Use commit-headless to create signed commits from GHA

[sarahchen6]

What Does This Do

This PR uses https://github.com/DataDog/commit-headless/tree/main to sign commits in our GHA workflows.

Motivation

Use Datadog internal tooling instead of third party APIs.

Additional Notes

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any usefull labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, move, or deletion
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: [PROJ-IDENT]

[datadog-datadog-prod-us1]

Code coverage: total 57.24%, base diff 0.00%, patch 100.00% (view details)

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 7744e40 | Docs | Was this helpful? Give us feedback!}

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	sarahchen6/update-dd-octo-sts
git_commit_date	1754423381	1754428127
git_commit_sha	d6b43cb	7744e40
release_version	1.53.0-SNAPSHOT~d6b43cba5c	1.53.0-SNAPSHOT~7744e409f6

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1754430052	1754430052
ci_job_id	1065896731	1065896731
ci_pipeline_id	72789258	72789258
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-ovpbdkj0 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-ovpbdkj0 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 45 metrics, 14 unstable metrics.

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.53.0-SNAPSHOT~7744e409f6, baseline=1.53.0-SNAPSHOT~d6b43cba5c

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.053 s) : 0, 1053201
Total [baseline] (10.798 s) : 0, 10797889
Agent [candidate] (1.042 s) : 0, 1042423
Total [candidate] (10.723 s) : 0, 10722910
section appsec
Agent [baseline] (1.225 s) : 0, 1225411
Total [baseline] (10.738 s) : 0, 10737982
Agent [candidate] (1.229 s) : 0, 1228714
Total [candidate] (10.852 s) : 0, 10851608
section iast
Agent [baseline] (1.176 s) : 0, 1175519
Total [baseline] (10.911 s) : 0, 10911008
Agent [candidate] (1.178 s) : 0, 1178401
Total [candidate] (10.949 s) : 0, 10949072
section profiling
Agent [baseline] (1.203 s) : 0, 1203357
Total [baseline] (10.946 s) : 0, 10946260
Agent [candidate] (1.205 s) : 0, 1205033
Total [candidate] (10.882 s) : 0, 10881533

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.053 s	-
Agent	appsec	1.225 s	172.21 ms (16.4%)
Agent	iast	1.176 s	122.318 ms (11.6%)
Agent	profiling	1.203 s	150.156 ms (14.3%)
Total	tracing	10.798 s	-
Total	appsec	10.738 s	-59.906 ms (-0.6%)
Total	iast	10.911 s	113.119 ms (1.0%)
Total	profiling	10.946 s	148.371 ms (1.4%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.042 s	-
Agent	appsec	1.229 s	186.292 ms (17.9%)
Agent	iast	1.178 s	135.979 ms (13.0%)
Agent	profiling	1.205 s	162.611 ms (15.6%)
Total	tracing	10.723 s	-
Total	appsec	10.852 s	128.698 ms (1.2%)
Total	iast	10.949 s	226.162 ms (2.1%)
Total	profiling	10.882 s	158.623 ms (1.5%)

gantt
    title petclinic - break down per module: candidate=1.53.0-SNAPSHOT~7744e409f6, baseline=1.53.0-SNAPSHOT~d6b43cba5c

