fix: switch mssql image to ghcr mirror to avoid flaky mcr registry

[rochdev]

Summary

• Replaces mcr.microsoft.com/mssql/server:2022-latest with the GHCR mirror ghcr.io/datadog/system-tests/mcr.microsoft.com/mssql/server:2022-latest
• The MCR registry has been flaky, causing intermittent test failures; the GHCR mirror follows the same convention used by the existing mirror-image.yml workflow

Test plan

• Verify mssql-dependent integration tests pass in CI

Generated by Claude Code

[github-actions]

CODEOWNERS have been resolved as:

utils/_context/containers.py                                            @DataDog/system-tests-core

[datadog-datadog-prod-us1]

 

✨ Fix all issues with BitsAI

⚠️ Warnings

🚦 108 Pipeline jobs failed

Testing the test | System Tests (java, prod) / End-to-end #2 / akka-http 2     

🔧 Fix in code (Fix with Cursor).

Test failure in test_blocking_addresses.py:591 while asserting WAF attack with rule 'tst-037-004'.

🧪 1 Test failed

tests.appsec.test_blocking_addresses.Test_Blocking_request_body_multipart.test_blocking[akka-http] from system_tests_suite   (Fix with Cursor)

ValueError: No appsec event validate this condition

self = <tests.appsec.test_blocking_addresses.Test_Blocking_request_body_multipart object at 0x7f3d685aff20>

    def test_blocking(self):
        """Can block on server.request.body (multipart/form-data variant)"""
    
>       interfaces.library.assert_waf_attack(self.rbmp_req, rule="tst-037-004")

tests/appsec/test_blocking_addresses.py:591: 
...

DataDog/system-tests | Ubuntu_20_amd64.INS: [test-app-java-container]     

🔧 Fix in code (Fix with Cursor).

3 failed tests due to assertion errors in virtual machine provisioning steps: previous errors must be addressed from Ubuntu_20_amd64.log.

DataDog/system-tests | Ubuntu_23_10_arm64.CON: [test-app-java-alpine]     

🔧 Fix in code (Fix with Cursor).

AssertionError: There are previous errors in the virtual machine provisioning steps.

View all 108 failed jobs.

ℹ️ Info

No other issues found (see more)

❄️ No new flaky tests detected

Useful? React with 👍 / 👎

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: b2aa852 | Docs | Datadog PR Page | Give us feedback!}

[cbeauchesne]

Could you run a test PR on dd-trace-js to be sure it's working. I'd be more confortable since some repo are using direclty system-tests main branch without any pin

[rochdev]

@cbeauchesne DataDog/dd-trace-js#8744

[cbeauchesne]

side question, are those images reachable from azure / gitlab ?

[rochdev]

side question, are those images reachable from azure / gitlab ?

Yes but that requires authentication. In that sense it's no different than Docker Hub (they have a deal with GitHub but otherwise require authentication elsewhere)

[cbeauchesne]

Well, then there are two solutions :

• either check with dd-trace-php and dd-trace-dotnet to see if they can authenticate their CI to github
• or else we won't be able to use GHCR, but we can do the same and publish it to docker hub. It's already heavily used so it won't change the stability rate.