DataDog · kakkoyun · Feb 19, 2026 · Feb 19, 2026 · Feb 19, 2026 · Feb 19, 2026
@@ -9,3 +9,5 @@ self-hosted-runner:
 # Configuration variables used in workflows
 config-variables:
   - DD_K9_LIBRARY_GO_APP_ID
+  - BENCHMARKING_PLATFORM_GL_PROJECT_ID
+  - APM_SDKS_BENCHMARKS_GL_PROJECT_ID
@@ -0,0 +1,59 @@
+name: 'Read Go Versions'
+description: >
+  Parses go-versions.yml at the repository root and exposes the stable and
+  oldstable Go versions as step outputs. Uses only grep and sed — no yq or
+  external tool installation required.
+
+outputs:
+  stable:
+    description: 'Stable Go minor version (e.g. "1.26")'
+    value: ${{ steps.parse.outputs.stable }}
+  oldstable:
+    description: 'Old-stable Go minor version (e.g. "1.25")'
+    value: ${{ steps.parse.outputs.oldstable }}
+  stable_patch:
+    description: 'Stable Go patch version (e.g. "1.26.0")'
+    value: ${{ steps.parse.outputs.stable_patch }}
+  oldstable_patch:
+    description: 'Old-stable Go patch version (e.g. "1.25.7")'
+    value: ${{ steps.parse.outputs.oldstable_patch }}
+  matrix:
+    description: 'JSON array of minor versions ordered [oldstable, stable] for use in strategy.matrix'
+    value: ${{ steps.parse.outputs.matrix }}
+
+runs:
+  using: composite
+  steps:
+    - name: Parse go-versions.yml
+      id: parse
+      shell: bash
+      run: |
+        file="${GITHUB_WORKSPACE}/go-versions.yml"
+        if [[ ! -f "$file" ]]; then
+          echo "ERROR: go-versions.yml not found at ${file}" >&2
+          exit 1
+        fi
+
+        stable=$(grep '^stable:' "$file" | sed 's/.*"\(.*\)".*/\1/')
+        oldstable=$(grep '^oldstable:' "$file" | sed 's/.*"\(.*\)".*/\1/')
+        stable_patch=$(grep '^stable_patch:' "$file" | sed 's/.*"\(.*\)".*/\1/')
+        oldstable_patch=$(grep '^oldstable_patch:' "$file" | sed 's/.*"\(.*\)".*/\1/')
+
+        if [[ -z "$stable" || -z "$oldstable" || -z "$stable_patch" || -z "$oldstable_patch" ]]; then
+          echo "ERROR: Failed to parse one or more keys from go-versions.yml" >&2
+          echo "  stable='${stable}' oldstable='${oldstable}' stable_patch='${stable_patch}' oldstable_patch='${oldstable_patch}'" >&2
+          exit 1
+        fi
+
+        matrix="[\"${oldstable}\",\"${stable}\"]"
+
+        echo "stable=${stable}"           >> "$GITHUB_OUTPUT"
+        echo "oldstable=${oldstable}"     >> "$GITHUB_OUTPUT"
+        echo "stable_patch=${stable_patch}"           >> "$GITHUB_OUTPUT"
+        echo "oldstable_patch=${oldstable_patch}"     >> "$GITHUB_OUTPUT"
+        echo "matrix=${matrix}"           >> "$GITHUB_OUTPUT"
+
+        echo "Go versions loaded from go-versions.yml:"
+        echo "  stable=${stable}  oldstable=${oldstable}"
+        echo "  stable_patch=${stable_patch}  oldstable_patch=${oldstable_patch}"
+        echo "  matrix=${matrix}"
@@ -52,6 +52,21 @@ permissions:
   contents: read
 