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.44 ms) : 0, 1440
crashtracking [candidate] (1.43 ms) : 0, 1430
BytebuddyAgent [baseline] (736.318 ms) : 0, 736318
BytebuddyAgent [candidate] (730.971 ms) : 0, 730971
GlobalTracer [baseline] (243.643 ms) : 0, 243643
GlobalTracer [candidate] (241.502 ms) : 0, 241502
AppSec [baseline] (30.386 ms) : 0, 30386
AppSec [candidate] (29.745 ms) : 0, 29745
Debugger [baseline] (6.047 ms) : 0, 6047
Debugger [candidate] (6.015 ms) : 0, 6015
Remote Config [baseline] (647.868 µs) : 0, 648
Remote Config [candidate] (645.149 µs) : 0, 645
Telemetry [baseline] (13.567 ms) : 0, 13567
Telemetry [candidate] (11.124 ms) : 0, 11124
section appsec
crashtracking [baseline] (1.441 ms) : 0, 1441
crashtracking [candidate] (1.441 ms) : 0, 1441
BytebuddyAgent [baseline] (756.656 ms) : 0, 756656
BytebuddyAgent [candidate] (757.54 ms) : 0, 757540
GlobalTracer [baseline] (236.473 ms) : 0, 236473
GlobalTracer [candidate] (237.132 ms) : 0, 237132
IAST [baseline] (23.824 ms) : 0, 23824
IAST [candidate] (24.046 ms) : 0, 24046
AppSec [baseline] (168.119 ms) : 0, 168119
AppSec [candidate] (168.792 ms) : 0, 168792
Debugger [baseline] (8.729 ms) : 0, 8729
Debugger [candidate] (9.517 ms) : 0, 9517
Remote Config [baseline] (619.655 µs) : 0, 620
Remote Config [candidate] (637.796 µs) : 0, 638
Telemetry [baseline] (8.392 ms) : 0, 8392
Telemetry [candidate] (8.4 ms) : 0, 8400
section iast
crashtracking [baseline] (1.439 ms) : 0, 1439
crashtracking [candidate] (1.426 ms) : 0, 1426
BytebuddyAgent [baseline] (848.588 ms) : 0, 848588
BytebuddyAgent [candidate] (850.188 ms) : 0, 850188
GlobalTracer [baseline] (231.945 ms) : 0, 231945
GlobalTracer [candidate] (233.33 ms) : 0, 233330
IAST [baseline] (28.215 ms) : 0, 28215
IAST [candidate] (30.755 ms) : 0, 30755
AppSec [baseline] (28.804 ms) : 0, 28804
AppSec [candidate] (26.318 ms) : 0, 26318
Debugger [baseline] (6.646 ms) : 0, 6646
Debugger [candidate] (6.707 ms) : 0, 6707
Remote Config [baseline] (606.863 µs) : 0, 607
Remote Config [candidate] (587.557 µs) : 0, 588
Telemetry [baseline] (8.227 ms) : 0, 8227
Telemetry [candidate] (8.165 ms) : 0, 8165
section profiling
crashtracking [baseline] (1.423 ms) : 0, 1423
crashtracking [candidate] (1.411 ms) : 0, 1411
BytebuddyAgent [baseline] (765.376 ms) : 0, 765376
BytebuddyAgent [candidate] (768.135 ms) : 0, 768135
GlobalTracer [baseline] (224.077 ms) : 0, 224077
GlobalTracer [candidate] (223.5 ms) : 0, 223500
AppSec [baseline] (30.497 ms) : 0, 30497
AppSec [candidate] (30.377 ms) : 0, 30377
Debugger [baseline] (6.393 ms) : 0, 6393
Debugger [candidate] (6.349 ms) : 0, 6349
Remote Config [baseline] (704.949 µs) : 0, 705
Remote Config [candidate] (691.36 µs) : 0, 691
Telemetry [baseline] (15.827 ms) : 0, 15827
Telemetry [candidate] (15.964 ms) : 0, 15964
ProfilingAgent [baseline] (109.475 ms) : 0, 109475
ProfilingAgent [candidate] (108.686 ms) : 0, 108686
Profiling [baseline] (110.114 ms) : 0, 110114
Profiling [candidate] (109.338 ms) : 0, 109338

Loading

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.53.0-SNAPSHOT~7744e409f6, baseline=1.53.0-SNAPSHOT~d6b43cba5c

