From 2add248a8d850d33e9ae497196e3af5c41094547 Mon Sep 17 00:00:00 2001
From: Daniel Mohedano <daniel.mohedano@datadoghq.com>
Date: Mon, 13 Oct 2025 11:05:15 +0200
Subject: [PATCH 1/2] feat: automatic trigger of test environment

---
 .gitlab/ci-visibility-tests.yml |  61 +++++++++++++++++-
 .gitlab/ci_visibility_utils.sh  | 108 ++++++++++++++++++++++++++++++++
 2 files changed, 167 insertions(+), 2 deletions(-)
 create mode 100644 .gitlab/ci_visibility_utils.sh

diff --git a/.gitlab/ci-visibility-tests.yml b/.gitlab/ci-visibility-tests.yml
index 0481a8095fd..512715d3f9f 100644
--- a/.gitlab/ci-visibility-tests.yml
+++ b/.gitlab/ci-visibility-tests.yml
@@ -1,7 +1,64 @@
+check-ci-visibility-label:
+  stage: publish
+  image: registry.ddbuild.io/images/dd-octo-sts-ci-base:2025.06-1
+  tags: [ "arch:amd64" ]
+  needs: [ publish-artifacts-to-s3 ]
+  id_tokens:
+    DDOCTOSTS_ID_TOKEN:
+      aud: dd-octo-sts
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH !~ /^(master|release\/)/'
+      when: on_success
+    - when: never
+  before_script:
+    - dd-octo-sts version
+    - dd-octo-sts debug --scope DataDog/dd-trace-java --policy self.gitlab.github-access.read
+    - dd-octo-sts token --scope DataDog/dd-trace-java --policy self.gitlab.github-access.read > github-token.txt
+    - gh auth login --with-token < github-token.txt
+  script:
+    - |
+      # Install authanywhere - Required for PR comment
+      wget -q binaries.ddbuild.io/dd-source/authanywhere/LATEST/authanywhere-linux-amd64
+      chmod +x authanywhere-linux-amd64
+
+      # Source utility functions
+      source .gitlab/ci_visibility_utils.sh
+      
+      # Get PR number
+      if ! PR_NUMBER=$(get_pr_number "${CI_COMMIT_BRANCH}"); then
+        echo "No open PR found for branch ${CI_COMMIT_BRANCH}"
+        exit 1
+      fi
+      
+      echo "Found PR #${PR_NUMBER}"
+      
+      # Check if PR has the CI visibility label
+      if pr_has_label "$PR_NUMBER" "comp: ci visibility"; then
+        echo "PR #${PR_NUMBER} detected as CI Visibility PR"
+        write_pr_comment "$PR_NUMBER" "Test Optimization - Test Environment" "Triggering test environment. Check [pipeline](https://gitlab.ddbuild.io/DataDog/apm-reliability/test-environment/-/pipelines?ref=main&source=pipeline) for test results."
+        exit 0
+      else
+        echo "PR #${PR_NUMBER} not a CI Visibility PR, ignoring trigger"
+        exit 1
+      fi
+  after_script:
+    - dd-octo-sts revoke -t $(cat github-token.txt) || true
+  allow_failure: true
+  retry:
+    max: 2
+    when: always
+
 run-ci-visibility-test-environment:
   stage: ci-visibility-tests
-  when: manual
-  needs: []
+  needs:
+    - job: check-ci-visibility-label
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH !~ /^(master|release\/)/'
+      when: on_success
   trigger:
     project: DataDog/apm-reliability/test-environment
     branch: main
diff --git a/.gitlab/ci_visibility_utils.sh b/.gitlab/ci_visibility_utils.sh
new file mode 100644
index 00000000000..b61deb3dfe3
--- /dev/null
+++ b/.gitlab/ci_visibility_utils.sh
@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+
+function get_pr_number() {
+  local branch=$1
+
+  if [ -z "$branch" ]; then
+    echo "Error: Branch name is required" >&2
+    return 1
+  fi
+
+  local pr_number
+  pr_number=$(gh pr list --repo DataDog/dd-trace-java --head "$branch" --state open --json number --jq '.[0].number')
+
+  if [ -z "$pr_number" ]; then
+    echo "Error: No open PR found for branch $branch" >&2
+    return 1
+  fi
+
+  echo "$pr_number"
+  return 0
+}
+
+function get_pr_labels() {
+  local pr_number=$1
+
+  if [ -z "$pr_number" ]; then
+    echo "Error: PR number is required" >&2
+    return 1
+  fi
+
+  local labels
+  labels=$(gh pr view "$pr_number" --repo DataDog/dd-trace-java --json labels --jq '.labels[].name')
+
+  if [ -z "$labels" ]; then
+    echo "Warning: No labels found for PR #$pr_number" >&2
+    return 1
+  fi
+
+  echo "$labels"
+  return 0
+}
+
+function pr_has_label() {
+  local pr_number=$1
+  local target_label=$2
+
+  if [ -z "$pr_number" ] || [ -z "$target_label" ]; then
+    echo "Error: PR number and label are required" >&2
+    return 1
+  fi
+
+  local labels
+  if ! labels=$(get_pr_labels "$pr_number"); then
+    return 1
+  fi
+
+  if echo "$labels" | grep -q "$target_label"; then
+    return 0
+  else
+    return 1
+  fi
+}
+
+function write_pr_comment() {
+  local pr_number=$1
+  local header=$2
+  local message=$3
+
+  if [ -z "$pr_number" ]; then
+    echo "Error: PR number is required" >&2
+    return 1
+  fi
+
+  if [ -z "$message" ]; then
+    echo "Error: Message is required" >&2
+    return 1
+  fi
+
+  if [ -z "$header" ]; then
+    header="CI Notification"
+  fi
+
+  # Create JSON payload
+  local json_payload
+  json_payload=$(jq -n \
+    --argjson pr_num "$pr_number" \
+    --arg message "$message" \
+    --arg header "$header" \
+    --arg org "DataDog" \
+    --arg repo "dd-trace-java" \
+    '{pr_num: $pr_num, message: $message, header: $header, org: $org, repo: $repo}')
+
+  # Ensure authanywhere is available
+  if [ ! -x "./authanywhere-linux-amd64" ]; then
+    echo "Error: authanywhere-linux-amd64 not found or not executable" >&2
+    return 1
+  fi
+
+  # Post comment to PR
+  echo "Posting comment to PR #${pr_number}"
+  curl -s 'https://pr-commenter.us1.ddbuild.io/internal/cit/pr-comment' \
+    -H "$(./authanywhere-linux-amd64)" \
+    -H "Content-Type: application/json" \
+    -X PATCH \
+    -d "$json_payload"
+
+  return $?
+}

From 529c394bfd85883f7f3c22c70f2aef132bc88ad2 Mon Sep 17 00:00:00 2001
From: Daniel Mohedano <daniel.mohedano@datadoghq.com>
Date: Wed, 15 Oct 2025 10:39:03 +0200
Subject: [PATCH 2/2] feat: delegate PR commenting to test environment

---
 .gitlab/ci-visibility-tests.yml | 11 ++++----
 .gitlab/ci_visibility_utils.sh  | 46 ---------------------------------
 2 files changed, 6 insertions(+), 51 deletions(-)

diff --git a/.gitlab/ci-visibility-tests.yml b/.gitlab/ci-visibility-tests.yml
index 512715d3f9f..fa29bee06b8 100644
--- a/.gitlab/ci-visibility-tests.yml
+++ b/.gitlab/ci-visibility-tests.yml
@@ -19,10 +19,6 @@ check-ci-visibility-label:
     - gh auth login --with-token < github-token.txt
   script:
     - |
-      # Install authanywhere - Required for PR comment
-      wget -q binaries.ddbuild.io/dd-source/authanywhere/LATEST/authanywhere-linux-amd64
-      chmod +x authanywhere-linux-amd64
-
       # Source utility functions
       source .gitlab/ci_visibility_utils.sh
       
@@ -36,8 +32,8 @@ check-ci-visibility-label:
       
       # Check if PR has the CI visibility label
       if pr_has_label "$PR_NUMBER" "comp: ci visibility"; then
+        echo "PR_NUMBER=${PR_NUMBER}" > pr.env
         echo "PR #${PR_NUMBER} detected as CI Visibility PR"
-        write_pr_comment "$PR_NUMBER" "Test Optimization - Test Environment" "Triggering test environment. Check [pipeline](https://gitlab.ddbuild.io/DataDog/apm-reliability/test-environment/-/pipelines?ref=main&source=pipeline) for test results."
         exit 0
       else
         echo "PR #${PR_NUMBER} not a CI Visibility PR, ignoring trigger"
@@ -45,6 +41,9 @@ check-ci-visibility-label:
       fi
   after_script:
     - dd-octo-sts revoke -t $(cat github-token.txt) || true
+  artifacts:
+    reports:
+      dotenv: pr.env
   allow_failure: true
   retry:
     max: 2
@@ -54,6 +53,7 @@ run-ci-visibility-test-environment:
   stage: ci-visibility-tests
   needs:
     - job: check-ci-visibility-label
+      artifacts: true
   rules:
     - if: '$POPULATE_CACHE'
       when: never
@@ -74,3 +74,4 @@ run-ci-visibility-test-environment:
     UPSTREAM_COMMIT_SHORT_SHA: $CI_COMMIT_SHORT_SHA
     TRACER_LANG: java
     JAVA_TRACER_REF_TO_TEST: $CI_COMMIT_BRANCH
+    JAVA_TRACER_PR_TO_TEST: $PR_NUMBER
diff --git a/.gitlab/ci_visibility_utils.sh b/.gitlab/ci_visibility_utils.sh
index b61deb3dfe3..12322265166 100644
--- a/.gitlab/ci_visibility_utils.sh
+++ b/.gitlab/ci_visibility_utils.sh
@@ -60,49 +60,3 @@ function pr_has_label() {
     return 1
   fi
 }
-
-function write_pr_comment() {
-  local pr_number=$1
-  local header=$2
-  local message=$3
-
-  if [ -z "$pr_number" ]; then
-    echo "Error: PR number is required" >&2
-    return 1
-  fi
-
-  if [ -z "$message" ]; then
-    echo "Error: Message is required" >&2
-    return 1
-  fi
-
-  if [ -z "$header" ]; then
-    header="CI Notification"
-  fi
-
-  # Create JSON payload
-  local json_payload
-  json_payload=$(jq -n \
-    --argjson pr_num "$pr_number" \
-    --arg message "$message" \
-    --arg header "$header" \
-    --arg org "DataDog" \
-    --arg repo "dd-trace-java" \
-    '{pr_num: $pr_num, message: $message, header: $header, org: $org, repo: $repo}')
-
-  # Ensure authanywhere is available
-  if [ ! -x "./authanywhere-linux-amd64" ]; then
-    echo "Error: authanywhere-linux-amd64 not found or not executable" >&2
-    return 1
-  fi
-
-  # Post comment to PR
-  echo "Posting comment to PR #${pr_number}"
-  curl -s 'https://pr-commenter.us1.ddbuild.io/internal/cit/pr-comment' \
-    -H "$(./authanywhere-linux-amd64)" \
-    -H "Content-Type: application/json" \
-    -X PATCH \
-    -d "$json_payload"
-
-  return $?
-}