@@ -11,12 +11,13 @@ readonly TARGET_BRANCH="${TARGET_BRANCH:-master}"
1111mkdir -p " ${OUTPUT_DIR} "
1212rm -f " ${FALLBACK_MARKER_FILE} "
1313
14- if [[ -z " ${CI_PROJECT_ID:- } " || -z " ${CI_API_V4_URL:- } " || -z " ${CI_JOB_TOKEN :- } " ]]; then
15- echo " Missing CI_PROJECT_ID/CI_API_V4_URL/CI_JOB_TOKEN environment variables." >&2
14+ if [[ -z " ${CI_PROJECT_ID:- } " || -z " ${CI_API_V4_URL:- } " ; then
15+ echo " Missing CI_PROJECT_ID/CI_API_V4_URL environment variables." >&2
1616 exit 1
1717fi
1818
1919readonly PROJECT_API_URL=" ${CI_API_V4_URL} /projects/${CI_PROJECT_ID} "
20+ readonly BTI_TOKEN_URL=" https://bti-ci-api.us1.ddbuild.io/internal/ci/gitlab/token?owner=DataDog&repository=apm-reliability/dd-trace-java"
2021
2122log_debug () {
2223 echo " [baseline-debug] $* " >&2
@@ -27,13 +28,44 @@ response_snippet() {
2728 echo " ${response} " | tr ' \n' ' ' | sed ' s/[[:space:]]\+/ /g' | cut -c1-220
2829}
2930
31+ get_private_token () {
32+ local auth_header bti_response http_status response_body private_token
33+
34+ if ! auth_header=" $( authanywhere --audience sdm 2>&1 ) " ; then
35+ echo " Failed to get authanywhere token: ${auth_header} " >&2
36+ return 1
37+ fi
38+
39+ bti_response=" $(
40+ curl -w " \nHTTP_STATUS:%{http_code}"
41+ --header " ${auth_header} "
42+ " ${BTI_TOKEN_URL} " 2>&1
43+ ) "
44+ http_status=" $( echo " ${bti_response} " | grep " HTTP_STATUS:" | sed ' s/HTTP_STATUS://' ) "
45+ response_body=" $( echo " ${bti_response} " | sed ' /HTTP_STATUS:/d' ) "
46+
47+ if [[ " ${http_status} " != " 200" ; then
48+ echo " BTI token request failed: status=${http_status} , body='$( response_snippet " ${response_body} " ) " >&2
49+ return 1
50+ fi
51+
52+ private_token=" $( echo " ${response_body} " | grep -o ' "token":"[^"]*"' | sed ' s/"token":"\([^"]*\)"/\1/' ) "
53+ if [[ -z " ${private_token} " ; then
54+ echo " Failed to parse private token from BTI response." >&2
55+ return 1
56+ fi
57+
58+ echo " ${private_token} "
59+ }
60+
3061get_pipeline_id_for_commit () {
3162 local commit_sha=" $1 "
3263 local api_url=" ${PROJECT_API_URL} /repository/commits/${commit_sha} "
33- local response pipeline_id
64+ local response pipeline_id private_token
3465
3566 log_debug " query commit endpoint: ${api_url} "
36- response=" $( curl --request GET --silent --show-error --header " JOB-TOKEN: ${CI_JOB_TOKEN} " " ${api_url} " || true) "
67+ private_token=" $( get_private_token) " || return 1
68+ response=" $( curl --request GET --silent --show-error --header " PRIVATE-TOKEN: ${private_token} " " ${api_url} " || true) "
3769 pipeline_id=" $( echo " ${response} " | grep -o ' "last_pipeline"[^}]*"id":[0-9]*' | grep -o ' [0-9]*$' | head -1 || true) "
3870 if [[ -n " ${pipeline_id} " && " ${pipeline_id} " != " null" ; then
3971 log_debug " found pipeline_id=${pipeline_id} for commit_sha=${commit_sha} "
@@ -48,10 +80,11 @@ get_pipeline_id_for_commit() {
4880get_latest_pipeline_id_for_branch () {
4981 local branch=" $1 "
5082 local api_url=" ${PROJECT_API_URL} /pipelines?ref=${branch} &order_by=id&sort=desc&per_page=1"
51- local response pipeline_id
83+ local response pipeline_id private_token
5284
5385 log_debug " query pipelines endpoint: ${api_url} "
54- response=" $( curl --request GET --silent --show-error --header " JOB-TOKEN: ${CI_JOB_TOKEN} " " ${api_url} " || true) "
86+ private_token=" $( get_private_token) " || return 1
87+ response=" $( curl --request GET --silent --show-error --header " PRIVATE-TOKEN: ${private_token} " " ${api_url} " || true) "
5588 pipeline_id=" $( echo " ${response} " | grep -o ' "id":[0-9]*' | head -1 | grep -o ' [0-9]*' || true) "
5689 if [[ -n " ${pipeline_id} " ; then
5790 log_debug " found latest pipeline_id=${pipeline_id} for branch=${branch} "
0 commit comments