fix: address Devin Review findings on datadog-synthetics workflow#6
Conversation
- Add step-level condition to skip Datadog Synthetic tests when DD_API_KEY/DD_APP_KEY secrets are not configured, preventing CI failure - Use more specific tag (ci-required-e2e) instead of generic e2e-tests to reduce accidental scope changes via Datadog tag edits - Rename job from 'build' to 'e2e-tests' for clarity Co-Authored-By: Thuong Huynh <admin@huynhthuong.online>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
Huynhthuongg
merged commit 91070d9
into
devin/1777446691-workspace-ide
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| # Run Synthetic tests within your GitHub workflow. | ||
| # For additional configuration options visit the action within the marketplace: https://github.com/marketplace/actions/datadog-synthetics-ci | ||
| - name: Run Datadog Synthetic tests | ||
| if: ${{ secrets.DD_API_KEY != '' && secrets.DD_APP_KEY != '' }} |
There was a problem hiding this comment.
📝 Info: Secrets in step-level if condition: valid but has fork-PR implications
The added if: ${{ secrets.DD_API_KEY != '' && secrets.DD_APP_KEY != '' }} is a valid GitHub Actions pattern — the secrets context is available in step if expressions. However, note that for pull_request events triggered from forks, secrets are not passed to the workflow (they resolve to empty strings). This means the Datadog Synthetic tests step will be silently skipped for all fork PRs. This is likely the intended behavior (and arguably a security improvement), but reviewers should be aware that fork-originated PRs will never run these e2e tests, so there's no gate on external contributions.
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
Summary
Fixes the issues identified by Devin Review on PR #4 (
datadog-synthetics.yml):CI failure fix: Added a step-level
ifcondition to skip the Datadog Synthetic tests step whenDD_API_KEY/DD_APP_KEYsecrets are not configured. Previously, the workflow would fail withError: Input required and not supplied: api_keywhen secrets weren't set up.More specific test tag: Changed
test_search_queryfrom the generictag:e2e-teststotag:ci-required-e2eto reduce the risk of accidental CI scope changes via Datadog tag edits (as flagged by Devin Review).Job rename: Renamed the job from
buildtoe2e-teststo better reflect its purpose.Review & Testing Checklist for Human
ci-required-e2etag matches your intended Datadog Synthetic test tag (update if your tests use a different tag)DD_API_KEYandDD_APP_KEYare added as repository secrets when ready to run Synthetic testsNotes
test_search_querywithout explicitpublic_idvalues. This PR addresses that concern by using a more specific, CI-reserved tag.buildjob was failing becauseDD_API_KEYandDD_APP_KEYsecrets were not configured in the repository.Link to Devin session: https://app.devin.ai/sessions/b6b6ab64ba144825bc64b30c0c2a968d
Requested by: @Huynhthuongg