ci/datadog-agent/pipeline-$CI_PIPELINE_ID-$ARCH/install_mac_os.sh\"\
      \n"
    stage: e2e_deploy
    tags:
    - arch:amd64
    - specific:true
    variables:
      ARCH: x64
files_inventory_check
  files_inventory_check:
    allow_failure: true
    artifacts:
      expire_in: 2 weeks
      paths:
      - '**/*_size_report_*.yml'
    before_script:
    - export GITHUB_TOKEN=$(dd-octo-sts token --scope DataDog/datadog-agent --policy
      self.gitlab.comment-pr)
    id_tokens:
      DDOCTOSTS_ID_TOKEN:
        aud: dd-octo-sts
    image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux$CI_IMAGE_LINUX_SUFFIX:$CI_IMAGE_LINUX
    needs:
    - agent_deb-x64-a7
    rules:
    - if: $E2E_COVERAGE_PIPELINE == "true"
      when: never
    - if: $CI_COMMIT_BRANCH == "main"
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_TAG != null
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - go.mod
        - go.sum
        - cmd/**/*
        - comp/**/*
        - internal/**/*
        - pkg/**/*
        - rtloader/**/*
        - tasks/**/*.py
        - omnibus/**/*
        - release.json
        - test/regression/**/*
        - Dockerfiles/**/*
        - .gitlab/test/functional_test/regression_detector.yml
        - .gitlab/childs/smp-regression-child-pipeline.yml
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - when: on_success
    script:
    - dda inv -- files-inventory.check ${CI_COMMIT_BRANCH} ${OMNIBUS_PACKAGE_DIR}
    stage: functional_test
    tags:
    - arch:amd64
    - specific:true
    variables:
      GIT_DEPTH: 0
      OVERRIDE_GIT_STRATEGY: clone
manual_gate_threshold_update
  manual_gate_threshold_update:
    before_script:
    - export GITHUB_TOKEN=$(dd-octo-sts token --scope DataDog/datadog-agent --policy
      self.gitlab.write)
    id_tokens:
      DDOCTOSTS_ID_TOKEN:
        aud: dd-octo-sts
    image: registry.ddbuild.io/ci/datadog-agent-buildimages/docker_x64$CI_IMAGE_DOCKER_X64_SUFFIX:$CI_IMAGE_DOCKER_X64
    needs:
    - static_quality_gates
    rules:
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $COMPARE_TO_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $E2E_COVERAGE_PIPELINE == "true"
      when: never
    - allow_failure: true
      if: $CI_COMMIT_BRANCH == "main"
      when: manual
    - if: $CI_COMMIT_BRANCH == "main"
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_TAG != null
      when: never
    - allow_failure: true
      changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - go.mod
        - go.sum
        - cmd/**/*
        - comp/**/*
        - internal/**/*
        - pkg/**/*
        - rtloader/**/*
        - tasks/**/*.py
        - omnibus/**/*
        - release.json
        - test/regression/**/*
        - Dockerfiles/**/*
        - .gitlab/test/functional_test/regression_detector.yml
        - .gitlab/childs/smp-regression-child-pipeline.yml
      when: manual
    - allow_failure: true
      changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
      when: manual
    - allow_failure: true
      when: manual
    script:
    - DOCKER_LOGIN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DOCKER_REGISTRY_RO user)
      || exit $?
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DOCKER_REGISTRY_RO token | crane auth
      login --username "$DOCKER_LOGIN" --password-stdin "$DOCKER_REGISTRY_URL"
    - EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
      needs gitlab runner restart"; exit $EXIT; fi
    - SLACK_DATADOG_AGENT_BOT_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SLACK_AGENT
      token) || exit $?; export SLACK_DATADOG_AGENT_BOT_TOKEN
    - dda inv -- quality-gates.manual-threshold-update || exit $?
    stage: functional_test
    tags:
    - arch:amd64
    - specific:true
single_machine_performance-full-amd64-a7
  single_machine_performance-full-amd64-a7:
    image: registry.ddbuild.io/ci/datadog-agent-buildimages/docker_x64$CI_IMAGE_DOCKER_X64_SUFFIX:$CI_IMAGE_DOCKER_X64
    needs:
    - docker_build_agent7_full
    rules:
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
    - if: $CI_COMMIT_BRANCH == "main"
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_TAG != null
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - go.mod
        - go.sum
        - cmd/**/*
        - comp/**/*
        - internal/**/*
        - pkg/**/*
        - rtloader/**/*
        - tasks/**/*.py
        - omnibus/**/*
        - release.json
        - test/regression/**/*
        - Dockerfiles/**/*
        - .gitlab/test/functional_test/regression_detector.yml
        - .gitlab/childs/smp-regression-child-pipeline.yml
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    script:
    - "set -euo pipefail\n\nif [[ \"${BUCKET_BRANCH:-}\" == \"nightly\" && ( \"${IMG_SOURCES:-}\"\
      \ =~ \"$SRC_AGENT\" || \"${IMG_SOURCES:-}\" =~ \"$SRC_OTEL_AGENT\" || \"${IMG_SOURCES:-}\"\
      \ =~ \"$SRC_DDOT_EBPF\" || \"${IMG_SOURCES:-}\" =~ \"$SRC_DCA\" || \"${IMG_SOURCES:-}\"\
      \ =~ \"$SRC_CWS_INSTRUMENTATION\" || \"${IMG_SOURCES:-}\" =~ \"$SRC_SGC\" || \"\
      ${IMG_VARIABLES:-}\" =~ \"$SRC_AGENT\" || \"${IMG_VARIABLES:-}\" =~ \"$SRC_DDOT_EBPF\"\