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.041 s) : 0, 1040594
Total [baseline] (8.6 s) : 0, 8600157
Agent [candidate] (1.049 s) : 0, 1048833
Total [candidate] (8.641 s) : 0, 8641421
section iast
Agent [baseline] (1.173 s) : 0, 1173358
Total [baseline] (9.347 s) : 0, 9346916
Agent [candidate] (1.173 s) : 0, 1172860
Total [candidate] (9.324 s) : 0, 9324126

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.041 s	-
Agent	iast	1.173 s	132.764 ms (12.8%)
Total	tracing	8.6 s	-
Total	iast	9.347 s	746.758 ms (8.7%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.049 s	-
Agent	iast	1.173 s	124.027 ms (11.8%)
Total	tracing	8.641 s	-
Total	iast	9.324 s	682.705 ms (7.9%)

gantt
    title insecure-bank - break down per module: candidate=1.53.0-SNAPSHOT~7744e409f6, baseline=1.53.0-SNAPSHOT~d6b43cba5c

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.423 ms) : 0, 1423
crashtracking [candidate] (1.438 ms) : 0, 1438
BytebuddyAgent [baseline] (728.439 ms) : 0, 728439
BytebuddyAgent [candidate] (735.046 ms) : 0, 735046
GlobalTracer [baseline] (241.742 ms) : 0, 241742
GlobalTracer [candidate] (242.969 ms) : 0, 242969
AppSec [baseline] (30.146 ms) : 0, 30146
AppSec [candidate] (30.332 ms) : 0, 30332
Debugger [baseline] (6.025 ms) : 0, 6025
Debugger [candidate] (6.079 ms) : 0, 6079
Remote Config [baseline] (642.569 µs) : 0, 643
Remote Config [candidate] (670.293 µs) : 0, 670
Telemetry [baseline] (11.288 ms) : 0, 11288
Telemetry [candidate] (11.261 ms) : 0, 11261
section iast
crashtracking [baseline] (1.421 ms) : 0, 1421
crashtracking [candidate] (1.433 ms) : 0, 1433
BytebuddyAgent [baseline] (845.864 ms) : 0, 845864
BytebuddyAgent [candidate] (846.786 ms) : 0, 846786
GlobalTracer [baseline] (231.958 ms) : 0, 231958
GlobalTracer [candidate] (231.865 ms) : 0, 231865
IAST [baseline] (27.621 ms) : 0, 27621
IAST [candidate] (30.483 ms) : 0, 30483
AppSec [baseline] (30.022 ms) : 0, 30022
AppSec [candidate] (25.294 ms) : 0, 25294
Debugger [baseline] (6.651 ms) : 0, 6651
Debugger [candidate] (7.456 ms) : 0, 7456
Remote Config [baseline] (602.462 µs) : 0, 602
Remote Config [candidate] (607.996 µs) : 0, 608
Telemetry [baseline] (8.275 ms) : 0, 8275
Telemetry [candidate] (8.064 ms) : 0, 8064

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	sarahchen6/update-dd-octo-sts
git_commit_date	1754423381	1754428127
git_commit_sha	d6b43cb	7744e40
release_version	1.53.0-SNAPSHOT~d6b43cba5c	1.53.0-SNAPSHOT~7744e409f6

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1754429727	1754429727
ci_job_id	1065896732	1065896732
ci_pipeline_id	72789258	72789258
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-ohmrdwv8 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-ohmrdwv8 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 3 performance improvements and 1 performance regressions! Performance is the same for 8 metrics, 12 unstable metrics.

