Skip to content

Use commit-headless to create signed commits from GHA#9302

Closed
sarahchen6 wants to merge 13 commits intomasterfrom
sarahchen6/update-dd-octo-sts
Closed

Use commit-headless to create signed commits from GHA#9302
sarahchen6 wants to merge 13 commits intomasterfrom
sarahchen6/update-dd-octo-sts

Conversation

@sarahchen6
Copy link
Contributor

@sarahchen6 sarahchen6 commented Aug 4, 2025
edited
Loading

What Does This Do

This PR uses https://github.com/DataDog/commit-headless/tree/main to sign commits in our GHA workflows.

Motivation

Use Datadog internal tooling instead of third party APIs.

Additional Notes

Contributor Checklist

Jira ticket: [PROJ-IDENT]

@sarahchen6 sarahchen6 mentioned this pull request Aug 4, 2025
Merged
@datadog-datadog-prod-us1
Copy link
Contributor

datadog-datadog-prod-us1 bot commented Aug 4, 2025
edited
Loading

🎯 Code Coverage
Patch Coverage: 100.00%
Total Coverage: 100.00% (+40.31%)

View detailed report

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 33b224e | Docs | Was this helpful? Give us feedback!

@pr-commenter
Copy link

pr-commenter bot commented Aug 4, 2025
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sarahchen6/update-dd-octo-sts
git_commit_date 1759870068 1759871970
git_commit_sha 054a9d5 33b224e
release_version 1.55.0-SNAPSHOT~054a9d5313 1.53.0-SNAPSHOT~33b224ef40
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1759873748 1759873748
ci_job_id 1168371496 1168371496
ci_pipeline_id 78662133 78662133
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-orqotrwq 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-orqotrwq 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 61 metrics, 4 unstable metrics.

Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.53.0-SNAPSHOT~33b224ef40, baseline=1.55.0-SNAPSHOT~054a9d5313

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.017 s) : 0, 1017097
Total [baseline] (10.722 s) : 0, 10721554
Agent [candidate] (1.019 s) : 0, 1019110
Total [candidate] (10.753 s) : 0, 10752538
section appsec
Agent [baseline] (1.194 s) : 0, 1194464
Total [baseline] (11.05 s) : 0, 11049827
Agent [candidate] (1.195 s) : 0, 1195350
Total [candidate] (11.121 s) : 0, 11121231
section iast
Agent [baseline] (1.154 s) : 0, 1154485
Total [baseline] (11.065 s) : 0, 11064962
Agent [candidate] (1.151 s) : 0, 1150571
Total [candidate] (10.972 s) : 0, 10972178
section profiling
Agent [baseline] (1.164 s) : 0, 1164106
Total [baseline] (11.09 s) : 0, 11090075
Agent [candidate] (1.163 s) : 0, 1162683
Total [candidate] (11.086 s) : 0, 11086276
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.017 s -
Agent appsec 1.194 s 177.367 ms (17.4%)
Agent iast 1.154 s 137.388 ms (13.5%)
Agent profiling 1.164 s 147.009 ms (14.5%)
Total tracing 10.722 s -
Total appsec 11.05 s 328.272 ms (3.1%)
Total iast 11.065 s 343.408 ms (3.2%)
Total profiling 11.09 s 368.52 ms (3.4%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.019 s -
Agent appsec 1.195 s 176.24 ms (17.3%)
Agent iast 1.151 s 131.461 ms (12.9%)
Agent profiling 1.163 s 143.573 ms (14.1%)
Total tracing 10.753 s -
Total appsec 11.121 s 368.693 ms (3.4%)
Total iast 10.972 s 219.64 ms (2.0%)
Total profiling 11.086 s 333.739 ms (3.1%) 
gantt
    title petclinic - break down per module: candidate=1.53.0-SNAPSHOT~33b224ef40, baseline=1.55.0-SNAPSHOT~054a9d5313