      \ || \"${IMG_VARIABLES:-}\" =~ \"$SRC_DCA\" || \"${IMG_VARIABLES:-}\" =~ \"$SRC_CWS_INSTRUMENTATION\"\
      \ || \"${IMG_VARIABLES:-}\" =~ \"$SRC_SGC\" ) ]]; then\n  export ECR_RELEASE_SUFFIX=\"\
      -nightly\"\nelse\n  export ECR_RELEASE_SUFFIX=\"${CI_COMMIT_TAG+-release}\"\n\
      fi\nIMG_VARIABLES=\"$(sed -E \"s#(${SRC_AGENT}|${SRC_OTEL_AGENT}|${SRC_DDOT_EBPF}|${SRC_DSD}|${SRC_DCA}|${SRC_CWS_INSTRUMENTATION}|${SRC_SGC})#\\\
      1${ECR_RELEASE_SUFFIX}#g\" <<<\"${IMG_VARIABLES:-}\")\"\nIMG_SOURCES=\"$(sed -E\
      \ \"s#(${SRC_AGENT}|${SRC_OTEL_AGENT}|${SRC_DDOT_EBPF}|${SRC_DSD}|${SRC_DCA}|${SRC_CWS_INSTRUMENTATION}|${SRC_SGC})#\\\
      1${ECR_RELEASE_SUFFIX}#g\" <<<\"${IMG_SOURCES:-}\")\"\n\npublish_with_legacy_trigger()\
      \ {\n  # Use dda instead of GitLab trigger because manual trigger jobs cannot\
      \ be run after a failed pipeline is retried.\n  dda inv pipeline.trigger-child-pipeline\
      \ --project-name DataDog/public-images --git-ref main --timeout \"${PUBLIC_IMAGES_PUBLISH_TIMEOUT}\"\
      \ \\\n    --variable IMG_VARIABLES \\\n    --variable IMG_REGISTRIES \\\n    --variable\
      \ IMG_SOURCES \\\n    --variable IMG_DESTINATIONS \\\n    --variable IMG_TAG_REFERENCE\
      \ \\\n    --variable IMG_NEW_TAGS \\\n    --variable IMG_SIGNING \\\n    --variable\
      \ APPS \\\n    --variable BAZEL_TARGET \\\n    --variable DDR \\\n    --variable\
      \ DDR_WORKFLOW_ID \\\n    --variable TARGET_ENV \\\n    --variable DYNAMIC_BUILD_RENDER_TARGET_FORWARD_PARAMETERS\n\
      }\n\npublish_with_dd_pkg() {\n  dd-pkg version\n\n  local -a args=(publish-image\
      \ --timeout \"${PUBLIC_IMAGES_PUBLISH_TIMEOUT}\" --poll-interval 30 --signing=false)\n\
      \n  if [[ -n \"${IMG_REGISTRIES:-}\" ]]; then args+=(--registries \"${IMG_REGISTRIES}\"\
      ); fi\n  if [[ -n \"${IMG_SOURCES:-}\" ]]; then args+=(--sources \"${IMG_SOURCES}\"\
      ); fi\n  if [[ -n \"${IMG_DESTINATIONS:-}\" ]]; then args+=(--destinations \"\
      ${IMG_DESTINATIONS}\"); fi\n  if [[ -n \"${IMG_DESTINATIONS_REGEX:-}\" ]]; then\
      \ args+=(--regex-expression \"${IMG_DESTINATIONS_REGEX}\"); fi\n  if [[ -n \"\
      ${IMG_DESTINATIONS_REGEX_REPL:-}\" ]]; then args+=(--regex-replacement \"${IMG_DESTINATIONS_REGEX_REPL}\"\
      ); fi\n  if [[ -n \"${IMG_TAG_REFERENCE:-}\" ]]; then args+=(--tag-reference \"\
      ${IMG_TAG_REFERENCE}\"); fi\n  if [[ -n \"${IMG_NEW_TAGS:-}\" ]]; then args+=(--new-tags\
      \ \"${IMG_NEW_TAGS}\"); fi\n  if [[ -n \"${IMG_VARIABLES:-}\" ]]; then args+=(--variables\
      \ \"${IMG_VARIABLES}\"); fi\n  if [[ -n \"${IMG_MERGE_STRATEGY:-}\" ]]; then args+=(--merge-strategy\
      \ \"${IMG_MERGE_STRATEGY}\"); fi\n\n  dd-pkg \"${args[@]}\"\n}\n\nfeature_args=(self\
      \ feature ci-public-images-dd-pkg --default false)\nfeature_scope_log=()\nadd_feature_scope()\
      \ {\n  if [[ -n \"$2\" ]]; then\n    feature_args+=(--scope \"$1\" \"$2\")\n \
      \   feature_scope_log+=(\"$1=$2\")\n  fi\n}\n\nadd_destination_repo_scopes() {\n\
      \  local destination_refs=\"${IMG_DESTINATIONS:-${IMG_TAG_REFERENCE:-}}\"\n  local\
      \ seen_repos=\",\"\n  local destination destination_repo\n  local -a destinations\n\
      \n  IFS=',' read -ra destinations <<< \"${destination_refs}\"\n  for destination\
      \ in \"${destinations[@]}\"; do\n    destination_repo=\"${destination%%:*}\"\n\
      \    if [[ -n \"${destination_repo}\" && \"${seen_repos}\" != *\",${destination_repo},\"\
      * ]]; then\n      add_feature_scope destination_repo \"${destination_repo}\"\n\
      \      seen_repos=\"${seen_repos}${destination_repo},\"\n    fi\n  done\n}\n\n\
      add_feature_scope ci.project.name \"${CI_PROJECT_NAME:-}\"\nadd_feature_scope\
      \ registries \"${IMG_REGISTRIES:-}\"\nadd_destination_repo_scopes\n\necho \"Evaluating\
      \ public-images feature flag 'ci-public-images-dd-pkg'\"\nif [[ \"${#feature_scope_log[@]}\"\
      \ -gt 0 ]]; then\n  printf '  scope: %s\\n' \"${feature_scope_log[@]}\"\nfi\n\
      if ! use_dd_pkg=\"$(dda \"${feature_args[@]}\")\"; then\n  echo \"Feature flag\
      \ lookup failed; defaulting to legacy public-images trigger\" >&2\n  use_dd_pkg=false\n\
      fi\necho \"Public-images feature flag result: ${use_dd_pkg}\"\n\ncase \"${use_dd_pkg}\"\
      \ in\n  true|True|TRUE)\n    echo \"Publishing image with dd-pkg\"\n    publish_with_dd_pkg\n\
      \    ;;\n  *)\n    echo \"Publishing image with legacy public-images trigger\"\
      \n    publish_with_legacy_trigger\n    ;;\nesac\n"
    stage: container_build
    tags:
    - arch:amd64
    - specific:true
    variables:
      IMG_DESTINATIONS: 08450328-agent:${CI_COMMIT_SHA}-7-full-amd64,52130853-agent:${CI_COMMIT_SHA}-7-full-amd64
      IMG_REGISTRIES: smp
      IMG_SIGNING: 'false'
      IMG_SOURCES: ${SRC_AGENT}:v${CI_PIPELINE_ID}-${CI_COMMIT_SHORT_SHA}-7-full-amd64
      IMG_VARIABLES: ''
      PUBLIC_IMAGES_PUBLISH_TIMEOUT: '1800'
      SRC_AGENT: registry.ddbuild.io/ci/datadog-agent/agent
      SRC_CWS_INSTRUMENTATION: registry.ddbuild.io/ci/datadog-agent/cws-instrumentation
      SRC_DCA: registry.ddbuild.io/ci/datadog-agent/cluster-agent
