Skip to content

[SINT-4550] Use CI Identities in Windows CI Jobs #8033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cedricvanrompay-datadog merged 19 commits into from
Jan 14, 2026
Merged

[SINT-4550] Use CI Identities in Windows CI Jobs #8033

cedricvanrompay-datadog merged 19 commits into from
Jan 14, 2026
+50 −92

Conversation

@cedricvanrompay-datadog
Copy link
Member

@cedricvanrompay-datadog cedricvanrompay-datadog commented Jan 6, 2026
edited by andrewlock
Loading

Summary of changes

We use the CI Identities system for authentication in Windows CI jobs.

We also:

  • update the Windows code signing tool
  • anticipate the renewal of the Windows code signing certificate

Reason for change

The CI Identities allows finer-grained authentication than the existing systems, and give Windows CI Jobs access to Vault (for retrieving secrets for instance).

Implementation details

  • Rebuild the GitLab images to grab the signing and identity tools as part of the container build
    • These tools are available as docker images on the internal registry (so requires auth, but otherwise a simple rebuild)
  • Update the .gitlab.yml to set the required env vars for auth
  • Call assume-role as part of the entrypoint execution

Test coverage

This is the test, as long as the build works, and the artifacts are signed, we're good 👍

@github-actions github-actions bot added the area:builds project files, build scripts, pipelines, versioning, releases, packages label Jan 6, 2026
@pr-commenter
Copy link

pr-commenter bot commented Jan 7, 2026
edited
Loading

Benchmarks

Benchmark execution time: 2026-01-14 09:15:56

Comparing candidate commit 5f71017 in PR branch cedric.vanrompay/sint-4550-use-ci-identities with baseline commit f1674f6 in branch master.

Some scenarios are present only in baseline or only in candidate runs. If you didn't create or remove some scenarios in your branch, this maybe a sign of crashed benchmarks 💥💥💥
Check Gitlab CI job log to find if any benchmark has crashed.

Scenarios present only in baseline:

