File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : " Datadog Short-Lived Token"
2+ description : " Federate a short-lived Datadog token via dd-sts-action and export DD_API_KEY (and DD_APP_KEY when available) to the job environment."
3+
4+ inputs :
5+ policy :
6+ required : false
7+ default : public-vectordotdev-vector
8+ description : " dd-sts policy to federate against."
9+
10+ runs :
11+ using : " composite"
12+ steps :
13+ - name : Federate Datadog token
14+ id : dd-sts
15+ uses : DataDog/dd-sts-action@2e8187910199bd93129520183c093e19aa585c75
16+ with :
17+ policy : ${{ inputs.policy }}
18+
19+ - name : Export Datadog credentials to environment
20+ shell : bash
21+ env :
22+ DD_STS_API_KEY : ${{ steps.dd-sts.outputs.api_key }}
23+ DD_STS_APP_KEY : ${{ steps.dd-sts.outputs.app_key }}
24+ run : |
25+ echo "DD_API_KEY=${DD_STS_API_KEY}" >> "$GITHUB_ENV"
26+ if [ -n "${DD_STS_APP_KEY}" ]; then
27+ echo "DD_APP_KEY=${DD_STS_APP_KEY}" >> "$GITHUB_ENV"
28+ fi
Original file line number Diff line number Diff line change 4141 TEST_DATADOG_API_KEY : ${{ secrets.CI_TEST_DATADOG_API_KEY }}
4242 CONTAINER_TOOL : " docker"
4343 DD_ENV : " ci"
44- DD_API_KEY : ${{ secrets.DD_API_KEY }}
4544 RUST_BACKTRACE : full
4645 VECTOR_LOG : vector=debug
4746 VERBOSE : true
10099 timeout-minutes : 90
101100 permissions :
102101 contents : read
102+ id-token : write
103103 packages : read # Required to pull test runner image from GHCR
104104 strategy :
105105 fail-fast : false
@@ -160,6 +160,9 @@ jobs:
160160 submodules : " recursive"
161161 ref : ${{ github.event.review.commit_id }}
162162
163+ - uses : ./.github/actions/dd-token
164+ if : steps.run_condition.outputs.should_run == 'true'
165+
163166 - uses : ./.github/actions/setup
164167 with :
165168 vdev : true
@@ -191,6 +194,7 @@ jobs:
191194 permissions :
192195 contents : read
193196 packages : read # Required to pull test runner image from GHCR
197+ id-token : write
194198 strategy :
195199 fail-fast : false
196200 matrix :
@@ -214,6 +218,9 @@ jobs:
214218 submodules : " recursive"
215219 ref : ${{ github.event.review.commit_id }}
216220
221+ - uses : ./.github/actions/dd-token
222+ if : steps.run_condition.outputs.should_run == 'true'
223+
217224 - uses : ./.github/actions/setup
218225 with :
219226 vdev : true
Original file line number Diff line number Diff line change 3131
3232permissions :
3333 contents : read
34+ id-token : write
3435
3536env :
3637 DD_ENV : " ci"
Original file line number Diff line number Diff line change 1616jobs :
1717 coverage :
1818 runs-on : ubuntu-24.04
19+ permissions :
20+ contents : read
21+ id-token : write
1922 steps :
2023 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2124
3134 - name : " Generate code coverage"
3235 run : cargo llvm-cov nextest --workspace --lcov --output-path lcov.info
3336
37+ - uses : ./.github/actions/dd-token
38+
3439 - name : " Upload coverage to Datadog"
3540 env :
36- DD_API_KEY : ${{ secrets.DD_API_KEY }}
3741 DD_SITE : datadoghq.com
3842 DD_ENV : ci
3943 run : datadog-ci coverage upload lcov.info
Original file line number Diff line number Diff line change 2323 TEST_APPSIGNAL_PUSH_API_KEY : ${{ secrets.TEST_APPSIGNAL_PUSH_API_KEY }}
2424 CONTAINER_TOOL : " docker"
2525 DD_ENV : " ci"
26- DD_API_KEY : ${{ secrets.DD_API_KEY }}
2726 RUST_BACKTRACE : full
2827 VECTOR_LOG : vector=debug
2928 VERBOSE : true
3433 test-integration :
3534 runs-on : ubuntu-24.04
3635 timeout-minutes : 40
36+ permissions :
37+ contents : read
38+ id-token : write
3739 if : inputs.if || github.event_name == 'workflow_dispatch'
3840 steps :
3941 - name : (PR comment) Get PR branch
5153 if : ${{ github.event_name != 'issue_comment' }}
5254 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5355
56+ - uses : ./.github/actions/dd-token
57+