scenario	Δ mean http_req_duration	Δ mean throughput	candidate mean http_req_duration	candidate mean throughput	baseline mean http_req_duration	baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load	worse [+635.641µs; +1053.000µs] or [+6.418%; +10.633%]	unstable [-90.269op/s; +17.144op/s] or [-19.246%; +3.655%]	10.748ms	432.469op/s	9.904ms	469.031op/s
scenario:load:insecure-bank:profiling:high_load	better [-549.504µs; -239.610µs] or [-5.923%; -2.583%]	unstable [-41.850op/s; +86.475op/s] or [-8.366%; +17.286%]	8.882ms	522.562op/s	9.277ms	500.250op/s
scenario:load:petclinic:tracing:high_load	better [-4.351ms; -3.524ms] or [-9.352%; -7.574%]	unstable [+1.729op/s; +16.771op/s] or [+1.719%; +16.675%]	42.589ms	109.825op/s	46.527ms	100.575op/s
scenario:load:petclinic:code_origins:high_load	better [-1.885ms; -1.020ms] or [-4.062%; -2.198%]	unstable [-2.119op/s; +11.228op/s] or [-2.102%; +11.136%]	44.961ms	105.380op/s	46.414ms	100.825op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.53.0-SNAPSHOT~7744e409f6, baseline=1.53.0-SNAPSHOT~d6b43cba5c
    dateFormat X
    axisFormat %s
section baseline
no_agent (36.271 ms) : 35979, 36564
.   : milestone, 36271,
appsec (45.483 ms) : 45074, 45892
.   : milestone, 45483,
code_origins (46.414 ms) : 46004, 46823
.   : milestone, 46414,
iast (46.771 ms) : 46345, 47198
.   : milestone, 46771,
profiling (49.223 ms) : 48743, 49703
.   : milestone, 49223,
tracing (46.527 ms) : 46127, 46926
.   : milestone, 46527,
section candidate
no_agent (36.326 ms) : 36028, 36623
.   : milestone, 36326,
appsec (46.395 ms) : 45988, 46801
.   : milestone, 46395,
code_origins (44.961 ms) : 44567, 45355
.   : milestone, 44961,
iast (45.717 ms) : 45318, 46116
.   : milestone, 45717,
profiling (49.137 ms) : 48639, 49635
.   : milestone, 49137,
tracing (42.589 ms) : 42220, 42957
.   : milestone, 42589,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	36.271 ms [35.979 ms, 36.564 ms]	-
appsec	45.483 ms [45.074 ms, 45.892 ms]	9.212 ms (25.4%)
code_origins	46.414 ms [46.004 ms, 46.823 ms]	10.142 ms (28.0%)
iast	46.771 ms [46.345 ms, 47.198 ms]	10.5 ms (28.9%)
profiling	49.223 ms [48.743 ms, 49.703 ms]	12.952 ms (35.7%)
tracing	46.527 ms [46.127 ms, 46.926 ms]	10.255 ms (28.3%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	36.326 ms [36.028 ms, 36.623 ms]	-
appsec	46.395 ms [45.988 ms, 46.801 ms]	10.069 ms (27.7%)
code_origins	44.961 ms [44.567 ms, 45.355 ms]	8.635 ms (23.8%)
iast	45.717 ms [45.318 ms, 46.116 ms]	9.391 ms (25.9%)
profiling	49.137 ms [48.639 ms, 49.635 ms]	12.811 ms (35.3%)
tracing	42.589 ms [42.22 ms, 42.957 ms]	6.263 ms (17.2%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.53.0-SNAPSHOT~7744e409f6, baseline=1.53.0-SNAPSHOT~d6b43cba5c
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.373 ms) : 4322, 4423
.   : milestone, 4373,
iast (9.459 ms) : 9303, 9614
.   : milestone, 9459,
iast_FULL (13.976 ms) : 13698, 14254
.   : milestone, 13976,
iast_GLOBAL (9.904 ms) : 9721, 10086
.   : milestone, 9904,
profiling (9.277 ms) : 9126, 9428
.   : milestone, 9277,
tracing (7.442 ms) : 7331, 7554
.   : milestone, 7442,
section candidate
no_agent (4.331 ms) : 4278, 4383
.   : milestone, 4331,
iast (9.35 ms) : 9199, 9501
.   : milestone, 9350,
iast_FULL (14.038 ms) : 13760, 14315
.   : milestone, 14038,
iast_GLOBAL (10.748 ms) : 10543, 10953
.   : milestone, 10748,
profiling (8.882 ms) : 8745, 9019
.   : milestone, 8882,
tracing (7.279 ms) : 7180, 7378
.   : milestone, 7279,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.373 ms [4.322 ms, 4.423 ms]	-
iast	9.459 ms [9.303 ms, 9.614 ms]	5.086 ms (116.3%)
iast_FULL	13.976 ms [13.698 ms, 14.254 ms]	9.604 ms (219.6%)
iast_GLOBAL	9.904 ms [9.721 ms, 10.086 ms]	5.531 ms (126.5%)
profiling	9.277 ms [9.126 ms, 9.428 ms]	4.904 ms (112.2%)
tracing	7.442 ms [7.331 ms, 7.554 ms]	3.07 ms (70.2%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	4.331 ms [4.278 ms, 4.383 ms]	-
iast	9.35 ms [9.199 ms, 9.501 ms]	5.019 ms (115.9%)
iast_FULL	14.038 ms [13.76 ms, 14.315 ms]	9.707 ms (224.1%)
iast_GLOBAL	10.748 ms [10.543 ms, 10.953 ms]	6.417 ms (148.2%)
profiling	8.882 ms [8.745 ms, 9.019 ms]	4.552 ms (105.1%)
tracing	7.279 ms [7.18 ms, 7.378 ms]	2.948 ms (68.1%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	sarahchen6/update-dd-octo-sts
git_commit_date	1754423381	1754428127
git_commit_sha	d6b43cb	7744e40
release_version	1.53.0-SNAPSHOT~d6b43cba5c	1.53.0-SNAPSHOT~7744e409f6

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1754430236	1754430236
ci_job_id	1065896733	1065896733
ci_pipeline_id	72789258	72789258
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-1-bi55dv3r 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-1-bi55dv3r 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.53.0-SNAPSHOT~7744e409f6, baseline=1.53.0-SNAPSHOT~d6b43cba5c
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.471 ms) : 1460, 1483
.   : milestone, 1471,
appsec (3.653 ms) : 3436, 3871
.   : milestone, 3653,
iast (2.193 ms) : 2130, 2256
.   : milestone, 2193,
iast_GLOBAL (2.234 ms) : 2171, 2296
.   : milestone, 2234,
profiling (2.052 ms) : 2001, 2104
.   : milestone, 2052,
tracing (2.021 ms) : 1972, 2071
.   : milestone, 2021,
section candidate
no_agent (1.476 ms) : 1465, 1488
.   : milestone, 1476,
appsec (3.659 ms) : 3442, 3875
.   : milestone, 3659,
iast (2.197 ms) : 2135, 2260
.   : milestone, 2197,
iast_GLOBAL (2.236 ms) : 2173, 2299
.   : milestone, 2236,
profiling (2.061 ms) : 2008, 2113
.   : milestone, 2061,
tracing (2.005 ms) : 1957, 2054
.   : milestone, 2005,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.471 ms [1.46 ms, 1.483 ms]	-
appsec	3.653 ms [3.436 ms, 3.871 ms]	2.182 ms (148.3%)
iast	2.193 ms [2.13 ms, 2.256 ms]	722.023 µs (49.1%)
iast_GLOBAL	2.234 ms [2.171 ms, 2.296 ms]	762.502 µs (51.8%)
profiling	2.052 ms [2.001 ms, 2.104 ms]	581.388 µs (39.5%)
tracing	2.021 ms [1.972 ms, 2.071 ms]	550.46 µs (37.4%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.476 ms [1.465 ms, 1.488 ms]	-
appsec	3.659 ms [3.442 ms, 3.875 ms]	2.183 ms (147.8%)
iast	2.197 ms [2.135 ms, 2.26 ms]	720.828 µs (48.8%)
iast_GLOBAL	2.236 ms [2.173 ms, 2.299 ms]	759.924 µs (51.5%)
profiling	2.061 ms [2.008 ms, 2.113 ms]	584.261 µs (39.6%)
tracing	2.005 ms [1.957 ms, 2.054 ms]	528.877 µs (35.8%)