  • Benchmarks.Trace.SingleSpanAspNetCoreBenchmark.SingleSpanAspNetCore net6.0
    Scenarios present only in candidate:
  • Benchmarks.Trace.CharSliceBenchmark.OptimizedCharSliceWithPool netcoreapp3.1
  • Benchmarks.Trace.ActivityBenchmark.StartStopWithChild netcoreapp3.1
  • Benchmarks.Trace.SpanBenchmark.StartFinishTwoScopes net472
  • Benchmarks.Trace.RedisBenchmark.SendReceive net472
  • Benchmarks.Trace.AgentWriterBenchmark.WriteAndFlushEnrichedTraces net472
  • Benchmarks.Trace.Log4netBenchmark.EnrichedLog net472
  • Benchmarks.Trace.ElasticsearchBenchmark.CallElasticsearchAsync net472
  • Benchmarks.Trace.DbCommandBenchmark.ExecuteNonQuery netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmark netcoreapp3.1
  • Benchmarks.Trace.SerilogBenchmark.EnrichedLog netcoreapp3.1
  • Benchmarks.Trace.CharSliceBenchmark.OptimizedCharSliceWithPool net472
  • Benchmarks.Trace.ElasticsearchBenchmark.CallElasticsearch netcoreapp3.1
  • Benchmarks.Trace.CharSliceBenchmark.OriginalCharSlice netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecEncoderBenchmark.EncodeArgs netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecBodyBenchmark.ObjectExtractorMoreComplexBody net472
  • Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmarkWithAttack net472
  • Benchmarks.Trace.Asm.AppSecEncoderBenchmark.EncodeArgs net472
  • Benchmarks.Trace.CharSliceBenchmark.OriginalCharSlice net472
  • Benchmarks.Trace.Asm.AppSecBodyBenchmark.ObjectExtractorSimpleBody net472
  • Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark net472
  • Benchmarks.Trace.Asm.AppSecBodyBenchmark.AllCycleMoreComplexBody net472
  • Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark.WriteAndFlushEnrichedTraces net472
  • Benchmarks.Trace.CharSliceBenchmark.OptimizedCharSlice net472
  • Benchmarks.Trace.SpanBenchmark.StartFinishScope netcoreapp3.1
  • Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatBenchmark net472
  • Benchmarks.Trace.ElasticsearchBenchmark.CallElasticsearchAsync netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecBodyBenchmark.AllCycleSimpleBody netcoreapp3.1
  • Benchmarks.Trace.CharSliceBenchmark.OptimizedCharSlice netcoreapp3.1
  • Benchmarks.Trace.SpanBenchmark.StartFinishSpan netcoreapp3.1
  • Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatAspectBenchmark netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmark net472
  • Benchmarks.Trace.HttpClientBenchmark.SendAsync net472
  • Benchmarks.Trace.ElasticsearchBenchmark.CallElasticsearch net472
  • Benchmarks.Trace.AspNetCoreBenchmark.SendRequest netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecBodyBenchmark.AllCycleMoreComplexBody netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecWafBenchmark.RunWafRealisticBenchmarkWithAttack netcoreapp3.1
  • Benchmarks.Trace.SpanBenchmark.StartFinishScope net472
  • Benchmarks.Trace.Asm.AppSecEncoderBenchmark.EncodeLegacyArgs net472
  • Benchmarks.Trace.HttpClientBenchmark.SendAsync netcoreapp3.1
  • Benchmarks.Trace.ILoggerBenchmark.EnrichedLog net472
  • Benchmarks.Trace.DbCommandBenchmark.ExecuteNonQuery net472
  • Benchmarks.Trace.Asm.AppSecBodyBenchmark.AllCycleSimpleBody net472
  • Benchmarks.Trace.ActivityBenchmark.StartStopWithChild net472
  • Benchmarks.Trace.RedisBenchmark.SendReceive netcoreapp3.1
  • Benchmarks.Trace.CIVisibilityProtocolWriterBenchmark.WriteAndFlushEnrichedTraces netcoreapp3.1
  • Benchmarks.Trace.GraphQLBenchmark.ExecuteAsync netcoreapp3.1
  • Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatBenchmark netcoreapp3.1
  • Benchmarks.Trace.SpanBenchmark.StartFinishTwoScopes netcoreapp3.1
  • Benchmarks.Trace.SerilogBenchmark.EnrichedLog net472
  • Benchmarks.Trace.Asm.AppSecBodyBenchmark.ObjectExtractorSimpleBody netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecBodyBenchmark.ObjectExtractorMoreComplexBody netcoreapp3.1
  • Benchmarks.Trace.AgentWriterBenchmark.WriteAndFlushEnrichedTraces netcoreapp3.1
  • Benchmarks.Trace.ILoggerBenchmark.EnrichedLog netcoreapp3.1
  • Benchmarks.Trace.Asm.AppSecEncoderBenchmark.EncodeLegacyArgs netcoreapp3.1
  • Benchmarks.Trace.NLogBenchmark.EnrichedLog net472
  • Benchmarks.Trace.SpanBenchmark.StartFinishSpan net472
  • Benchmarks.Trace.NLogBenchmark.EnrichedLog netcoreapp3.1
  • Benchmarks.Trace.AspNetCoreBenchmark.SendRequest net472
  • Benchmarks.Trace.TraceAnnotationsBenchmark.RunOnMethodBegin netcoreapp3.1
  • Benchmarks.Trace.GraphQLBenchmark.ExecuteAsync net472
  • Benchmarks.Trace.Log4netBenchmark.EnrichedLog netcoreapp3.1
  • Benchmarks.Trace.TraceAnnotationsBenchmark.RunOnMethodBegin net472

Found 6 performance improvements and 2 performance regressions! Performance is the same for 50 metrics, 4 unstable metrics.