      SRC_DDOT_EBPF: registry.ddbuild.io/ci/datadog-agent/ddot-ebpf
      SRC_DSD: registry.ddbuild.io/ci/datadog-agent/dogstatsd
      SRC_OTEL_AGENT: registry.ddbuild.io/ci/datadog-agent/otel-agent
      SRC_SGC: registry.ddbuild.io/ci/datadog-agent/secret-generic-connector
single_machine_performance-regression_detector-merge_base_check
  single_machine_performance-regression_detector-merge_base_check:
    artifacts:
      expire_in: 1 day
      paths:
      - regression_detector.env
      reports:
        dotenv:
        - regression_detector.env
    image: registry.ddbuild.io/ci/datadog-agent-buildimages/docker_x64$CI_IMAGE_DOCKER_X64_SUFFIX:$CI_IMAGE_DOCKER_X64
    needs: []
    rules:
    - if: $E2E_COVERAGE_PIPELINE == "true"
      when: never
    - if: $CI_COMMIT_BRANCH == "main"
      needs:
      - artifacts: false
        job: single_machine_performance-full-amd64-a7
    - if: $CI_COMMIT_BRANCH == "main"
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_TAG != null
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - go.mod
        - go.sum
        - cmd/**/*
        - comp/**/*
        - internal/**/*
        - pkg/**/*
        - rtloader/**/*
        - tasks/**/*.py
        - omnibus/**/*
        - release.json
        - test/regression/**/*
        - Dockerfiles/**/*
        - .gitlab/test/functional_test/regression_detector.yml
        - .gitlab/childs/smp-regression-child-pipeline.yml
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    script:
    - DATADOG_API_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_API_KEY_ORG2"
      token)" || exit $?; export DATADOG_API_KEY
    - git fetch origin
    - SMP_BASE_BRANCH=$(dda inv release.get-release-json-value base_branch --no-worktree)
    - FOUR_DAYS_BEFORE_NOW=$(date --date="-4 days +1 hour" "+%s")
    - "if [[ \"$CI_COMMIT_BRANCH\" == \"$SMP_BASE_BRANCH\" ]]; then\n    # On the base\
      \ branch, use the parent commit as the baseline\n    BASELINE_SHA=$(git rev-parse\
      \ \"${CI_COMMIT_SHA}^\")\n    echo \"On base branch, using parent commit ${BASELINE_SHA}\
      \ as initial baseline\"\nelse\n    # On a dev branch, compute the merge base with\
      \ the base branch\n    echo \"Looking for merge base for branch ${SMP_BASE_BRANCH}\"\
      \n    SMP_MERGE_BASE=$(git merge-base ${CI_COMMIT_SHA} origin/${SMP_BASE_BRANCH})\n\
      \    echo \"Merge base is ${SMP_MERGE_BASE}\"\n    BASELINE_SHA=\"${SMP_MERGE_BASE}\"\
      \nfi\n"
    - BASELINE_COMMIT_TIME=$(git -c log.showSignature=false show --no-patch --format=%ct
      ${BASELINE_SHA})
    - AWS_NAMED_PROFILE="single-machine-performance"
    - SMP_ACCOUNT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_ACCOUNT account_id)
      || exit $?
    - SMP_AGENT_TEAM_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_ACCOUNT agent_team_id)
      || exit $?
    - SMP_BOT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_ACCOUNT bot_login)
      || exit $?
    - SMP_BOT_KEY=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SMP_ACCOUNT bot_token)
      || exit $?
    - aws configure set aws_access_key_id "$SMP_BOT_ID" --profile ${AWS_NAMED_PROFILE}
    - aws configure set aws_secret_access_key "$SMP_BOT_KEY" --profile ${AWS_NAMED_PROFILE}
    - aws configure set region us-west-2 --profile ${AWS_NAMED_PROFILE}
    - echo "Checking if image exists for commit ${BASELINE_SHA}..."
    - "while [[ ! $(aws ecr describe-images --region us-west-2 --profile single-machine-performance\
      \ --registry-id \"${SMP_ACCOUNT_ID}\" --repository-name \"${SMP_AGENT_TEAM_ID}-agent\"\
      \ --image-ids imageTag=\"${BASELINE_SHA}-7-full-amd64\") ]]\ndo\n    echo \"No\
      \ image exists for ${BASELINE_SHA} - checking predecessor of ${BASELINE_SHA} next\"\
      \n    BASELINE_SHA=$(git rev-parse ${BASELINE_SHA}^)\n    echo \"Checking if commit\
      \ ${BASELINE_SHA} is recent enough...\"\n    BASELINE_COMMIT_TIME=$(git -c log.showSignature=false\
      \ show --no-patch --format=%ct ${BASELINE_SHA})\n    if [[ ${BASELINE_COMMIT_TIME}\
      \ -le ${FOUR_DAYS_BEFORE_NOW} ]]\n    then\n        echo \"ERROR: Merge-base of\
      \ this branch is too old for SMP. Please update your branch by merging an up-to-date\
      \ main branch into your branch or by rebasing it on an up-to-date main branch.\"\
      \n        datadog-ci tag --level job --tags smp_merge_base_failure_reason:\"branch_too_old\"\
      \n        exit 1\n    fi\n    echo \"Commit ${BASELINE_SHA} is recent enough\"\
      \n    echo \"Checking if image exists for commit ${BASELINE_SHA}...\"\ndone\n"
    - echo "Image exists for commit ${BASELINE_SHA}"
    - echo "BASELINE_SHA=${BASELINE_SHA}" > regression_detector.env
    - echo "Merge-base check passed. Baseline SHA saved to artifact."
    stage: functional_test
    tags:
    - arch:amd64
    - specific:true
    timeout: 10m
    variables:
      GIT_DEPTH: 0
static_quality_gates
  static_quality_gates:
    artifacts:
      expire_in: 1 week
      paths:
      - extract_rpm_package_report
      - static_gate_report.json
      when: always
    before_script:
    - export GITHUB_TOKEN=$(dd-octo-sts token --scope DataDog/datadog-agent --policy