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.466 ms) : 0, 1466
crashtracking [candidate] (1.46 ms) : 0, 1460
BytebuddyAgent [baseline] (693.344 ms) : 0, 693344
BytebuddyAgent [candidate] (693.723 ms) : 0, 693723
GlobalTracer [baseline] (241.623 ms) : 0, 241623
GlobalTracer [candidate] (242.157 ms) : 0, 242157
AppSec [baseline] (32.815 ms) : 0, 32815
AppSec [candidate] (32.822 ms) : 0, 32822
Debugger [baseline] (6.45 ms) : 0, 6450
Debugger [candidate] (6.359 ms) : 0, 6359
Remote Config [baseline] (708.742 µs) : 0, 709
Remote Config [candidate] (699.517 µs) : 0, 700
Telemetry [baseline] (9.176 ms) : 0, 9176
Telemetry [candidate] (9.222 ms) : 0, 9222
Flare Poller [baseline] (10.256 ms) : 0, 10256
Flare Poller [candidate] (11.513 ms) : 0, 11513
section appsec
crashtracking [baseline] (1.467 ms) : 0, 1467
crashtracking [candidate] (1.46 ms) : 0, 1460
BytebuddyAgent [baseline] (718.029 ms) : 0, 718029
BytebuddyAgent [candidate] (717.497 ms) : 0, 717497
GlobalTracer [baseline] (234.283 ms) : 0, 234283
GlobalTracer [candidate] (235.091 ms) : 0, 235091
IAST [baseline] (24.731 ms) : 0, 24731
IAST [candidate] (24.684 ms) : 0, 24684
AppSec [baseline] (175.584 ms) : 0, 175584
AppSec [candidate] (176.26 ms) : 0, 176260
Debugger [baseline] (6.137 ms) : 0, 6137
Debugger [candidate] (6.169 ms) : 0, 6169
Remote Config [baseline] (650.983 µs) : 0, 651
Remote Config [candidate] (655.086 µs) : 0, 655
Telemetry [baseline] (8.465 ms) : 0, 8465
Telemetry [candidate] (8.424 ms) : 0, 8424
Flare Poller [baseline] (3.923 ms) : 0, 3923
Flare Poller [candidate] (3.944 ms) : 0, 3944
section iast
crashtracking [baseline] (1.47 ms) : 0, 1470
crashtracking [candidate] (1.462 ms) : 0, 1462
BytebuddyAgent [baseline] (817.545 ms) : 0, 817545
BytebuddyAgent [candidate] (815.03 ms) : 0, 815030
GlobalTracer [baseline] (232.378 ms) : 0, 232378
GlobalTracer [candidate] (231.782 ms) : 0, 231782
IAST [baseline] (26.525 ms) : 0, 26525
IAST [candidate] (26.218 ms) : 0, 26218
AppSec [baseline] (35.576 ms) : 0, 35576
AppSec [candidate] (35.36 ms) : 0, 35360
Debugger [baseline] (6.104 ms) : 0, 6104
Debugger [candidate] (6.107 ms) : 0, 6107
Remote Config [baseline] (620.433 µs) : 0, 620
Remote Config [candidate] (597.795 µs) : 0, 598
Telemetry [baseline] (8.577 ms) : 0, 8577
Telemetry [candidate] (8.442 ms) : 0, 8442
Flare Poller [baseline] (4.247 ms) : 0, 4247
Flare Poller [candidate] (4.144 ms) : 0, 4144
section profiling
crashtracking [baseline] (1.431 ms) : 0, 1431
crashtracking [candidate] (1.439 ms) : 0, 1439
BytebuddyAgent [baseline] (722.357 ms) : 0, 722357
BytebuddyAgent [candidate] (721.258 ms) : 0, 721258
GlobalTracer [baseline] (217.77 ms) : 0, 217770
GlobalTracer [candidate] (217.915 ms) : 0, 217915
AppSec [baseline] (33.115 ms) : 0, 33115
AppSec [candidate] (33.138 ms) : 0, 33138
Debugger [baseline] (6.481 ms) : 0, 6481
Debugger [candidate] (7.919 ms) : 0, 7919
Remote Config [baseline] (707.327 µs) : 0, 707
Remote Config [candidate] (698.147 µs) : 0, 698
Telemetry [baseline] (16.764 ms) : 0, 16764
Telemetry [candidate] (15.16 ms) : 0, 15160
Flare Poller [baseline] (4.177 ms) : 0, 4177
Flare Poller [candidate] (4.159 ms) : 0, 4159
ProfilingAgent [baseline] (107.908 ms) : 0, 107908
ProfilingAgent [candidate] (107.691 ms) : 0, 107691
Profiling [baseline] (109.299 ms) : 0, 109299
Profiling [candidate] (109.119 ms) : 0, 109119
Loading
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.53.0-SNAPSHOT~33b224ef40, baseline=1.55.0-SNAPSHOT~054a9d5313