scenario:Benchmarks.Trace.ActivityBenchmark.StartStopWithChild net6.0

  • 🟥 throughput [-31743.610op/s; -31079.954op/s] or [-24.880%; -24.360%]

scenario:Benchmarks.Trace.Asm.AppSecBodyBenchmark.AllCycleMoreComplexBody net6.0

  • 🟩 execution_time [-17.903ms; -12.153ms] or [-8.415%; -5.712%]

scenario:Benchmarks.Trace.Asm.AppSecBodyBenchmark.ObjectExtractorSimpleBody net6.0

  • 🟩 execution_time [-22.105ms; -15.925ms] or [-10.136%; -7.302%]

scenario:Benchmarks.Trace.AspNetCoreBenchmark.SendRequest net6.0

  • 🟥 execution_time [+78.460ms; +79.667ms] or [+68.003%; +69.049%]

scenario:Benchmarks.Trace.CharSliceBenchmark.OptimizedCharSlice net6.0

  • 🟩 throughput [+32.237op/s; +34.915op/s] or [+5.053%; +5.473%]

scenario:Benchmarks.Trace.CharSliceBenchmark.OriginalCharSlice net6.0

  • 🟩 execution_time [-116.883µs; -110.837µs] or [-5.702%; -5.407%]
  • 🟩 throughput [+27.929op/s; +29.457op/s] or [+5.725%; +6.038%]

scenario:Benchmarks.Trace.Iast.StringAspectsBenchmark.StringConcatBenchmark net6.0

  • 🟩 throughput [+1634.001op/s; +3597.905op/s] or [+7.714%; +16.986%]

andrewlock
andrewlock reviewed Jan 9, 2026
View reviewed changes
cedricvanrompay-datadog and others added 4 commits January 9, 2026 09:55
@cedricvanrompay-datadog @andrewlock
don't use a collection for expectedCertificateThumbprints
ff11dce 
Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>
@cedricvanrompay-datadog @andrewlock
remove WINSIGN_VERSION env in dockerfile
19ddd69 
Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>
@cedricvanrompay-datadog @andrewlock
hardcode WINSIGN_VERSION in dockerfile
37a05a1 
Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>
@cedricvanrompay-datadog @andrewlock
temporarily get CI image from DockerHub
91feb33 
Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>
@dd-trace-dotnet-ci-bot
Copy link

dd-trace-dotnet-ci-bot bot commented Jan 9, 2026
edited
Loading

Execution-Time Benchmarks Report ⏱️

Execution-time results for samples comparing This PR (8033) and master.

✅ No regressions detected - check the details below

Full Metrics Comparison

FakeDbCommand

Metric Master (Mean ± 95% CI) Current (Mean ± 95% CI) Change Status
.NET Framework 4.8 - Baseline
duration68.15 ± (68.19 - 68.43) ms68.30 ± (68.41 - 68.68) ms+0.2%✅⬆️
.NET Framework 4.8 - Bailout
duration72.20 ± (72.14 - 72.36) ms72.06 ± (71.97 - 72.27) ms-0.2%
.NET Framework 4.8 - CallTarget+Inlining+NGEN
duration997.92 ± (1004.52 - 1015.19) ms1001.57 ± (1007.13 - 1017.48) ms+0.4%✅⬆️
.NET Core 3.1 - Baseline
process.internal_duration_ms21.79 ± (21.76 - 21.82) ms21.92 ± (21.89 - 21.96) ms+0.6%✅⬆️
process.time_to_main_ms78.44 ± (78.26 - 78.61) ms78.66 ± (78.53 - 78.80) ms+0.3%✅⬆️
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed10.87 ± (10.87 - 10.88) MB10.89 ± (10.89 - 10.89) MB+0.2%✅⬆️
runtime.dotnet.threads.count12 ± (12 - 12)12 ± (12 - 12)+0.0%
.NET Core 3.1 - Bailout
process.internal_duration_ms21.75 ± (21.73 - 21.77) ms21.87 ± (21.85 - 21.90) ms+0.6%✅⬆️
process.time_to_main_ms79.52 ± (79.42 - 79.62) ms79.72 ± (79.62 - 79.82) ms+0.2%✅⬆️
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed10.92 ± (10.91 - 10.92) MB10.93 ± (10.93 - 10.94) MB+0.2%✅⬆️
runtime.dotnet.threads.count13 ± (13 - 13)13 ± (13 - 13)+0.0%
.NET Core 3.1 - CallTarget+Inlining+NGEN
process.internal_duration_ms249.95 ± (247.00 - 252.90) ms251.19 ± (248.29 - 254.09) ms+0.5%✅⬆️
process.time_to_main_ms467.98 ± (467.31 - 468.64) ms467.31 ± (466.83 - 467.79) ms-0.1%
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed48.29 ± (48.27 - 48.32) MB48.41 ± (48.38 - 48.43) MB+0.2%✅⬆️
runtime.dotnet.threads.count28 ± (28 - 28)28 ± (28 - 28)-0.0%
.NET 6 - Baseline
process.internal_duration_ms20.73 ± (20.70 - 20.76) ms20.66 ± (20.64 - 20.69) ms-0.3%
process.time_to_main_ms68.22 ± (68.09 - 68.36) ms68.05 ± (67.95 - 68.16) ms-0.3%
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed10.60 ± (10.60 - 10.60) MB10.63 ± (10.63 - 10.63) MB+0.3%✅⬆️
runtime.dotnet.threads.count10 ± (10 - 10)10 ± (10 - 10)+0.0%
.NET 6 - Bailout
process.internal_duration_ms20.59 ± (20.57 - 20.61) ms20.59 ± (20.57 - 20.61) ms+0.0%✅⬆️
process.time_to_main_ms68.73 ± (68.67 - 68.79) ms68.91 ± (68.85 - 68.97) ms+0.3%✅⬆️
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed10.65 ± (10.65 - 10.66) MB10.72 ± (10.71 - 10.73) MB+0.6%✅⬆️
runtime.dotnet.threads.count11 ± (11 - 11)11 ± (11 - 11)+0.0%
.NET 6 - CallTarget+Inlining+NGEN
process.internal_duration_ms250.07 ± (249.18 - 250.97) ms248.65 ± (246.98 - 250.32) ms-0.6%
process.time_to_main_ms445.48 ± (444.98 - 445.98) ms445.24 ± (444.75 - 445.73) ms-0.1%
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed49.17 ± (49.14 - 49.20) MB49.19 ± (49.16 - 49.21) MB+0.0%✅⬆️
runtime.dotnet.threads.count28 ± (28 - 28)28 ± (28 - 28)-0.0%
.NET 8 - Baseline
process.internal_duration_ms18.77 ± (18.74 - 18.80) ms18.86 ± (18.84 - 18.89) ms+0.5%✅⬆️
process.time_to_main_ms66.88 ± (66.77 - 66.98) ms67.28 ± (67.18 - 67.38) ms+0.6%✅⬆️
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed7.64 ± (7.63 - 7.64) MB7.70 ± (7.69 - 7.71) MB+0.8%✅⬆️
runtime.dotnet.threads.count10 ± (10 - 10)10 ± (10 - 10)+0.0%
.NET 8 - Bailout
process.internal_duration_ms18.72 ± (18.70 - 18.75) ms18.83 ± (18.79 - 18.86) ms+0.6%✅⬆️
process.time_to_main_ms67.96 ± (67.89 - 68.04) ms68.15 ± (68.10 - 68.21) ms+0.3%✅⬆️
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed7.71 ± (7.70 - 7.72) MB7.74 ± (7.73 - 7.74) MB+0.4%✅⬆️
runtime.dotnet.threads.count11 ± (11 - 11)11 ± (11 - 11)+0.0%
.NET 8 - CallTarget+Inlining+NGEN
process.internal_duration_ms176.49 ± (175.58 - 177.41) ms178.38 ± (177.46 - 179.30) ms+1.1%✅⬆️
process.time_to_main_ms427.37 ± (426.65 - 428.10) ms429.23 ± (428.56 - 429.89) ms+0.4%✅⬆️
runtime.dotnet.exceptions.count0 ± (0 - 0)0 ± (0 - 0)+0.0%
runtime.dotnet.mem.committed36.54 ± (36.51 - 36.57) MB36.53 ± (36.50 - 36.57) MB-0.0%
runtime.dotnet.threads.count27 ± (26 - 27)26 ± (26 - 27)-0.0%

HttpMessageHandler

Metric Master (Mean ± 95% CI) Current (Mean ± 95% CI) Change Status
.NET Framework 4.8 - Baseline
duration193.57 ± (193.54 - 194.25) ms196.86 ± (196.53 - 197.41) ms+1.7%✅⬆️
.NET Framework 4.8 - Bailout
duration196.68 ± (196.64 - 197.19) ms197.34 ± (197.22 - 197.84) ms+0.3%✅⬆️
.NET Framework 4.8 - CallTarget+Inlining+NGEN
duration1117.89 ± (1121.39 - 1130.46) ms1122.51 ± (1126.26 - 1136.33) ms+0.4%✅⬆️
.NET Core 3.1 - Baseline
process.internal_duration_ms187.32 ± (186.96 - 187.68) ms187.37 ± (186.98 - 187.75) ms+0.0%✅⬆️
process.time_to_main_ms80.78 ± (80.57 - 81.00) ms80.51 ± (80.26 - 80.76) ms-0.3%
runtime.dotnet.exceptions.count3 ± (3 - 3)3 ± (3 - 3)+0.0%
runtime.dotnet.mem.committed16.10 ± (16.07 - 16.12) MB16.10 ± (16.08 - 16.13) MB+0.1%✅⬆️
runtime.dotnet.threads.count20 ± (20 - 20)20 ± (20 - 20)-0.4%
.NET Core 3.1 - Bailout
process.internal_duration_ms187.07 ± (186.66 - 187.47) ms186.68 ± (186.40 - 186.96) ms-0.2%
process.time_to_main_ms82.15 ± (81.96 - 82.35) ms82.19 ± (81.99 - 82.39) ms+0.0%✅⬆️
runtime.dotnet.exceptions.count3 ± (3 - 3)3 ± (3 - 3)+0.0%
runtime.dotnet.mem.committed16.23 ± (16.20 - 16.27) MB16.17 ± (16.15 - 16.20) MB-0.4%
runtime.dotnet.threads.count21 ± (21 - 21)21 ± (21 - 21)-0.2%
.NET Core 3.1 - CallTarget+Inlining+NGEN
process.internal_duration_ms428.93 ± (425.97 - 431.89) ms431.70 ± (428.71 - 434.69) ms+0.6%✅⬆️
process.time_to_main_ms471.07 ± (470.42 - 471.72) ms472.71 ± (472.08 - 473.35) ms+0.3%✅⬆️
runtime.dotnet.exceptions.count3 ± (3 - 3)3 ± (3 - 3)+0.0%
runtime.dotnet.mem.committed58.79 ± (58.67 - 58.91) MB58.66 ± (58.54 - 58.77) MB-0.2%
runtime.dotnet.threads.count29 ± (29 - 29)29 ± (29 - 29)-0.0%
.NET 6 - Baseline
process.internal_duration_ms191.56 ± (191.15 - 191.97) ms191.70 ± (191.35 - 192.06) ms+0.1%✅⬆️
process.time_to_main_ms70.14 ± (69.94 - 70.34) ms69.94 ± (69.78 - 70.10) ms-0.3%
runtime.dotnet.exceptions.count4 ± (4 - 4)4 ± (4 - 4)+0.0%
runtime.dotnet.mem.committed15.93 ± (15.77 - 16.09) MB16.05 ± (15.90 - 16.20) MB+0.8%✅⬆️
runtime.dotnet.threads.count18 ± (18 - 18)18 ± (18 - 19)+0.8%✅⬆️
.NET 6 - Bailout
