Skip to content

Authenticated with token from dd-octo-sts-action#5503

Merged
lloeki merged 6 commits intomasterfrom
tonycthsu/release-token
Apr 2, 2026
Merged

Authenticated with token from dd-octo-sts-action#5503
lloeki merged 6 commits intomasterfrom
tonycthsu/release-token

Conversation

@TonyCTHsu
Copy link
Copy Markdown
Contributor

@TonyCTHsu TonyCTHsu commented Mar 25, 2026

What does this PR do?

Update the release process using the token from Datadog's token provider.

This changes depends on a upstream change I made, using my fork as a temporary replacement.

Change log entry

none.

@TonyCTHsu TonyCTHsu requested a review from a team as a code owner March 25, 2026 13:29
@TonyCTHsu TonyCTHsu added dev/ci Involves CircleCI, GitHub Actions, or GitLab github_actions Pull requests that update GitHub Actions code labels Mar 25, 2026
@github-actions github-actions Bot added the dev/github Github repository maintenance and automation label Mar 25, 2026
@TonyCTHsu TonyCTHsu force-pushed the tonycthsu/release-token branch from 4c0f1bd to bba8c07 Compare March 25, 2026 13:42
xopham
xopham reviewed Mar 25, 2026
View reviewed changes
Comment thread .github/workflows/publish.yml Outdated
@datadog-prod-us1-6
Copy link
Copy Markdown

datadog-prod-us1-6 Bot commented Mar 25, 2026
edited by datadog-datadog-prod-us1 Bot
Loading

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 95.35% (+0.00%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 4a15bf8 | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

lloeki
lloeki approved these changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@lloeki lloeki left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks correct to me, but I'm not in the details of how STS works exactly.

Comment thread .github/workflows/publish.yml Outdated
marcotc
marcotc reviewed Mar 25, 2026
View reviewed changes
Comment thread .github/workflows/publish.yml Outdated
p-datadog pushed a commit that referenced this pull request Apr 1, 2026
@p-ddsign @claude
Migrate 5 workflows from APP_PRIVATE_KEY to dd-octo-sts
7af56ab 
Replace `actions/create-github-app-token` with `DataDog/dd-octo-sts-action`
in all workflows except publish.yml (covered by #5503).

For each workflow:
- Add dd-octo-sts trust policy in .github/chainguard/
- Replace create-github-app-token step with dd-octo-sts-action
- Add id-token: write permission for OIDC federation

Workflows migrated:
- bump-gem-version.yml (workflow_dispatch)
- generate-supported-versions.yml (workflow_dispatch)
- lock-dependency.yml (pull_request)
- update-latest-dependency.yml (schedule + workflow_dispatch)
- update-system-tests.yml (schedule + repository_dispatch + workflow_dispatch)

Part of incident-51987 secrets remediation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@p-datadog p-datadog mentioned this pull request Apr 1, 2026
Merged
@lloeki lloeki merged commit 97bdef7 into master Apr 2, 2026
630 checks passed
@lloeki lloeki deleted the tonycthsu/release-token branch April 2, 2026 10:03
@github-actions github-actions Bot added this to the 2.31.0 milestone Apr 2, 2026
@anmarchenko anmarchenko mentioned this pull request Apr 9, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xopham xopham xopham left review comments

@lloeki lloeki lloeki approved these changes

@marcotc marcotc marcotc approved these changes

Assignees

No one assigned

Labels

dev/ci Involves CircleCI, GitHub Actions, or GitLab dev/github Github repository maintenance and automation github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

2.31.0

Development

Successfully merging this pull request may close these issues.

5 participants

@TonyCTHsu @lloeki @marcotc @xopham @p-datadog