datadog-agent
datadog-agent copied to clipboard
DataDog
Add FIPS support to the Agent
What does this PR do?
This PR adds FIPS mode into the Agent and to do so it
- Uses new build images that include Microsoft Go
- Compile with
goexperiment.systemcryptowhen FIPS mode is enabled (Linux and Windows) - Build and ship OpenSSL with FIPS Provider (
fips.so)
Note that fips_mode refers to the fact that we compile using goexperiment.systemcrypto which allow to enable or disable FIPS at runtime. So the main Agent will be compiled to support FIPS, but it does not mean that it will be enable directly.
On Windows this is a host-level setting and on Linux you need to set GOFIPS=1 to enable FIPS.
Motivation
Supporting FIPS directly in the Agent
Describe how to test/QA your changes
Possible Drawbacks / Trade-offs
- This PR introduces pretty big changes, especially given that buildimages are now using microsoft go
Additional Notes
Test changes on VM
Use this command from test-infra-definitions to manually test this PR changes on a VM:
inv create-vm --pipeline-id=47334120 --os-family=ubuntu
Note: This applies to commit c812e497
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
Regression Detector
Regression Detector Results
Run ID: 06f65041-ae9a-43a9-a026-2e61234c4fd7 Metrics dashboard Target profiles
Baseline: 1c94b63d0b5bec51c258f946e76336a2802c0c6e Comparison: c812e497040deea3a8c6af310700ed59217c95f4
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
No significant changes in experiment optimization goals
Confidence level: 90.00% Effect size tolerance: |Δ mean %| ≥ 5.00%
There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | quality_gate_idle_all_features | memory utilization | +3.68 | [+3.59, +3.78] | 1 | Logs bounds checks dashboard |
| ➖ | file_tree | memory utilization | +3.54 | [+3.41, +3.67] | 1 | Logs |
| ➖ | idle_all_features | memory utilization | +3.39 | [+3.29, +3.50] | 1 | Logs bounds checks dashboard |
| ➖ | quality_gate_idle | memory utilization | +3.15 | [+3.11, +3.20] | 1 | Logs bounds checks dashboard |
| ➖ | idle | memory utilization | +2.91 | [+2.86, +2.96] | 1 | Logs bounds checks dashboard |
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | +0.44 | [-0.27, +1.16] | 1 | Logs |
| ➖ | file_to_blackhole_1000ms_latency | egress throughput | +0.40 | [-0.09, +0.89] | 1 | Logs |
| ➖ | file_to_blackhole_500ms_latency | egress throughput | +0.16 | [-0.08, +0.41] | 1 | Logs |
| ➖ | file_to_blackhole_0ms_latency | egress throughput | +0.01 | [-0.33, +0.35] | 1 | Logs |
| ➖ | file_to_blackhole_100ms_latency | egress throughput | +0.01 | [-0.21, +0.23] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | +0.00 | [-0.10, +0.10] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | +0.00 | [-0.01, +0.01] | 1 | Logs |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | -0.09 | [-0.14, -0.04] | 1 | Logs |
| ➖ | file_to_blackhole_300ms_latency | egress throughput | -0.18 | [-0.36, +0.00] | 1 | Logs |
| ➖ | otel_to_otel_logs | ingress throughput | -0.90 | [-1.71, -0.09] | 1 | Logs |
| ➖ | basic_py_check | % cpu utilization | -1.59 | [-4.32, +1.14] | 1 | Logs |
| ➖ | pycheck_lots_of_tags | % cpu utilization | -2.32 | [-4.84, +0.20] | 1 | Logs |
Bounds Checks
| perf | experiment | bounds_check_name | replicates_passed |
|---|---|---|---|
| ❌ | idle | memory_usage | 8/10 |
| ❌ | quality_gate_idle | memory_usage | 8/10 |
| ❌ | idle_all_features | memory_usage | 9/10 |
| ✅ | file_to_blackhole_0ms_latency | memory_usage | 10/10 |
| ✅ | file_to_blackhole_1000ms_latency | memory_usage | 10/10 |
| ✅ | file_to_blackhole_100ms_latency | memory_usage | 10/10 |
| ✅ | file_to_blackhole_300ms_latency | memory_usage | 10/10 |
| ✅ | file_to_blackhole_500ms_latency | memory_usage | 10/10 |
| ✅ | quality_gate_idle_all_features | memory_usage | 10/10 |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
Gitlab CI Configuration Changes
Modified Jobs
stages (configuration)
stages:
- .pre
- setup
- maintenance_jobs
- deps_build
- deps_fetch
- lint
- source_test
- source_test_stats
- software_composition_analysis
- binary_build
- package_deps_build
- kernel_matrix_testing_prepare
- kernel_matrix_testing_system_probe
- kernel_matrix_testing_security_agent
- kernel_matrix_testing_cleanup
- integration_test
- benchmarks
- package_build
- packaging
- pkg_metrics
- kitchen_deploy
- kitchen_testing
- container_build
- container_scan
- check_deploy
- dev_container_deploy
- deploy_containers
- deploy_packages
- deploy_cws_instrumentation
- deploy_dca
+ - fips_compliance_e2e
+ - trigger_release
- choco_and_install_script_build
- trigger_release
- choco_and_install_script_deploy
- internal_image_deploy
- install_script_testing
- e2e_pre_test
- e2e_init
- e2e
- e2e_cleanup
- e2e_k8s
- e2e_install_packages
- kitchen_cleanup
- functional_test
- functional_test_cleanup
- junit_upload
- internal_kubernetes_deploy
- post_rc_build
- check_merge
- notify
- .post
variables (configuration)
variables:
AGENT_API_KEY_ORG2: agent-api-key-org-2
AGENT_APP_KEY_ORG2: agent-ci-app-key-org-2
AGENT_BINARIES_DIR: bin/agent
AGENT_GITHUB_APP: agent-github-app
AGENT_GITHUB_APP_ID: ci.datadog-agent.platform-github-app-id
AGENT_GITHUB_INSTALLATION_ID: ci.datadog-agent.platform-github-app-installation-id
AGENT_GITHUB_KEY: ci.datadog-agent.platform-github-app-key
AGENT_QA_E2E: agent-qa-e2e
AGENT_QA_PROFILE: ci.datadog-agent.agent-qa-profile
API_KEY_DDDEV: ci.datadog-agent.datadog_api_key
API_KEY_ORG2: ci.datadog-agent.datadog_api_key_org2
APP_KEY_ORG2: ci.datadog-agent.datadog_app_key_org2
ARTIFACT_DOWNLOAD_ATTEMPTS: 2
ATLASSIAN_WRITE: atlassian-write
BTFHUB_ARCHIVE_BRANCH: main
BUCKET_BRANCH: dev
CHANGELOG_COMMIT_SHA: ci.datadog-agent.gitlab_changelog_commit_sha
CHOCOLATEY_API_KEY: ci.datadog-agent.chocolatey_api_key
CLANG_LLVM_VER: 12.0.1
CLUSTER_AGENT_BINARIES_DIR: bin/datadog-cluster-agent
CLUSTER_AGENT_CLOUDFOUNDRY_BINARIES_DIR: bin/datadog-cluster-agent-cloudfoundry
CODECOV_TOKEN: ci.datadog-agent.codecov_token
CWS_INSTRUMENTATION_BINARIES_DIR: bin/cws-instrumentation
- DATADOG_AGENT_ARMBUILDIMAGES: v46542806-c7a4a6be
+ DATADOG_AGENT_ARMBUILDIMAGES: v47045819-6dc0f64d
- DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX: ''
? ^^
+ DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX: _test_only
? ^^^^^^^^^^
- DATADOG_AGENT_BTF_GEN_BUILDIMAGES: v46542806-c7a4a6be
+ DATADOG_AGENT_BTF_GEN_BUILDIMAGES: v47045819-6dc0f64d
- DATADOG_AGENT_BTF_GEN_BUILDIMAGES_SUFFIX: ''
? ^^
+ DATADOG_AGENT_BTF_GEN_BUILDIMAGES_SUFFIX: _test_only
? ^^^^^^^^^^
- DATADOG_AGENT_BUILDIMAGES: v46542806-c7a4a6be
+ DATADOG_AGENT_BUILDIMAGES: v47045819-6dc0f64d
- DATADOG_AGENT_BUILDIMAGES_SUFFIX: ''
? ^^
+ DATADOG_AGENT_BUILDIMAGES_SUFFIX: _test_only
? ^^^^^^^^^^
DATADOG_AGENT_EMBEDDED_PATH: /opt/datadog-agent/embedded
- DATADOG_AGENT_SYSPROBE_BUILDIMAGES: v46542806-c7a4a6be
? ^ ^^^^^^^^^^^^^
+ DATADOG_AGENT_SYSPROBE_BUILDIMAGES: v47045819-6dc0f64d
? ++++++++ ^^^^^ ^
- DATADOG_AGENT_SYSPROBE_BUILDIMAGES_SUFFIX: ''
? ^^
+ DATADOG_AGENT_SYSPROBE_BUILDIMAGES_SUFFIX: _test_only
? ^^^^^^^^^^
- DATADOG_AGENT_WINBUILDIMAGES: v46542806-c7a4a6be
+ DATADOG_AGENT_WINBUILDIMAGES: v47045819-6dc0f64d
- DATADOG_AGENT_WINBUILDIMAGES_SUFFIX: ''
? ^^
+ DATADOG_AGENT_WINBUILDIMAGES_SUFFIX: _test_only
? ^^^^^^^^^^
DD_AGENT_TESTING_DIR: $CI_PROJECT_DIR/test/kitchen
DD_PKG_VERSION: latest
DEB_GPG_KEY: ci.datadog-agent.deb_signing_private_key_${DEB_GPG_KEY_ID}
DEB_GPG_KEY_ID: c0962c7d
DEB_GPG_KEY_NAME: Datadog, Inc. APT key
DEB_RPM_TESTING_BUCKET_BRANCH: testing
DEB_S3_BUCKET: apt.datad0g.com
DEB_SIGNING_PASSPHRASE: ci.datadog-agent.deb_signing_key_passphrase_${DEB_GPG_KEY_ID}
DEB_TESTING_S3_BUCKET: apttesting.datad0g.com
DOCKER_REGISTRY_LOGIN: ci.datadog-agent.docker_hub_login
DOCKER_REGISTRY_PWD: ci.datadog-agent.docker_hub_pwd
DOCKER_REGISTRY_RO: dockerhub-readonly
DOCKER_REGISTRY_URL: docker.io
DOGSTATSD_BINARIES_DIR: bin/dogstatsd
E2E_PULUMI_CONFIG_PASSPHRASE: ci.datadog-agent.pulumi_password
E2E_TESTS_API_KEY: ci.datadog-agent.e2e_tests_api_key
E2E_TESTS_APP_KEY: ci.datadog-agent.e2e_tests_app_key
E2E_TESTS_AZURE_CLIENT_ID: ci.datadog-agent.e2e_tests_azure_client_id
E2E_TESTS_AZURE_CLIENT_SECRET: ci.datadog-agent.e2e_tests_azure_client_secret
E2E_TESTS_AZURE_SUBSCRIPTION_ID: ci.datadog-agent.e2e_tests_azure_subscription_id
E2E_TESTS_AZURE_TENANT_ID: ci.datadog-agent.e2e_tests_azure_tenant_id
E2E_TESTS_GCP_CREDENTIALS: ci.datadog-agent.e2e_tests_gcp_credentials
E2E_TESTS_RC_KEY: ci.datadog-agent.e2e_tests_rc_key
EXECUTOR_JOB_SECTION_ATTEMPTS: 2
FF_KUBERNETES_HONOR_ENTRYPOINT: true
FF_SCRIPT_SECTIONS: 1
GENERAL_ARTIFACTS_CACHE_BUCKET_URL: https://dd-agent-omnibus.s3.amazonaws.com
GET_SOURCES_ATTEMPTS: 2
GITHUB_PR_COMMENTER_APP_KEY: pr-commenter.github_app_key
GITHUB_PR_COMMENTER_INSTALLATION_ID: pr-commenter.github_installation_id
GITHUB_PR_COMMENTER_INTEGRATION_ID: pr-commenter.github_integration_id
GITLAB_FULL_API_TOKEN: ci.datadog-agent.gitlab_full_api_token
GITLAB_READ_API_TOKEN: ci.datadog-agent.gitlab_read_api_token
GITLAB_SCHEDULER_TOKEN: ci.datadog-agent.gitlab_pipelines_scheduler_token
GITLAB_TOKEN: gitlab-token
GO_TEST_SKIP_FLAKE: 'true'
INSTALL_SCRIPT_API_KEY: ci.agent-linux-install-script.datadog_api_key_2
INSTALL_SCRIPT_API_KEY_ORG2: install-script-api-key-org-2
INTEGRATION_WHEELS_CACHE_BUCKET: dd-agent-omnibus
JIRA_READ_API_TOKEN: ci.datadog-agent.jira_read_api_token
KERNEL_MATRIX_TESTING_ARM_AMI_ID: ami-02fbd245475d6a63d
KERNEL_MATRIX_TESTING_X86_AMI_ID: ami-013ea43cbe85107c0
KITCHEN_AZURE_CLIENT_ID: ci.datadog-agent.azure_kitchen_client_id
KITCHEN_AZURE_CLIENT_SECRET: ci.datadog-agent.azure_kitchen_client_secret
KITCHEN_AZURE_SUBSCRIPTION_ID: ci.datadog-agent.azure_kitchen_subscription_id
KITCHEN_AZURE_TENANT_ID: ci.datadog-agent.azure_kitchen_tenant_id
KITCHEN_EC2_SSH_KEY: ci.datadog-agent.aws_ec2_kitchen_ssh_key
KITCHEN_INFRASTRUCTURE_FLAKES_RETRY: 2
MACOS_GITHUB_APP_1: macos-github-app-one
MACOS_GITHUB_APP_2: macos-github-app-two
MACOS_GITHUB_APP_ID: ci.datadog-agent.macos_github_app_id
MACOS_GITHUB_APP_ID_2: ci.datadog-agent.macos_github_app_id_2
MACOS_GITHUB_INSTALLATION_ID: ci.datadog-agent.macos_github_installation_id
MACOS_GITHUB_INSTALLATION_ID_2: ci.datadog-agent.macos_github_installation_id_2
MACOS_GITHUB_KEY: ci.datadog-agent.macos_github_key_b64
MACOS_GITHUB_KEY_2: ci.datadog-agent.macos_github_key_b64_2
MACOS_S3_BUCKET: dd-agent-macostesting
OMNIBUS_BASE_DIR: /omnibus
OMNIBUS_GIT_CACHE_DIR: /tmp/omnibus-git-cache
OMNIBUS_PACKAGE_DIR: $CI_PROJECT_DIR/omnibus/pkg/
OMNIBUS_PACKAGE_DIR_SUSE: $CI_PROJECT_DIR/omnibus/suse/pkg
PROCESS_S3_BUCKET: datad0g-process-agent
RELEASE_VERSION_6: nightly
RELEASE_VERSION_7: nightly-a7
RESTORE_CACHE_ATTEMPTS: 2
RPM_GPG_KEY: ci.datadog-agent.rpm_signing_private_key_${RPM_GPG_KEY_ID}
RPM_GPG_KEY_ID: b01082d3
RPM_GPG_KEY_NAME: Datadog, Inc. RPM key
RPM_S3_BUCKET: yum.datad0g.com
RPM_SIGNING_PASSPHRASE: ci.datadog-agent.rpm_signing_key_passphrase_${RPM_GPG_KEY_ID}
RPM_TESTING_S3_BUCKET: yumtesting.datad0g.com
RUN_E2E_TESTS: auto
RUN_KMT_TESTS: auto
RUN_UNIT_TESTS: auto
S3_ARTIFACTS_URI: s3://dd-ci-artefacts-build-stable/$CI_PROJECT_NAME/$CI_PIPELINE_ID
S3_CP_CMD: aws s3 cp $S3_CP_OPTIONS
S3_CP_OPTIONS: --no-progress --region us-east-1 --sse AES256
S3_DD_AGENT_OMNIBUS_BTFS_URI: s3://dd-agent-omnibus/btfs
S3_DD_AGENT_OMNIBUS_LLVM_URI: s3://dd-agent-omnibus/llvm
S3_DSD6_URI: s3://dsd6-staging
S3_OMNIBUS_CACHE_BUCKET: dd-ci-datadog-agent-omnibus-cache-build-stable
S3_PERMANENT_ARTIFACTS_URI: s3://dd-ci-persistent-artefacts-build-stable/$CI_PROJECT_NAME
S3_PROJECT_ARTIFACTS_URI: s3://dd-ci-artefacts-build-stable/$CI_PROJECT_NAME
S3_RELEASE_ARTIFACTS_URI: s3://dd-release-artifacts/$CI_PROJECT_NAME/$CI_PIPELINE_ID
S3_RELEASE_INSTALLER_ARTIFACTS_URI: s3://dd-release-artifacts/datadog-installer/$CI_PIPELINE_ID
S3_SBOM_STORAGE_URI: s3://sbom-root-us1-ddbuild-io/$CI_PROJECT_NAME/$CI_PIPELINE_ID
SLACK_AGENT: slack-agent-ci
SLACK_AGENT_CI_TOKEN: ci.datadog-agent.slack_agent_ci_token
SMP_ACCOUNT_ID: ci.datadog-agent.single-machine-performance-account-id
SMP_AGENT_TEAM_ID: ci.datadog-agent.single-machine-performance-agent-team-id
SMP_API: ci.datadog-agent.single-machine-performance-api
SMP_BOT_ACCESS_KEY: ci.datadog-agent.single-machine-performance-bot-access-key
SMP_BOT_ACCESS_KEY_ID: ci.datadog-agent.single-machine-performance-bot-access-key-id
SSH_KEY: ci.datadog-agent.ssh_key
SSH_KEY_RSA: ci.datadog-agent.ssh_key_rsa
SSH_PUBLIC_KEY_RSA: ci.datadog-agent.ssh_public_key_rsa
STATIC_BINARIES_DIR: bin/static
SYSTEM_PROBE_BINARIES_DIR: bin/system-probe
USE_S3_CACHING: --omnibus-s3-cache
VCPKG_BLOB_SAS_URL: ci.datadog-agent-buildimages.vcpkg_blob_sas_url
WINDOWS_BUILDS_S3_BUCKET: $WIN_S3_BUCKET/builds
WINDOWS_POWERSHELL_DIR: $CI_PROJECT_DIR/signed_scripts
WINDOWS_TESTING_S3_BUCKET_A6: pipelines/A6/$CI_PIPELINE_ID
WINDOWS_TESTING_S3_BUCKET_A7: pipelines/A7/$CI_PIPELINE_ID
WINGET_PAT: ci.datadog-agent.winget_pat
WIN_S3_BUCKET: dd-agent-mstesting
.agent_7_build
.agent_7_build:
before_script:
- export RELEASE_VERSION=$RELEASE_VERSION_7
variables:
AGENT_MAJOR_VERSION: 7
+ FIPS_MODE_ARG: --fips-mode
FLAVOR: base
PYTHON_RUNTIMES: '3'
.agent_build_common
.agent_build_common:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache.tar.xz
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- rm -rf $OMNIBUS_PACKAGE_DIR/*
- tar -xf $CI_PROJECT_DIR/sysprobe-build-outputs.tar.xz
- mkdir -p /tmp/system-probe
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/clang-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/clang-bpf
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/llc-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/llc-bpf
- cp $CI_PROJECT_DIR/minimized-btfs.tar.xz /tmp/system-probe/minimized-btfs.tar.xz
- chmod 0744 /tmp/system-probe/clang-bpf /tmp/system-probe/llc-bpf
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build ${FIPS_MODE_ARG} --release-version "$RELEASE_VERSION" --major-version
? +++++++++++++++++
- --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps --go-mod-cache="$GOPATH/pkg/mod"
- --system-probe-bin=/tmp/system-probe --flavor "$FLAVOR" --config-directory "$CONFIG_DIR"
- --install-directory "$INSTALL_DIR"
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps
+ --go-mod-cache="$GOPATH/pkg/mod" --system-probe-bin=/tmp/system-probe --flavor
+ "$FLAVOR" --config-directory "$CONFIG_DIR" --install-directory "$INSTALL_DIR"
- ls -la $OMNIBUS_PACKAGE_DIR
- $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
stage: package_build
variables:
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
.agent_build_script
.agent_build_script:
- echo "About to build for $RELEASE_VERSION"
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache.tar.xz
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- rm -rf $OMNIBUS_PACKAGE_DIR/*
- tar -xf $CI_PROJECT_DIR/sysprobe-build-outputs.tar.xz
- mkdir -p /tmp/system-probe
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/clang-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/clang-bpf
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/llc-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/llc-bpf
- cp $CI_PROJECT_DIR/minimized-btfs.tar.xz /tmp/system-probe/minimized-btfs.tar.xz
- chmod 0744 /tmp/system-probe/clang-bpf /tmp/system-probe/llc-bpf
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build ${FIPS_MODE_ARG} --release-version "$RELEASE_VERSION" --major-version
? +++++++++++++++++
- --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps --go-mod-cache="$GOPATH/pkg/mod"
- --system-probe-bin=/tmp/system-probe --flavor "$FLAVOR" --config-directory "$CONFIG_DIR"
- --install-directory "$INSTALL_DIR"
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps
+ --go-mod-cache="$GOPATH/pkg/mod" --system-probe-bin=/tmp/system-probe --flavor "$FLAVOR"
+ --config-directory "$CONFIG_DIR" --install-directory "$INSTALL_DIR"
- ls -la $OMNIBUS_PACKAGE_DIR
- $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
.package_deb_common
.package_deb_common:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
script:
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- echo "About to package for $RELEASE_VERSION"
- set +x
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- DEB_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_SIGNING_PASSPHRASE)
|| exit $?; export DEB_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project
+ ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
variables:
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-deb.txt
.package_rpm_common
.package_rpm_common:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
variables:
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-rpm.txt
.package_suse_rpm_common
.package_suse_rpm_common:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR_SUSE
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
- mkdir -p $OMNIBUS_PACKAGE_DIR_SUSE && mv $OMNIBUS_PACKAGE_DIR/*.rpm $OMNIBUS_PACKAGE_DIR_SUSE/
stage: packaging
variables:
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_EXTRA_ARGS: --host-distribution=suse
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-rpm.txt
agent_deb-arm64-a7
agent_deb-arm64-a7:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/deb_arm64$DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX:$DATADOG_AGENT_ARMBUILDIMAGES
needs:
- datadog-agent-7-arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- echo "About to package for $RELEASE_VERSION"
- set +x
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- DEB_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_SIGNING_PASSPHRASE)
|| exit $?; export DEB_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project
+ ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: arm64
DD_PROJECT: agent
DESTINATION_DEB: datadog-agent_7_arm64.deb
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: arm64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-deb.txt
RELEASE_VERSION: $RELEASE_VERSION_7
agent_deb-x64-a7
agent_deb-x64-a7:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/deb_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- datadog-agent-7-x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- echo "About to package for $RELEASE_VERSION"
- set +x
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- DEB_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_SIGNING_PASSPHRASE)
|| exit $?; export DEB_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project
+ ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PROJECT: agent
DESTINATION_DEB: datadog-agent_7_amd64.deb
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-deb.txt
RELEASE_VERSION: $RELEASE_VERSION_7
agent_rpm-arm64-a7
agent_rpm-arm64-a7:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_arm64$DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX:$DATADOG_AGENT_ARMBUILDIMAGES
needs:
- datadog-agent-7-arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: arm64
DD_PROJECT: agent
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: arm64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-rpm.txt
RELEASE_VERSION: $RELEASE_VERSION_7
agent_rpm-x64-a7
agent_rpm-x64-a7:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- datadog-agent-7-x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PROJECT: agent
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-rpm.txt
RELEASE_VERSION: $RELEASE_VERSION_7
agent_suse-arm64-a7
agent_suse-arm64-a7:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR_SUSE
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_arm64$DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX:$DATADOG_AGENT_ARMBUILDIMAGES
needs:
- datadog-agent-7-arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
- mkdir -p $OMNIBUS_PACKAGE_DIR_SUSE && mv $OMNIBUS_PACKAGE_DIR/*.rpm $OMNIBUS_PACKAGE_DIR_SUSE/
stage: packaging
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: arm64
DD_PRODUCT: agent
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_EXTRA_ARGS: --host-distribution=suse
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: arm64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-rpm.txt
RELEASE_VERSION: $RELEASE_VERSION_7
agent_suse-x64-a7
agent_suse-x64-a7:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR_SUSE
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- datadog-agent-7-x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
- mkdir -p $OMNIBUS_PACKAGE_DIR_SUSE && mv $OMNIBUS_PACKAGE_DIR/*.rpm $OMNIBUS_PACKAGE_DIR_SUSE/
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PRODUCT: agent
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_EXTRA_ARGS: --host-distribution=suse
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/agent-rpm.txt
RELEASE_VERSION: $RELEASE_VERSION_7
datadog-agent-7-arm64
datadog-agent-7-arm64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script:
- export RELEASE_VERSION=$RELEASE_VERSION_7
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux-glibc-2-23-arm64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- go_mod_tidy_check
- build_system-probe-arm64
- go_deps
- generate_minimized_btfs_arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache.tar.xz
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- rm -rf $OMNIBUS_PACKAGE_DIR/*
- tar -xf $CI_PROJECT_DIR/sysprobe-build-outputs.tar.xz
- mkdir -p /tmp/system-probe
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/clang-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/clang-bpf
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/llc-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/llc-bpf
- cp $CI_PROJECT_DIR/minimized-btfs.tar.xz /tmp/system-probe/minimized-btfs.tar.xz
- chmod 0744 /tmp/system-probe/clang-bpf /tmp/system-probe/llc-bpf
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build ${FIPS_MODE_ARG} --release-version "$RELEASE_VERSION" --major-version
? +++++++++++++++++
- --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps --go-mod-cache="$GOPATH/pkg/mod"
- --system-probe-bin=/tmp/system-probe --flavor "$FLAVOR" --config-directory "$CONFIG_DIR"
- --install-directory "$INSTALL_DIR"
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps
+ --go-mod-cache="$GOPATH/pkg/mod" --system-probe-bin=/tmp/system-probe --flavor
+ "$FLAVOR" --config-directory "$CONFIG_DIR" --install-directory "$INSTALL_DIR"
- ls -la $OMNIBUS_PACKAGE_DIR
- $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
stage: package_build
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_CC: aarch64-unknown-linux-gnu-gcc
DD_CMAKE_TOOLCHAIN: /opt/cmake/aarch64-unknown-linux-gnu.toolchain.cmake
DD_CXX: aarch64-unknown-linux-gnu-g++
+ FIPS_MODE_ARG: --fips-mode
FLAVOR: base
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
PACKAGE_ARCH: arm64
PYTHON_RUNTIMES: '3'
datadog-agent-7-x64
datadog-agent-7-x64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script:
- export RELEASE_VERSION=$RELEASE_VERSION_7
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux-glibc-2-17-x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- go_mod_tidy_check
- build_system-probe-x64
- go_deps
- generate_minimized_btfs_x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache.tar.xz
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- rm -rf $OMNIBUS_PACKAGE_DIR/*
- tar -xf $CI_PROJECT_DIR/sysprobe-build-outputs.tar.xz
- mkdir -p /tmp/system-probe
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/clang-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/clang-bpf
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/llc-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/llc-bpf
- cp $CI_PROJECT_DIR/minimized-btfs.tar.xz /tmp/system-probe/minimized-btfs.tar.xz
- chmod 0744 /tmp/system-probe/clang-bpf /tmp/system-probe/llc-bpf
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build ${FIPS_MODE_ARG} --release-version "$RELEASE_VERSION" --major-version
? +++++++++++++++++
- --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps --go-mod-cache="$GOPATH/pkg/mod"
- --system-probe-bin=/tmp/system-probe --flavor "$FLAVOR" --config-directory "$CONFIG_DIR"
- --install-directory "$INSTALL_DIR"
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps
+ --go-mod-cache="$GOPATH/pkg/mod" --system-probe-bin=/tmp/system-probe --flavor
+ "$FLAVOR" --config-directory "$CONFIG_DIR" --install-directory "$INSTALL_DIR"
- ls -la $OMNIBUS_PACKAGE_DIR
- $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
stage: package_build
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_CC: x86_64-unknown-linux-gnu-gcc
DD_CMAKE_TOOLCHAIN: /opt/cmake/x86_64-unknown-linux-gnu.toolchain.cmake
DD_CXX: x86_64-unknown-linux-gnu-g++
+ FIPS_MODE_ARG: --fips-mode
FLAVOR: base
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
PACKAGE_ARCH: amd64
PYTHON_RUNTIMES: '3'
datadog-agent-7-x64-custom-path-test
datadog-agent-7-x64-custom-path-test:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script:
- export RELEASE_VERSION=$RELEASE_VERSION_7
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux-glibc-2-17-x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- go_mod_tidy_check
- build_system-probe-x64
- go_deps
- generate_minimized_btfs_x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- mkdir /custom
- export CONFIG_DIR="/custom"
- export INSTALL_DIR="/custom/datadog-agent"
- echo "About to build for $RELEASE_VERSION"
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache.tar.xz
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- rm -rf $OMNIBUS_PACKAGE_DIR/*
- tar -xf $CI_PROJECT_DIR/sysprobe-build-outputs.tar.xz
- mkdir -p /tmp/system-probe
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/clang-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/clang-bpf
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/llc-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/llc-bpf
- cp $CI_PROJECT_DIR/minimized-btfs.tar.xz /tmp/system-probe/minimized-btfs.tar.xz
- chmod 0744 /tmp/system-probe/clang-bpf /tmp/system-probe/llc-bpf
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build ${FIPS_MODE_ARG} --release-version "$RELEASE_VERSION" --major-version
? +++++++++++++++++
- --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps --go-mod-cache="$GOPATH/pkg/mod"
- --system-probe-bin=/tmp/system-probe --flavor "$FLAVOR" --config-directory "$CONFIG_DIR"
- --install-directory "$INSTALL_DIR"
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps
+ --go-mod-cache="$GOPATH/pkg/mod" --system-probe-bin=/tmp/system-probe --flavor
+ "$FLAVOR" --config-directory "$CONFIG_DIR" --install-directory "$INSTALL_DIR"
- ls -la $OMNIBUS_PACKAGE_DIR
- $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
- ls -la $OMNIBUS_PACKAGE_DIR
- ls -la $INSTALL_DIR
- ls -la /custom/etc
- (ls -la /opt/datadog-agent 2>/dev/null && exit 1) || echo "/opt/datadog-agent
has correctly not been generated"
- (ls -la /etc/datadog-agent 2>/dev/null && exit 1) || echo "/etc/datadog-agent
has correctly not been generated"
stage: package_build
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_CC: x86_64-unknown-linux-gnu-gcc
DD_CMAKE_TOOLCHAIN: /opt/cmake/x86_64-unknown-linux-gnu.toolchain.cmake
DD_CXX: x86_64-unknown-linux-gnu-g++
+ FIPS_MODE_ARG: --fips-mode
FLAVOR: base
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
PACKAGE_ARCH: amd64
PYTHON_RUNTIMES: '3'
datadog-ot-agent-7-arm64
datadog-ot-agent-7-arm64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script:
- export RELEASE_VERSION=$RELEASE_VERSION_7
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux-glibc-2-23-arm64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- go_mod_tidy_check
- build_system-probe-arm64
- go_deps
- generate_minimized_btfs_arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache.tar.xz
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- rm -rf $OMNIBUS_PACKAGE_DIR/*
- tar -xf $CI_PROJECT_DIR/sysprobe-build-outputs.tar.xz
- mkdir -p /tmp/system-probe
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/clang-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/clang-bpf
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/llc-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/llc-bpf
- cp $CI_PROJECT_DIR/minimized-btfs.tar.xz /tmp/system-probe/minimized-btfs.tar.xz
- chmod 0744 /tmp/system-probe/clang-bpf /tmp/system-probe/llc-bpf
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build ${FIPS_MODE_ARG} --release-version "$RELEASE_VERSION" --major-version
? +++++++++++++++++
- --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps --go-mod-cache="$GOPATH/pkg/mod"
- --system-probe-bin=/tmp/system-probe --flavor "$FLAVOR" --config-directory "$CONFIG_DIR"
- --install-directory "$INSTALL_DIR"
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps
+ --go-mod-cache="$GOPATH/pkg/mod" --system-probe-bin=/tmp/system-probe --flavor
+ "$FLAVOR" --config-directory "$CONFIG_DIR" --install-directory "$INSTALL_DIR"
- ls -la $OMNIBUS_PACKAGE_DIR
- $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
stage: package_build
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_CC: aarch64-unknown-linux-gnu-gcc
DD_CMAKE_TOOLCHAIN: /opt/cmake/aarch64-unknown-linux-gnu.toolchain.cmake
DD_CXX: aarch64-unknown-linux-gnu-g++
FLAVOR: ot
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
PACKAGE_ARCH: arm64
PYTHON_RUNTIMES: '3'
datadog-ot-agent-7-x64
datadog-ot-agent-7-x64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script:
- export RELEASE_VERSION=$RELEASE_VERSION_7
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: registry.ddbuild.io/ci/datadog-agent-buildimages/linux-glibc-2-17-x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- go_mod_tidy_check
- build_system-probe-x64
- go_deps
- generate_minimized_btfs_x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache.tar.xz
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- rm -rf $OMNIBUS_PACKAGE_DIR/*
- tar -xf $CI_PROJECT_DIR/sysprobe-build-outputs.tar.xz
- mkdir -p /tmp/system-probe
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/clang-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/clang-bpf
- $S3_CP_CMD $S3_PERMANENT_ARTIFACTS_URI/llc-$CLANG_LLVM_VER.${PACKAGE_ARCH} /tmp/system-probe/llc-bpf
- cp $CI_PROJECT_DIR/minimized-btfs.tar.xz /tmp/system-probe/minimized-btfs.tar.xz
- chmod 0744 /tmp/system-probe/clang-bpf /tmp/system-probe/llc-bpf
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build ${FIPS_MODE_ARG} --release-version "$RELEASE_VERSION" --major-version
? +++++++++++++++++
- --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps --go-mod-cache="$GOPATH/pkg/mod"
- --system-probe-bin=/tmp/system-probe --flavor "$FLAVOR" --config-directory "$CONFIG_DIR"
- --install-directory "$INSTALL_DIR"
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR ${USE_S3_CACHING} --skip-deps
+ --go-mod-cache="$GOPATH/pkg/mod" --system-probe-bin=/tmp/system-probe --flavor
+ "$FLAVOR" --config-directory "$CONFIG_DIR" --install-directory "$INSTALL_DIR"
- ls -la $OMNIBUS_PACKAGE_DIR
- $S3_CP_CMD $OMNIBUS_PACKAGE_DIR/version-manifest.json $S3_SBOM_STORAGE_URI/$CI_JOB_NAME/version-manifest.json
stage: package_build
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_CC: x86_64-unknown-linux-gnu-gcc
DD_CMAKE_TOOLCHAIN: /opt/cmake/x86_64-unknown-linux-gnu.toolchain.cmake
DD_CXX: x86_64-unknown-linux-gnu-g++
FLAVOR: ot
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
PACKAGE_ARCH: amd64
PYTHON_RUNTIMES: '3'
dogstatsd_deb-arm64
dogstatsd_deb-arm64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/deb_arm64$DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX:$DATADOG_AGENT_ARMBUILDIMAGES
needs:
- dogstatsd-arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- echo "About to package for $RELEASE_VERSION"
- set +x
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- DEB_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_SIGNING_PASSPHRASE)
|| exit $?; export DEB_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project
+ ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: arm64
DD_PROJECT: dogstatsd
DESTINATION_DEB: datadog-dogstatsd_arm64.deb
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: arm64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/dogstatsd-deb.txt
RELEASE_VERSION: $RELEASE_VERSION_7
dogstatsd_deb-x64
dogstatsd_deb-x64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/deb_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- dogstatsd-x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- echo "About to package for $RELEASE_VERSION"
- set +x
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- DEB_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_SIGNING_PASSPHRASE)
|| exit $?; export DEB_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project
+ ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PROJECT: dogstatsd
DESTINATION_DEB: datadog-dogstatsd_amd64.deb
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/dogstatsd-deb.txt
RELEASE_VERSION: $RELEASE_VERSION_7
dogstatsd_rpm-x64
dogstatsd_rpm-x64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- dogstatsd-x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PROJECT: dogstatsd
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/dogstatsd-rpm.txt
RELEASE_VERSION: $RELEASE_VERSION_7
dogstatsd_suse-x64
dogstatsd_suse-x64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR_SUSE
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- dogstatsd-x64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
- mkdir -p $OMNIBUS_PACKAGE_DIR_SUSE && mv $OMNIBUS_PACKAGE_DIR/*.rpm $OMNIBUS_PACKAGE_DIR_SUSE/
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PROJECT: dogstatsd
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_EXTRA_ARGS: --host-distribution=suse
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: test/required_files/dogstatsd-rpm.txt
RELEASE_VERSION: $RELEASE_VERSION_7
installer_deb-amd64
installer_deb-amd64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/deb_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- installer-amd64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- echo "About to package for $RELEASE_VERSION"
- set +x
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- DEB_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_SIGNING_PASSPHRASE)
|| exit $?; export DEB_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project
+ ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PROJECT: installer
DESTINATION_DEB: datadog-installer_7_amd64.deb
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: ''
RELEASE_VERSION: $RELEASE_VERSION_7
installer_deb-arm64
installer_deb-arm64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/deb_arm64$DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX:$DATADOG_AGENT_ARMBUILDIMAGES
needs:
- installer-arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- echo "About to package for $RELEASE_VERSION"
- set +x
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- DEB_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $DEB_SIGNING_PASSPHRASE)
|| exit $?; export DEB_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project
+ ${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: arm64
DD_PROJECT: installer
DESTINATION_DEB: datadog-installer_7_arm64.deb
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: arm64
PACKAGE_REQUIRED_FILES_LIST: ''
RELEASE_VERSION: $RELEASE_VERSION_7
installer_rpm-amd64
installer_rpm-amd64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- installer-amd64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PROJECT: installer
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: ''
RELEASE_VERSION: $RELEASE_VERSION_7
installer_rpm-arm64
installer_rpm-arm64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_arm64$DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX:$DATADOG_AGENT_ARMBUILDIMAGES
needs:
- installer-arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
stage: packaging
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: arm64
DD_PROJECT: installer
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: arm64
PACKAGE_REQUIRED_FILES_LIST: ''
RELEASE_VERSION: $RELEASE_VERSION_7
installer_suse_rpm-amd64
installer_suse_rpm-amd64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR_SUSE
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_x64$DATADOG_AGENT_BUILDIMAGES_SUFFIX:$DATADOG_AGENT_BUILDIMAGES
needs:
- installer-amd64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
- mkdir -p $OMNIBUS_PACKAGE_DIR_SUSE && mv $OMNIBUS_PACKAGE_DIR/*.rpm $OMNIBUS_PACKAGE_DIR_SUSE/
stage: packaging
tags:
- arch:amd64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: x86_64
DD_PROJECT: installer
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_EXTRA_ARGS: --host-distribution=suse
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: amd64
PACKAGE_REQUIRED_FILES_LIST: ''
RELEASE_VERSION: $RELEASE_VERSION_7
installer_suse_rpm-arm64
installer_suse_rpm-arm64:
artifacts:
expire_in: 2 weeks
paths:
- $OMNIBUS_PACKAGE_DIR_SUSE
before_script: null
cache:
- key:
files:
- omnibus/Gemfile
- release.json
prefix: omnibus-deps-$CI_JOB_NAME-$OMNIBUS_RUBY_VERSION-$OMNIBUS_SOFTWARE
paths:
- omnibus/vendor/bundle
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/datadog-agent-buildimages/rpm_arm64$DATADOG_AGENT_ARMBUILDIMAGES_SUFFIX:$DATADOG_AGENT_ARMBUILDIMAGES
needs:
- installer-arm64
rules:
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- when: on_success
script:
- echo "About to build for $RELEASE_VERSION"
- pushd omnibus && bundle config set --local path 'vendor/bundle' && popd
- printf -- "$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_GPG_KEY)" | gpg --import
--batch
- EXIT="${PIPESTATUS[0]}"; if [ $EXIT -ne 0 ]; then echo "Unable to locate credentials
needs gitlab runner restart"; exit $EXIT; fi
- RPM_SIGNING_PASSPHRASE=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $RPM_SIGNING_PASSPHRASE)
|| exit $?; export RPM_SIGNING_PASSPHRASE
- - inv -e omnibus.build --release-version "$RELEASE_VERSION" --major-version "$AGENT_MAJOR_VERSION"
? -----------------------
+ - inv -e omnibus.build --release-version "$RELEASE_VERSION" --fips-mode --major-version
? ++++++++++++
- --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT} ${OMNIBUS_EXTRA_ARGS}
? ----------------------
+ "$AGENT_MAJOR_VERSION" --base-dir $OMNIBUS_BASE_DIR --skip-deps --target-project=${DD_PROJECT}
? +++++++++++++++++++++++
+ ${OMNIBUS_EXTRA_ARGS}
- ls -la $OMNIBUS_PACKAGE_DIR/
- curl -sSL "https://dd-package-tools.s3.amazonaws.com/dd-pkg/${DD_PKG_VERSION}/dd-pkg_Linux_${DD_PKG_ARCH}.tar.gz"
| tar -xz -C /usr/local/bin dd-pkg
- find $OMNIBUS_PACKAGE_DIR -iregex '.*\.\(deb\|rpm\)' | xargs dd-pkg lint
- "if [ -n \"$PACKAGE_REQUIRED_FILES_LIST\" ]; then\n find $OMNIBUS_PACKAGE_DIR\
\ \\( -name '*.deb' -or -name '*.rpm' \\) -a -not -name '*-dbg[_-]*' | xargs dd-pkg\
\ check-files --required-files ${PACKAGE_REQUIRED_FILES_LIST}\nfi\n"
- mkdir -p $OMNIBUS_PACKAGE_DIR_SUSE && mv $OMNIBUS_PACKAGE_DIR/*.rpm $OMNIBUS_PACKAGE_DIR_SUSE/
stage: packaging
tags:
- arch:arm64
variables:
AGENT_MAJOR_VERSION: 7
DD_PKG_ARCH: arm64
DD_PROJECT: installer
KUBERNETES_CPU_REQUEST: 16
KUBERNETES_MEMORY_LIMIT: 32Gi
KUBERNETES_MEMORY_REQUEST: 32Gi
OMNIBUS_EXTRA_ARGS: --host-distribution=suse
OMNIBUS_PACKAGE_ARTIFACT_DIR: $OMNIBUS_PACKAGE_DIR
PACKAGE_ARCH: arm64
PACKAGE_REQUIRED_FILES_LIST: ''
RELEASE_VERSION: $RELEASE_VERSION_7
Added Jobs
.fips-compliance-e2e
.fips-compliance-e2e:
after_script:
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- junit-*.tgz
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache_e2e.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.xz
- mkdir -p ~/.aws
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config
|| exit $?
- export AWS_PROFILE=agent-qa-ci
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_PRIVATE_KEY_PATH && chmod 600 $E2E_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_CLIENT_ID)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_CLIENT_SECRET)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_TENANT_ID)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_SUBSCRIPTION_ID)
|| exit $?; export ARM_SUBSCRIPTION_ID
- GOOGLE_CREDENTIALS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_GCP_CREDENTIALS)
|| exit $?; export GOOGLE_CREDENTIALS
- inv -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/test-infra-definitions/runner$TEST_INFRA_DEFINITIONS_BUILDIMAGES_SUFFIX:$TEST_INFRA_DEFINITIONS_BUILDIMAGES
needs:
- go_e2e_deps
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: main
paths:
- .gitlab/e2e/e2e.yml
- test/new-e2e/pkg/**/*
- test/new-e2e/go.mod
- flakes.yaml
- changes:
compare_to: main
paths:
- cmd/**/*
- pkg/**/*
- comp/**/*
- test/new-e2e/tests/agent-subcommands/**/*
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- inv -e new-e2e-tests.run --targets $TARGETS -c ddagent:imagePullRegistry=669783387624.dkr.ecr.us-east-1.amazonaws.com
-c ddagent:imagePullUsername=AWS -c ddagent:imagePullPassword=$(aws ecr get-login-password)
--junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
stage: fips_compliance_e2e
tags:
- arch:amd64
variables:
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PRIVATE_KEY_PATH: /tmp/agent-qa-ssh-key
E2E_PUBLIC_KEY_PATH: /tmp/agent-qa-ssh-key.pub
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/fips-compliance
TEAM: agent-shared-components
fips-compliance-e2e-linux
fips-compliance-e2e-linux:
after_script:
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- junit-*.tgz
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache_e2e.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.xz
- mkdir -p ~/.aws
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config
|| exit $?
- export AWS_PROFILE=agent-qa-ci
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_PRIVATE_KEY_PATH && chmod 600 $E2E_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_CLIENT_ID)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_CLIENT_SECRET)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_TENANT_ID)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_SUBSCRIPTION_ID)
|| exit $?; export ARM_SUBSCRIPTION_ID
- GOOGLE_CREDENTIALS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_GCP_CREDENTIALS)
|| exit $?; export GOOGLE_CREDENTIALS
- inv -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/test-infra-definitions/runner$TEST_INFRA_DEFINITIONS_BUILDIMAGES_SUFFIX:$TEST_INFRA_DEFINITIONS_BUILDIMAGES
needs:
- go_e2e_deps
- qa_agent
parallel:
matrix:
- EXTRA_PARAMS: --run "TestLinuxFIPSComplianceSuite"
- EXTRA_PARAMS: --run "TestFIPSCiphersSuite"
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: main
paths:
- .gitlab/e2e/e2e.yml
- test/new-e2e/pkg/**/*
- test/new-e2e/go.mod
- flakes.yaml
- changes:
compare_to: main
paths:
- cmd/**/*
- pkg/**/*
- comp/**/*
- test/new-e2e/tests/agent-subcommands/**/*
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- inv -e new-e2e-tests.run --targets $TARGETS -c ddagent:imagePullRegistry=669783387624.dkr.ecr.us-east-1.amazonaws.com
-c ddagent:imagePullUsername=AWS -c ddagent:imagePullPassword=$(aws ecr get-login-password)
--junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
stage: fips_compliance_e2e
tags:
- arch:amd64
variables:
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PRIVATE_KEY_PATH: /tmp/agent-qa-ssh-key
E2E_PUBLIC_KEY_PATH: /tmp/agent-qa-ssh-key.pub
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/fips-compliance
TEAM: agent-shared-components
fips-compliance-e2e-windows
fips-compliance-e2e-windows:
after_script:
- $CI_PROJECT_DIR/tools/ci/junit_upload.sh
artifacts:
expire_in: 2 weeks
paths:
- $E2E_OUTPUT_DIR
- junit-*.tgz
reports:
annotations:
- $EXTERNAL_LINKS_PATH
when: always
before_script:
- mkdir -p $GOPATH/pkg/mod/cache && tar xJf modcache_e2e.tar.xz -C $GOPATH/pkg/mod/cache
- rm -f modcache_e2e.tar.xz
- mkdir -p ~/.aws
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E profile >> ~/.aws/config
|| exit $?
- export AWS_PROFILE=agent-qa-ci
- $CI_PROJECT_DIR/tools/ci/fetch_secret.sh $AGENT_QA_E2E ssh_public_key_rsa > $E2E_PUBLIC_KEY_PATH
|| exit $?
- touch $E2E_PRIVATE_KEY_PATH && chmod 600 $E2E_PRIVATE_KEY_PATH && $CI_PROJECT_DIR/tools/ci/fetch_secret.sh
$AGENT_QA_E2E ssh_key_rsa > $E2E_PRIVATE_KEY_PATH || exit $?
- pulumi login "s3://dd-pulumi-state?region=us-east-1&awssdk=v2&profile=$AWS_PROFILE"
- ARM_CLIENT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_CLIENT_ID)
|| exit $?; export ARM_CLIENT_ID
- ARM_CLIENT_SECRET=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_CLIENT_SECRET)
|| exit $?; export ARM_CLIENT_SECRET
- ARM_TENANT_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_TENANT_ID)
|| exit $?; export ARM_TENANT_ID
- ARM_SUBSCRIPTION_ID=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_AZURE_SUBSCRIPTION_ID)
|| exit $?; export ARM_SUBSCRIPTION_ID
- GOOGLE_CREDENTIALS=$($CI_PROJECT_DIR/tools/ci/fetch_secret.sh $E2E_TESTS_GCP_CREDENTIALS)
|| exit $?; export GOOGLE_CREDENTIALS
- inv -e gitlab.generate-ci-visibility-links --output=$EXTERNAL_LINKS_PATH
image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/test-infra-definitions/runner$TEST_INFRA_DEFINITIONS_BUILDIMAGES_SUFFIX:$TEST_INFRA_DEFINITIONS_BUILDIMAGES
needs:
- go_e2e_deps
- deploy_windows_testing-a7
parallel:
matrix:
- EXTRA_PARAMS: --run "TestWindowsFIPSComplianceSuite"
rules:
- if: $RUN_E2E_TESTS == "off"
when: never
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- if: $RUN_E2E_TESTS == "on"
when: on_success
- if: $CI_COMMIT_BRANCH == "main"
when: on_success
- if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/
when: on_success
- if: $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/
when: on_success
- changes:
compare_to: main
paths:
- .gitlab/e2e/e2e.yml
- test/new-e2e/pkg/**/*
- test/new-e2e/go.mod
- flakes.yaml
- changes:
compare_to: main
paths:
- cmd/**/*
- pkg/**/*
- comp/**/*
- test/new-e2e/tests/agent-subcommands/**/*
- if: $CI_COMMIT_BRANCH =~ /^mq-working-branch-/
when: never
- allow_failure: true
when: manual
script:
- inv -e new-e2e-tests.run --targets $TARGETS -c ddagent:imagePullRegistry=669783387624.dkr.ecr.us-east-1.amazonaws.com
-c ddagent:imagePullUsername=AWS -c ddagent:imagePullPassword=$(aws ecr get-login-password)
--junit-tar junit-${CI_JOB_ID}.tgz ${EXTRA_PARAMS} --test-washer
stage: fips_compliance_e2e
tags:
- arch:amd64
variables:
E2E_COMMIT_SHA: $CI_COMMIT_SHORT_SHA
E2E_KEY_PAIR_NAME: datadog-agent-ci-rsa
E2E_OUTPUT_DIR: $CI_PROJECT_DIR/e2e-output
E2E_PIPELINE_ID: $CI_PIPELINE_ID
E2E_PRIVATE_KEY_PATH: /tmp/agent-qa-ssh-key
E2E_PUBLIC_KEY_PATH: /tmp/agent-qa-ssh-key.pub
EXTERNAL_LINKS_PATH: external_links_$CI_JOB_ID.json
KUBERNETES_CPU_REQUEST: 6
KUBERNETES_MEMORY_LIMIT: 16Gi
KUBERNETES_MEMORY_REQUEST: 12Gi
SHOULD_RUN_IN_FLAKES_FINDER: 'true'
TARGETS: ./tests/fips-compliance
TEAM: agent-shared-components
Changes Summary
| Removed | Modified | Added | Renamed |
|---|---|---|---|
| 0 | 29 | 3 | 0 |
:information_source: Diff available in the job log.
@gjulianm I think this would be interesting to run the tests at least once to make sure we're not introduce any bug that we could have caught earlier
@gjulianm I think this would be interesting to run the tests at least once to make sure we're not introduce any bug that we could have caught earlier
Tested on a pipeline, seems to be working correctly: https://gitlab.ddbuild.io/DataDog/datadog-agent/-/pipelines/45396363
Regression Detector flagged a regression here, but the PR commenting step failed, so here's the report:
This is showing a regression in the file_tree experiment, which indicates that there may be a memory increase in system-probe. @Kaderinho feel free to stop by in #single-machine-performance slack channel if you want help investigating
Regression Detector Results
Run ID: c02ee023-00ef-47f5-a390-e5b834e05681 Metrics dashboard Target profiles
Baseline: 40b773cc038a143f4181472d357c30877e335963 Comparison: 97a7c14682efb235d9de64e5c9713026ca2ebf75
Performance changes are noted in the perf column of each table:
- ✅ = significantly better comparison variant performance
- ❌ = significantly worse comparison variant performance
- ➖ = no significant change in performance
Significant changes in experiment optimization goals
Confidence level: 90.00% Effect size tolerance: |Δ mean %| ≥ 5.00%
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ❌ | file_tree | memory utilization | +6.22 | [+6.12, +6.31] | 1 | Logs |
Fine details of change detection per experiment
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ❌ | file_tree | memory utilization | +6.22 | [+6.12, +6.31] | 1 | Logs |
| ➖ | idle | memory utilization | +2.66 | [+2.62, +2.71] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | -0.00 | [-0.01, +0.01] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | -0.01 | [-0.10, +0.08] | 1 | Logs |
| ➖ | otel_to_otel_logs | ingress throughput | -0.07 | [-0.88, +0.74] | 1 | Logs |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | -0.24 | [-0.29, -0.19] | 1 | Logs |
| ➖ | pycheck_lots_of_tags | % cpu utilization | -0.29 | [-2.81, +2.22] | 1 | Logs |
| ➖ | basic_py_check | % cpu utilization | -0.57 | [-3.27, +2.13] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | -1.14 | [-1.86, -0.41] | 1 | Logs |
Bounds Checks
| perf | experiment | bounds_check_name | replicates_passed |
|---|---|---|---|
| ✅ | idle | memory_usage | 10/10 |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