process.internal_duration_ms190.69 ± (190.41 - 190.97) ms191.02 ± (190.70 - 191.34) ms+0.2%✅⬆️
process.time_to_main_ms71.21 ± (71.11 - 71.32) ms71.08 ± (70.97 - 71.19) ms-0.2%
runtime.dotnet.exceptions.count4 ± (4 - 4)4 ± (4 - 4)+0.0%
runtime.dotnet.mem.committed15.88 ± (15.72 - 16.05) MB16.13 ± (15.99 - 16.28) MB+1.6%✅⬆️
runtime.dotnet.threads.count19 ± (19 - 19)19 ± (19 - 19)+1.9%✅⬆️
.NET 6 - CallTarget+Inlining+NGEN
process.internal_duration_ms439.44 ± (436.05 - 442.83) ms450.88 ± (448.36 - 453.39) ms+2.6%✅⬆️
process.time_to_main_ms449.67 ± (449.17 - 450.17) ms451.34 ± (450.86 - 451.83) ms+0.4%✅⬆️
runtime.dotnet.exceptions.count4 ± (4 - 4)4 ± (4 - 4)+0.0%
runtime.dotnet.mem.committed59.01 ± (58.87 - 59.14) MB58.82 ± (58.70 - 58.93) MB-0.3%
runtime.dotnet.threads.count29 ± (29 - 29)29 ± (29 - 29)-0.1%
.NET 8 - Baseline
process.internal_duration_ms188.71 ± (188.42 - 188.99) ms190.99 ± (190.55 - 191.42) ms+1.2%✅⬆️
process.time_to_main_ms69.25 ± (69.07 - 69.43) ms69.95 ± (69.74 - 70.16) ms+1.0%✅⬆️
runtime.dotnet.exceptions.count4 ± (4 - 4)4 ± (4 - 4)+0.0%
runtime.dotnet.mem.committed11.76 ± (11.73 - 11.79) MB11.71 ± (11.69 - 11.74) MB-0.4%
runtime.dotnet.threads.count18 ± (18 - 18)18 ± (18 - 18)+0.1%✅⬆️
.NET 8 - Bailout
process.internal_duration_ms188.57 ± (188.31 - 188.83) ms188.85 ± (188.57 - 189.13) ms+0.1%✅⬆️
process.time_to_main_ms70.26 ± (70.17 - 70.36) ms70.74 ± (70.61 - 70.88) ms+0.7%✅⬆️
runtime.dotnet.exceptions.count4 ± (4 - 4)4 ± (4 - 4)+0.0%
runtime.dotnet.mem.committed11.79 ± (11.76 - 11.82) MB11.81 ± (11.78 - 11.83) MB+0.1%✅⬆️
runtime.dotnet.threads.count19 ± (19 - 19)19 ± (19 - 19)+0.0%✅⬆️
.NET 8 - CallTarget+Inlining+NGEN
process.internal_duration_ms364.03 ± (362.32 - 365.74) ms365.78 ± (364.23 - 367.32) ms+0.5%✅⬆️
process.time_to_main_ms432.10 ± (431.42 - 432.79) ms434.90 ± (434.30 - 435.50) ms+0.6%✅⬆️
runtime.dotnet.exceptions.count4 ± (4 - 4)4 ± (4 - 4)+0.0%
runtime.dotnet.mem.committed48.15 ± (48.12 - 48.18) MB48.20 ± (48.16 - 48.24) MB+0.1%✅⬆️
runtime.dotnet.threads.count29 ± (29 - 29)29 ± (29 - 29)+0.0%✅⬆️
Comparison explanation