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.03 s) : 0, 1030429
Total [baseline] (8.68 s) : 0, 8679890
Agent [candidate] (1.023 s) : 0, 1022827
Total [candidate] (8.654 s) : 0, 8654089
section iast
Agent [baseline] (1.15 s) : 0, 1150238
Total [baseline] (9.291 s) : 0, 9291488
Agent [candidate] (1.16 s) : 0, 1159710
Total [candidate] (9.322 s) : 0, 9321639
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.03 s -
Agent iast 1.15 s 119.809 ms (11.6%)
Total tracing 8.68 s -
Total iast 9.291 s 611.598 ms (7.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.023 s -
Agent iast 1.16 s 136.883 ms (13.4%)
Total tracing 8.654 s -
Total iast 9.322 s 667.55 ms (7.7%) 
gantt
    title insecure-bank - break down per module: candidate=1.53.0-SNAPSHOT~33b224ef40, baseline=1.55.0-SNAPSHOT~054a9d5313

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.484 ms) : 0, 1484
crashtracking [candidate] (1.47 ms) : 0, 1470
BytebuddyAgent [baseline] (702.938 ms) : 0, 702938
BytebuddyAgent [candidate] (696.837 ms) : 0, 696837
GlobalTracer [baseline] (244.074 ms) : 0, 244074
GlobalTracer [candidate] (243.387 ms) : 0, 243387
AppSec [baseline] (33.004 ms) : 0, 33004
AppSec [candidate] (33.135 ms) : 0, 33135
Debugger [baseline] (6.516 ms) : 0, 6516
Debugger [candidate] (6.497 ms) : 0, 6497
Remote Config [baseline] (709.944 µs) : 0, 710
Remote Config [candidate] (704.87 µs) : 0, 705
Telemetry [baseline] (9.307 ms) : 0, 9307
Telemetry [candidate] (9.366 ms) : 0, 9366
Flare Poller [baseline] (11.109 ms) : 0, 11109
Flare Poller [candidate] (10.142 ms) : 0, 10142
section iast
crashtracking [baseline] (1.486 ms) : 0, 1486
crashtracking [candidate] (1.465 ms) : 0, 1465
BytebuddyAgent [baseline] (814.239 ms) : 0, 814239
BytebuddyAgent [candidate] (821.746 ms) : 0, 821746
GlobalTracer [baseline] (231.718 ms) : 0, 231718
GlobalTracer [candidate] (233.601 ms) : 0, 233601
IAST [baseline] (26.367 ms) : 0, 26367
IAST [candidate] (26.769 ms) : 0, 26769
AppSec [baseline] (35.548 ms) : 0, 35548
AppSec [candidate] (35.241 ms) : 0, 35241
Debugger [baseline] (6.145 ms) : 0, 6145
Debugger [candidate] (6.159 ms) : 0, 6159
Remote Config [baseline] (617.884 µs) : 0, 618
Remote Config [candidate] (603.774 µs) : 0, 604
Telemetry [baseline] (8.58 ms) : 0, 8580
Telemetry [candidate] (8.545 ms) : 0, 8545
Flare Poller [baseline] (4.241 ms) : 0, 4241
Flare Poller [candidate] (4.127 ms) : 0, 4127
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sarahchen6/update-dd-octo-sts
git_commit_date 1759870068 1759871970
git_commit_sha 054a9d5 33b224e
release_version 1.55.0-SNAPSHOT~054a9d5313 1.53.0-SNAPSHOT~33b224ef40
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1759873493 1759873493
ci_job_id 1168371498 1168371498
ci_pipeline_id 78662133 78662133
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-fmvgrhlh 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-fmvgrhlh 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 12 unstable metrics.

scenario Δ mean http_req_duration Δ mean throughput candidate mean http_req_duration candidate mean throughput baseline mean http_req_duration baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load better
[-657.250µs; -240.243µs] or [-5.987%; -2.188%]		 unstable
[-29.001op/s; +64.813op/s] or [-6.847%; +15.302%]		 10.529ms 441.469op/s 10.978ms 423.562op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.53.0-SNAPSHOT~33b224ef40, baseline=1.55.0-SNAPSHOT~054a9d5313
    dateFormat X
    axisFormat %s
section baseline
no_agent (38.197 ms) : 37890, 38504
.   : milestone, 38197,
appsec (49.192 ms) : 48739, 49644
.   : milestone, 49192,
code_origins (44.374 ms) : 43990, 44758
.   : milestone, 44374,
iast (45.519 ms) : 45132, 45905
.   : milestone, 45519,
profiling (48.888 ms) : 48420, 49355
.   : milestone, 48888,
tracing (44.293 ms) : 43908, 44678
.   : milestone, 44293,
section candidate
no_agent (37.61 ms) : 37308, 37912
.   : milestone, 37610,
appsec (49.764 ms) : 49335, 50194
.   : milestone, 49764,
code_origins (44.293 ms) : 43911, 44675
.   : milestone, 44293,
iast (44.959 ms) : 44567, 45352
.   : milestone, 44959,
profiling (48.299 ms) : 47815, 48783
.   : milestone, 48299,
tracing (44.954 ms) : 44576, 45331
.   : milestone, 44954,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 38.197 ms [37.89 ms, 38.504 ms] -
appsec 49.192 ms [48.739 ms, 49.644 ms] 10.995 ms (28.8%)
code_origins 44.374 ms [43.99 ms, 44.758 ms] 6.177 ms (16.2%)
iast 45.519 ms [45.132 ms, 45.905 ms] 7.322 ms (19.2%)
profiling 48.888 ms [48.42 ms, 49.355 ms] 10.69 ms (28.0%)
tracing 44.293 ms [43.908 ms, 44.678 ms] 6.096 ms (16.0%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 37.61 ms [37.308 ms, 37.912 ms] -
appsec 49.764 ms [49.335 ms, 50.194 ms] 12.155 ms (32.3%)
code_origins 44.293 ms [43.911 ms, 44.675 ms] 6.683 ms (17.8%)
iast 44.959 ms [44.567 ms, 45.352 ms] 7.349 ms (19.5%)
profiling 48.299 ms [47.815 ms, 48.783 ms] 10.689 ms (28.4%)
tracing 44.954 ms [44.576 ms, 45.331 ms] 7.344 ms (19.5%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.53.0-SNAPSHOT~33b224ef40, baseline=1.55.0-SNAPSHOT~054a9d5313
    dateFormat X
    axisFormat %s
section baseline
no_agent (4.301 ms) : 4252, 4350
.   : milestone, 4301,
iast (9.973 ms) : 9804, 10142
.   : milestone, 9973,
iast_FULL (14.517 ms) : 14220, 14815
.   : milestone, 14517,
iast_GLOBAL (10.978 ms) : 10778, 11178
.   : milestone, 10978,
profiling (9.391 ms) : 9242, 9540
.   : milestone, 9391,
tracing (7.684 ms) : 7573, 7795
.   : milestone, 7684,
section candidate
no_agent (4.325 ms) : 4275, 4374
.   : milestone, 4325,
iast (9.995 ms) : 9829, 10162
.   : milestone, 9995,
iast_FULL (14.649 ms) : 14354, 14944
.   : milestone, 14649,
iast_GLOBAL (10.529 ms) : 10342, 10717
.   : milestone, 10529,
profiling (9.444 ms) : 9295, 9592
.   : milestone, 9444,
tracing (7.949 ms) : 7826, 8073
.   : milestone, 7949,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.301 ms [4.252 ms, 4.35 ms] -
iast 9.973 ms [9.804 ms, 10.142 ms] 5.672 ms (131.9%)
iast_FULL 14.517 ms [14.22 ms, 14.815 ms] 10.216 ms (237.5%)
iast_GLOBAL 10.978 ms [10.778 ms, 11.178 ms] 6.677 ms (155.2%)
profiling 9.391 ms [9.242 ms, 9.54 ms] 5.09 ms (118.4%)
tracing 7.684 ms [7.573 ms, 7.795 ms] 3.383 ms (78.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 4.325 ms [4.275 ms, 4.374 ms] -
iast 9.995 ms [9.829 ms, 10.162 ms] 5.67 ms (131.1%)
iast_FULL 14.649 ms [14.354 ms, 14.944 ms] 10.324 ms (238.7%)
iast_GLOBAL 10.529 ms [10.342 ms, 10.717 ms] 6.204 ms (143.5%)
profiling 9.444 ms [9.295 ms, 9.592 ms] 5.119 ms (118.4%)
tracing 7.949 ms [7.826 ms, 8.073 ms] 3.624 ms (83.8%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master sarahchen6/update-dd-octo-sts
