DataDog · iunanua · Jan 27, 2025 · Dec 13, 2024 · Dec 13, 2024 · Dec 13, 2024
@@ -0,0 +1,21 @@
+name: Get_target_branch
+description: "Gets target branch from the PR description"
+inputs:
+  text:
+    description: "Text from which to extract the target branch"
+    required: true
+outputs:
+  target-branch:
+    description: "Target branch"
+    value: ${{ steps.extract.outputs.target-branch }}
+
+runs:
+  using: composite
+  steps:
+    - name: Extract target branch
+      id: extract
+      shell: bash
+      run: |
+        branch=$(echo "${{ inputs.text }}" | grep -ioP '\[(?:java|dotnet|python|ruby|php|golang|cpp|agent|nodejs)@[^]]+(?=\])' | tr -d '[:space:]' || true)
+
+        echo "target-branch=${branch#*@}" >> $GITHUB_OUTPUT
@@ -60,15 +60,22 @@ jobs:
         library: ${{ fromJson(needs.impacted_libraries.outputs.impacted_libraries) }}
       fail-fast: false
     runs-on: ubuntu-latest
+    outputs:
+      target-branch: ${{ steps.get-target-branch.outputs.target-branch }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - name: Get target branch
+        uses: ./.github/actions/get_target_branch
+        id: get-target-branch
+        with:
+          text: ${{ github.event.pull_request.title }}
       - name: Get library artifact
         run: ./utils/scripts/load-binary.sh ${{ matrix.library }}
-
+        env:
+          TARGET_BRANCH: "${{ steps.get-target-branch.outputs.target-branch }}"
       - name: Get agent artifact
         run: ./utils/scripts/load-binary.sh agent
-
       # ### appsec-event-rules is now a private repo. The GH_TOKEN provided can't read private repos.
       # ### skipping this, waiting for a proper solution
       # - name: Load WAF rules
@@ -82,8 +89,20 @@ jobs:
           name: binaries_dev_${{ matrix.library }}
           path: binaries/
 
+  fail-if-target-branch:
+    name: Fail if target branch is specified
+    needs:
+      - get_dev_artifacts
+    if: needs.get_dev_artifacts.outputs.target-branch != ''
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fail if PR title contains a target branch
+        run: |
+          echo "This PR can't be merged, due to the title specifying a target branch"
+          exit 1
+
   system_tests:
-    name: System Tests
+    name: System Tests ${{ needs.get_dev_artifacts.outputs.target-branch != '' && format('({0} branch)', needs.get_dev_artifacts.outputs.target-branch) || '' }}
     needs:
     - lint
     - test_the_test

@@ -44,7 +44,7 @@ jobs:
 
           else:
               pr_title = github_context["event"]["pull_request"]["title"].lower()
-              match = re.search(rf"^\[({libraries})\]", pr_title)
+              match = re.search(rf"^\[({libraries})(?:@([^\]]+))?\]", pr_title)
               if match:
                   print(f"PR title matchs => run {match[1]}")
                   result.add(match[1])

@@ -14,3 +14,13 @@ The System-tests repository contains **one main workflow**: `ci.yml`. It is trig
 By default, after some basic test/lint jobs, this pipeline build alls weblogs (67!) in their `prod` (last release of all Datadog components) and `dev` (last commit on main of all Datadog components) versions. Then it runs the DEFAULT scenario on all of them. All of this in parallel (so 134 jobs), it takes few minutes to run.
 
 This workflow can validate any system-tests PR, as long as it modifies only the default scenario, which is the most common use case. See more details in the [docs about labels](./labels)
+
+### Target branch selection
+`dev` version uses `main/master` branch by default but, in the case of some libraries (cpp, agent, nodejs, python and ruby), it is possible to configure the CI to use a target branch.
+
+If the PR's title includes `[target_library@branch_name_to_test]` the workflow will use `branch_name_to_test` instead of `main/master` branch.
+
+At the moment, it is not possible to run the CI for all libraries in a particular branch but it is limited to the target library indicated in the title.
+
+As a security measure, the "Fail if target branch is specified" job always fails if a target branch is selected.
+
@@ -35,6 +35,17 @@ assert_version_is_dev() {
   exit 1
 }
 
+assert_target_branch_is_not_set() {
+
+  if [[ -z "$TARGET_BRANCH" ]]; then
+    return 0
+  fi
+
+  echo "It is not possible to specify the '$TARGET_BRANCH' target branch for $TARGET library yet"
+
+  exit 1
+}
+
 get_circleci_artifact() {
 
     SLUG=$1
@@ -162,22 +173,29 @@ cd binaries/
 
 if [ "$TARGET" = "java" ]; then
     assert_version_is_dev
+    assert_target_branch_is_not_set
     ../utils/scripts/docker_base_image.sh ghcr.io/datadog/dd-trace-java/dd-trace-java:latest_snapshot .
 
 elif [ "$TARGET" = "dotnet" ]; then
     assert_version_is_dev
+    assert_target_branch_is_not_set
     rm -rf *.tar.gz
     ../utils/scripts/docker_base_image.sh ghcr.io/datadog/dd-trace-dotnet/dd-trace-dotnet:latest_snapshot .
 
 elif [ "$TARGET" = "python" ]; then
     assert_version_is_dev
 
-    echo "git+https://github.com/DataDog/dd-trace-py.git" > python-load-from-pip
+    TARGET_BRANCH="${TARGET_BRANCH:-main}"
+    echo "git+https://github.com/DataDog/dd-trace-py.git@$TARGET_BRANCH" > python-load-from-pip
+    echo "Using $(cat python-load-from-pip)"
 
 elif [ "$TARGET" = "ruby" ]; then
     assert_version_is_dev
-    echo "gem 'datadog', require: 'datadog/auto_instrument', git: 'https://github.com/Datadog/dd-trace-rb.git'" > ruby-load-from-bundle-add
+
+    TARGET_BRANCH="${TARGET_BRANCH:-master}"
+    echo "gem 'datadog', require: 'datadog/auto_instrument', git: 'https://github.com/Datadog/dd-trace-rb.git', branch: '$TARGET_BRANCH'" > ruby-load-from-bundle-add
     echo "Using $(cat ruby-load-from-bundle-add)"
+
 elif [ "$TARGET" = "php" ]; then
     rm -rf *.tar.gz
     if [ $VERSION = 'dev' ]; then
@@ -187,9 +205,12 @@ elif [ "$TARGET" = "php" ]; then
     else
         echo "Don't know how to load version $VERSION for $TARGET"
     fi
+    assert_target_branch_is_not_set
     mv ./temp/dd-library-php*.tar.gz . && mv ./temp/datadog-setup.php . && rm -rf ./temp
+
 elif [ "$TARGET" = "golang" ]; then
     assert_version_is_dev
+    assert_target_branch_is_not_set
     rm -rf golang-load-from-go-get
 
     # COMMIT_ID=$(curl -s 'https://api.github.com/repos/DataDog/dd-trace-go/branches/main' | jq -r .commit.sha)
@@ -205,23 +226,30 @@ elif [ "$TARGET" = "cpp" ]; then
     # get_circleci_artifact "gh/DataDog/dd-opentracing-cpp" "build_test_deploy" "build" "TBD"
     # PROFILER: The main version is stored in s3, though we can not access this in CI
     # Not handled for now for system-tests. this handles artifact for parametric
-    echo "Using https://github.com/DataDog/dd-trace-cpp@main"
-    echo "https://github.com/DataDog/dd-trace-cpp@main" > cpp-load-from-git
+    TARGET_BRANCH="${TARGET_BRANCH:-main}"
+    echo "https://github.com/DataDog/dd-trace-cpp@$TARGET_BRANCH" > cpp-load-from-git
+    echo "Using $(cat cpp-load-from-git)"
+
 elif [ "$TARGET" = "agent" ]; then
     assert_version_is_dev
-    echo "datadog/agent-dev:master-py3" > agent-image
+    TARGET_BRANCH="${TARGET_BRANCH:-master-py3}"
+    echo "datadog/agent-dev:$TARGET_BRANCH" > agent-image
     echo "Using $(cat agent-image) image"
 
 elif [ "$TARGET" = "nodejs" ]; then
     assert_version_is_dev
+
+    TARGET_BRANCH="${TARGET_BRANCH:-master}"
     # NPM builds the package, so we put a trigger file that tells install script to get package from github#master
-    echo "DataDog/dd-trace-js#master" > nodejs-load-from-npm
+    echo "DataDog/dd-trace-js#$TARGET_BRANCH" > nodejs-load-from-npm
+    echo "Using $(cat nodejs-load-from-npm)"
 
 elif [ "$TARGET" = "waf_rule_set_v1" ]; then
     exit 1
 
 elif [ "$TARGET" = "waf_rule_set_v2" ]; then
     assert_version_is_dev
+    assert_target_branch_is_not_set
     curl --silent \
         -H "Authorization: token $GH_TOKEN" \
         -H "Accept: application/vnd.github.v3.raw" \
@@ -230,6 +258,7 @@ elif [ "$TARGET" = "waf_rule_set_v2" ]; then
 
 elif [ "$TARGET" = "waf_rule_set" ]; then
     assert_version_is_dev
+    assert_target_branch_is_not_set
     curl --fail --output "waf_rule_set.json" \
         -H "Authorization: token $GH_TOKEN" \
         -H "Accept: application/vnd.github.v3.raw" \