5458 - run : bash scripts/environment/prepare.sh --modules=rustup,datadog-ci
5559
5660 - run : make test-integration-${{ inputs.test_name }}
Original file line number Diff line number Diff line change @@ -23,7 +23,6 @@ permissions:
2323env :
2424 CONTAINER_TOOL : " docker"
2525 DD_ENV : " ci"
26- DD_API_KEY : ${{ secrets.DD_API_KEY }}
2726 TEST_DATADOG_API_KEY : ${{ secrets.CI_TEST_DATADOG_API_KEY }}
2827 TEST_APPSIGNAL_PUSH_API_KEY : ${{ secrets.TEST_APPSIGNAL_PUSH_API_KEY }}
2928 AXIOM_TOKEN : ${{ secrets.AXIOM_TOKEN }}
6564
6665 integration-tests :
6766 runs-on : ubuntu-24.04-8core
67+ permissions :
68+ contents : read
69+ id-token : write
6870 needs :
6971 - changes
7072 - build-test-runner
@@ -141,6 +143,9 @@ jobs:
141143 with :
142144 submodules : " recursive"
143145
146+ - uses : ./.github/actions/dd-token
147+ if : steps.check.outputs.should_run == 'true'
148+
144149 - uses : ./.github/actions/setup
145150 if : steps.check.outputs.should_run == 'true'
146151 with :
@@ -167,6 +172,9 @@ jobs:
167172
168173e2e-tests :
169174 runs-on : ubuntu-24.04-8core
175+ permissions :
176+ contents : read
177+ id-token : write
170178 needs :
171179 - changes
172180 - build-test-runner
@@ -205,6 +213,9 @@ jobs:
205213 with :
206214 submodules : " recursive"
207215
216+ - uses : ./.github/actions/dd-token
217+ if : steps.check.outputs.should_run == 'true'
218+
208219 - uses : ./.github/actions/setup
209220 if : steps.check.outputs.should_run == 'true'
210221 with :
Original file line number Diff line number Diff line change 2121
2222permissions :
2323 contents : read
24+ id-token : write
2425
2526concurrency :
2627 # `github.ref` is unique for MQ runs and PRs
@@ -30,7 +31,6 @@ concurrency:
3031env :
3132 CONTAINER_TOOL : " docker"
3233 DD_ENV : " ci"
33- DD_API_KEY : ${{ secrets.DD_API_KEY }}
3434 RUST_BACKTRACE : full
3535 VECTOR_LOG : vector=debug
3636 VERBOSE : true
Original file line number Diff line number Diff line change @@ -13,14 +13,18 @@ permissions:
1313jobs :
1414 static-analysis :
1515 runs-on : ubuntu-latest
16- env :
17- DD_API_KEY : ${{ secrets.DD_API_KEY }}
18- DD_APP_KEY : ${{ secrets.DD_APP_KEY }}
16+ permissions :
17+ contents : read
18+ id-token : write
1919 steps :
2020 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2121
22+ - id : dd-token
23+ uses : ./.github/actions/dd-token
24+ with :
25+ policy : public-vectordotdev-vector-static-analysis
26+
2227 - name : Datadog Static Analyzer
23- if : ${{ env.DD_API_KEY != '' }}
2428 uses : DataDog/datadog-static-analyzer-github-action@8340f18875fcefca86844b5f947ce2431387e552 # v3.0.0
2529 with :
2630 dd_api_key : ${{ env.DD_API_KEY }}
Original file line number Diff line number Diff line change @@ -32,17 +32,22 @@ permissions:
3232jobs :
3333 run-make-command :
3434 runs-on : ubuntu-24.04
35+ permissions :
36+ contents : read
37+ id-token : write
3538 timeout-minutes : 90
3639 env :
3740 CARGO_INCREMENTAL : 0
3841 DD_ENV : " ci"
39- DD_API_KEY : ${{ secrets.DD_API_KEY }}
4042 steps :
4143 - name : Checkout branch
4244 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4345 with :
4446 ref : ${{ inputs.ref }}
4547
48+ - uses : ./.github/actions/dd-token
49+ if : ${{ inputs.upload_test_results }}
50+
4651 - uses : ./.github/actions/setup
4752 with :
4853 rust : true
Original file line number Diff line number Diff line change @@ -17,7 +17,6 @@ concurrency:
1717env :
1818 CONTAINER_TOOL : " docker"
1919 DD_ENV : " ci"
20- DD_API_KEY : ${{ secrets.DD_API_KEY }}
2120 VECTOR_LOG : vector=debug
2221 VERBOSE : true
2322 CI : true
5756
5857 test :
5958 needs : changes
59+ permissions :
60+ contents : read
61+ id-token : write
6062 if : ${{ needs.changes.outputs.source == 'true' || needs.changes.outputs.test-yml == 'true' }}
6163 uses : ./.github/workflows/unit-tests.yml
6264 with :
You can’t perform that action at this time.
0 commit comments