Skip to content

Update workflows to get DD keys using dd-sts#875

Merged
gillarramendi merged 8 commits intomainfrom
gotzon.illarramendi/sts-keys
Apr 15, 2026
Merged

Update workflows to get DD keys using dd-sts#875
gillarramendi merged 8 commits intomainfrom
gotzon.illarramendi/sts-keys

Conversation

@gillarramendi
Copy link
Copy Markdown
Contributor

@gillarramendi gillarramendi commented Apr 14, 2026
edited
Loading

What problem are you trying to solve?

  • Update additional workflows to get DD keys using dd-sts
  • Related PR to update sts policy and grant access to all workflows on the repository

@gillarramendi gillarramendi marked this pull request as ready for review April 14, 2026 15:52
@gillarramendi gillarramendi requested a review from a team as a code owner April 14, 2026 15:52
Copilot AI reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates several GitHub Actions workflows to obtain Datadog API/App keys via DataDog/dd-sts-action (OIDC-based) instead of long-lived repository secrets.

Changes:

  • Add dd-sts credential retrieval steps to SCA, Rust CI, integration tests, and coverage workflows.
  • Switch Datadog key inputs from ${{ secrets.* }} to ${{ steps.dd-sts.outputs.* }}.
  • Add permissions: id-token: write to enable OIDC federation.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.

File Description
.github/workflows/sca.yml Adds dd-sts step and routes SCA action keys through dd-sts outputs.
.github/workflows/rust.yaml Adds dd-sts and attempts to set Datadog keys for the Rust CI job.
.github/workflows/integration-tests.yaml Adds dd-sts and attempts to set Datadog keys for integration test scripts.
.github/workflows/coverage.yaml.yml Adds dd-sts and uses its outputs for the Datadog coverage upload step.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/integration-tests.yaml
Comment thread .github/workflows/coverage.yaml.yml
Comment thread .github/workflows/sca.yml
Comment thread .github/workflows/rust.yaml
Comment thread .github/workflows/rust.yaml
Comment thread .github/workflows/integration-tests.yaml
@datadog-prod-us1-4
Copy link
Copy Markdown

datadog-prod-us1-4 Bot commented Apr 14, 2026
edited by datadog-datadog-prod-us1-2 Bot
Loading

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 85.01%

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 4bfa16d | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

xaldama
xaldama approved these changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@xaldama xaldama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gillarramendi gillarramendi merged commit b17033b into main Apr 15, 2026
90 checks passed
@gillarramendi gillarramendi deleted the gotzon.illarramendi/sts-keys branch April 15, 2026 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@xaldama xaldama xaldama approved these changes

@colemaring colemaring Awaiting requested review from colemaring colemaring is a code owner automatically assigned from DataDog/k9-vm-ast

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gillarramendi @xaldama