stages:

- package

- tests

- shared-pipeline

- benchmarks

- release

variables:

REPO_LANG: python # "python" is used everywhere rather than "py"

REPO_NOTIFICATION_CHANNEL: "#apm-python-release"

RELEASE_ALLOW_TEST_FAILURES: false

RELEASE_ALLOW_BENCHMARK_FAILURES: false

# VPA Template configuration

DD_VPA_TEMPLATE: "vpa-template-cpu-p70-10percent-2x-oom-min-cap"

# CI_DEBUG_SERVICES: "true"

# Automatically managed, use scripts/update-system-tests-version to update

SYSTEM_TESTS_REF: "94529f681dcaf74382ed47c3b0c85acdb775b6c9"

default:

interruptible: true

# trigger new commit cancel

workflow:

auto_cancel:

on_new_commit: interruptible

rules:

- if: $CI_COMMIT_BRANCH == 'main'

auto_cancel:

on_new_commit: none

- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+$/

auto_cancel:

on_new_commit: none

- when: always

include:

- local: ".gitlab/one-pipeline.locked.yml"

- local: ".gitlab/services.yml" # Include early so others can use the definitions

- local: ".gitlab/package.yml"

- local: ".gitlab/release.yml"

- local: ".gitlab/testrunner.yml"

- local: ".gitlab/benchmarks/serverless.yml"

- local: ".gitlab/native.yml"

tests-gen:

stage: tests

extends: .testrunner

id_tokens:

DDOCTOSTS_ID_TOKEN:

aud: dd-octo-sts

script:

- |

if [ -z ${GH_TOKEN} ]

then

# Use dd-octo-sts to get GitHub token

export GH_TOKEN=$(dd-octo-sts token --scope DataDog/dd-trace-py --policy gitlab.github-access.read)

fi

- scripts/gen_gitlab_config.py --verbose

needs: []

artifacts:

paths:

- .gitlab/tests-gen.yml

run-tests-trigger:

stage: tests

needs: [ tests-gen ]

# Allow the child job to fail if explicitly asked

rules:

- if: $RELEASE_ALLOW_TEST_FAILURES == "true"

allow_failure: true

- allow_failure: false

trigger:

include:

- artifact: .gitlab/tests-gen.yml

job: tests-gen

strategy: depend

# Validate the ast-grep rule's test suite in .sg/tests

"ast-grep rules":

extends: .testrunner

stage: tests

needs: []

script:

script:

- |

echo -e "\e[0Ksection_start:`date +%s`:sg_test[collapsed=true]\r\e[0KValidate ast-grep rules"

hatch run lint:sg-test

echo -e "\e[0Ksection_end:`date +%s`:sg_test\r\e[0K"

- |

echo -e "\e[0Ksection_start:`date +%s`:sg_scan[collapsed=true]\r\e[0Kast-grep scan"

hatch run lint:sg

echo -e "\e[0Ksection_end:`date +%s`:sg_scan\r\e[0K"

microbenchmarks:

stage: benchmarks

needs: [ "download_ddtrace_artifacts" ]

rules:

- if: $RELEASE_ALLOW_BENCHMARK_FAILURES == "true"

allow_failure: true

- allow_failure: false

trigger:

include: .gitlab/benchmarks/microbenchmarks.yml

strategy: depend

variables:

PARENT_PIPELINE_ID: $CI_PIPELINE_ID

# Disable VPA for benchmarks

DD_DISABLE_VPA: true

macrobenchmarks:

stage: benchmarks

needs: [ "download_ddtrace_artifacts" ]

trigger:

include: .gitlab/benchmarks/macrobenchmarks.yml

variables:

PARENT_PIPELINE_ID: $CI_PIPELINE_ID

# Disable VPA for benchmarks

DD_DISABLE_VPA: true

allow_failure: true

rules:

- if: $CI_PIPELINE_SOURCE == "schedule"

when: always

- if: $CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+/

when: always

- when: manual

check_new_flaky_tests:

stage: tests

needs: ["run-tests-trigger"]

extends: .testrunner

script:

- export DD_SITE=datadoghq.com

- export DD_API_KEY=$(aws ssm get-parameter --region us-east-1 --name ci.${CI_PROJECT_NAME}.dd-api-key-qualitygate --with-decryption --query "Parameter.Value" --out text)

- export DD_APP_KEY=$(aws ssm get-parameter --region us-east-1 --name ci.${CI_PROJECT_NAME}.dd-app-key-qualitygate --with-decryption --query "Parameter.Value" --out text)

- datadog-ci gate evaluate

except:

- main

- '[0-9].[0-9]*'

- 'mq-working-branch**'

requirements_json_test:

rules:

- when: on_success

variables:

REQUIREMENTS_BLOCK_JSON_PATH: ".gitlab/requirements_block.json"

REQUIREMENTS_ALLOW_JSON_PATH: ".gitlab/requirements_allow.json"

package-oci:

needs: [ download_dependency_wheels, download_ddtrace_artifacts ]

promote-oci-to-prod:

stage: release

rules: null

only:

# TODO: Support publishing rc releases

- /^v[0-9]+\.[0-9]+\.[0-9]+$/

needs:

- job: release_pypi_prod

- job: package-oci

artifacts: true

- job: oci-internal-publish

artifacts: true

promote-oci-to-prod-beta:

stage: release

needs:

- job: package-oci

artifacts: true

- job: oci-internal-publish

artifacts: true

promote-oci-to-staging:

stage: release

needs:

- job: package-oci

artifacts: true

- job: oci-internal-publish

artifacts: true

publish-lib-init-pinned-tags:

stage: release

rules: null

only:

# TODO: Support publishing rc releases

- /^v[0-9]+\.[0-9]+\.[0-9]+$/

needs:

- job: release_pypi_prod

- job: create-multiarch-lib-injection-image

- job: generate-lib-init-pinned-tag-values

artifacts: true

configure_system_tests:

variables:

SYSTEM_TESTS_SCENARIOS_GROUPS: "simple_onboarding,simple_onboarding_profiling,simple_onboarding_appsec,docker-ssi,lib-injection"

deploy_to_reliability_env:

needs: []

deploy_to_di_backend:manual:

stage: shared-pipeline

rules:

- when: manual

allow_failure: true

trigger:

project: DataDog/debugger-demos

branch: main

variables:

UPSTREAM_PROJECT_ID: $CI_PROJECT_ID

UPSTREAM_PROJECT_NAME: $CI_PROJECT_NAME

UPSTREAM_COMMIT_SHORT_SHA: $CI_COMMIT_SHORT_SHA

UPSTREAM_PIPELINE_ID: $CI_PIPELINE_ID

UPSTREAM_COMMIT_AUTHOR: $CI_COMMIT_AUTHOR

UPSTREAM_TAG: $CI_COMMIT_TAG

UPSTREAM_PACKAGE_JOB: build