      self.gitlab.comment-pr)
    id_tokens:
      DDOCTOSTS_ID_TOKEN:
        aud: dd-octo-sts
    image: registry.ddbuild.io/ci/datadog-agent-buildimages/docker_x64$CI_IMAGE_DOCKER_X64_SUFFIX:$CI_IMAGE_DOCKER_X64
    inherit:
      default: false
    needs:
    - agent_deb-x64-a7
    - agent_deb-x64-a7-fips
    - agent_rpm-x64-a7
    - agent_rpm-x64-a7-fips
    - agent_rpm-arm64-a7
    - agent_rpm-arm64-a7-fips
    - agent_suse-x64-a7
    - agent_suse-x64-a7-fips
    - agent_suse-arm64-a7
    - agent_suse-arm64-a7-fips
    - agent_heroku_deb-x64-a7
    - docker_build_agent7
    - docker_build_agent7_arm64
    - docker_build_agent7_jmx
    - docker_build_agent7_jmx_arm64
    - docker_build_cluster_agent_amd64
    - docker_build_cluster_agent_arm64
    - docker_build_cws_instrumentation_amd64
    - docker_build_cws_instrumentation_arm64
    - docker_build_dogstatsd_amd64
    - docker_build_dogstatsd_arm64
    - docker_build_host_profiler_standalone_amd64
    - docker_build_host_profiler_standalone_arm64
    - dogstatsd_deb-x64
    - dogstatsd_deb-arm64
    - dogstatsd_rpm-x64
    - dogstatsd_suse-x64
    - iot_agent_deb-x64
    - iot_agent_deb-arm64
    - iot_agent_deb-armhf
    - iot_agent_rpm-x64
    - iot_agent_suse-x64
    - job: windows_msi_and_bosh_zip_x64-a7
      optional: true
    retry:
      exit_codes:
      - 42
      max: 2
      when:
      - runner_system_failure
      - stuck_or_timeout_failure
      - unknown_failure
      - api_failure
      - scheduler_failure
      - stale_schedule
      - data_integrity_failure
    rules:
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $COMPARE_TO_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $E2E_COVERAGE_PIPELINE == "true"
      when: never
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: on_success
    - if: $CI_COMMIT_BRANCH == "main"
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_TAG != null
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - go.mod
        - go.sum
        - cmd/**/*
        - comp/**/*
        - internal/**/*
        - pkg/**/*
        - rtloader/**/*
        - tasks/**/*.py
        - omnibus/**/*
        - release.json
        - test/regression/**/*
        - Dockerfiles/**/*
        - .gitlab/test/functional_test/regression_detector.yml
        - .gitlab/childs/smp-regression-child-pipeline.yml
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - test/static/static_quality_gates.yml
    - allow_failure: true
      when: manual
    script:
    - DOCKER_LOGIN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DOCKER_REGISTRY_RO user)
      || exit $?
    - $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DOCKER_REGISTRY_RO token | crane auth
      login --username "$DOCKER_LOGIN" --password-stdin "$DOCKER_REGISTRY_URL"
    - EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
      needs gitlab runner restart"; exit $EXIT; fi
    - DATADOG_API_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_API_KEY_ORG2"
      token)" || exit $?; export DATADOG_API_KEY
    - export DD_API_KEY="$DATADOG_API_KEY"
    - DD_APP_KEY="$("$CI_PROJECT_DIR"/tools/ci/fetch_secret.sh "$AGENT_APP_KEY_ORG2"
      token)" || exit $?; export DD_APP_KEY
    - SLACK_DATADOG_AGENT_BOT_TOKEN=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $SLACK_AGENT
      token) || exit $?; export SLACK_DATADOG_AGENT_BOT_TOKEN
    - dda inv -- quality-gates.parse-and-trigger-gates || exit $?
    stage: functional_test
    tags:
    - arch:amd64
    - specific:true
    variables:
      GIT_DEPTH: 0
      KUBERNETES_CPU_REQUEST: 8
      OVERRIDE_GIT_STRATEGY: clone
trigger-single-machine-performance-regression_detector
  trigger-single-machine-performance-regression_detector:
    allow_failure: true
    needs:
    - artifacts: true
      job: single_machine_performance-regression_detector-merge_base_check
    - artifacts: false
      job: single_machine_performance-full-amd64-a7
      optional: true
    rules:
    - if: $E2E_COVERAGE_PIPELINE == "true"
      when: never
    - if: $CI_COMMIT_BRANCH == "main"
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
      when: never
    - if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
      when: never
    - if: $CI_COMMIT_TAG != null
      when: never
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - go.mod
        - go.sum
        - cmd/**/*
        - comp/**/*
        - internal/**/*
        - pkg/**/*
        - rtloader/**/*
        - tasks/**/*.py
        - omnibus/**/*
        - release.json
        - test/regression/**/*
        - Dockerfiles/**/*
        - .gitlab/test/functional_test/regression_detector.yml
        - .gitlab/childs/smp-regression-child-pipeline.yml
    - changes:
        compare_to: $COMPARE_TO_BRANCH
        paths:
        - '*.bazel*'
        - deps/**/*
        - bazel/**/*
-       - tasks/build_tags.bzl
    stage: functional_test
    trigger:
      include:
      - local: .gitlab/childs/smp-regression-child-pipeline.yml
    variables:
      BASELINE_SHA: $BASELINE_SHA
      FF_KUBERNETES_HONOR_ENTRYPOINT: false
      PARENT_PIPELINE_ID: $CI_PIPELINE_ID