Execution-time benchmarks measure the whole time it takes to execute a program, and are intended to measure the one-off costs. Cases where the execution time results for the PR are worse than latest master results are highlighted in **red**. The following thresholds were used for comparing the execution times:

  • Welch test with statistical test for significance of 5%
  • Only results indicating a difference greater than 5% and 5 ms are considered.

Note that these results are based on a single point-in-time result for each branch. For full results, see the dashboard.

Graphs show the p99 interval based on the mean and StdDev of the test run, as well as the mean value of the run (shown as a diamond below the graph).

Duration charts
FakeDbCommand (.NET Framework 4.8) 
gantt
    title Execution time (ms) FakeDbCommand (.NET Framework 4.8)
    dateFormat  x
    axisFormat %Q
    todayMarker off
    section Baseline
    This PR (8033) - mean (69ms)  : 67, 70
    master - mean (68ms)  : 67, 70

    section Bailout
    This PR (8033) - mean (72ms)  : 71, 74
    master - mean (72ms)  : 71, 73

    section CallTarget+Inlining+NGEN
    This PR (8033) - mean (1,012ms)  : 939, 1086
    master - mean (1,010ms)  : 934, 1086
Loading
FakeDbCommand (.NET Core 3.1) 
gantt
    title Execution time (ms) FakeDbCommand (.NET Core 3.1)
    dateFormat  x
    axisFormat %Q
    todayMarker off
    section Baseline
    This PR (8033) - mean (106ms)  : 103, 108
    master - mean (105ms)  : 103, 108

    section Bailout
    This PR (8033) - mean (107ms)  : 105, 108
    master - mean (106ms)  : 105, 107

    section CallTarget+Inlining+NGEN
    This PR (8033) - mean (744ms)  : 697, 790
    master - mean (743ms)  : 693, 794
Loading
FakeDbCommand (.NET 6) 
gantt
    title Execution time (ms) FakeDbCommand (.NET 6)
    dateFormat  x
    axisFormat %Q
    todayMarker off
    section Baseline
    This PR (8033) - mean (94ms)  : 91, 96
    master - mean (94ms)  : 91, 96

    section Bailout
    This PR (8033) - mean (94ms)  : 93, 95
    master - mean (94ms)  : 93, 95

    section CallTarget+Inlining+NGEN
    This PR (8033) - mean (719ms)  : 690, 747
    master - mean (721ms)  : 701, 741
Loading
FakeDbCommand (.NET 8) 
gantt
    title Execution time (ms) FakeDbCommand (.NET 8)
    dateFormat  x
    axisFormat %Q
    todayMarker off
    section Baseline
    This PR (8033) - mean (92ms)  : 90, 94
    master - mean (92ms)  : 89, 94

    section Bailout
    This PR (8033) - mean (93ms)  : 92, 94
    master - mean (93ms)  : 91, 94

    section CallTarget+Inlining+NGEN
    This PR (8033) - mean (635ms)  : 618, 651
    master - mean (633ms)  : 615, 651
Loading
HttpMessageHandler (.NET Framework 4.8) 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Framework 4.8)
    dateFormat  x
    axisFormat %Q
    todayMarker off
    section Baseline
    This PR (8033) - mean (197ms)  : 192, 202
    master - mean (194ms)  : 190, 197

    section Bailout
    This PR (8033) - mean (198ms)  : 194, 201
    master - mean (197ms)  : 194, 200

    section CallTarget+Inlining+NGEN
    This PR (8033) - mean (1,131ms)  : 1058, 1204
    master - mean (1,126ms)  : 1061, 1190
Loading
HttpMessageHandler (.NET Core 3.1) 
gantt
    title Execution time (ms) HttpMessageHandler (.NET Core 3.1)
    dateFormat  x
    axisFormat %Q
    todayMarker off
    section Baseline
    This PR (8033) - mean (277ms)  : 270, 284
    master - mean (277ms)  : 272, 281

    section Bailout
    This PR (8033) - mean (277ms)  : 273, 281
    master - mean (277ms)  : 272, 283

    section CallTarget+Inlining+NGEN
    This PR (8033) - mean (931ms)  : 882, 980
    master - mean (927ms)  : 873, 981
Loading
HttpMessageHandler (.NET 6) 
gantt
    title Execution time (ms) HttpMessageHandler (.NET 6)
    dateFormat  x
    axisFormat %Q
    todayMarker off
    section Baseline
    This PR (8033) - mean (270ms)  : 265, 275
    master - mean (270ms)  : 265, 275

    section Bailout
    This PR (8033) - mean (270ms)  : 266, 274
    master - mean (270ms)  : 266, 274