git_commit_date 1759870068 1759871970
git_commit_sha 054a9d5 33b224e
release_version 1.55.0-SNAPSHOT~054a9d5313 1.53.0-SNAPSHOT~33b224ef40
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1759874059 1759874059
ci_job_id 1168371500 1168371500
ci_pipeline_id 78662133 78662133
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-ei7lg4ut 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-ei7lg4ut 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.53.0-SNAPSHOT~33b224ef40, baseline=1.55.0-SNAPSHOT~054a9d5313
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.475 ms) : 1463, 1487
.   : milestone, 1475,
appsec (3.73 ms) : 3510, 3950
.   : milestone, 3730,
iast (2.2 ms) : 2136, 2264
.   : milestone, 2200,
iast_GLOBAL (2.243 ms) : 2179, 2307
.   : milestone, 2243,
profiling (2.063 ms) : 2010, 2115
.   : milestone, 2063,
tracing (2.022 ms) : 1972, 2072
.   : milestone, 2022,
section candidate
no_agent (1.472 ms) : 1461, 1484
.   : milestone, 1472,
appsec (3.708 ms) : 3489, 3928
.   : milestone, 3708,
iast (2.207 ms) : 2143, 2270
.   : milestone, 2207,
iast_GLOBAL (2.234 ms) : 2170, 2298
.   : milestone, 2234,
profiling (2.074 ms) : 2021, 2127
.   : milestone, 2074,
tracing (2.017 ms) : 1967, 2066
.   : milestone, 2017,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.475 ms [1.463 ms, 1.487 ms] -
appsec 3.73 ms [3.51 ms, 3.95 ms] 2.255 ms (152.9%)
iast 2.2 ms [2.136 ms, 2.264 ms] 724.956 µs (49.1%)
iast_GLOBAL 2.243 ms [2.179 ms, 2.307 ms] 767.879 µs (52.1%)
profiling 2.063 ms [2.01 ms, 2.115 ms] 587.652 µs (39.8%)
tracing 2.022 ms [1.972 ms, 2.072 ms] 547.212 µs (37.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.472 ms [1.461 ms, 1.484 ms] -
appsec 3.708 ms [3.489 ms, 3.928 ms] 2.236 ms (151.9%)
iast 2.207 ms [2.143 ms, 2.27 ms] 734.247 µs (49.9%)
iast_GLOBAL 2.234 ms [2.17 ms, 2.298 ms] 761.634 µs (51.7%)
profiling 2.074 ms [2.021 ms, 2.127 ms] 601.577 µs (40.9%)
tracing 2.017 ms [1.967 ms, 2.066 ms] 544.597 µs (37.0%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.53.0-SNAPSHOT~33b224ef40, baseline=1.55.0-SNAPSHOT~054a9d5313
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.802 s) : 14802000, 14802000
.   : milestone, 14802000,
appsec (15.122 s) : 15122000, 15122000
.   : milestone, 15122000,
iast (18.526 s) : 18526000, 18526000
.   : milestone, 18526000,
iast_GLOBAL (18.187 s) : 18187000, 18187000
.   : milestone, 18187000,
profiling (14.963 s) : 14963000, 14963000
.   : milestone, 14963000,
tracing (15.282 s) : 15282000, 15282000
.   : milestone, 15282000,
section candidate
no_agent (14.794 s) : 14794000, 14794000
.   : milestone, 14794000,
appsec (14.976 s) : 14976000, 14976000
.   : milestone, 14976000,
iast (18.39 s) : 18390000, 18390000
.   : milestone, 18390000,
iast_GLOBAL (18.04 s) : 18040000, 18040000
.   : milestone, 18040000,
profiling (15.293 s) : 15293000, 15293000
.   : milestone, 15293000,
tracing (15.144 s) : 15144000, 15144000
.   : milestone, 15144000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.802 s [14.802 s, 14.802 s] -
appsec 15.122 s [15.122 s, 15.122 s] 320.0 ms (2.2%)
iast 18.526 s [18.526 s, 18.526 s] 3.724 s (25.2%)
iast_GLOBAL 18.187 s [18.187 s, 18.187 s] 3.385 s (22.9%)
profiling 14.963 s [14.963 s, 14.963 s] 161.0 ms (1.1%)
tracing 15.282 s [15.282 s, 15.282 s] 480.0 ms (3.2%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.794 s [14.794 s, 14.794 s] -
appsec 14.976 s [14.976 s, 14.976 s] 182.0 ms (1.2%)
iast 18.39 s [18.39 s, 18.39 s] 3.596 s (24.3%)
iast_GLOBAL 18.04 s [18.04 s, 18.04 s] 3.246 s (21.9%)
profiling 15.293 s [15.293 s, 15.293 s] 499.0 ms (3.4%)
tracing 15.144 s [15.144 s, 15.144 s] 350.0 ms (2.4%)