Changes Summary

Removed Modified Added Renamed
0 18 0 0

ℹ️ Diff available in the job log.

@dd-octo-sts

dd-octo-sts Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Files inventory check summary

File checks results against ancestor 26694e87:

Results for datadog-agent_7.82.0~devel.git.306.8b76261.pipeline.120696223-1_amd64.deb:

No change detected

@cit-pr-commenter-54b7da

cit-pr-commenter-54b7da Bot commented Jun 22, 2026

Copy link
Copy Markdown

Regression Detector

Regression Detector Results

Metrics dashboard
Target profiles
Run ID: bb67bcd5-3b97-4425-b9e1-d8952e2c8932

Baseline: c6b6b2c
Comparison: c6f732d
Diff

❌ Experiments with retried target crashes

This is a critical error. One or more replicates failed with a non-zero exit code. These replicates may have been retried. See Replicate Execution Details for more information.

  • quality_gate_idle_all_features

Optimization Goals: ✅ No significant changes detected

Fine details of change detection per experiment

perf experiment goal Δ mean % Δ mean % CI trials links
quality_gate_metrics_logs memory utilization +1.38 [+1.12, +1.63] 1 Logs bounds checks dashboard
quality_gate_security_mean_fs_load memory utilization +0.19 [+0.15, +0.23] 1 Logs bounds checks dashboard
quality_gate_security_no_fs_load memory utilization +0.08 [-0.01, +0.18] 1 Logs bounds checks dashboard
quality_gate_idle memory utilization +0.05 [-0.00, +0.10] 1 Logs bounds checks dashboard
quality_gate_security_idle memory utilization +0.05 [-0.02, +0.11] 1 Logs bounds checks dashboard
quality_gate_idle_all_features memory utilization -0.13 [-0.17, -0.09] 1 Logs bounds checks dashboard
quality_gate_logs % cpu utilization -0.67 [-1.74, +0.40] 1 Logs bounds checks dashboard

