--- include: - /.gitlab/shared.yml - /.gitlab/maintenance_jobs.yml - /.gitlab/deps_build.yml - /.gitlab/package_deps_build.yml - /.gitlab/deps_fetch.yml - /.gitlab/source_test.yml - /.gitlab/source_test_junit_upload.yml - /.gitlab/binary_build.yml - /.gitlab/integration_test.yml - /.gitlab/package_build.yml - /.gitlab/internal_deploy.yml - /.gitlab/kitchen_deploy.yml - /.gitlab/kitchen_testing.yml - /.gitlab/pkg_metrics.yml - /.gitlab/container_build.yml - /.gitlab/container_scan.yml - /.gitlab/check_deploy.yml - /.gitlab/dev_container_deploy.yml - /.gitlab/deploy_6.yml - /.gitlab/deploy_7.yml - /.gitlab/deploy_dca.yml - /.gitlab/choco_build.yml - /.gitlab/choco_deploy.yml - /.gitlab/internal_image_deploy.yml - /.gitlab/trigger_release.yml - /.gitlab/e2e.yml - /.gitlab/kitchen_cleanup.yml - /.gitlab/functional_test.yml - /.gitlab/functional_test_cleanup.yml - /.gitlab/functional_test_junit_upload.yml - /.gitlab/internal_kubernetes_deploy.yml - /.gitlab/notify.yml # FIXME: our current Gitlab version doesn't support importing a file more than once # For now, the workaround is to include "common" files once in the top-level .gitlab-ci.yml file # See: https://gitlab.com/gitlab-org/gitlab/-/issues/28987 - /.gitlab/kitchen_common/cleanup.yml - /.gitlab/kitchen_common/testing.yml - /.gitlab/docker_common/publish_job_templates.yml - /.gitlab/benchmarks/benchmarks.yml default: retry: max: 2 when: - runner_system_failure - stuck_or_timeout_failure - unknown_failure - api_failure workflow: rules: - if: $CI_COMMIT_TAG == null || $DEPLOY_AGENT == "true" stages: - maintenance_jobs - deps_build - deps_fetch - source_test - source_test_junit_upload - binary_build - package_deps_build - integration_test - benchmarks - package_build - internal_deploy - kitchen_deploy - kitchen_testing - pkg_metrics - container_build - container_scan - check_deploy - dev_container_deploy - deploy6 - deploy7 - deploy_dca - choco_build - choco_deploy - internal_image_deploy - trigger_release - e2e - kitchen_cleanup - functional_test - functional_test_cleanup - functional_test_junit_upload - internal_kubernetes_deploy - notify variables: #Do not change this - must be the repository name for Kubernetes runners to work KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: "datadog-agent" # Directory in which we execute the omnibus build. # For an unknown reason, it does not go well with # a ruby dependency if we build directly into $CI_PROJECT_DIR/.omnibus OMNIBUS_BASE_DIR: /omnibus # Directory in which we put the artifacts after the build # Must be in $CI_PROJECT_DIR OMNIBUS_PACKAGE_DIR: $CI_PROJECT_DIR/omnibus/pkg/ # Directory in which we put the SUSE artifacts after the SUSE build # Must be in $CI_PROJECT_DIR # RPM builds and SUSE RPM builds create artifacts with the same name. # To differentiate them, we put them in different folders. That also # avoids accidentally overwriting files when downloading artifacts from # both RPM and SUSE rpm jobs. OMNIBUS_PACKAGE_DIR_SUSE: $CI_PROJECT_DIR/omnibus/suse/pkg DD_AGENT_TESTING_DIR: $CI_PROJECT_DIR/test/kitchen STATIC_BINARIES_DIR: bin/static DOGSTATSD_BINARIES_DIR: bin/dogstatsd AGENT_BINARIES_DIR: bin/agent CLUSTER_AGENT_BINARIES_DIR: bin/datadog-cluster-agent CLUSTER_AGENT_CLOUDFOUNDRY_BINARIES_DIR: bin/datadog-cluster-agent-cloudfoundry SYSTEM_PROBE_BINARIES_DIR: bin/system-probe DEB_S3_BUCKET: apt.datad0g.com RPM_S3_BUCKET: yum.datad0g.com MACOS_S3_BUCKET: dd-agent-macostesting WIN_S3_BUCKET: dd-agent-mstesting