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.53.0-SNAPSHOT~7744e409f6, baseline=1.53.0-SNAPSHOT~d6b43cba5c
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.954 s) : 14954000, 14954000
.   : milestone, 14954000,
appsec (14.909 s) : 14909000, 14909000
.   : milestone, 14909000,
iast (18.874 s) : 18874000, 18874000
.   : milestone, 18874000,
iast_GLOBAL (17.913 s) : 17913000, 17913000
.   : milestone, 17913000,
profiling (15.177 s) : 15177000, 15177000
.   : milestone, 15177000,
tracing (15.003 s) : 15003000, 15003000
.   : milestone, 15003000,
section candidate
no_agent (15.491 s) : 15491000, 15491000
.   : milestone, 15491000,
appsec (14.706 s) : 14706000, 14706000
.   : milestone, 14706000,
iast (17.997 s) : 17997000, 17997000
.   : milestone, 17997000,
iast_GLOBAL (17.908 s) : 17908000, 17908000
.   : milestone, 17908000,
profiling (15.961 s) : 15961000, 15961000
.   : milestone, 15961000,
tracing (15.114 s) : 15114000, 15114000
.   : milestone, 15114000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.954 s [14.954 s, 14.954 s]	-
appsec	14.909 s [14.909 s, 14.909 s]	-45.0 ms (-0.3%)
iast	18.874 s [18.874 s, 18.874 s]	3.92 s (26.2%)
iast_GLOBAL	17.913 s [17.913 s, 17.913 s]	2.959 s (19.8%)
profiling	15.177 s [15.177 s, 15.177 s]	223.0 ms (1.5%)
tracing	15.003 s [15.003 s, 15.003 s]	49.0 ms (0.3%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.491 s [15.491 s, 15.491 s]	-
appsec	14.706 s [14.706 s, 14.706 s]	-785.0 ms (-5.1%)
iast	17.997 s [17.997 s, 17.997 s]	2.506 s (16.2%)
iast_GLOBAL	17.908 s [17.908 s, 17.908 s]	2.417 s (15.6%)
profiling	15.961 s [15.961 s, 15.961 s]	470.0 ms (3.0%)
tracing	15.114 s [15.114 s, 15.114 s]	-377.0 ms (-2.4%)

[sarahchen6]

Failed Update jmxfetch integrations submodule workflow when manually triggered on this branch: https://github.com/DataDog/dd-trace-java/actions/runs/16732051226/job/47362205603.

After talking to @avidal -- the failure is due to a restriction where a private action cannot be accessed from a public repo, even within the same organization. This PR will be put on hold until a resolution is made (e.g. by making commit-headless public, using another STS policy, etc.).

[PerfectSlayer]

👏 praise: ‏We will finally move to a better solution to create bot commits and PRs. Nice!

[PerfectSlayer]

❔ question: ‏If contents: write is no more needed, should we remove it to from add-release-to-clouldfoundry?

[sarahchen6]

Yes it seems so! content permissions are specifically for GITHUB_TOKEN (ref), and add-release-to-cloudfoundry doesn't use this token to push anymore.

EDIT: just kidding - Since there is no use of dd-octo-sts, I think the workflow is still using GITHUB_TOKEN and needs the write permissions to push 🤔

[PerfectSlayer]

🎯 suggestion: ‏For this part, I would recommend to get rid of the logic that create small commits (ie commit with less than 10 files) and check how the commit-headless push works for big commits.
It would simplify our workflow by only push one big commit.

[sarahchen6]

I adjusted the logic for now after not finding evidence that commits are limited. However, this will need another review / pass through before merging 😅