Skip to content

👷 Sign CI Docker image with ddsign#4313

Merged
thomas-lebeau merged 1 commit intomainfrom
thomas.lebeau/sign-ci-image
Mar 11, 2026
Merged

👷 Sign CI Docker image with ddsign#4313
thomas-lebeau merged 1 commit intomainfrom
thomas.lebeau/sign-ci-image

Conversation

@thomas-lebeau
Copy link
Collaborator

@thomas-lebeau thomas-lebeau commented Mar 11, 2026
edited
Loading

Motivation

Sign the CI Docker image using ddsign for image integrity verification.

Changes

  • Add DDSIGN_ID_TOKEN id_token with image-integrity audience to the ci-image job
  • Capture Docker build metadata to a temp file via --metadata-file
  • Sign the pushed image with ddsign sign using the metadata file

Test instructions

ddsign verify registry.ddbuild.io/ci/browser-sdk:102@$(crane digest registry.ddbuild.io/ci/browser-sdk:102)

Checklist

  • Tested locally
  • Tested on staging
  • Added unit tests for this change.
  • Added e2e/integration tests for this change.
  • Updated documentation and/or relevant AGENTS.md file

@thomas-lebeau
👷 Sign CI Docker image with ddsign
c170a20 
- Add DDSIGN_ID_TOKEN id_token for image integrity
- Capture docker buildx metadata to a temp file
- Sign the pushed image using ddsign
@cit-pr-commenter-54b7da
Copy link

cit-pr-commenter-54b7da bot commented Mar 11, 2026
edited
Loading

Bundles Sizes Evolution

📦 Bundle Name Base Size Local Size 𝚫 𝚫% Status
Rum 174.53 KiB 174.53 KiB 0 B 0.00%
Rum Profiler 6.16 KiB 6.16 KiB 0 B 0.00%
Rum Recorder 27.46 KiB 27.46 KiB 0 B 0.00%
Logs 56.84 KiB 56.84 KiB 0 B 0.00%
Flagging 944 B 944 B 0 B 0.00%
Rum Slim 130.21 KiB 130.21 KiB 0 B 0.00%
Worker 23.63 KiB 23.63 KiB 0 B 0.00%
🚀 CPU Performance
Action Name Base CPU Time (ms) Local CPU Time (ms) 𝚫%
RUM - add global context 0.0061 0.004 -34.43%
RUM - add action 0.0154 0.0133 -13.64%
RUM - add error 0.0158 0.0121 -23.42%
RUM - add timing 0.0033 0.0029 -12.12%
RUM - start view 0.0162 0.0119 -26.54%
RUM - start/stop session replay recording 0.0008 0.0006 -25.00%
Logs - log message 0.018 0.0136 -24.44%
🧠 Memory Performance
Action Name Base Memory Consumption Local Memory Consumption 𝚫
RUM - add global context 27.01 KiB 26.06 KiB -967 B
RUM - add action 50.36 KiB 50.79 KiB +444 B
RUM - add timing 26.72 KiB 25.76 KiB -987 B
RUM - add error 56.18 KiB 54.54 KiB -1.64 KiB
RUM - start/stop session replay recording 25.59 KiB 25.53 KiB -56 B
RUM - start view 451.27 KiB 449.66 KiB -1.61 KiB
Logs - log message 44.26 KiB 44.25 KiB -12 B

🔗 RealWorld

@datadog-datadog-prod-us1-2
Copy link

datadog-datadog-prod-us1-2 bot commented Mar 11, 2026
edited by datadog-official bot
Loading

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 77.17% (+0.00%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: c170a20 | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

@thomas-lebeau thomas-lebeau marked this pull request as ready for review March 11, 2026 14:07
@thomas-lebeau thomas-lebeau requested a review from a team as a code owner March 11, 2026 14:07
@thomas-lebeau thomas-lebeau merged commit 081a97c into main Mar 11, 2026
22 checks passed
@thomas-lebeau thomas-lebeau deleted the thomas.lebeau/sign-ci-image branch March 11, 2026 14:34
@github-actions github-actions bot locked and limited conversation to collaborators Mar 11, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@BenoitZugmeyer BenoitZugmeyer BenoitZugmeyer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thomas-lebeau @BenoitZugmeyer