PROCESS_S3_BUCKET: datad0g-process-agent BUCKET_BRANCH: nightly # path inside the staging s3 buckets to release to: 'nightly', 'oldnightly', 'beta' or 'stable' DEB_TESTING_S3_BUCKET: apttesting.datad0g.com RPM_TESTING_S3_BUCKET: yumtesting.datad0g.com WINDOWS_TESTING_S3_BUCKET_A6: pipelines/A6/$CI_PIPELINE_ID WINDOWS_TESTING_S3_BUCKET_A7: pipelines/A7/$CI_PIPELINE_ID WINDOWS_BUILDS_S3_BUCKET: $WIN_S3_BUCKET/builds DEB_RPM_TESTING_BUCKET_BRANCH: testing # branch of the DEB_TESTING_S3_BUCKET and RPM_TESTING_S3_BUCKET repos to release to, 'testing' DD_REPO_BRANCH_NAME: $CI_COMMIT_REF_NAME S3_CP_OPTIONS: --only-show-errors --region us-east-1 --sse AES256 S3_CP_CMD: aws s3 cp $S3_CP_OPTIONS S3_ARTIFACTS_URI: s3://dd-ci-artefacts-build-stable/$CI_PROJECT_NAME/$CI_PIPELINE_ID S3_PERMANENT_ARTIFACTS_URI: s3://dd-ci-persistent-artefacts-build-stable/$CI_PROJECT_NAME S3_SBOM_STORAGE_URI: s3://sbom-root-us1-ddbuild-io/$CI_PROJECT_NAME/$CI_PIPELINE_ID S3_RELEASE_ARTIFACTS_URI: s3://dd-release-artifacts/$CI_PROJECT_NAME/$CI_PIPELINE_ID ## comment out both lines below (S3_OMNIBUS_CACHE_BUCKET and USE_S3_CACHING) to allow ## build to succeed with S3 caching disabled. S3_OMNIBUS_CACHE_BUCKET: dd-ci-datadog-agent-omnibus-cache-build-stable USE_S3_CACHING: --omnibus-s3-cache ## comment out the line below to disable integration wheels cache INTEGRATION_WHEELS_CACHE_BUCKET: dd-agent-omnibus S3_DD_AGENT_OMNIBUS_LLVM_URI: s3://dd-agent-omnibus/llvm S3_DD_AGENT_OMNIBUS_BTFS_URI: s3://dd-agent-omnibus/btfs GENERAL_ARTIFACTS_CACHE_BUCKET_URL: https://dd-agent-omnibus.s3.amazonaws.com S3_DSD6_URI: s3://dsd6-staging RELEASE_VERSION_6: nightly RELEASE_VERSION_7: nightly-a7 DATADOG_AGENT_BUILDIMAGES: v12592973-d8cab2e DATADOG_AGENT_BUILDERS: v9930706-ef9d493 DATADOG_AGENT_WINBUILDIMAGES: v12592973-d8cab2e DATADOG_AGENT_ARMBUILDIMAGES: v12592973-d8cab2e DATADOG_AGENT_SYSPROBE_BUILDIMAGES: v12592973-d8cab2e DATADOG_AGENT_NIKOS_BUILDIMAGES: v12592973-d8cab2e DATADOG_AGENT_BTF_GEN_BUILDIMAGES: v11463399-6ff70af DATADOG_AGENT_EMBEDDED_PATH: /opt/datadog-agent/embedded NIKOS_INSTALL_DIR: /opt/datadog-agent/embedded/nikos NIKOS_EMBEDDED_PATH: /opt/datadog-agent/embedded/nikos/embedded DEB_GPG_KEY_ID: ad9589b7 DEB_GPG_KEY_NAME: "Datadog, Inc. Master key" DEB_GPG_KEY_SSM_NAME: ci.datadog-agent.deb_signing_private_key_${DEB_GPG_KEY_ID} DEB_SIGNING_PASSPHRASE_SSM_NAME: ci.datadog-agent.deb_signing_key_passphrase_${DEB_GPG_KEY_ID} RPM_GPG_KEY_ID: fd4bf915 RPM_GPG_KEY_NAME: "Datadog, Inc. RPM key" RPM_GPG_KEY_SSM_NAME: ci.datadog-agent.rpm_signing_private_key_${RPM_GPG_KEY_ID} RPM_SIGNING_PASSPHRASE_SSM_NAME: ci.datadog-agent.rpm_signing_key_passphrase_${RPM_GPG_KEY_ID} # docker.io authentication DOCKER_REGISTRY_LOGIN_SSM_KEY: docker_hub_login DOCKER_REGISTRY_PWD_SSM_KEY: docker_hub_pwd DOCKER_REGISTRY_URL: docker.io KITCHEN_INFRASTRUCTURE_FLAKES_RETRY: 2 ARTIFACTORY_USERNAME: datadog-agent ARTIFACTORY_TOKEN_SSM_NAME: ci.datadog-agent.artifactory_token ARTIFACTORY_URL: datadog.jfrog.io ARTIFACTORY_GEMS_PATH: artifactory/api/gems/agent-gems ARTIFACTORY_PYPI_PATH: artifactory/api/pypi/agent-pypi/simple USE_CACHING_PROXY_RUBY: "true" USE_CACHING_PROXY_PYTHON: "true" CLANG_LLVM_VER: 12.0.1 # # Condition mixins for simplification of rules # .if_main_branch: &if_main_branch if: $CI_COMMIT_BRANCH == "main" .if_not_main_branch: &if_not_main_branch if: $CI_COMMIT_BRANCH != "main" .if_release_branch: &if_release_branch if: $CI_COMMIT_BRANCH =~ /^[0-9]+\.[0-9]+\.x$/ .if_version_6: &if_version_6 if: $RELEASE_VERSION_6 != "" .if_not_version_6: &if_not_version_6 if: $RELEASE_VERSION_6 == "" .if_version_7: &if_version_7 if: $RELEASE_VERSION_7 != "" .if_not_version_7: &if_not_version_7 if: $RELEASE_VERSION_7 == "" .if_deploy: &if_deploy if: $DEPLOY_AGENT == "true" .if_not_deploy: &if_not_deploy if: $DEPLOY_AGENT != "true" .if_tagged_commit: &if_tagged_commit if: $CI_COMMIT_TAG != null .if_not_nightly_repo_branch: &if_not_nightly_repo_branch if: $BUCKET_BRANCH != "nightly" && $BUCKET_BRANCH != "oldnightly" .if_not_stable_or_beta_repo_branch: &if_not_stable_or_beta_repo_branch if: $BUCKET_BRANCH != "beta" && $BUCKET_BRANCH != "stable" .if_not_stable_repo_branch: &if_not_stable_repo_branch if: $BUCKET_BRANCH != "stable" # Rule to trigger all builds conditionally. # By default: # - on main and deploy pipelines, all builds are run # - on branch pipelines, only a subset of build jobs are run (the ARM and MacOS jobs are not run). # RUN_ALL_BUILDS can be set to true to force all build jobs to be run on a branch pipeline. # RUN_ALL_BUILDS has no effect on main/deploy pipelines: they always run all builds (as some jobs # on main and deploy pipelines depend on jobs that are only run if we run all builds). .if_run_all_builds: &if_run_all_builds if: $CI_COMMIT_BRANCH == "main" || $DEPLOY_AGENT == "true" || $RUN_ALL_BUILDS == "true" .if_not_run_all_builds: &if_not_run_all_builds if: $CI_COMMIT_BRANCH != "main" && $DEPLOY_AGENT != "true" && $RUN_ALL_BUILDS != "true" # Rule to trigger test kitchen setup, run, and cleanup. # By default: # - on main and deploy pipelines, kitchen tests are run # - on branch pipelines, kitchen tests are not run # RUN_KITCHEN_TESTS can be set to true to force kitchen tests to be run on a branch pipeline. # RUN_KITCHEN_TESTS can be set to false to force kitchen tests to not run on main/deploy pipelines. .if_kitchen: &if_kitchen if: ($CI_COMMIT_BRANCH == "main" || $DEPLOY_AGENT == "true" || $RUN_KITCHEN_TESTS == "true") && $RUN_KITCHEN_TESTS != "false" # Rules to trigger default kitchen tests. # Some of the kitchen tests are run on all pipelines by default. They can only be disabled # by setting RUN_KITCHEN_TESTS to false. .if_default_kitchen: &if_default_kitchen if: $RUN_KITCHEN_TESTS != "false" .if_testing_cleanup: &if_testing_cleanup if: $TESTING_CLEANUP == "true" .if_deploy_on_beta_repo_branch: &if_deploy_on_beta_repo_branch if: $DEPLOY_AGENT == "true" && $BUCKET_BRANCH == "beta" .if_deploy_on_stable_repo_branch: &if_deploy_on_stable_repo_branch if: $DEPLOY_AGENT == "true" && $BUCKET_BRANCH == "stable" # Rule to trigger jobs only when a tag matches a given pattern (for RCs) # on the beta branch. # Note: due to workflow rules, rc tag => deploy pipeline, so there's technically no # need to check again if the pipeline is a deploy pipeline, but it doesn't hurt # to explicitly add it. .if_deploy_on_rc_tag_on_beta_repo_branch: &if_rc_tag_on_beta_repo_branch if: $DEPLOY_AGENT == "true" && $BUCKET_BRANCH == "beta" && $CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+$/ # # List of rule blocks used in the pipeline # Any job in the pipeline either runs (with when: on_success) in all pipelines, or follows one of the below rule blocks. # .manual: - when: manual allow_failure: true .on_a6: - <<: *if_version_6 .on_a6_manual: - <<: *if_version_6 when: manual allow_failure: true .on_a7: - <<: *if_version_7 .on_a7_manual: - <<: *if_version_7 when: manual allow_failure: true .on_dev_branch_manual: - <<: *if_main_branch when: never - <<: *if_tagged_commit when: never - when: manual allow_failure: true .on_main: - <<: *if_main_branch .on_main_manual: - <<: *if_main_branch when: manual allow_failure: true .on_main_a6: - <<: *if_not_version_6 when: never - <<: *if_main_branch .on_main_a7: - <<: *if_not_version_7 when: never - <<: *if_main_branch .on_tag_or_a7: - <<: *if_tagged_commit - <<: *if_version_7 .on_tag_or_a7_all_builds: - <<: *if_not_run_all_builds when: never - <<: *if_tagged_commit - <<: *if_version_7 .on_deploy: - <<: *if_deploy .on_deploy_failure: - <<: *if_deploy when: on_failure .on_deploy_a6: - <<: *if_not_version_6 when: never - <<: *if_deploy .on_deploy_a6_rc: - <<: *if_not_version_6 when: never - <<: *if_not_deploy when: never - <<: *if_rc_tag_on_beta_repo_branch when: on_success variables: AGENT_REPOSITORY: agent DSD_REPOSITORY: dogstatsd IMG_REGISTRIES: public .on_deploy_a6_manual: - <<: *if_not_version_6 when: never - <<: *if_not_deploy when: never - <<: *if_not_stable_or_beta_repo_branch when: manual allow_failure: true variables: AGENT_REPOSITORY: agent-dev IMG_REGISTRIES: dev - when: manual allow_failure: true variables: AGENT_REPOSITORY: agent IMG_REGISTRIES: public # Same as on_deploy_a6_manual, except the job would not run on pipelines # using beta branch, it would only run for the final release. .on_deploy_a6_manual_final: - <<: *if_not_version_6 when: never - <<: *if_not_deploy when: never - <<: *if_deploy_on_beta_repo_branch when: never - <<: *if_not_stable_or_beta_repo_branch when: manual allow_failure: true variables: AGENT_REPOSITORY: agent-dev IMG_REGISTRIES: dev - when: manual allow_failure: true variables: AGENT_REPOSITORY: agent IMG_REGISTRIES: public # This rule is a variation of on_deploy_a6_manual where # the job is usually run manually, except when the pipeline # builds an RC: in this case, the job is run automatically. # This is done to reduce the number of manual steps that have # to be done when creating RCs. .on_deploy_a6_manual_auto_on_rc: - <<: *if_not_version_6 when: never - <<: *if_not_deploy when: never - <<: *if_not_stable_or_beta_repo_branch when: manual allow_failure: true variables: AGENT_REPOSITORY: agent-dev IMG_REGISTRIES: dev - <<: *if_rc_tag_on_beta_repo_branch when: on_success variables: AGENT_REPOSITORY: agent DSD_REPOSITORY: dogstatsd IMG_REGISTRIES: public - when: manual allow_failure: true variables: AGENT_REPOSITORY: agent IMG_REGISTRIES: public .on_deploy_a7: - <<: *if_not_version_7 when: never - <<: *if_deploy .on_deploy_a7_rc: - <<: *if_not_version_7 when: never - <<: *if_not_deploy when: never - <<: *if_rc_tag_on_beta_repo_branch when: on_success variables: AGENT_REPOSITORY: agent DSD_REPOSITORY: dogstatsd IMG_REGISTRIES: public .on_deploy_a7_manual: - <<: *if_not_version_7 when: never - <<: *if_not_deploy when: never - <<: *if_not_stable_or_beta_repo_branch when: manual allow_failure: true variables: AGENT_REPOSITORY: agent-dev DSD_REPOSITORY: dogstatsd-dev IMG_REGISTRIES: dev - when: manual allow_failure: true variables: AGENT_REPOSITORY: agent DSD_REPOSITORY: dogstatsd IMG_REGISTRIES: public # Same as on_deploy_a7_manual, except the job would not run on pipelines # using beta branch, it would only run for the final release. .on_deploy_a7_manual_final: - <<: *if_not_version_7 when: never - <<: *if_not_deploy when: never - <<: *if_deploy_on_beta_repo_branch when: never - <<: *if_not_stable_or_beta_repo_branch when: manual allow_failure: true variables: AGENT_REPOSITORY: agent-dev DSD_REPOSITORY: dogstatsd-dev IMG_REGISTRIES: dev - when: manual allow_failure: true variables: AGENT_REPOSITORY: agent DSD_REPOSITORY: dogstatsd IMG_REGISTRIES: public # This rule is a variation of on_deploy_a7_manual where # the job is usually run manually, except when the pipeline # builds an RC: in this case, the job is run automatically. # This is done to reduce the number of manual steps that have # to be done when creating RCs. .on_deploy_a7_manual_auto_on_rc: - <<: *if_not_version_7 when: never - <<: *if_not_deploy when: never - <<: *if_not_stable_or_beta_repo_branch when: manual allow_failure: true variables: AGENT_REPOSITORY: agent-dev DSD_REPOSITORY: dogstatsd-dev IMG_REGISTRIES: dev - <<: *if_rc_tag_on_beta_repo_branch when: on_success variables: AGENT_REPOSITORY: agent DSD_REPOSITORY: dogstatsd IMG_REGISTRIES: public - when: manual allow_failure: true variables: AGENT_REPOSITORY: agent DSD_REPOSITORY: dogstatsd IMG_REGISTRIES: public .on_deploy_nightly_repo_branch_a6: - <<: *if_not_version_6 when: never - <<: *if_not_nightly_repo_branch when: never - <<: *if_deploy .on_deploy_nightly_repo_branch_a7: - <<: *if_not_version_7 when: never - <<: *if_not_nightly_repo_branch when: never - <<: *if_deploy .on_deploy_stable_or_beta_repo_branch: - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_deploy .on_deploy_stable_or_beta_repo_branch_a6: - <<: *if_not_version_6 when: never - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_deploy .on_deploy_stable_or_beta_repo_branch_a6_manual: - <<: *if_not_version_6 when: never - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_deploy when: manual allow_failure: true .on_deploy_stable_or_beta_repo_branch_a7: - <<: *if_not_version_7 when: never - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_deploy .on_deploy_stable_or_beta_repo_branch_a7_manual: - <<: *if_not_version_7 when: never - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_deploy when: manual allow_failure: true .on_deploy_stable_or_rc_tag_on_beta_repo_branch_a7: - <<: *if_not_version_7 when: never - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_rc_tag_on_beta_repo_branch when: on_success - <<: *if_deploy_on_stable_repo_branch when: on_success - when: never .on_deploy_stable_or_rc_tag_on_beta_repo_branch_a7_manual_on_stable: - <<: *if_not_version_7 when: never - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_rc_tag_on_beta_repo_branch when: on_success - <<: *if_deploy_on_stable_repo_branch when: manual allow_failure: true - when: never # This rule is a variation of on_deploy_stable_or_beta_repo_branch_a7_manual where # the job is usually run manually, except when the pipeline # builds an RC: in this case, the job is run automatically. # This is done to reduce the number of manual steps that have # to be done when creating RCs. .on_deploy_stable_or_beta_repo_branch_a7_manual_auto_on_rc: - <<: *if_not_version_7 when: never - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_rc_tag_on_beta_repo_branch when: on_success - <<: *if_deploy when: manual allow_failure: true # This rule will add the job as manual when running on beta deploy branch # and will add it as a regular automatically running job when running # on stable deploy branch. .on_deploy_stable_or_beta_manual_auto_on_stable: - <<: *if_not_stable_or_beta_repo_branch when: never - <<: *if_not_deploy when: never - <<: *if_not_stable_repo_branch when: manual