Skip to content

Gitlab unify#7017

Draft
nccatoni wants to merge 25 commits into
nccatoni/gitlabfrom
nccatoni/gitlab-unify
Draft

Gitlab unify#7017
nccatoni wants to merge 25 commits into
nccatoni/gitlabfrom
nccatoni/gitlab-unify

Conversation

@nccatoni
Copy link
Copy Markdown
Collaborator

@nccatoni nccatoni commented May 26, 2026

Motivation

Changes

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • Anything but tests/ or manifests/ is modified ? I have the approval from R&P team
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added, removed or renamed?

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 26, 2026
edited
Loading

CODEOWNERS have been resolved as:

utils/ci/gitlab/build_ssi_pipeline.py                                   @DataDog/system-tests-core
utils/ci/gitlab/ssi.yml                                                 @DataDog/system-tests-core
.gitlab-ci.yml                                                          @DataDog/system-tests-core
utils/ci/gitlab/build_pipeline.py                                       @DataDog/system-tests-core
utils/ci/gitlab/main.yml                                                @DataDog/system-tests-core
utils/ci/gitlab/system-tests.yml                                        @DataDog/system-tests-core
utils/scripts/ci_orchestrators/gitlab_exporter.py                       @DataDog/system-tests-core
utils/scripts/ci_orchestrators/workflow_data.py                         @DataDog/system-tests-core
utils/scripts/compute-workflow-parameters.py                            @DataDog/system-tests-core

@datadog-datadog-prod-us1
Copy link
Copy Markdown

datadog-datadog-prod-us1 Bot commented May 26, 2026
edited by datadog-official Bot
Loading

Pipelines  Tests

Fix all issues with BitsAI

⚠️ Warnings

🚦 53 Pipeline jobs failed

DataDog/system-tests | run_python_AI_GUARD_flask-poc   View in Datadog   GitLab

🔧 Fix in code (Fix with Cursor). 2 failed tests. AssertionError: expected status code 403 but got 200 in test_deny and test_abort.

🧪 2 Tests failed

tests.ai_guard.test_ai_guard_sdk.Test_Evaluation.test_abort[flask-poc] from system_tests_suite   View in Datadog (Fix with Cursor) 
assert False

self = <tests.ai_guard.test_ai_guard_sdk.Test_Evaluation object at 0x7fc256693110>

    def test_abort(self):
        """Test ABORT action for tool call attempting to read /etc/passwd.
        Expects 403 when blocking enabled, 200 when disabled.
        Span should have action="ABORT" and target="tool" with tool_name.
        """
        for block, request in self.r.items():
...
tests.ai_guard.test_ai_guard_sdk.Test_Evaluation.test_deny[flask-poc] from system_tests_suite   View in Datadog (Fix with Cursor) 
assert False

self = <tests.ai_guard.test_ai_guard_sdk.Test_Evaluation object at 0x7fc256693e30>

    def test_deny(self):
        """Test DENY action for destructive disk wipe command.
        Expects 403 when blocking enabled, 200 when disabled.
        Span should have action="DENY" and error flag should be set when blocking.
        """
        for block, request in self.r.items():
...

DataDog/system-tests | run_python_TELEMETRY_APP_STARTED_PRODUCTS_DISABLED_django-poc   View in Datadog   GitLab

🔧 Fix in code (Fix with Cursor). 1 failed test due to AssertionError: Code Origin for Spans should be disabled by default. Expected 'false', got 'true' at tests/test_telemetry.py:896.

🧪 1 Test failed

tests.test_telemetry.Test_ProductsDisabled.test_debugger_products_disabled[django-poc] from system_tests_suite   View in Datadog (Fix with Cursor) 
AssertionError: Code Origin for Spans should be disabled by default
assert 'true' == 'false'
  - false
  + true

self = <tests.test_telemetry.Test_ProductsDisabled object at 0x7f6cac770ec0>

    @scenarios.telemetry_app_started_products_disabled
    def test_debugger_products_disabled(self):
        """Assert DI and ER are disabled by default, and code origin config is reported."""
...

DataDog/system-tests | run_python_TELEMETRY_APP_STARTED_PRODUCTS_DISABLED_django-py3.13   View in Datadog   GitLab

🔧 Fix in code (Fix with Cursor). Assertion Error: Code Origin for Spans should be disabled by default. Expected 'false' but got 'true' at tests/test_telemetry.py:896

🧪 1 Test failed

tests.test_telemetry.Test_ProductsDisabled.test_debugger_products_disabled[django-py3.13] from system_tests_suite   View in Datadog (Fix with Cursor) 
AssertionError: Code Origin for Spans should be disabled by default
assert 'true' == 'false'
  - false
  + true

self = <tests.test_telemetry.Test_ProductsDisabled object at 0x7f76370a0440>

    @scenarios.telemetry_app_started_products_disabled
    def test_debugger_products_disabled(self):
        """Assert DI and ER are disabled by default, and code origin config is reported."""
...

View all 53 failed jobs.

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 22f1e81 | Docs | Datadog PR Page | Give us feedback!

nccatoni added 18 commits May 26, 2026 12:22
@nccatoni
ci/gitlab: use needs: for ordering, single stage input per component
1bf5a58
@nccatoni
ci/gitlab: remove dead SSI variables from endtoend run jobs
34b474f
@nccatoni
ci/gitlab: replace parallel matrices with explicit Jinja2 loops
8caf369
@nccatoni
fix: handle missing workflow keys when --workflows filter is active
e230e8d
@nccatoni
ci/gitlab: add workflow names to child pipelines
2bf3d64
@nccatoni
route aws-ssi.yml through main.yml
268f891
@nccatoni
fix: lint and after_script artifact paths
b1f43a4
@nccatoni
fix: respect libraries input in aws-ssi pipelines
d506afa
@nccatoni
fix: make cross-language ssi pipeline needs optional
26dd6f6
@nccatoni
fix: skip SSI pipelines when no SSI scenarios match the scenario list
6fc588d
@nccatoni
fix: remove --workflows flag and correct ssi_check.env path
e900822
@nccatoni
fix: rules use runtime dotenv vars - revert to library-only gating
a079581
@nccatoni
refactor: replace 6 ssi trigger jobs with single run_ssi_pipeline
fe00219
@nccatoni
fix: don't prefix stage names in merged SSI pipeline
5a8b5b7
@nccatoni
fix: restrict aws-ssi pipeline to aws_ssi workflow only
6ae1387
@nccatoni
refactor: move docker/k8s ssi scenarios from e2e pipeline to ssi pipe…
b97ab0a 
…line
@nccatoni
chore: remove orphan SSI templates, stale tests, unused --workflows flag
93f8e5d 
dockerssi.yml and libinjection.yml were rendered by build_pipeline.py
until commit b97ab0a moved docker/k8s SSI generation back into the SSI
pipeline (gitlab_exporter.py). The Jinja2 templates and their tests
became dead code, and the tests now fail because the corresponding CLI
flags were also removed from build_pipeline.py.

The --workflows flag on compute-workflow-parameters.py had a single call
site in aws-ssi.yml that was reverted in the same commit, leaving the
flag with no callers.
@nccatoni
refactor: rename aws-ssi.yml to ssi.yml
22f1e81 
The pipeline covers all SSI workflows (aws_ssi, dockerssi, libinjection),
not just AWS. Also update the stale header comment that incorrectly
claimed Docker/K8s SSI scenarios run from main.yml.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nccatoni