 jobs:
+  go-versions:
+    runs-on: ubuntu-latest
+    outputs:
+      stable: ${{ steps.versions.outputs.stable }}
+      oldstable: ${{ steps.versions.outputs.oldstable }}
+      matrix: ${{ steps.versions.outputs.matrix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+      - name: Read Go versions
+        id: versions
+        uses: ./.github/actions/go-versions
+
   # Prepare the cache of Go modules to share it will the other jobs.
   # This maximizes cache hits and minimizes the time spent downloading Go modules.
   # Note 1: @actions/cache is very sensitive and it's easy to mess up. Things to know:
@@ -105,11 +120,13 @@ jobs:
   macos:
     name: ${{ matrix.runs-on }} go${{ matrix.go-version }}
     runs-on: ${{ matrix.runs-on }}
-    needs: go-mod-caching
+    needs:
+      - go-versions
+      - go-mod-caching
     strategy:
       matrix:
         runs-on: [ macos-14, macos-latest ] # oldest and newest macos runners available
-        go-version: [ "1.26", "1.25" ]
+        go-version: ${{ fromJSON(needs.go-versions.outputs.matrix) }}
       fail-fast: true # saving some CI time - macos runners are too long to get
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -292,10 +309,12 @@ jobs:
     name: ${{ matrix.platform }} golang:${{ matrix.go-version }}-${{ matrix.distribution }}
     # We use ARM runners when needed to avoid the performance hit of QEMU
     runs-on: ${{ matrix.platform == 'linux/amd64' && 'ubuntu-latest-16-cores' || 'ubuntu-24.04-arm' }}
-    needs: go-mod-caching
+    needs:
+      - go-versions
+      - go-mod-caching
     strategy:
       matrix:
-        go-version: [ "1.26", "1.25" ]
+        go-version: ${{ fromJSON(needs.go-versions.outputs.matrix) }}
         distribution: [ trixie, bookworm, alpine ]
         platform: [ linux/amd64, linux/arm64 ]
 

@@ -0,0 +1,84 @@
+name: Go Versions Changed
+
+# Triggered when go-versions.yml is updated on main. Notifies downstream
+# repos (benchmarking-platform, apm-sdks-benchmarks) so they can rebuild
+# their container images with the updated Go version.
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'go-versions.yml'
+
+permissions:
+  contents: read
+
+jobs:
+  go-versions:
+    runs-on: ubuntu-latest
+    outputs:
+      stable: ${{ steps.versions.outputs.stable }}
+      oldstable: ${{ steps.versions.outputs.oldstable }}
+      stable_patch: ${{ steps.versions.outputs.stable_patch }}
+      oldstable_patch: ${{ steps.versions.outputs.oldstable_patch }}
+      content_hash: ${{ steps.hash.outputs.content_hash }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Read Go versions
+        id: versions
+        uses: ./.github/actions/go-versions
+      - name: Compute content hash
+        id: hash
+        run: |
+          # Hash the versions file itself; downstream repos mix this with their
+          # own Dockerfile to produce a stable content-addressed image tag.
+          hash=$(sha256sum go-versions.yml | cut -c1-12)
+          echo "content_hash=${hash}" >> "$GITHUB_OUTPUT"
+          echo "Content hash of go-versions.yml: ${hash}"
+
+  trigger-benchmarking-platform:
+    needs: [go-versions]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger benchmarking-platform rebuild
+        run: |
+          curl --fail --request POST \
+            --form "token=${{ secrets.BENCHMARKING_PLATFORM_TRIGGER_TOKEN }}" \
+            --form "ref=dd-trace-go" \
+            --form "variables[GO_VERSION]=${{ needs.go-versions.outputs.stable_patch }}" \
+            "https://gitlab.ddbuild.io/api/v4/projects/${{ vars.BENCHMARKING_PLATFORM_GL_PROJECT_ID }}/trigger/pipeline"
+
+  trigger-apm-sdks-benchmarks:
+    needs: [go-versions]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger apm-sdks-benchmarks rebuild
+        run: |
+          curl --fail --request POST \
+            --form "token=${{ secrets.APM_SDKS_BENCHMARKS_TRIGGER_TOKEN }}" \
+            --form "ref=main" \
+            "https://gitlab.ddbuild.io/api/v4/projects/${{ vars.APM_SDKS_BENCHMARKS_GL_PROJECT_ID }}/trigger/pipeline"
+
+  trigger-reliability-env:
+    needs: [go-versions]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Dispatch go-version-updated to datadog-reliability-env
+        # Requires a PAT with repo scope stored as RELIABILITY_ENV_DISPATCH_TOKEN.
+        # The receiving workflow (go-version-updated.yml) rotates deployment keys
+        # in deployment.cue/dashboards/golang.jsonnet and opens an auto-PR.
+        run: |
+          curl --fail --request POST \
+            --url "https://api.github.com/repos/DataDog/datadog-reliability-env/dispatches" \
+            --header "Authorization: Bearer ${{ secrets.RELIABILITY_ENV_DISPATCH_TOKEN }}" \
+            --header "Accept: application/vnd.github+json" \
+            --header "X-GitHub-Api-Version: 2022-11-28" \
+            --header "Content-Type: application/json" \
+            --data "{
+              \"event_type\": \"go-version-updated\",
+              \"client_payload\": {
+                \"stable_patch\": \"${{ needs.go-versions.outputs.stable_patch }}\",
+                \"oldstable_patch\": \"${{ needs.go-versions.outputs.oldstable_patch }}\"
+              }
+            }"
@@ -10,7 +10,20 @@ permissions:
   id-token: write # Required for OIDC authentication
 
