From 49fa916eed2dc82cf9976db8ba16377c02eaa8f7 Mon Sep 17 00:00:00 2001
From: Nicolas Catoni <nicolas.catoni@datadoghq.com>
Date: Thu, 9 Apr 2026 13:37:11 +0000
Subject: [PATCH 1/7] chore(ci): use dd-sts for system-tests test optimization

---
 .github/workflows/system_tests.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/system_tests.yml b/.github/workflows/system_tests.yml
index f6e23a0f..9761598e 100644
--- a/.github/workflows/system_tests.yml
+++ b/.github/workflows/system_tests.yml
@@ -34,6 +34,7 @@ jobs:
       TEST_OPTIMIZATION_API_KEY: ${{ secrets.TEST_OPTIMIZATION_API_KEY }}
     permissions:
       contents: read
+      id-token: write
       packages: write
     with:
       library: python_lambda
@@ -41,3 +42,4 @@ jobs:
       scenarios_groups: tracer_release
       skip_empty_scenarios: true
       push_to_test_optimization: true
+      dd_sts_policy: datadog-lambda-python

From fc88b4b1173f05074dc7efa5659b30ad831defbc Mon Sep 17 00:00:00 2001
From: Nicolas Catoni <nicolas.catoni@datadoghq.com>
Date: Mon, 13 Apr 2026 09:17:58 +0000
Subject: [PATCH 2/7] chore(ci): remove dd_sts_policy from system-tests
 subworkflow

---
 .github/workflows/system_tests.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/system_tests.yml b/.github/workflows/system_tests.yml
index 9761598e..5790c66e 100644
--- a/.github/workflows/system_tests.yml
+++ b/.github/workflows/system_tests.yml
@@ -42,4 +42,3 @@ jobs:
       scenarios_groups: tracer_release
       skip_empty_scenarios: true
       push_to_test_optimization: true
-      dd_sts_policy: datadog-lambda-python

From 1e4463f5ef8ecc2e62db5a8c750fe22238184f8e Mon Sep 17 00:00:00 2001
From: Nicolas Catoni <nicolas.catoni@datadoghq.com>
Date: Mon, 13 Apr 2026 09:53:25 +0000
Subject: [PATCH 3/7] chore(ci): remove unneeded permissions from system-tests
 subworkflow

---
 .github/workflows/system_tests.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/system_tests.yml b/.github/workflows/system_tests.yml
index 5790c66e..665df4ef 100644
--- a/.github/workflows/system_tests.yml
+++ b/.github/workflows/system_tests.yml
@@ -33,9 +33,7 @@ jobs:
       DD_API_KEY: ${{ secrets.DD_API_KEY }}
       TEST_OPTIMIZATION_API_KEY: ${{ secrets.TEST_OPTIMIZATION_API_KEY }}
     permissions:
-      contents: read
       id-token: write
-      packages: write
     with:
       library: python_lambda
       binaries_artifact: binaries

From 726db9523192fc7bdcb1f5f17bdad6cc99bf9245 Mon Sep 17 00:00:00 2001
From: Nicolas Catoni <nicolas.catoni@datadoghq.com>
Date: Mon, 13 Apr 2026 11:15:28 +0000
Subject: [PATCH 4/7] chore(ci): pin system-tests workflow to 1e5d6b709

---
 .github/workflows/system_tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/system_tests.yml b/.github/workflows/system_tests.yml
index 665df4ef..ac473064 100644
--- a/.github/workflows/system_tests.yml
+++ b/.github/workflows/system_tests.yml
@@ -28,7 +28,7 @@ jobs:
   system-tests:
     needs:
       - build
-    uses: DataDog/system-tests/.github/workflows/system-tests.yml@main
+    uses: DataDog/system-tests/.github/workflows/system-tests.yml@1e5d6b7096279ca43ce4826fda3cc805635b63c1
     secrets:
       DD_API_KEY: ${{ secrets.DD_API_KEY }}
       TEST_OPTIMIZATION_API_KEY: ${{ secrets.TEST_OPTIMIZATION_API_KEY }}

From abd9ea45fd2eeca0296bb0903c17993d7a7b7ad1 Mon Sep 17 00:00:00 2001
From: Nicolas Catoni <nicolas.catoni@datadoghq.com>
Date: Mon, 13 Apr 2026 14:39:11 +0200
Subject: [PATCH 5/7] Remove API key

---
 .github/workflows/system_tests.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/system_tests.yml b/.github/workflows/system_tests.yml
index ac473064..1559536d 100644
--- a/.github/workflows/system_tests.yml
+++ b/.github/workflows/system_tests.yml
@@ -29,9 +29,6 @@ jobs:
     needs:
       - build
     uses: DataDog/system-tests/.github/workflows/system-tests.yml@1e5d6b7096279ca43ce4826fda3cc805635b63c1
-    secrets:
-      DD_API_KEY: ${{ secrets.DD_API_KEY }}
-      TEST_OPTIMIZATION_API_KEY: ${{ secrets.TEST_OPTIMIZATION_API_KEY }}
     permissions:
       id-token: write
     with:

From bf4fd4ff8ab23659fa6455181dd2ffada6278c8f Mon Sep 17 00:00:00 2001
From: Nicolas Catoni <nicolas.catoni@datadoghq.com>
Date: Mon, 13 Apr 2026 12:53:03 +0000
Subject: [PATCH 6/7] fix: add contents:read permission to system-tests
 workflow call

---
 .github/workflows/system_tests.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/system_tests.yml b/.github/workflows/system_tests.yml
index 1559536d..0e2e1751 100644
--- a/.github/workflows/system_tests.yml
+++ b/.github/workflows/system_tests.yml
@@ -30,6 +30,7 @@ jobs:
       - build
     uses: DataDog/system-tests/.github/workflows/system-tests.yml@1e5d6b7096279ca43ce4826fda3cc805635b63c1
     permissions:
+      contents: read
       id-token: write
     with:
       library: python_lambda

From e4cc7e196a1ac12c58fef60bc324e6af0a395615 Mon Sep 17 00:00:00 2001
From: Nicolas Catoni <nicolas.catoni@datadoghq.com>
Date: Mon, 13 Apr 2026 15:33:03 +0000
Subject: [PATCH 7/7] chore(ci): pass ref to system-tests reusable workflow

---
 .github/workflows/system_tests.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/system_tests.yml b/.github/workflows/system_tests.yml
index 0e2e1751..04e08246 100644
--- a/.github/workflows/system_tests.yml
+++ b/.github/workflows/system_tests.yml
@@ -34,6 +34,7 @@ jobs:
       id-token: write
     with:
       library: python_lambda
+      ref: 1e5d6b7096279ca43ce4826fda3cc805635b63c1
       binaries_artifact: binaries
       scenarios_groups: tracer_release
       skip_empty_scenarios: true