Bounds Checks: ✅ Passed

perf experiment bounds_check_name replicates_passed observed_value links
quality_gate_idle intake_connections 10/10 3 ≤ 4 bounds checks dashboard
quality_gate_idle memory_usage 10/10 144.97MiB ≤ 154MiB bounds checks dashboard
quality_gate_idle total_bytes_received 10/10 575.78KiB ≤ 819.20KiB bounds checks dashboard
quality_gate_idle_all_features intake_connections 10/10 3 ≤ 4 bounds checks dashboard
quality_gate_idle_all_features memory_usage 10/10 486.42MiB ≤ 495MiB bounds checks dashboard
quality_gate_idle_all_features total_bytes_received 10/10 0.89MiB ≤ 1.25MiB bounds checks dashboard
quality_gate_logs intake_connections 10/10 4 ≤ 6 bounds checks dashboard
quality_gate_logs memory_usage 10/10 180.69MiB ≤ 195MiB bounds checks dashboard
quality_gate_logs missed_bytes 10/10 0B = 0B bounds checks dashboard
quality_gate_logs total_bytes_received 10/10 264.19MiB ≤ 292MiB bounds checks dashboard
quality_gate_metrics_logs cpu_usage 10/10 339.42 ≤ 2000 bounds checks dashboard
quality_gate_metrics_logs intake_connections 10/10 3 ≤ 6 bounds checks dashboard
quality_gate_metrics_logs memory_usage 10/10 405.19MiB ≤ 430MiB bounds checks dashboard
quality_gate_metrics_logs missed_bytes 10/10 0B = 0B bounds checks dashboard
quality_gate_metrics_logs total_bytes_received 10/10 0.87GiB ≤ 1.04GiB bounds checks dashboard
quality_gate_security_idle cpu_usage 10/10 28.76 ≤ 40 bounds checks dashboard
quality_gate_security_idle memory_usage 10/10 297.95MiB ≤ 330MiB bounds checks dashboard
quality_gate_security_mean_fs_load cpu_usage 10/10 58.89 ≤ 80 bounds checks dashboard
quality_gate_security_mean_fs_load memory_usage 10/10 274.40MiB ≤ 310MiB bounds checks dashboard
quality_gate_security_no_fs_load cpu_usage 10/10 22.92 ≤ 40 bounds checks dashboard
quality_gate_security_no_fs_load memory_usage 10/10 284.67MiB ≤ 320MiB bounds checks dashboard

Explanation

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

Performance changes are noted in the perf column of each table:

  • ✅ = significantly better comparison variant performance
  • ❌ = significantly worse comparison variant performance
  • ➖ = no significant change in performance

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

  1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

  2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

  3. Its configuration does not mark it "erratic".

Replicate Execution Details

We run multiple replicates for each experiment/variant. However, we allow replicates to be automatically retried if there are any failures, up to 8 times, at which point the replicate is marked dead and we are unable to run analysis for the entire experiment. We call each of these attempts at running replicates a replicate execution. This section lists all replicate executions that failed due to the target crashing or being oom killed.

Note: In the below tables we bucket failures by experiment, variant, and failure type. For each of these buckets we list out the replicate indexes that failed with an annotation signifying how many times said replicate failed with the given failure mode. In the below example the baseline variant of the experiment named experiment_with_failures had two replicates that failed by oom kills. Replicate 0, which failed 8 executions, and replicate 1 which failed 6 executions, all with the same failure mode.

Experiment Variant Replicates Failure Logs Debug Dashboard
experiment_with_failures baseline 0 (x8) 1 (x6) Oom killed Debug Dashboard

The debug dashboard links will take you to a debugging dashboard specifically designed to investigate replicate execution failures.

❌ Retried Normal Replicate Execution Failures (non-profiling)

Experiment Variant Replicates Failure Debug Dashboard
quality_gate_idle_all_features baseline 8 Oom killed Debug Dashboard

❌ Retried Profiling Replicate Execution Failures (ddprof)

Note: Profiling replicas may still be executing. See the debug dashboard for up to date status.

Experiment Variant Replicates Failure Debug Dashboard
quality_gate_idle_all_features baseline 10 Oom killed Debug Dashboard
quality_gate_idle_all_features comparison 10 Oom killed Debug Dashboard
quality_gate_logs baseline 10 Oom killed Debug Dashboard
quality_gate_metrics_logs comparison 10 Oom killed Debug Dashboard

CI Pass/Fail Decision

Passed. All Quality Gates passed.

  • quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
  • quality_gate_metrics_logs, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
  • quality_gate_metrics_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
  • quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_security_no_fs_load, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_security_no_fs_load, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_logs, bounds check missed_bytes: 10/10 replicas passed. Gate passed.
  • quality_gate_logs, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
  • quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
  • quality_gate_security_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_security_idle, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_idle_all_features, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
  • quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
  • quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
  • quality_gate_idle, bounds check total_bytes_received: 10/10 replicas passed. Gate passed.
  • quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_security_mean_fs_load, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
  • quality_gate_security_mean_fs_load, bounds check memory_usage: 10/10 replicas passed. Gate passed.

@dd-octo-sts

dd-octo-sts Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Static quality checks

✅ Please find below the results from static quality gates
Comparison made with ancestor 26694e8
📊 Static Quality Gates Dashboard
🔗 SQG Job

Successful checks

Info

Quality gate Change Size (prev → curr → max)
agent_deb_amd64 +3.61 KiB (0.00% increase, -0.04% of buffer) 748.880 → 748.884 → 758.200
agent_deb_amd64_fips +3.61 KiB (0.00% increase, -0.07% of buffer) 704.826 → 704.830 → 709.840
agent_heroku_amd64 +8.0 KiB (0.00% increase, -0.12% of buffer) 308.649 → 308.657 → 315.230
agent_msi +5.0 KiB (0.00% increase, -0.04% of buffer) 616.906 → 616.911 → 630.600
agent_rpm_amd64 +3.61 KiB (0.00% increase, -0.04% of buffer) 748.864 → 748.867 → 758.170
agent_rpm_amd64_fips +3.61 KiB (0.00% increase, -0.07% of buffer) 704.810 → 704.813 → 709.840
agent_rpm_arm64 +3.66 KiB (0.00% increase, -0.07% of buffer) 724.417 → 724.420 → 729.660
agent_rpm_arm64_fips +3.66 KiB (0.00% increase, -0.07% of buffer) 683.970 → 683.973 → 688.860
agent_suse_amd64 +3.61 KiB (0.00% increase, -0.04% of buffer) 748.864 → 748.867 → 758.170
agent_suse_amd64_fips +3.61 KiB (0.00% increase, -0.07% of buffer) 704.810 → 704.813 → 709.840
agent_suse_arm64 +3.66 KiB (0.00% increase, -0.07% of buffer) 724.417 → 724.420 → 729.660
agent_suse_arm64_fips +3.66 KiB (0.00% increase, -0.07% of buffer) 683.970 → 683.973 → 688.860
docker_agent_amd64 +3.63 KiB (0.00% increase, -0.06% of buffer) 807.699 → 807.702 → 813.790
docker_agent_arm64 +3.66 KiB (0.00% increase, -0.05% of buffer) 808.268 → 808.271 → 815.030
docker_agent_jmx_amd64 +3.61 KiB (0.00% increase, -0.06% of buffer) 998.596 → 998.600 → 1004.550
docker_agent_jmx_arm64 +3.66 KiB (0.00% increase, -0.05% of buffer) 987.818 → 987.821 → 994.710
docker_cluster_agent_amd64 +4.0 KiB (0.00% increase, -0.16% of buffer) 208.060 → 208.064 → 210.470
docker_host_profiler_amd64 -2.86 KiB (0.00% reduction, +0.02% of buffer) 305.020 → 305.017 → 317.640
iot_agent_deb_arm64 +4.0 KiB (0.01% increase, -0.29% of buffer) 42.386 → 42.390 → 43.720
iot_agent_deb_armhf +4.0 KiB (0.01% increase, -0.50% of buffer) 43.172 → 43.175 → 43.960
13 successful checks with minimal change (< 2 KiB)
Quality gate Current Size
docker_cluster_agent_arm64 221.314 MiB
docker_cws_instrumentation_amd64 7.447 MiB
docker_cws_instrumentation_arm64 6.877 MiB
docker_dogstatsd_amd64 39.012 MiB
docker_dogstatsd_arm64 37.179 MiB
docker_host_profiler_arm64 316.110 MiB
dogstatsd_deb_amd64 29.743 MiB
dogstatsd_deb_arm64 27.802 MiB
dogstatsd_rpm_amd64 29.743 MiB
dogstatsd_suse_amd64 29.743 MiB
iot_agent_deb_amd64 45.672 MiB
iot_agent_rpm_amd64 45.672 MiB
iot_agent_suse_amd64 45.671 MiB

Base automatically changed from pducolin/coat-errortracking/stack-1-core to main June 22, 2026 12:14
@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-2-agenttelemetry branch from 1b3c60a to f473840 Compare June 22, 2026 12:44
@github-actions github-actions Bot added the long review PR is complex, plan time to review it label Jun 22, 2026
chatgpt-codex-connector[bot]

This comment was marked as outdated.

@pducolin pducolin added changelog/no-changelog No changelog entry needed qa/skip-qa labels Jun 22, 2026
@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-2-agenttelemetry branch from f473840 to 732215e Compare June 22, 2026 15:46

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 732215ec26

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread comp/core/agenttelemetry/impl/BUILD.bazel Outdated
@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-2-agenttelemetry branch from 732215e to ac130e5 Compare June 23, 2026 08:44
@pducolin pducolin added qa/no-code-change No code change in Agent code requiring validation and removed qa/skip-qa labels Jun 23, 2026
chatgpt-codex-connector[bot]

This comment was marked as outdated.

@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-2-agenttelemetry branch from 70b773d to af32141 Compare June 23, 2026 11:37
chatgpt-codex-connector[bot]

This comment was marked as outdated.

pducolin added 3 commits June 24, 2026 07:57
…ubmission

- Add SubmitErrorLog(ErrorLog) to the component interface
- Add bounded errLogsCh channel, non-blocking SubmitErrorLog(), and flushErrortracking() scheduler job
- Add errortracking_sender.go: converts ErrorLog to dd-go Log with stack symbolization
- Add logs_payload.go: builds LogsPayload batches for HTTP POST
- Refactor sender.go: extract shared sendPayloadBody() helper reused by metrics and logs paths
- Remove stale pkg/util/log/setup indirect dep from agenttelemetry/fx go.mod
- Add missing replace rule for pkg/util/log/setup in agenttelemetry/impl go.mod
- Drop unused //comp/logs/agent/config from agenttelemetry impl test BUILD target
- Drop unused //pkg/util/log/errortracking and //slog from log/setup test BUILD target
Git worktrees under .worktrees/ were not excluded from Bazel's
directory scanning, causing gazelle to find duplicate Go package
targets and generate incorrect BUILD.bazel files.
@pducolin pducolin force-pushed the pducolin/coat-errortracking/stack-2-agenttelemetry branch from af32141 to 9b343ec Compare June 24, 2026 08:08
chatgpt-codex-connector[bot]

This comment was marked as outdated.

chatgpt-codex-connector[bot]

This comment was marked as outdated.