 jobs:
+  go-versions:
+    runs-on: ubuntu-latest
+    outputs:
+      stable: ${{ steps.versions.outputs.stable }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Read Go versions
+        id: versions
+        uses: ./.github/actions/go-versions
+
   lambda-integration-test:
+    needs:
+      - go-versions
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'
     steps:
@@ -35,7 +48,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
         with:
-          go-version: '1.26'
+          go-version: ${{ needs.go-versions.outputs.stable }}
 
       - name: Set up Node 22
         uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0

@@ -19,14 +19,29 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  go-versions:
+    runs-on: ubuntu-latest
+    outputs:
+      stable: ${{ steps.versions.outputs.stable }}
+      oldstable: ${{ steps.versions.outputs.oldstable }}
+      matrix: ${{ steps.versions.outputs.matrix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Read Go versions
+        id: versions
+        uses: ./.github/actions/go-versions
+
   unit-integration-tests:
+    needs:
+      - go-versions
     uses: ./.github/workflows/unit-integration-tests.yml
     permissions:
       contents: read
       id-token: write
       pull-requests: write
     with:
-      go-version: "1.26" # Should be the highest supported version of Go
+      go-version: ${{ needs.go-versions.outputs.stable }} # highest supported version of Go
     secrets: inherit
 
   warm-repo-cache:
@@ -42,11 +57,12 @@ jobs:
 
   multios-unit-tests:
     needs:
+      - go-versions
       - warm-repo-cache
     strategy:
       matrix:
         runs-on: [ macos-latest, windows-latest, ubuntu-latest ]
-        go-version: [ "1.25", "1.26" ]
+        go-version: ${{ fromJSON(needs.go-versions.outputs.matrix) }}
       fail-fast: false
     uses: ./.github/workflows/multios-unit-tests.yml
     with:

@@ -8,6 +8,21 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  go-versions:
+    runs-on: ubuntu-latest
+    outputs:
+      stable: ${{ steps.versions.outputs.stable }}
+      oldstable: ${{ steps.versions.outputs.oldstable }}
+      matrix: ${{ steps.versions.outputs.matrix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Read Go versions
+        id: versions
+        uses: ./.github/actions/go-versions
+
   warm-repo-cache:
     runs-on: ubuntu-latest
     steps:
@@ -23,22 +38,24 @@ jobs:
   unit-integration-tests:
     name: PR Unit and Integration Tests
     needs:
+      - go-versions
       - warm-repo-cache
     strategy:
       matrix:
-        go-version: [ "1.25", "1.26" ]
+        go-version: ${{ fromJSON(needs.go-versions.outputs.matrix) }}
       fail-fast: false
     uses: ./.github/workflows/unit-integration-tests.yml
     with:
       go-version: ${{ matrix.go-version }}
     secrets: inherit
   multios-unit-tests:
     needs:
+      - go-versions
       - warm-repo-cache
     strategy:
       matrix:
         runs-on: [ macos-latest, windows-latest, ubuntu-latest ]
-        go-version: [ "1.25", "1.26" ]
+        go-version: ${{ fromJSON(needs.go-versions.outputs.matrix) }}
       fail-fast: false
     uses: ./.github/workflows/multios-unit-tests.yml
     with: