Fix bazel:mod-tidy job to ignore lockfile changes

[rdesgroppes]

Motivation

The bazel:mod-tidy job is meant to ensure MODULE.bazel remains in an optimal state (not only in bazel's opinionated format, but first and foremost to help maintain the use_repo directives that Gazelle will update).

The problem is that I added it without thinking it could fail due to MODULE.bazel.lock being updated by side effect, which is already (and better) guarded by the sibling bazel:mod-deps job, misleadingly causing both to fail on inadvertent changes in the lockfile:

What does this PR do?

Adding --lockfile_mode=off to bazel mod tidy is therefore meant to prevent bazel:mod-tidy from failing on lockfile changes for a proper separation of concerns, distinct hints being provided:

-💡 bazel mod tidy
+💡 bazel mod deps

[agent-platform-auto-pr]

Gitlab CI Configuration Changes

Modified Jobs

bazel:mod-tidy

  bazel:mod-tidy:
    after_script:
    - "if [ $CI_JOB_STATUS = failed ]; then\n  echo >&2 \"\U0001F4A1 bazel mod tidy\"\
      \nfi"
    needs: []
    script:
-   - bazel mod tidy
+   - bazel mod tidy --lockfile_mode=off
    - git diff --exit-code
    stage: lint
    tags:
    - k8s-persistent:amd64
    - specific:true
    variables:
      BAZELISK_HOME: $XDG_CACHE_HOME/bazelisk
      XDG_CACHE_HOME: /data/bzl

Changes Summary

Removed	Modified	Added	Renamed
0	1	0	0

ℹ️ Diff available in the job log.

[rdesgroppes]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-01-15 13:11:59 UTC ℹ️ Start processing command /merge

---

2026-01-15 13:12:07 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

---

2026-01-15 14:15:20 UTC ℹ️ MergeQueue: merge request added to the queue

The expected merge time in main is approximately 60m (p90).

---

2026-01-15 14:22:12 UTC ❌ MergeQueue: The build pipeline contains failing jobs for this merge request

Build pipeline has failing jobs for c754605:

• compute_gitlab_ci_config

⚠️ Do NOT retry failed jobs directly (why?).

What to do next?

• Investigate the failures and when ready, re-add your pull request to the queue!
• If your PR checks are green, try to rebase/merge. It might be because the CI run is a bit old.
• Any question, go check the FAQ.

Details

Since those jobs are not marked as being allowed to fail, the pipeline will most likely fail.
Therefore, and to allow other builds to be processed, this merge request has been rejected and the pipeline got canceled.

[agent-platform-auto-pr]

Static quality checks

✅ Please find below the results from static quality gates
Comparison made with ancestor adbf998
📊 Static Quality Gates Dashboard

31 successful checks with minimal change (< 2 KiB)

	Quality gate	Current Size
✅	agent_deb_amd64	705.265 MiB
✅	agent_deb_amd64_fips	700.550 MiB
✅	agent_heroku_amd64	326.916 MiB
✅	agent_msi	571.534 MiB
✅	agent_rpm_amd64	705.251 MiB
✅	agent_rpm_amd64_fips	700.537 MiB
✅	agent_rpm_arm64	686.828 MiB
✅	agent_rpm_arm64_fips	682.938 MiB
✅	agent_suse_amd64	705.251 MiB
✅	agent_suse_amd64_fips	700.537 MiB
✅	agent_suse_arm64	686.828 MiB
✅	agent_suse_arm64_fips	682.938 MiB
✅	docker_agent_amd64	767.460 MiB
✅	docker_agent_arm64	773.616 MiB
✅	docker_agent_jmx_amd64	958.339 MiB
✅	docker_agent_jmx_arm64	953.213 MiB
✅	docker_cluster_agent_amd64	180.684 MiB
✅	docker_cluster_agent_arm64	196.557 MiB
✅	docker_cws_instrumentation_amd64	7.135 MiB
✅	docker_cws_instrumentation_arm64	6.689 MiB
✅	docker_dogstatsd_amd64	38.808 MiB
✅	docker_dogstatsd_arm64	37.128 MiB
✅	dogstatsd_deb_amd64	30.027 MiB
✅	dogstatsd_deb_arm64	28.176 MiB
✅	dogstatsd_rpm_amd64	30.027 MiB
✅	dogstatsd_suse_amd64	30.027 MiB
✅	iot_agent_deb_amd64	42.983 MiB
✅	iot_agent_deb_arm64	40.108 MiB
✅	iot_agent_deb_armhf	40.685 MiB
✅	iot_agent_rpm_amd64	42.983 MiB
✅	iot_agent_suse_amd64	42.983 MiB

On-wire sizes (compressed)

	Quality gate	Change	Size (prev → curr → max)
✅	agent_deb_amd64	+24.0 KiB (0.01% increase)	173.332 → 173.355 → 174.490
✅	agent_deb_amd64_fips	-19.04 KiB (0.01% reduction)	172.258 → 172.240 → 173.750
✅	agent_heroku_amd64	-3.82 KiB (0.00% reduction)	87.126 → 87.123 → 88.450
✅	agent_msi	-24.0 KiB (0.02% reduction)	142.938 → 142.914 → 143.020
✅	agent_rpm_amd64	-47.39 KiB (0.03% reduction)	176.195 → 176.149 → 177.660
✅	agent_rpm_amd64_fips	-61.96 KiB (0.03% reduction)	174.936 → 174.876 → 176.600
✅	agent_rpm_arm64	-31.21 KiB (0.02% reduction)	159.388 → 159.357 → 161.260
✅	agent_rpm_arm64_fips	-15.51 KiB (0.01% reduction)	158.783 → 158.767 → 160.550
✅	agent_suse_amd64	-47.39 KiB (0.03% reduction)	176.195 → 176.149 → 177.660
✅	agent_suse_amd64_fips	-61.96 KiB (0.03% reduction)	174.936 → 174.876 → 176.600
✅	agent_suse_arm64	-31.21 KiB (0.02% reduction)	159.388 → 159.357 → 161.260
✅	agent_suse_arm64_fips	-15.51 KiB (0.01% reduction)	158.783 → 158.767 → 160.550
✅	docker_agent_amd64	-6.7 KiB (0.00% reduction)	261.029 → 261.023 → 262.450
✅	docker_agent_arm64	+2.13 KiB (0.00% increase)	250.045 → 250.047 → 252.630
✅	docker_agent_jmx_amd64	+2.61 KiB (0.00% increase)	329.669 → 329.671 → 331.080
✅	docker_agent_jmx_arm64	+7.71 KiB (0.00% increase)	314.674 → 314.682 → 317.270
✅	docker_cluster_agent_amd64	neutral	63.830 MiB
✅	docker_cluster_agent_arm64	neutral	60.124 MiB
✅	docker_cws_instrumentation_amd64	neutral	2.994 MiB
✅	docker_cws_instrumentation_arm64	neutral	2.726 MiB
✅	docker_dogstatsd_amd64	neutral	15.026 MiB
✅	docker_dogstatsd_arm64	neutral	14.354 MiB
✅	dogstatsd_deb_amd64	neutral	7.945 MiB
✅	dogstatsd_deb_arm64	neutral	6.824 MiB
✅	dogstatsd_rpm_amd64	neutral	7.957 MiB
✅	dogstatsd_suse_amd64	neutral	7.957 MiB
✅	iot_agent_deb_amd64	-2.45 KiB (0.02% reduction)	11.260 → 11.257 → 12.040
✅	iot_agent_deb_arm64	neutral	9.631 MiB
✅	iot_agent_deb_armhf	-2.61 KiB (0.03% reduction)	9.826 → 9.823 → 10.620
✅	iot_agent_rpm_amd64	neutral	11.277 MiB
✅	iot_agent_suse_amd64	neutral	11.277 MiB

[cit-pr-commenter]

Regression Detector

Regression Detector Results

Metrics dashboard
Target profiles
Run ID: 7c7f8b72-118e-4a5d-902d-8c983784f9a3

Baseline: adbf998
Comparison: 44a842d
Diff

Optimization Goals: ✅ No significant changes detected

Experiments ignored for regressions

Regressions in experiments with settings containing erratic: true are ignored.

perf	experiment	goal	Δ mean %	Δ mean % CI	trials	links
➖	docker_containers_cpu	% cpu utilization	-1.00	[-3.96, +1.96]	1	Logs

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI	trials	links
➖	quality_gate_logs	% cpu utilization	+1.22	[-0.24, +2.69]	1	Logs bounds checks dashboard
➖	quality_gate_metrics_logs	memory utilization	+0.90	[+0.68, +1.12]	1	Logs bounds checks dashboard
➖	ddot_metrics_sum_cumulative	memory utilization	+0.46	[+0.28, +0.63]	1	Logs
➖	quality_gate_idle	memory utilization	+0.35	[+0.31, +0.39]	1	Logs bounds checks dashboard
➖	ddot_metrics_sum_cumulativetodelta_exporter	memory utilization	+0.23	[+0.00, +0.46]	1	Logs
➖	file_to_blackhole_500ms_latency	egress throughput	+0.05	[-0.33, +0.43]	1	Logs
➖	uds_dogstatsd_to_api_v3	ingress throughput	+0.00	[-0.13, +0.14]	1	Logs
➖	tcp_dd_logs_filter_exclude	ingress throughput	+0.00	[-0.09, +0.09]	1	Logs
➖	uds_dogstatsd_to_api	ingress throughput	-0.00	[-0.13, +0.12]	1	Logs
➖	file_to_blackhole_0ms_latency	egress throughput	-0.01	[-0.52, +0.51]	1	Logs
➖	file_to_blackhole_1000ms_latency	egress throughput	-0.02	[-0.43, +0.39]	1	Logs
➖	file_to_blackhole_100ms_latency	egress throughput	-0.05	[-0.10, -0.01]	1	Logs
➖	ddot_logs	memory utilization	-0.09	[-0.16, -0.03]	1	Logs
➖	docker_containers_memory	memory utilization	-0.17	[-0.24, -0.09]	1	Logs
➖	uds_dogstatsd_20mb_12k_contexts_20_senders	memory utilization	-0.18	[-0.23, -0.12]	1	Logs
➖	file_tree	memory utilization	-0.25	[-0.31, -0.19]	1	Logs
➖	otlp_ingest_logs	memory utilization	-0.32	[-0.41, -0.22]	1	Logs
➖	quality_gate_idle_all_features	memory utilization	-0.33	[-0.37, -0.29]	1	Logs bounds checks dashboard
➖	ddot_metrics_sum_delta	memory utilization	-0.38	[-0.59, -0.17]	1	Logs
➖	otlp_ingest_metrics	memory utilization	-0.49	[-0.64, -0.34]	1	Logs
➖	ddot_metrics	memory utilization	-0.59	[-0.81, -0.37]	1	Logs
➖	docker_containers_cpu	% cpu utilization	-1.00	[-3.96, +1.96]	1	Logs
➖	tcp_syslog_to_blackhole	ingress throughput	-1.60	[-1.69, -1.52]	1	Logs

Bounds Checks: ✅ Passed

perf	experiment	bounds_check_name	replicates_passed	links
✅	docker_containers_cpu	simple_check_run	10/10
✅	docker_containers_memory	memory_usage	10/10
✅	docker_containers_memory	simple_check_run	10/10
✅	file_to_blackhole_0ms_latency	lost_bytes	10/10
✅	file_to_blackhole_0ms_latency	memory_usage	10/10
✅	file_to_blackhole_1000ms_latency	lost_bytes	10/10
✅	file_to_blackhole_1000ms_latency	memory_usage	10/10
✅	file_to_blackhole_100ms_latency	lost_bytes	10/10
✅	file_to_blackhole_100ms_latency	memory_usage	10/10
✅	file_to_blackhole_500ms_latency	lost_bytes	10/10
✅	file_to_blackhole_500ms_latency	memory_usage	10/10
✅	quality_gate_idle	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_idle	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_idle_all_features	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_idle_all_features	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_logs	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_logs	lost_bytes	10/10	bounds checks dashboard
✅	quality_gate_logs	memory_usage	10/10	bounds checks dashboard
✅	quality_gate_metrics_logs	cpu_usage	10/10	bounds checks dashboard
✅	quality_gate_metrics_logs	intake_connections	10/10	bounds checks dashboard
✅	quality_gate_metrics_logs	lost_bytes	10/10	bounds checks dashboard
✅	quality_gate_metrics_logs	memory_usage	10/10	bounds checks dashboard

Explanation

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

Performance changes are noted in the perf column of each table:

• ✅ = significantly better comparison variant performance
• ❌ = significantly worse comparison variant performance
• ➖ = no significant change in performance

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

3. Its configuration does not mark it "erratic".

Replicate Execution Details

We run multiple replicates for each experiment/variant. However, we allow replicates to be automatically retried if there are any failures, up to 8 times, at which point the replicate is marked dead and we are unable to run analysis for the entire experiment. We call each of these attempts at running replicates a replicate execution. This section lists all replicate executions that failed due to the target crashing or being oom killed.

Note: In the below tables we bucket failures by experiment, variant, and failure type. For each of these buckets we list out the replicate indexes that failed with an annotation signifying how many times said replicate failed with the given failure mode. In the below example the baseline variant of the experiment named experiment_with_failures had two replicates that failed by oom kills. Replicate 0, which failed 8 executions, and replicate 1 which failed 6 executions, all with the same failure mode.

Experiment	Variant	Replicates	Failure	Logs	Debug Dashboard
experiment_with_failures	baseline	0 (x8) 1 (x6)	Oom killed		Debug Dashboard

The debug dashboard links will take you to a debugging dashboard specifically designed to investigate replicate execution failures.

❌ Retried Profiling Replicate Execution Failures (target internal profiling)

Note: Profiling replicas may still be executing. See the debug dashboard for up to date status.

Experiment	Variant	Replicates	Failure	Debug Dashboard
quality_gate_idle_all_features	baseline	11 (x4)	Oom killed	Debug Dashboard
quality_gate_idle_all_features	comparison	11 (x3)	Oom killed	Debug Dashboard

CI Pass/Fail Decision

✅ Passed. All Quality Gates passed.

• quality_gate_idle_all_features, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_idle_all_features, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check lost_bytes: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check cpu_usage: 10/10 replicas passed. Gate passed.
• quality_gate_metrics_logs, bounds check memory_usage: 10/10 replicas passed. Gate passed.
• quality_gate_idle, bounds check intake_connections: 10/10 replicas passed. Gate passed.
• quality_gate_idle, bounds check memory_usage: 10/10 replicas passed. Gate passed.