Gating your GitHub Actions Deployments with Datadog Monitors

Overview

CI Visibility is not available in the selected site () at this time.

Datadog is an integration partner for GitHub Actions Deployment Protection Rules, which helps you ensure the delivery of high-quality applications to end customers. You can enforce quality gates on your GitHub Actions deployment workflows using Datadog monitors.

These features are available for all Datadog customers on GitHub Enterprise Cloud, and they do not require usage of CI Visibility.

Enable Deployment Protection Rules

In order to rely on Datadog for quality checks on application deployments, you must have the Deployment Protection Rules feature enabled for your application.

Set up a new GitHub application in Datadog

See these instructions to create a GitHub application that is automatically connected to Datadog. Remember to check the box for Deployment Protection Rules.

Datadog GitHub pull request comment preview

If you already have a GitHub application set up and connected to Datadog, you can find a link to enable Deployment Protection Rules on the in-app GitHub integration tile.

Datadog GitHub pull request comment preview

Configure Deployment Protection Rules in GitHub

  1. Enable read and write permissions for Deployments.
  2. Enable read permissions for Actions.
  3. Under Subscribe to events in an application, click the checkbox for Deployment protection rule.
  4. In a repository, click Settings. Under the Code and Automation section, click Environments. Under Deployment Protection Rules, enable the GitHub application that is linked with the Datadog integration.

Create monitors to gate your deployments

Follow these instructions to create and configure a Datadog monitor to be used for GitHub Actions deployment gating.

You can use multiple separate monitors for quality checks, but Datadog recommends using composite monitors because they allow you to gate deployments based on two or more signals with one monitor. For more information, see Monitor Types.

Any monitors you plan to use for quality gating must be tagged properly with the following tags:

  • git_env
  • git_repo

The git_repo tag must contain the repository owner name in the format <OWNER>/<REPO>, such as Datadog/my-repo.

When you run a workflow, GitHub Actions send a request to your Datadog monitor. Based on one of the evaluation results of the monitor listed below, Datadog sends a comment back to GitHub, which can be seen in GitHub under the Comment section for the associated event and environment within your workflow run.

  • If all monitors associated with your deployment (through environment and repo tags) are in the OK state, Datadog approves the deployment.
  • If any monitor associated with your deployment is not in OK state (in ALERT, WARN, or NODATA), Datadog rejects the deployment.

Example quality checks

Application performance

To ensure that your application’s error rate and/or average latency are below certain thresholds prior to deployment, you can use APM monitors.

Environment infrastructure health

To check your application or service’s CPU and/or memory usage prior to deployment, use integration and metric monitors.

Further reading