Skip to content

Catch build issue by comparing release artifacts with jardiff after build job#11959

Open
bric3 wants to merge 5 commits into
masterfrom
bdu/jardiff-task-after-build
Open

Catch build issue by comparing release artifacts with jardiff after build job#11959
bric3 wants to merge 5 commits into
masterfrom
bdu/jardiff-task-after-build

Conversation

@bric3

@bric3 bric3 commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

What Does This Do

  • Adds a dd-trace-java.jardiff Gradle plugin and compareToReferenceJar task that runs jardiff against built jar artifacts.
  • Adds a validate_build GitLab job that preserves the jars produced by the build job, rebuilds the publishable jars, and compares the rebuilt jars against the original build artifacts.

Motivation

This gives CI a focused check for build-cache or rebuild issues where the release artifacts change after the build job, even though they come from the same commit.

Additional Notes

This PR intentionally compares artifacts within the same pipeline. Comparing against the fork-point build from master is kept for the follow-up branch.

Preliminary to #11856, it's basically the same idea, but applied to the pipeline.

Contributor Checklist

Jira ticket: [PROJ-IDENT]

…er build job

The new job adds a `compareToReferenceJar` task (via a new
`dd-trace-java.jardiff` plugin) that runs jardiff `--stat --exit-code`
against a reference jar (the one from `build` job) and fails on any
difference, there should be none since the jar being rebuilt is coming
from the same commit in a pipeline.
@bric3 bric3 added the tag: no release notes Changes to exclude from release notes label Jul 15, 2026
@bric3 bric3 requested review from a team as code owners July 15, 2026 12:40
@bric3 bric3 added the comp: tooling Build & Tooling label Jul 15, 2026
@bric3 bric3 requested a review from a team as a code owner July 15, 2026 12:40
@bric3 bric3 requested review from PerfectSlayer, amarziali, erikayasuda, sameerank and typotter and removed request for a team July 15, 2026 12:40
@datadog-prod-us1-3

This comment has been minimized.

@datadog-prod-us1-3 datadog-prod-us1-3 Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Datadog Autotest: PASS

More details

Jardiff plugin adds a defensive build-validation gate with proper error handling and module-specific configuration. All error paths are explicit (failures throw GradleException rather than silent skips), reference jar resolution is mandatory by design, and modules without publishable artifacts can disable the task. No behavioral regressions identified.

Was this helpful? React 👍 or 👎

📊 Validated against 8 scenarios · Open Bits AI session

🤖 Datadog Autotest · Commit 845c485 · What is Autotest? · Any feedback? Reach out in #autotest

@dd-octo-sts

dd-octo-sts Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

🟢 Java Benchmark SLOs — All performance SLOs passed

Suite Status
Startup 🟢 pass

SLO thresholds are defined here based on automatically generated metrics. A warning is raised when results are within 5% of the threshold.

PR vs. master results
Scenario Candidate master Δ (95% CI of mean)
startup:insecure-bank:iast:Agent 14.03 s 13.93 s [-0.1%; +1.6%] (no difference)
startup:insecure-bank:tracing:Agent 12.96 s 12.96 s [-0.8%; +0.7%] (no difference)
startup:petclinic:appsec:Agent 16.85 s 16.81 s [-0.6%; +1.1%] (no difference)
startup:petclinic:iast:Agent 16.93 s 16.92 s [-0.7%; +0.8%] (no difference)
startup:petclinic:profiling:Agent 16.55 s 16.73 s [-2.3%; +0.2%] (no difference)
startup:petclinic:sca:Agent 16.23 s 16.77 s [-7.7%; +1.2%] (no difference)
startup:petclinic:tracing:Agent 16.20 s 16.06 s [-0.3%; +2.0%] (no difference)

Commit: 69c5fe62 · CI Pipeline · Benchmarking Platform UI


Load and DaCapo benchmarks can be triggered manually in the GitLab pipeline. Results will appear in the Benchmarking Platform UI after completion.

@bric3 bric3 requested a review from sarahchen6 July 15, 2026 16:37
Comment thread .gitlab-ci.yml

@sarahchen6 sarahchen6 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool! Thanks for addressing my prior comments

@bric3 bric3 requested a review from sarahchen6 July 16, 2026 12:20

@typotter typotter left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm for flags, thanks

* The same task class supports two plugin-configured modes:
* - `compareToReferenceJar` wires [candidateJar] to the project's archive output, so Gradle builds
* that archive before comparing it.
* - `compareJarFiles` leaves [candidateJar] unset and expects `--candidate-jar=<path>`, so it can

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it looks like compareJarFiles is not used or referenced anywhere 👀 should we delete this?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I choose to keep this as I'd like to have a base to compare two files. This came from my other work to compare with master. I'll see if I can wire things differently then.

@Test
fun `warns when hashes differ but jardiff reports no differences and hashCheck is disabled`() {
writeProject(
taskBody = "hashCheck.set(false)",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: maybe it makes more sense to rename hashCheck to ignoreHashCheck ? because even when hashCheck.set(false), the hash is still "checked," the result is just skipped

Comment thread .gitlab-ci.yml
- cp workspace/dd-trace-ot/build/libs/*.jar reference-artifacts/
- ./gradlew --version
# This will run the shadowJar task and exercise the build cache, allowing to identify build-cache issues
- ./gradlew compareToReferenceJar -PjardiffReferenceDir="$CI_PROJECT_DIR/reference-artifacts" -PskipTests $GRADLE_ARGS

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked with Codex and it recommends:

Suggested change
- ./gradlew compareToReferenceJar -PjardiffReferenceDir="$CI_PROJECT_DIR/reference-artifacts" -PskipTests $GRADLE_ARGS
- ./gradlew clean compareToReferenceJar -PjardiffReferenceDir="$CI_PROJECT_DIR/reference-artifacts" -PskipTests $GRADLE_ARGS

because:

validate_build restores both workspace outputs and Gradle execution history
from the build cache. Because it does not clean first, jar and shadowJar can
be UP-TO-DATE. The job may therefore compare each original JAR with a copy of
itself instead of exercising the build cache. Preserve the reference JARs,
then run clean compareToReferenceJar.

This seems reasonable to me. WDYT?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed there because the job is new container.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp: tooling Build & Tooling tag: no release notes Changes to exclude from release notes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants