From 136f7fd7a586a0a1a89d081402330cd3b22cc3a7 Mon Sep 17 00:00:00 2001 From: Sarah Chen Date: Wed, 4 Mar 2026 16:46:43 -0500 Subject: [PATCH 1/2] Pull CI images from registry.ddbuild.io --- .../workflows/update-docker-build-image.yaml | 96 ------------------- .gitlab-ci.yml | 13 +-- 2 files changed, 7 insertions(+), 102 deletions(-) delete mode 100644 .github/workflows/update-docker-build-image.yaml diff --git a/.github/workflows/update-docker-build-image.yaml b/.github/workflows/update-docker-build-image.yaml deleted file mode 100644 index 9774c379367..00000000000 --- a/.github/workflows/update-docker-build-image.yaml +++ /dev/null @@ -1,96 +0,0 @@ -name: Update Docker Build Image - -on: - schedule: - # A day after creating the tag from https://github.com/DataDog/dd-trace-java-docker-build/blob/master/.github/workflows/docker-tag.yml - - cron: "0 0 1 2,5,8,11 *" - workflow_dispatch: - inputs: - tag: - description: "The tag to use for the Docker build image" - required: true - default: "vYY.MM" - -jobs: - update-docker-build-image: - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write # Required for OIDC token federation - steps: - - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3 - id: octo-sts - with: - scope: DataDog/dd-trace-java - policy: self.update-docker-build-image.create-pr - - - name: Checkout the repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Define the Docker build image tag to use - id: define-tag - run: | - if [ -n "${{ github.event.inputs.tag }}" ]; then - TAG=${{ github.event.inputs.tag }} - else - CURRENT_MONTH=$(date +%m) - CURRENT_YEAR=$(date +%y) - case $CURRENT_MONTH in - 01) TAG_DATE="$(($CURRENT_YEAR - 1)).10" ;; - 02|03|04) TAG_DATE="${CURRENT_YEAR}.01" ;; - 05|06|07) TAG_DATE="${CURRENT_YEAR}.04" ;; - 08|09|10) TAG_DATE="${CURRENT_YEAR}.07" ;; - 11|12) TAG_DATE="${CURRENT_YEAR}.10" ;; - esac - TAG="v${TAG_DATE}" - fi - echo "tag=${TAG}" >> "$GITHUB_OUTPUT" - echo "::notice::Using Docker build image tag: ${TAG}" - - name: Update the Docker build image in GitLab CI config - run: | - sed -i -E 's|(BUILDER_IMAGE_VERSION_PREFIX:)[^#]*([#].*)|\1 "${{ steps.define-tag.outputs.tag }}-" \2|' .gitlab-ci.yml - - name: Check if changes should be committed - id: check-changes - run: | - if [[ -z "$(git status -s)" ]]; then - echo "No changes to commit, exiting." - echo "commit_changes=false" >> "$GITHUB_OUTPUT" - exit 0 - else - echo "commit_changes=true" >> "$GITHUB_OUTPUT" - fi - - name: Pick a branch name - if: steps.check-changes.outputs.commit_changes == 'true' - id: define-branch - run: echo "branch=ci/update-docker-build-image-$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - - name: Commit changes - if: steps.check-changes.outputs.commit_changes == 'true' - id: create-commit - run: | - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git commit -m "feat(ci): Update Docker build image" .gitlab-ci.yml - echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - - name: Push changes - uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3 - if: steps.check-changes.outputs.commit_changes == 'true' - with: - token: "${{ steps.octo-sts.outputs.token }}" - branch: "${{ steps.define-branch.outputs.branch }}" - # for scheduled runs, sha is the tip of the default branch - # for dispatched runs, sha is the tip of the branch it was dispatched on - head-sha: "${{ github.sha }}" - create-branch: true - command: push - commits: "${{ steps.create-commit.outputs.commit }}" - - name: Create pull request - if: steps.check-changes.outputs.commit_changes == 'true' - env: - GH_TOKEN: ${{ steps.octo-sts.outputs.token }} - run: | - gh pr create --title "Update Docker build image" \ - --base master \ - --head ${{ steps.define-branch.outputs.branch }} \ - --label "comp: tooling" \ - --label "type: enhancement" \ - --label "tag: no release notes" \ - --body "This PR updates the Docker build image to ${{ steps.define-tag.outputs.tag }}." diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7de33f10177..126abec7f78 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -29,7 +29,8 @@ variables: GRADLE_VERSION: "8.14.4" # must match gradle-wrapper.properties MAVEN_REPOSITORY_PROXY: "https://depot-read-api-java.us1.ddbuild.io/magicmirror/magicmirror/@current/" GRADLE_PLUGIN_PROXY: "https://depot-read-api-java.us1.ddbuild.io/magicmirror/magicmirror/@current/" - BUILDER_IMAGE_VERSION_PREFIX: "v26.02-" # use either an empty string (e.g. "") for latest images or a version followed by a hyphen (e.g. "v25.05-") + BUILDER_IMAGE_REPO: "registry.ddbuild.io/images/mirror/dd-trace-java-docker-build" # images are pinned in images/mirror.lock.yaml in the DataDog/images repo + TESTER_IMAGE_VERSION_PREFIX: "" # set only when testing a new build from the dd-trace-java-docker-build repo (e.g. "138_merge-" corresponds to PR #138) REPO_NOTIFICATION_CHANNEL: "#apm-java-escalations" DEFAULT_TEST_JVMS: /^(8|11|17|21|25|tip)$/ # the latest "tip" version is 26 PROFILE_TESTS: @@ -142,7 +143,7 @@ default: fi .gradle_build: &gradle_build - image: ghcr.io/datadog/dd-trace-java-docker-build:${BUILDER_IMAGE_VERSION_PREFIX}base + image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}base stage: build variables: MAVEN_OPTS: "-Xms256M -Xmx1024M" @@ -218,7 +219,7 @@ default: # on the central publisher portal, it invalidates the old one. This check prevents going further. # See https://datadoghq.atlassian.net/wiki/x/Oog5OgE maven-central-pre-release-check: - image: ghcr.io/datadog/dd-trace-java-docker-build:${BUILDER_IMAGE_VERSION_PREFIX}base + image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}base stage: .pre rules: - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/' @@ -399,7 +400,7 @@ config-inversion-linter: test_published_artifacts: extends: .gradle_build - image: ghcr.io/datadog/dd-trace-java-docker-build:${BUILDER_IMAGE_VERSION_PREFIX}7 # Needs Java7 for some tests + image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}7 # Needs Java7 for some tests stage: tests needs: [ build ] variables: @@ -566,7 +567,7 @@ muzzle-dep-report: .test_job: extends: .gradle_build - image: ghcr.io/datadog/dd-trace-java-docker-build:${BUILDER_IMAGE_VERSION_PREFIX}$testJvm + image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}$testJvm tags: [ "docker-in-docker:amd64" ] # use docker-in-docker runner for testcontainers needs: [ build_tests ] stage: tests @@ -794,7 +795,7 @@ test_smoke_semeru8_debugger: testJvm: "semeru8" aggregate_test_counts: - image: ghcr.io/datadog/dd-trace-java-docker-build:${BUILDER_IMAGE_VERSION_PREFIX}base + image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}base stage: test-summary # Note: No explicit 'needs' or 'dependencies' required # By default, GitLab CI automatically downloads artifacts from ALL jobs in previous stages From 082b8e135f3ff9e38f0946da05fbf8dbaa6b293d Mon Sep 17 00:00:00 2001 From: Sarah Chen Date: Fri, 6 Mar 2026 11:25:54 -0500 Subject: [PATCH 2/2] Revert prefix name and add ci- prefix --- .gitlab-ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 126abec7f78..49cbfcd3ff9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -30,7 +30,7 @@ variables: MAVEN_REPOSITORY_PROXY: "https://depot-read-api-java.us1.ddbuild.io/magicmirror/magicmirror/@current/" GRADLE_PLUGIN_PROXY: "https://depot-read-api-java.us1.ddbuild.io/magicmirror/magicmirror/@current/" BUILDER_IMAGE_REPO: "registry.ddbuild.io/images/mirror/dd-trace-java-docker-build" # images are pinned in images/mirror.lock.yaml in the DataDog/images repo - TESTER_IMAGE_VERSION_PREFIX: "" # set only when testing a new build from the dd-trace-java-docker-build repo (e.g. "138_merge-" corresponds to PR #138) + BUILDER_IMAGE_VERSION_PREFIX: "ci-" # use either an empty string (e.g. "") for latest images or a version followed by a hyphen (e.g. "ci-" or "123_merge-") REPO_NOTIFICATION_CHANNEL: "#apm-java-escalations" DEFAULT_TEST_JVMS: /^(8|11|17|21|25|tip)$/ # the latest "tip" version is 26 PROFILE_TESTS: @@ -143,7 +143,7 @@ default: fi .gradle_build: &gradle_build - image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}base + image: ${BUILDER_IMAGE_REPO}:${BUILDER_IMAGE_VERSION_PREFIX}base stage: build variables: MAVEN_OPTS: "-Xms256M -Xmx1024M" @@ -219,7 +219,7 @@ default: # on the central publisher portal, it invalidates the old one. This check prevents going further. # See https://datadoghq.atlassian.net/wiki/x/Oog5OgE maven-central-pre-release-check: - image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}base + image: ${BUILDER_IMAGE_REPO}:${BUILDER_IMAGE_VERSION_PREFIX}base stage: .pre rules: - if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+$/' @@ -400,7 +400,7 @@ config-inversion-linter: test_published_artifacts: extends: .gradle_build - image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}7 # Needs Java7 for some tests + image: ${BUILDER_IMAGE_REPO}:${BUILDER_IMAGE_VERSION_PREFIX}7 # Needs Java7 for some tests stage: tests needs: [ build ] variables: @@ -567,7 +567,7 @@ muzzle-dep-report: .test_job: extends: .gradle_build - image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}$testJvm + image: ${BUILDER_IMAGE_REPO}:${BUILDER_IMAGE_VERSION_PREFIX}$testJvm tags: [ "docker-in-docker:amd64" ] # use docker-in-docker runner for testcontainers needs: [ build_tests ] stage: tests @@ -795,7 +795,7 @@ test_smoke_semeru8_debugger: testJvm: "semeru8" aggregate_test_counts: - image: ${BUILDER_IMAGE_REPO}:${TESTER_IMAGE_VERSION_PREFIX}base + image: ${BUILDER_IMAGE_REPO}:${BUILDER_IMAGE_VERSION_PREFIX}base stage: test-summary # Note: No explicit 'needs' or 'dependencies' required # By default, GitLab CI automatically downloads artifacts from ALL jobs in previous stages