allow_failure: true - when: on_success .on_deploy_stable_repo_branch_a7_manual: - <<: *if_not_version_7 when: never - <<: *if_not_stable_repo_branch when: never - <<: *if_deploy when: manual allow_failure: true .except_deploy: - <<: *if_deploy when: never - when: on_success .on_a6_except_deploy: - <<: *if_not_version_6 when: never - <<: *if_deploy when: never - when: on_success .on_a7_except_deploy: - <<: *if_not_version_7 when: never - <<: *if_deploy when: never - when: on_success .on_main_or_release_branch: - <<: *if_main_branch - <<: *if_release_branch .on_main_or_release_branch_or_deploy_always: - <<: *if_deploy when: always - <<: *if_main_branch when: always - <<: *if_release_branch when: always .on_all_builds: - <<: *if_run_all_builds .on_all_builds_a6: - <<: *if_not_version_6 when: never - <<: *if_run_all_builds .on_all_builds_a6_manual: - <<: *if_not_version_6 when: never - <<: *if_run_all_builds when: manual allow_failure: true .on_all_builds_a7: - <<: *if_not_version_7 when: never - <<: *if_run_all_builds .on_all_builds_a7_manual: - <<: *if_not_version_7 when: never - <<: *if_run_all_builds when: manual allow_failure: true .on_kitchen_tests_a6: - <<: *if_not_version_6 when: never - <<: *if_kitchen .on_kitchen_tests_a6_always: - <<: *if_not_version_6 when: never - <<: *if_kitchen when: always .on_all_kitchen_builds_a6: - <<: *if_not_version_6 when: never - <<: *if_not_run_all_builds when: never - <<: *if_kitchen .on_kitchen_tests_a7: - <<: *if_not_version_7 when: never - <<: *if_kitchen .on_kitchen_tests_a7_always: - <<: *if_not_version_7 when: never - <<: *if_kitchen when: always .on_all_kitchen_builds_a7: - <<: *if_not_version_7 when: never - <<: *if_not_run_all_builds when: never - <<: *if_kitchen # Default kitchen tests are also run on dev branches # In that case, the target OS versions is a subset of the # available versions, stored in DEFAULT_KITCHEN_OSVERS .on_default_kitchen_tests_a7: - <<: *if_not_version_7 when: never - <<: *if_kitchen - <<: *if_default_kitchen variables: KITCHEN_OSVERS: $DEFAULT_KITCHEN_OSVERS .on_default_kitchen_tests_a7_always: - <<: *if_not_version_7 when: never - <<: *if_kitchen when: always - <<: *if_default_kitchen when: always variables: KITCHEN_OSVERS: $DEFAULT_KITCHEN_OSVERS .on_main_or_testing_cleanup: - <<: *if_main_branch - <<: *if_testing_cleanup .on_testing_cleanup: - <<: *if_testing_cleanup .on_security_agent_changes_or_manual: - changes: - pkg/ebpf/**/* - pkg/security/**/* - test/kitchen/site-cookbooks/dd-security-agent-check/**/* - test/kitchen/test/integration/security-agent-test/**/* - test/kitchen/test/integration/security-agent-stress/**/* - .gitlab/functional_test/security_agent.yml when: on_success - when: manual allow_failure: true .on_system_probe_changes_or_manual: - changes: - pkg/collector/corechecks/ebpf/**/* - pkg/ebpf/**/* - pkg/network/**/* - pkg/util/kernel/**/* - test/kitchen/site-cookbooks/dd-system-probe-check/**/* - test/kitchen/test/integration/system-probe-test/**/* - test/kitchen/test/integration/win-sysprobe-test/**/* - .gitlab/functional_test/system_probe.yml when: on_success - when: manual allow_failure: true .on_install_script_release_manual: - <<: *if_not_version_7 when: never - <<: *if_not_version_6 when: never - <<: *if_not_main_branch when: never - <<: *if_kitchen when: manual allow_failure: true .on_trace_agent_changes_or_manual: - changes: - pkg/trace/**/* - .gitlab/benchmarks/* when: on_success - when: manual allow_failure: true