Skip to content

Commit 6c8d686

Browse files
sarahchen6sarahchen6
committed
Rework workflow again
1 parent 83e2792 commit 6c8d686

File tree

1 file changed

+11
-17
lines changed

1 file changed

+11
-17
lines changed

.gitlab-ci.yml

Lines changed: 11 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -802,10 +802,8 @@ deploy_to_maven_central:
802802

803803
deploy_artifacts_to_github:
804804
stage: publish
805-
image: registry.ddbuild.io/github-cli:v27480869-eafb11d-2.43.0
806-
tags: [ "docker-in-docker:amd64" ]
807-
services:
808-
- docker:dind
805+
image: registry.ddbuild.io/images/dd-octo-sts-ci-base:2025.06-1
806+
tags: [ "arch:amd64" ]
809807

810808
id_tokens:
811809
DDOCTOSTS_ID_TOKEN:
@@ -824,18 +822,13 @@ deploy_artifacts_to_github:
824822
# # The deploy_to_maven_central job is not run for release candidate versions
825823
# optional: true
826824

827-
script:
828-
# Get GitHub token using dd-octo-sts in a container
829-
- docker run --rm
830-
-e DDOCTOSTS_ID_TOKEN
831-
-v $(pwd):/workspace
832-
registry.ddbuild.io/images/dd-octo-sts-ci-base:v68058725-73f34e7-2025.06-1
833-
sh -c "
834-
dd-octo-sts version &&
835-
dd-octo-sts debug --scope DataDog/dd-trace-java --policy self.gitlab.release &&
836-
dd-octo-sts token --scope DataDog/dd-trace-java --policy self.gitlab.release > /workspace/github-token.txt
837-
"
825+
before_script:
826+
# Get a token
827+
- dd-octo-sts version
828+
- dd-octo-sts debug --scope DataDog/dd-trace-java --policy self.gitlab.release
829+
- dd-octo-sts token --scope DataDog/dd-trace-java --policy self.gitlab.release > github-token.txt
838830

831+
script:
839832
# Verify token was generated
840833
- echo "Token file exists:" $(test -f github-token.txt && echo "YES" || echo "NO")
841834
- echo "Token file size:" $(wc -c < github-token.txt) "bytes"
@@ -850,8 +843,9 @@ deploy_artifacts_to_github:
850843
# - gh release upload --clobber --repo DataDog/dd-trace-java $CI_COMMIT_TAG workspace/dd-trace-api/build/libs/dd-trace-api-${VERSION}.jar
851844
# - gh release upload --clobber --repo DataDog/dd-trace-java $CI_COMMIT_TAG workspace/dd-trace-ot/build/libs/dd-trace-ot-${VERSION}.jar
852845

853-
# Clean up token file
854-
- rm -f github-token.txt
846+
after_script:
847+
# Revoke the token after usage
848+
- dd-octo-sts revoke -t $(cat github-token.txt)
855849

856850
retry:
857851
max: 2

0 commit comments

Comments
 (0)