Skip to content

Add dd-octo-sts policy for dd-trace-dotnet#438

Merged
andrewlock merged 2 commits into
masterfrom
andrew/add-trust-policy
Mar 17, 2026
Merged

Add dd-octo-sts policy for dd-trace-dotnet#438
andrewlock merged 2 commits into
masterfrom
andrew/add-trust-policy

Conversation

@andrewlock

@andrewlock andrewlock commented Mar 17, 2026

Copy link
Copy Markdown
Member

We're migrating our existing authentication to use dd-octo-sts and we need to add this trust policy first

@andrewlock andrewlock requested review from a team as code owners March 17, 2026 10:53
@andrewlock andrewlock requested a review from kathiehuang March 17, 2026 10:53
@andrewlock andrewlock mentioned this pull request Mar 17, 2026
Merged
@andrewlock andrewlock merged commit cb64bb0 into master Mar 17, 2026
4 checks passed
@andrewlock andrewlock deleted the andrew/add-trust-policy branch March 17, 2026 15:45
andrewlock added a commit to DataDog/dd-trace-dotnet that referenced this pull request Mar 17, 2026
@andrewlock
Replace our custom GitHub App Token with dd-octo-sts (#8318)
9e60d38 
## Summary of changes

Replaces our use of `actions/create-github-app-token` with `dd-octo-sts`

## Reason for change

It was recommended by sdlc-security that we make the shift

## Implementation details

They have a claude plugin to do it, so I poked the bot with a stick
until it did this. Looks OK to me best I can understand, and I'm
definitely happier having 🤖 write the various "patterns" 😅

## Test coverage

Unfortunately, no... this isn't an easy one to test. 

The AAS deploy is just one we will have to keep an eye on, as it's non
critical and we can temporarily revert if necessary.

The release one is more problematic - I left the "fallback"
`create_draft_release` workflow "as-is" for now, as we know it works,
and we want to make sure we have an escape hatch for the first run

## Other details

Requires DataDog/datadog-aas-extension#438 to be
merged first.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucaspimentel lucaspimentel lucaspimentel approved these changes

@kathiehuang kathiehuang Awaiting requested review from kathiehuang kathiehuang is a code owner automatically assigned from DataDog/serverless-azure-and-gcp

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andrewlock @lucaspimentel