Skip to content

[Backport 7.80.x] [#incident-56663] Prefer DNS endpoint in CI for mirrored Go packages (#52499)#52698

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 2 commits into
7.80.xfrom
pierrelouis.veyrenc/backport-52499-to-7.80.x
Jun 25, 2026
Merged

[Backport 7.80.x] [#incident-56663] Prefer DNS endpoint in CI for mirrored Go packages (#52499)#52698
gh-worker-dd-mergequeue-cf854d[bot] merged 2 commits into
7.80.xfrom
pierrelouis.veyrenc/backport-52499-to-7.80.x

Conversation

@Ishirui

@Ishirui Ishirui commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Backport of #52499

@Ishirui Ishirui requested review from a team as code owners June 24, 2026 08:21
@Ishirui Ishirui requested review from agagniere and dustmop and removed request for a team June 24, 2026 08:21
@dd-octo-sts dd-octo-sts Bot added the internal Identify a non-fork PR label Jun 24, 2026
@github-actions github-actions Bot added the long review PR is complex, plan time to review it label Jun 24, 2026
@dd-octo-sts

dd-octo-sts Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Gitlab CI Configuration Changes

Updated: .gitlab-ci.yml

⚠️ Diff too large to display on Github.

Changes Summary

Removed Modified Added Renamed
1 463 5 0

Updated: .gitlab/distribution.yml

⚠️ Diff too large to display on Github.

Changes Summary

Removed Modified Added Renamed
1 71 1 0

ℹ️ Diff available in the job log.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e1eb4d5ee7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .adms/go/gitlab.yaml

variables:
GOPROXY: "https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/"
GOPROXY: "https://depot-read-api-go.rapid-dependency-management-depot.all-clusters.local-dc.fabric.dog:8443/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Sanitize GOPROXY for DMG builds

This global GOPROXY now puts the .fabric.dog endpoint first for every CI job, but the macOS DMG packaging jobs in .gitlab/build/package_build/dmg.yml do not extend .macos_gitlab or .bazel:runner:macos-*; they run .macos_setup_go and dda inv omnibus.build directly without !reference [.sanitize_goproxy]. Since the same patch documents that this endpoint is not usable from macOS runners, agent_dmg-* will keep trying the unreachable proxy before falling back for Go/Bazel module fetches, which can make the release packaging jobs hang or fail on cache misses.

Useful? React with 👍 / 👎.

@dd-octo-sts

dd-octo-sts Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Files inventory check summary

File checks results against ancestor d502ce1e:

Results for datadog-agent_7.80.3.git.4.e413beb.pipeline.121028657-1_amd64.deb:

No change detected

@dd-octo-sts

dd-octo-sts Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Static quality checks

✅ Please find below the results from static quality gates
Comparison made with ancestor d502ce1
📊 Static Quality Gates Dashboard
🔗 SQG Job

Successful checks

Info

Quality gate Change Size (prev → curr → max)
agent_rpm_arm64_fips +2.25 KiB (0.00% increase) 682.957 → 682.959 → 685.090
agent_suse_arm64_fips +2.25 KiB (0.00% increase) 682.957 → 682.959 → 685.090
31 successful checks with minimal change (< 2 KiB)
Quality gate Current Size
agent_deb_amd64 744.400 MiB
agent_deb_amd64_fips 702.248 MiB
agent_heroku_amd64 310.922 MiB
agent_msi 611.136 MiB
agent_rpm_amd64 744.383 MiB
agent_rpm_amd64_fips 702.232 MiB
agent_rpm_arm64 721.925 MiB
agent_suse_amd64 744.383 MiB
agent_suse_amd64_fips 702.232 MiB
agent_suse_arm64 721.925 MiB
docker_agent_amd64 804.542 MiB
docker_agent_arm64 806.920 MiB
docker_agent_jmx_amd64 995.439 MiB
docker_agent_jmx_arm64 986.470 MiB
docker_cluster_agent_amd64 206.832 MiB
docker_cluster_agent_arm64 220.813 MiB
docker_cws_instrumentation_amd64 7.154 MiB
docker_cws_instrumentation_arm64 6.689 MiB
docker_dogstatsd_amd64 39.439 MiB
docker_dogstatsd_arm64 37.614 MiB
docker_host_profiler_amd64 302.229 MiB
docker_host_profiler_arm64 313.709 MiB
dogstatsd_deb_amd64 30.170 MiB
dogstatsd_deb_arm64 28.292 MiB
dogstatsd_rpm_amd64 30.170 MiB
dogstatsd_suse_amd64 30.170 MiB
iot_agent_deb_amd64 44.472 MiB
iot_agent_deb_arm64 41.433 MiB
iot_agent_deb_armhf 42.142 MiB
iot_agent_rpm_amd64 44.473 MiB
iot_agent_suse_amd64 44.473 MiB

@datadog-prod-us1-3

datadog-prod-us1-3 Bot commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 50.38% (-0.01%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: e413beb | Docs | Datadog PR Page | Give us feedback!

ofek and others added 2 commits June 24, 2026 17:09
Service-to-service traffic is supposed to use internal DNS instead of the currently-prioritized gateway proxy, which intermittently throws 503s even though the underlying service is healthy.

CI will pass when the build images have been updated, as seen here #52547

Co-authored-by: ofek.lev <ofek.lev@datadoghq.com>
(cherry picked from commit ceea175)
@Ishirui Ishirui force-pushed the pierrelouis.veyrenc/backport-52499-to-7.80.x branch from 74ad769 to e413beb Compare June 24, 2026 15:14
@Ishirui Ishirui added changelog/no-changelog No changelog entry needed qa/no-code-change No code change in Agent code requiring validation labels Jun 24, 2026
allow depot-read-api-go.us1.ddbuild.io
# Preferred first in GOPROXY (see .adms/go/gitlab.yaml); allow it here so Bazel's
# downloader doesn't block it.
allow depot-read-api-go.rapid-dependency-management-depot.all-clusters.local-dc.fabric.dog

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is one seriously long hostname.

case "${GOPROXY-}" in
*.fabric.dog*)
if ! __sgp_usable; then
GOPROXY="$(printf '%s' "$GOPROXY" | tr '|' '\n' \

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe $(echo $GOPROXY | tr ...)

*.fabric.dog*)
if ! __sgp_usable; then
GOPROXY="$(printf '%s' "$GOPROXY" | tr '|' '\n' \
| grep -vE '^https?://[^/]*\.fabric\.dog(:[0-9]+)?(/|$)' | paste -sd '|' -)"

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the (/|$) more precise than needed? But I think the answer to that depends on the chance of the domain changing from "*.fabric.dog".

# strip any unreachable entry once here and apply the result explicitly to each
# go step (an explicit assignment overrides the injected arg). Mirrors
# tools/ci/sanitize-goproxy.sh.
RUN printf '%s' "$GOPROXY" | tr '|' '\n' \

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this might work so you can share the code.

RUN ( bash tools/ci/santize-goproxy.sh ; echo "$GOPROXY") >/tmp/goproxy.sanitzed

@aiuto aiuto left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your call on the suggestions.

@Ishirui

Ishirui commented Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Your call on the suggestions.

@aiuto Thanks for the thorough review ! but as this is just a backport I think we'd better include them on main in a separate PR 😅

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit 7091f13 into 7.80.x Jun 25, 2026
301 of 316 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the pierrelouis.veyrenc/backport-52499-to-7.80.x branch June 25, 2026 12:08
@github-actions github-actions Bot added this to the 7.80.4 milestone Jun 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

changelog/no-changelog No changelog entry needed internal Identify a non-fork PR long review PR is complex, plan time to review it qa/no-code-change No code change in Agent code requiring validation team/agent-build team/agent-configuration team/agent-devx team/ebpf-platform team/windows-products

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants