feat(ci): Update CI reports to prod

PerfectSlayer · PerfectSlayer · commit 30b2ea04d8bb · 2024-11-08T14:26:41.000+01:00
diff --git a/.circleci/upload_ciapp.sh b/.circleci/upload_ciapp.sh
@@ -1,26 +1,39 @@
 #!/usr/bin/env bash
 SERVICE_NAME="dd-trace-java"
+PIPELINE_STAGE=$1
+TEST_JVM=$2
 
 # JAVA_???_HOME are set in the base image for each used JDK https://github.com/DataDog/dd-trace-java-docker-build/blob/master/Dockerfile#L86
-java_home="JAVA_$2_HOME"
-java_bin="${!java_home}/bin/java"
-if [ ! -x $java_bin ]; then
-    java_bin=$(which java)
+JAVA_HOME="JAVA_${TEST_JVM}_HOME"
+JAVA_BIN="${!JAVA_HOME}/bin/java"
+if [ ! -x "$JAVA_BIN" ]; then
+    JAVA_BIN=$(which java)
 fi
 
-java_props=$($java_bin -XshowSettings:properties -version 2>&1)
-java_prop () {
-    echo "$(echo "$java_props" | grep $1 | head -n1 | cut -d'=' -f2 | xargs)"
+# Extract Java properties from the JVM used to run the tests
+JAVA_PROPS=$($JAVA_BIN -XshowSettings:properties -version 2>&1)
+java_prop() {
+    local PROP_NAME=$1
+    echo "$JAVA_PROPS" | grep "$PROP_NAME" | head -n1 | cut -d'=' -f2 | xargs
 }
 
-# based on tracer implementation: https://github.com/DataDog/dd-trace-java/blob/master/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/TestDecorator.java#L55-L77
-datadog-ci junit upload --service $SERVICE_NAME \
-    --logs \
-    --tags "test.traits:{\"marker\":[\"$1\"]}" \
-    --tags "runtime.name:$(java_prop java.runtime.name)" \
-    --tags "runtime.vendor:$(java_prop java.vendor)" \
-    --tags "runtime.version:$(java_prop java.version)" \
-    --tags "os.architecture:$(java_prop os.arch)" \
-    --tags "os.platform:$(java_prop os.name)" \
-    --tags "os.version:$(java_prop os.version)" \
-./results
+# Upload test results to CI Visibility
+junit_upload() {
+    # based on tracer implementation: https://github.com/DataDog/dd-trace-java/blob/master/dd-java-agent/agent-bootstrap/src/main/java/datadog/trace/bootstrap/instrumentation/decorator/TestDecorator.java#L55-L77
+    DD_API_KEY=$1 \
+        datadog-ci junit upload --service $SERVICE_NAME \
+        --logs \
+        --tags "test.traits:{\"marker\":[\"$PIPELINE_STAGE\"]}" \
+        --tags "runtime.name:$(java_prop java.runtime.name)" \
+        --tags "runtime.vendor:$(java_prop java.vendor)" \
+        --tags "runtime.version:$(java_prop java.version)" \
+        --tags "os.architecture:$(java_prop os.arch)" \
+        --tags "os.platform:$(java_prop os.name)" \
+        --tags "os.version:$(java_prop os.version)" \
+        ./results
+}
+
+# Upload test results to production environment like all other CI jobs
+junit_upload "$DATADOG_API_KEY_PROD"
+# And also upload to staging environment to benefit from the new features not yet released
+junit_upload "$DATADOG_API_KEY_DDSTAGING"
diff --git a/.github/workflows/analyze-changes.yaml b/.github/workflows/analyze-changes.yaml
@@ -16,13 +16,25 @@ jobs:
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
         with:
           submodules: 'recursive'
-      - name: Check code meets quality standards
+      - name: Check code meets quality standards (production)
         id: datadog-static-analysis
         uses: DataDog/datadog-static-analyzer-github-action@c74aff158c8cc1c3e285660713bcaa5f9c6d696e # v1
         with:
-          dd_app_key: ${{ secrets.DD_APP_KEY }}
-          dd_api_key: ${{ secrets.DD_API_KEY }}
-          dd_site: datad0g.com
+          dd_app_key: ${{ secrets.DATADOG_APP_KEY_PROD }}
+          dd_api_key: ${{ secrets.DATADOG_API_KEY_PROD }}
+          dd_site: "datadoghq.com"
+          dd_service: "dd-trace-java"
+          dd_env: "ci"
+          cpu_count: 2
+          enable_performance_statistics: false
+      # Also run the static analysis on the staging environment to benefit from the new features not yet released
+      - name: Check code meets quality standards (staging)
+        id: datadog-static-analysis-staging
+        uses: DataDog/datadog-static-analyzer-github-action@c74aff158c8cc1c3e285660713bcaa5f9c6d696e # v1
+        with:
+          dd_app_key: ${{ secrets.DATADOG_APP_KEY_STAGING }}
+          dd_api_key: ${{ secrets.DATADOG_API_KEY_STAGING }}
+          dd_site: "datad0g.com"
           dd_service: "dd-trace-java"
           dd_env: "ci"
           cpu_count: 2
@@ -74,15 +86,21 @@ jobs:
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
         uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
 
-      # For now, CodeQL SARIF results are not supported by Datadog CI
-      # - name: Upload results to Datadog CI Static Analysis
-      #   run: |
-      #     wget --no-verbose https://github.com/DataDog/datadog-ci/releases/download/v2.42.0/datadog-ci_linux-x64 -O datadog-ci
-      #     chmod +x datadog-ci
-      #     ./datadog-ci sarif upload /home/runner/work/dd-trace-java/results/java.sarif --service dd-trace-java --env ci
-      #   env:
-      #     DD_API_KEY: ${{ secrets.DD_API_KEY }}
-      #     DD_SITE: datad0g.com
+      - name: Upload results to Datadog CI Static Analysis
+        run: |
+          wget --no-verbose https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64 -O datadog-ci
+          chmod +x datadog-ci
+          ./datadog-ci sarif upload /home/runner/work/dd-trace-java/results/java.sarif --service dd-trace-java --env ci
+        env:
+          DD_API_KEY: ${{ secrets.DATADOG_APP_KEY_PROD }}
+          DD_SITE: datadoghq.com
+
+      - name: Upload results to Datadog Staging CI Static Analysis
+        run: |
+          ./datadog-ci sarif upload /home/runner/work/dd-trace-java/results/java.sarif --service dd-trace-java --env ci
+        env:
+          DD_API_KEY: ${{ secrets.DATADOG_API_KEY_STAGING }}
+          DD_SITE: datad0g.com
 
   trivy:
     name: Analyze changes with Trivy
@@ -152,9 +170,16 @@ jobs:
 
       - name: Upload results to Datadog CI Static Analysis
         run: |
-          wget --no-verbose https://github.com/DataDog/datadog-ci/releases/download/v2.42.0/datadog-ci_linux-x64 -O datadog-ci
+          wget --no-verbose https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64 -O datadog-ci
           chmod +x datadog-ci
           ./datadog-ci sarif upload trivy-results.sarif --service dd-trace-java --env ci
         env:
-          DD_API_KEY: ${{ secrets.DD_API_KEY }}
+          DD_API_KEY: ${{ secrets.DATADOG_APP_KEY_PROD }}
+          DD_SITE: datadoghq.com
+
+      - name: Upload results to Datadog Staging CI Static Analysis
+        run: |
+          ./datadog-ci sarif upload trivy-results.sarif --service dd-trace-java --env ci
+        env:
+          DD_API_KEY: ${{ secrets.DATADOG_API_KEY_STAGING }}
           DD_SITE: datad0g.com