    section CallTarget+Inlining+NGEN
    This PR (8033) - mean (929ms)  : 886, 971
    master - mean (914ms)  : 852, 976
Loading
HttpMessageHandler (.NET 8) 
gantt
    title Execution time (ms) HttpMessageHandler (.NET 8)
    dateFormat  x
    axisFormat %Q
    todayMarker off
    section Baseline
    This PR (8033) - mean (271ms)  : 264, 277
    master - mean (268ms)  : 263, 273

    section Bailout
    This PR (8033) - mean (269ms)  : 266, 273
    master - mean (268ms)  : 265, 272

    section CallTarget+Inlining+NGEN
    This PR (8033) - mean (832ms)  : 817, 847
    master - mean (827ms)  : 805, 848
Loading

andrewlock
andrewlock reviewed Jan 13, 2026
View reviewed changes
@cedricvanrompay-datadog @andrewlock
Apply suggestions from code review
5f71017 
Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>
@cedricvanrompay-datadog cedricvanrompay-datadog marked this pull request as ready for review January 14, 2026 08:41
@cedricvanrompay-datadog cedricvanrompay-datadog requested a review from a team as a code owner January 14, 2026 08:41
andrewlock
andrewlock approved these changes Jan 14, 2026
View reviewed changes
Copy link
Member

@andrewlock andrewlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, my only concern is whether we should be checking for failure of assume-role?

tracer/build/_build/docker/gitlab/entrypoint.bat

:: the CI Identities client will write the credentials to the path in the environment variable AWS_SHARED_CREDENTIALS_FILE,
:: and if the variable is not set, it will write to %USERPROFILE%\.aws\credentials
c:\devtools\ci-identities-gitlab-job-client.exe assume-role
Copy link
Member

@andrewlock andrewlock Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking about this more, this could fail, right? What happens if we can't assume the role? Does signing fail? Are we sure that would result in a failure of the build pipeline? Or should we be checking for a non-zero exit code here?

Suggested change
c:\devtools\ci-identities-gitlab-job-client.exe assume-role
c:\devtools\ci-identities-gitlab-job-client.exe assume-role
if %ERRORLEVEL% NEQ 0 exit /B %ERRORLEVEL%

Copy link
Member Author

@cedricvanrompay-datadog cedricvanrompay-datadog Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If assume-role fails then no credentials are written in the "AWS shared credentials" file, meaning that the AWS SDK will instead use the instance profile credentials.

Right now, the CI job would still be able to do its job using these credentials, this is actually what made me lose some time during this PR because assume-role was failing but I did not notice it at first.

Now the reason why we are doing all of this is to remove permissions currently given to the instance profile, so one day the CI job will not be able to do its job if assume-role fail.

I would suggest that for now we don't fail the job if assume-role fails, protecting you from a failure of the CI Identities system that's still quite young, and later we add this "if error, exit" logic.

NachoEchevarria
NachoEchevarria approved these changes Jan 14, 2026
View reviewed changes
Copy link
Collaborator

@NachoEchevarria NachoEchevarria left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@cedricvanrompay-datadog cedricvanrompay-datadog merged commit aa68bc5 into master Jan 14, 2026
149 checks passed
@cedricvanrompay-datadog cedricvanrompay-datadog deleted the cedric.vanrompay/sint-4550-use-ci-identities branch January 14, 2026 10:07
@github-actions github-actions bot added this to the vNext-v3 milestone Jan 14, 2026
andrewlock added a commit that referenced this pull request Jan 14, 2026
@andrewlock
Revert "[SINT-4550] Use CI Identities in Windows CI Jobs (#8033)"
ff3328f 
This reverts commit aa68bc5.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewlock andrewlock andrewlock approved these changes

@NachoEchevarria NachoEchevarria NachoEchevarria approved these changes

Assignees

@cedricvanrompay-datadog cedricvanrompay-datadog

Labels

area:builds project files, build scripts, pipelines, versioning, releases, packages

Projects

None yet

Milestone

3.36.0

Development

Successfully merging this pull request may close these issues.

4 participants

@cedricvanrompay-datadog @andrewlock @NachoEchevarria