Skip to content

[SINT-4729] use dd-octo-sts in reusable-integration-test workflow#3487

Closed
ikraemer-dd wants to merge 1 commit intomasterfrom
ikraemer/SINT-4729-dd-octo-sts-integration-test
Closed

[SINT-4729] use dd-octo-sts in reusable-integration-test workflow#3487
ikraemer-dd wants to merge 1 commit intomasterfrom
ikraemer/SINT-4729-dd-octo-sts-integration-test

Conversation

@ikraemer-dd
Copy link
Contributor

@ikraemer-dd ikraemer-dd commented Feb 11, 2026

Summary

  • Migrate reusable-integration-test.yml from GitHub App token (actions/create-github-app-token) to dd-octo-sts OIDC-based token (DataDog/dd-octo-sts-action)
  • Move permissions from workflow-level to job-level, adding id-token: write for OIDC
  • Part of splitting [SINT-4729] use dd-octo-sts policies #3477 into per-file PRs

Changes

  • Replace actions/create-github-app-token@v1 with DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 (v1.0.3)
  • Use scope: DataDog/${{ inputs.target-repo || 'datadog-api-spec' }} and policy: datadog-api-client-java.reusable-integration-test.post-status
  • Remove top-level permissions block, add job-level permissions with contents: read and id-token: write
  • Remove PIPELINE_GITHUB_APP_ID and PIPELINE_GITHUB_APP_PRIVATE_KEY from the secrets input declarations

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ikraemer-dd