Merge branch 'main' into upgrade-latest-langchain-version

.github/CODEOWNERS

@@ -51,7 +51,7 @@ tests/opentracer                    @DataDog/apm-core-python
 tests/runtime                       @DataDog/apm-core-python
 tests/tracer                        @DataDog/apm-core-python
 
-# CI App and related
+# Test Visibility and related
 ddtrace/contrib/asynctest                             @DataDog/ci-app-libraries
 ddtrace/contrib/coverage                              @DataDog/ci-app-libraries
 ddtrace/contrib/pytest                                @DataDog/ci-app-libraries
@@ -77,6 +77,15 @@ tests/coverage                                        @DataDog/apm-core-python @
 tests/tracer/test_ci.py                               @DataDog/ci-app-libraries
 ddtrace/ext/git.py                                    @DataDog/ci-app-libraries @DataDog/apm-core-python
 scripts/ci_visibility/*                               @DataDog/ci-app-libraries
+# Test Visibility owns the freezegun integration because it's the team most affected by it
+ddtrace/contrib/freezegun                             @DataDog/ci-app-libraries
+ddtrace/contrib/internal/freezegun                    @DataDog/ci-app-libraries
+tests/contrib/freezegun                               @DataDog/ci-app-libraries
+# Test Visibility: Selenium integration
+ddtrace/contrib/selenium                              @DataDog/ci-app-libraries
+ddtrace/internal/selenium                             @DataDog/ci-app-libraries
+tests/contrib/selenium                                @DataDog/ci-app-libraries
+tests/snapshots/test_selenium_*                       @DataDog/ci-app-libraries
 
 # Debugger
 ddtrace/debugging/                  @DataDog/debugger-python

.github/workflows/build-and-publish-image.yml

@@ -28,6 +28,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v2
     - name: Set up Docker Buildx

.github/workflows/build_deploy.yml

@@ -34,6 +34,7 @@ jobs:
       - uses: actions/checkout@v4
         # Include all history and tags
         with:
+          persist-credentials: false
           fetch-depth: 0
       - uses: actions-rust-lang/setup-rust-toolchain@v1
       - uses: actions/setup-python@v5
@@ -58,6 +59,8 @@ jobs:
       image: python:3.9-alpine
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/download-artifact@v4
         with:
           name: source-dist

.github/workflows/build_python_3.yml

@@ -20,6 +20,8 @@ jobs:
       include: ${{steps.set-matrix.outputs.include}}
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: actions/setup-python@v5
         with:
           python-version: '3.8'
@@ -51,6 +53,7 @@ jobs:
       - uses: actions/checkout@v4
         # Include all history and tags
         with:
+          persist-credentials: false
           fetch-depth: 0
 
       - uses: actions/setup-python@v5

.github/workflows/changelog.yml

@@ -15,6 +15,7 @@ jobs:
       - uses: actions/checkout@v4
         # Include all history and tags
         with:
+          persist-credentials: false
           fetch-depth: 0
 
       # Ensure a new reno release note was added in this PR.

.github/workflows/codeowners.yml

@@ -12,6 +12,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           fetch-depth: 0
       - name: Get changed files
         id: changed-files

.github/workflows/codeql-analysis.yml

@@ -27,6 +27,8 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
+      with:
+        persist-credentials: false
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/django-overhead-profile.yml

@@ -33,6 +33,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           path: ddtrace
 
       - uses: actions/setup-python@v5
@@ -51,4 +52,3 @@ jobs:
         with:
           name: django-overhead-profile${{ matrix.suffix }}
           path: ${{ github.workspace }}/prefix/artifacts
-

.github/workflows/encoders-profile.yml

@@ -21,6 +21,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           path: ddtrace
 
       - uses: actions/setup-python@v5
@@ -43,4 +44,3 @@ jobs:
         with:
           name: encoders-profile
           path: ${{ github.workspace }}/prefix/artifacts
-

.github/workflows/flask-overhead-profile.yml

@@ -21,6 +21,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           path: ddtrace
 
       - uses: actions/setup-python@v5
@@ -39,4 +40,3 @@ jobs:
         with:
           name: flask-overhead-profile
           path: ${{ github.workspace }}/prefix/artifacts
-

.github/workflows/generate-package-versions.yml

@@ -16,6 +16,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Setup Python 3.7
         uses: actions/setup-python@v5

.github/workflows/pr-name.yml

@@ -11,6 +11,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           fetch-depth: 0
       - uses: actions/setup-node@v4
         name: Install Node.js

.github/workflows/profiling-native.yml

@@ -0,0 +1,48 @@
+name: Profiling Native Tests with Sanitizers
+
+on:
+  push:
+    branches:
+      - main
+      - "mq-working-branch**"
+  pull_request:
+    paths:
+    - ddtrace/internal/datadog/profiling/**
+    - ddtrace/profiling/**
+  workflow_dispatch: {}
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 5
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-24.04]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        sanitizer: ["safety", "thread"]
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+          fetch-depth: 1
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install llvm 19
+        run: |
+          # Ubuntu-24.04 GH actions image has llvm-18, but we use 19 as it's
+          # the latest one available.
+          wget https://apt.llvm.org/llvm.sh
+          chmod +x llvm.sh
+          sudo ./llvm.sh 19
+
+      - name: Run tests with sanitizers
+        run: |
+          # DEV: We currently have tests in dd_wrapper and stack_v2, setting
+          # stack_v2 here will also run tests in dd_wrapper. Revisit this when
+          # that changes.
+          ./ddtrace/internal/datadog/profiling/build_standalone.sh --${{matrix.sanitizer}} RelWithDebInfo stack_v2_test

.github/workflows/requirements-locks.yml

@@ -15,6 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          persist-credentials: false
           fetch-depth: 0
 
       - name: Fixup git permissions

.github/workflows/rust-ci.yml

@@ -14,6 +14,8 @@ jobs:
         extension: ["src/core"]
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Install latest stable toolchain and rustfmt
         run: rustup update stable && rustup default stable && rustup component add rustfmt clippy
       - name: Run cargo build

.github/workflows/set-target-milestone.yml

@@ -15,6 +15,7 @@ jobs:
       - uses: actions/checkout@v4
         # Include all history and tags
         with:
+          persist-credentials: false
           fetch-depth: 0
       - uses: actions/setup-python@v5
         name: Install Python
@@ -32,7 +33,7 @@ jobs:
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
-            const title = "${{ steps.milestones.outputs.milestone }}";
+            const title = "${{ steps.milestones.outputs.milestone }}"
 
             const milestones = await github.rest.issues.listMilestones({
               owner: context.repo.owner,
@@ -52,6 +53,6 @@ jobs:
             await github.rest.issues.update({
               owner: context.repo.owner,
               repo: context.repo.repo,
-              issue_number: ${{ github.event.pull_request.number }},
+              issue_number: context.pull_request.number,
               milestone: milestone.number,
             });

.github/workflows/system-tests.yml

@@ -18,6 +18,7 @@ jobs:
       - name: Checkout system tests
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           repository: 'DataDog/system-tests'
 
       - name: Build agent
@@ -62,11 +63,13 @@ jobs:
       - name: Checkout system tests
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           repository: 'DataDog/system-tests'
 
       - name: Checkout dd-trace-py
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           path: 'binaries/dd-trace-py'
           fetch-depth: 0
           # NB this ref is necessary to keep the checkout out of detached HEAD state, which setuptools_scm requires for
@@ -112,6 +115,7 @@ jobs:
       - name: Checkout system tests
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           repository: 'DataDog/system-tests'
 
       - name: Build runner
@@ -233,17 +237,9 @@ jobs:
         if: always() && steps.docker_load.outcome == 'success' && matrix.scenario == 'debugger-1'
         run: ./run.sh DEBUGGER_PROBES_STATUS
 
-      - name: Run DEBUGGER_METHOD_PROBES_SNAPSHOT
+      - name: Run DEBUGGER_PROBES_SNAPSHOT
         if: always() && steps.docker_load.outcome == 'success' && matrix.scenario == 'debugger-1'
-        run: ./run.sh DEBUGGER_METHOD_PROBES_SNAPSHOT
-
-      - name: Run DEBUGGER_LINE_PROBES_SNAPSHOT
-        if: always() && steps.docker_load.outcome == 'success' && matrix.scenario == 'debugger-1'
-        run: ./run.sh DEBUGGER_LINE_PROBES_SNAPSHOT
-
-      - name: Run DEBUGGER_MIX_LOG_PROBE
-        if: always() && steps.docker_load.outcome == 'success' && matrix.scenario == 'debugger-1'
-        run: ./run.sh DEBUGGER_MIX_LOG_PROBE
+        run: ./run.sh DEBUGGER_PROBES_SNAPSHOT
 
       - name: Run DEBUGGER_PII_REDACTION
         if: always() && steps.docker_load.outcome == 'success' && matrix.scenario == 'debugger-1'
@@ -280,10 +276,12 @@ jobs:
       - name: Checkout system tests
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           repository: 'DataDog/system-tests'
       - name: Checkout dd-trace-py
         uses: actions/checkout@v4
         with:
+          persist-credentials: false
           path: 'binaries/dd-trace-py'
           fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha || github.sha }}