@sarahchen6 sarahchen6 added type: enhancement Enhancements and improvements tag: no release notes Changes to exclude from release notes labels Aug 4, 2025
@sarahchen6
Copy link
Contributor Author

sarahchen6 commented Aug 4, 2025

Failed Update jmxfetch integrations submodule workflow when manually triggered on this branch: https://github.com/DataDog/dd-trace-java/actions/runs/16732051226/job/47362205603.

After talking to @avidal -- the failure is due to a restriction where a private action cannot be accessed from a public repo, even within the same organization. This PR will be put on hold until a resolution is made (e.g. by making commit-headless public, using another STS policy, etc.).

sarahchen6
sarahchen6 commented Aug 4, 2025
View reviewed changes
@sarahchen6 sarahchen6 mentioned this pull request Aug 4, 2025
Merged
PerfectSlayer
PerfectSlayer reviewed Aug 5, 2025
View reviewed changes
Copy link
Contributor

@PerfectSlayer PerfectSlayer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏 praise: ‏We will finally move to a better solution to create bot commits and PRs. Nice!

.github/workflows/update-docker-build-image.yaml
runs-on: ubuntu-latest
permissions:
contents: write # Required to create and push branch
contents: read
Copy link
Contributor

@PerfectSlayer PerfectSlayer Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❔ question: ‏If contents: write is no more needed, should we remove it to from add-release-to-clouldfoundry?

Copy link
Contributor Author

@sarahchen6 sarahchen6 Aug 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it seems so! content permissions are specifically for GITHUB_TOKEN (ref), and add-release-to-cloudfoundry doesn't use this token to push anymore.

EDIT: just kidding - Since we're checking out the repo and committing without the dd-octo-sts token, the workflow is still using GITHUB_TOKEN and needs the write permissions to push 🤔

.github/workflows/update-gradle-dependencies.yaml Outdated
JAVA_21_HOME=$JAVA_HOME_21_X64 \
./gradlew resolveAndLockAll --write-locks --parallel --stacktrace --no-daemon --max-workers=4
- name: Commit changes
id: create-commits
Copy link
Contributor

@PerfectSlayer PerfectSlayer Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 suggestion: ‏For this part, I would recommend to get rid of the logic that create small commits (ie commit with less than 10 files) and check how the commit-headless push works for big commits.
It would simplify our workflow by only push one big commit.

Copy link
Contributor Author

@sarahchen6 sarahchen6 Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I adjusted the logic for now after not finding evidence that commits are limited. However, this will need another review / pass through before merging 😅

@sarahchen6
Copy link
Contributor Author

sarahchen6 commented Oct 7, 2025

Now when I run the Update jmxfetch integrations submodule workflow when manually triggered on this branch, it fails due to the trust policy (as expected because we're not running from master): https://github.com/DataDog/dd-trace-java/actions/runs/18326611732/job/52192512484

Yay, it seems like we can use commit-headless now that it's public.

@sarahchen6 sarahchen6 mentioned this pull request Oct 8, 2025
Merged
@sarahchen6
Copy link
Contributor Author

sarahchen6 commented Oct 9, 2025

Replaced by #9702

@sarahchen6 sarahchen6 closed this Oct 9, 2025
@sarahchen6 sarahchen6 deleted the sarahchen6/update-dd-octo-sts branch October 16, 2025 18:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PerfectSlayer PerfectSlayer PerfectSlayer left review comments

@AlexeyKuznetsov-DD AlexeyKuznetsov-DD AlexeyKuznetsov-DD approved these changes

Assignees

No one assigned

Labels

tag: no release notes Changes to exclude from release notes type: enhancement Enhancements and improvements

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sarahchen6 @PerfectSlayer @AlexeyKuznetsov-DD @avidal