Automatic triggering of CiVis test environment

.gitlab/ci-visibility-tests.yml

@@ -1,7 +1,64 @@
+check-ci-visibility-label:
+  stage: publish
+  image: registry.ddbuild.io/images/dd-octo-sts-ci-base:2025.06-1
+  tags: [ "arch:amd64" ]
+  needs: [ publish-artifacts-to-s3 ]
+  id_tokens:
+    DDOCTOSTS_ID_TOKEN:
+      aud: dd-octo-sts
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH !~ /^(master|release\/)/'
+      when: on_success
+    - when: never
+  before_script:
+    - dd-octo-sts version
+    - dd-octo-sts debug --scope DataDog/dd-trace-java --policy self.gitlab.github-access.read
+    - dd-octo-sts token --scope DataDog/dd-trace-java --policy self.gitlab.github-access.read > github-token.txt
+    - gh auth login --with-token < github-token.txt
+  script:
+    - |
+      # Source utility functions
+      source .gitlab/ci_visibility_utils.sh
+
+      # Get PR number
+      if ! PR_NUMBER=$(get_pr_number "${CI_COMMIT_BRANCH}"); then
+        echo "No open PR found for branch ${CI_COMMIT_BRANCH}"
+        exit 1
+      fi
+
+      echo "Found PR #${PR_NUMBER}"
+
+      # Check if PR has the CI visibility label
+      if pr_has_label "$PR_NUMBER" "comp: ci visibility"; then
+        echo "PR_NUMBER=${PR_NUMBER}" > pr.env
+        echo "PR #${PR_NUMBER} detected as CI Visibility PR"
+        exit 0
+      else
+        echo "PR #${PR_NUMBER} not a CI Visibility PR, ignoring trigger"
+        exit 1
+      fi
+  after_script:
+    - dd-octo-sts revoke -t $(cat github-token.txt) || true
+  artifacts:
+    reports:
+      dotenv: pr.env
+  allow_failure: true
+  retry:
+    max: 2
+    when: always
+
 run-ci-visibility-test-environment:
   stage: ci-visibility-tests
-  when: manual
-  needs: []
+  needs:
+    - job: check-ci-visibility-label
+      artifacts: true
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH !~ /^(master|release\/)/'
+      when: on_success
   trigger:
     project: DataDog/apm-reliability/test-environment
     branch: main
@@ -17,3 +74,4 @@ run-ci-visibility-test-environment:
     UPSTREAM_COMMIT_SHORT_SHA: $CI_COMMIT_SHORT_SHA
     TRACER_LANG: java
     JAVA_TRACER_REF_TO_TEST: $CI_COMMIT_BRANCH
+    JAVA_TRACER_PR_TO_TEST: $PR_NUMBER

.gitlab/ci_visibility_utils.sh

@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+function get_pr_number() {
+  local branch=$1
+
+  if [ -z "$branch" ]; then
+    echo "Error: Branch name is required" >&2
+    return 1
+  fi
+
+  local pr_number
+  pr_number=$(gh pr list --repo DataDog/dd-trace-java --head "$branch" --state open --json number --jq '.[0].number')
+
+  if [ -z "$pr_number" ]; then
+    echo "Error: No open PR found for branch $branch" >&2
+    return 1
+  fi
+
+  echo "$pr_number"
+  return 0
+}
+
+function get_pr_labels() {
+  local pr_number=$1
+
+  if [ -z "$pr_number" ]; then
+    echo "Error: PR number is required" >&2
+    return 1
+  fi
+
+  local labels
+  labels=$(gh pr view "$pr_number" --repo DataDog/dd-trace-java --json labels --jq '.labels[].name')
+
+  if [ -z "$labels" ]; then
+    echo "Warning: No labels found for PR #$pr_number" >&2
+    return 1
+  fi
+
+  echo "$labels"
+  return 0
+}
+
+function pr_has_label() {
+  local pr_number=$1
+  local target_label=$2
+
+  if [ -z "$pr_number" ] || [ -z "$target_label" ]; then
+    echo "Error: PR number and label are required" >&2
+    return 1
+  fi
+
+  local labels
+  if ! labels=$(get_pr_labels "$pr_number"); then
+    return 1
+  fi
+
+  if echo "$labels" | grep -q "$target_label"; then
+    return 0
+  else
+    return 1
+  fi
+}