@pducolin pducolin marked this pull request as ready for review June 24, 2026 09:03
@pducolin pducolin requested review from a team as code owners June 24, 2026 09:03
@pducolin pducolin requested review from fabbing and s-alad June 24, 2026 09:03
Comment thread REPO.bazel Outdated
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit c6f732d into main Jun 25, 2026
298 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the pducolin/coat-errortracking/stack-2-agenttelemetry branch June 25, 2026 07:59
@github-actions github-actions Bot added this to the 7.82.0 milestone Jun 25, 2026
gh-worker-dd-mergequeue-cf854d Bot pushed a commit that referenced this pull request Jun 29, 2026
…52487)

> **Stacked PR 3/4** — part of [#50607](#50607). Builds on [stack-2 #52486](#52486).

### What does this PR do?

Adds `/api/v2/apmtelemetry` support to fakeintake so E2E tests can assert on error-tracking payloads forwarded by the agent, add CI boilerplate to run agent telemetry e2e tests.                    
                                                                         
- New `AgentTelemetryLogAggregator` parses agent-logs request type from the shared `/api/v2/apmtelemetry` endpoint.                       
- `GetAgentTelemetryLogs()` client method fetches and returns all received log records                                                   
- Register `/api/v2/apmtelemetry` route in `server/serverstore/parser.go` so the /fakeintake/payloads query path works                           

### Stack
1. [stack-1 #52485] Core `pkg/util/log/errortracking/` package
2. [stack-2 #52486] agenttelemetry component extensions + sender refactor
3. **This PR** — e2e test boilerplate
4. [stack-4] config, log-setup wiring, agent run command

Co-authored-by: paola.ducolin <paola.ducolin@datadoghq.com>
github-actions Bot pushed a commit to nothingtosurprise/datadog-agent that referenced this pull request Jun 29, 2026
…ataDog#52487)

> **Stacked PR 3/4** — part of [DataDog#50607](DataDog#50607). Builds on [stack-2 DataDog#52486](DataDog#52486).

### What does this PR do?

Adds `/api/v2/apmtelemetry` support to fakeintake so E2E tests can assert on error-tracking payloads forwarded by the agent, add CI boilerplate to run agent telemetry e2e tests.

- New `AgentTelemetryLogAggregator` parses agent-logs request type from the shared `/api/v2/apmtelemetry` endpoint.
- `GetAgentTelemetryLogs()` client method fetches and returns all received log records
- Register `/api/v2/apmtelemetry` route in `server/serverstore/parser.go` so the /fakeintake/payloads query path works

### Stack
1. [stack-1 DataDog#52485] Core `pkg/util/log/errortracking/` package
2. [stack-2 DataDog#52486] agenttelemetry component extensions + sender refactor
3. **This PR** — e2e test boilerplate
4. [stack-4] config, log-setup wiring, agent run command

Co-authored-by: paola.ducolin <paola.ducolin@datadoghq.com> e882170
gh-worker-dd-mergequeue-cf854d Bot pushed a commit that referenced this pull request Jul 3, 2026
…52488)

> **Stacked PR 4/4** — part of [#50607](#50607). Builds on [stack-3 #52487](#52487).

### What does this PR do?

Wires the error-tracking handler into the agent and validates the full pipeline end-to-end:

- **Config defaults** — adds `buffer_size`, `flush_interval`, `bouncer_window` to `common_settings.go`
- **Log setup** — wires `errortracking.Handler` into `buildSlogLogger` as a synchronous sibling handler
- **Agent run command** — installs an `fx.Lifecycle` hook that starts/stops the handler
- **E2E test suite** (`test/new-e2e/tests/agent-telemetry/`) — provisions a real AWS EC2 VM via Pulumi, installs the agent with a Python check that logs errors and raises an exception. Asserts that error log payloads reach the internal telemetry intake. Tests both `errortracking.enabled: true` and the default disabled state.
- **CI** — extends `.on_agenttelemetry_or_e2e_changes` with `test/new-e2e/tests/agent-telemetry/**/*`

### Stack
1. [stack-1 #52485] Core `pkg/util/log/errortracking/` package
2. [stack-2 #52486] agenttelemetry component extensions + sender refactor
3. [stack-3 #52487] FakeIntake aggregator/client + CI scaffolding
4. **This PR** — agent wiring + E2E test

Co-authored-by: paola.ducolin <paola.ducolin@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

changelog/no-changelog No changelog entry needed internal Identify a non-fork PR long review PR is complex, plan time to review it qa/no-code-change No code change in Agent code requiring validation team/agent-build team/agent-configuration team/agent-devx team/agent-health team/agent-runtimes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants