Skip to content

Commit db0f934

Browse files
dmehaladmehala
committed
chore(ci): use dd-sts to retrieve DD_API_KEY
1 parent 910e3d5 commit db0f934

File tree

1 file changed

+24
-3
lines changed

1 file changed

+24
-3
lines changed

.github/workflows/dev.yml

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,9 +53,9 @@ jobs:
5353
permissions:
5454
contents: read
5555
packages: read
56+
id-token: write
5657
env:
5758
BUILD_DIR: .build
58-
DD_API_KEY: ${{ secrets.DD_CI_VIS_API_KEY }}
5959
steps:
6060
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
6161
- name: Configure
@@ -75,8 +75,15 @@ jobs:
7575
tmp_file="$(mktemp)"
7676
xsltproc --output "$tmp_file" ".github/workflows/add_final_status.xsl" "$xml_file"
7777
mv "$tmp_file" "$xml_file"
78+
- name: Get Datadog credentials
79+
id: dd-sts
80+
uses: DataDog/dd-sts-action@2e8187910199bd93129520183c093e19aa585c75
81+
with:
82+
policy: public-datadog-dd-trace-cpp
7883
- name: Upload test report to Datadog
7984
if: success() || failure()
85+
env:
86+
DD_API_KEY: ${{ steps.dd-sts.outputs.api_key }}
8087
run: |
8188
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-${{ matrix.arch }}" --output "/usr/local/bin/datadog-ci" && chmod +x /usr/local/bin/datadog-ci
8289
datadog-ci junit upload --service dd-trace-cpp --tags test.source.file:test/*.cpp .build/report.xml
@@ -145,6 +152,7 @@ jobs:
145152
permissions:
146153
contents: read
147154
packages: read
155+
id-token: write
148156
env:
149157
DD_API_KEY: ${{ secrets.DD_CI_VIS_API_KEY }}
150158
steps:
@@ -179,8 +187,15 @@ jobs:
179187
$transform.Transform($xmlFile, $tmpFile)
180188
181189
Move-Item -Force $tmpFile $xmlFile
190+
- name: Get Datadog credentials
191+
id: dd-sts
192+
uses: DataDog/dd-sts-action@2e8187910199bd93129520183c093e19aa585c75
193+
with:
194+
policy: public-datadog-dd-trace-cpp
182195
- name: Upload test report to Datadog
183196
if: success() || failure()
197+
env:
198+
DD_API_KEY: ${{ steps.dd-sts.outputs.api_key }}
184199
run: |
185200
Invoke-WebRequest -Uri "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_win-x64" -OutFile "datadog-ci.exe"
186201
./datadog-ci.exe junit upload --service dd-trace-cpp --tags test.source.file:test/*.cpp report.xml
@@ -195,12 +210,18 @@ jobs:
195210
permissions:
196211
contents: read
197212
packages: read
198-
env:
199-
DD_API_KEY: ${{ secrets.DD_CI_VIS_API_KEY }}
213+
id-token: write
200214
steps:
201215
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
202216
- run: bin/test --coverage --verbose
217+
- name: Get Datadog credentials
218+
id: dd-sts
219+
uses: DataDog/dd-sts-action@2e8187910199bd93129520183c093e19aa585c75
220+
with:
221+
policy: public-datadog-dd-trace-cpp
203222
- name: Report Datadog coverage
223+
env:
224+
DD_API_KEY: ${{ steps.dd-sts.outputs.api_key }}
204225
run: |
205226
curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-arm64" --output "/usr/local/bin/datadog-ci" && chmod +x /usr/local/bin/datadog-ci
206227
cd .coverage

0 commit comments

Comments
 (0)