[python] Use local folder for "dev"

.github/workflows/ci.yml

@@ -53,6 +53,9 @@ jobs:
     uses: ./.github/workflows/compute-impacted-libraries.yml
 
   get_dev_artifacts:
+    # WARNING : never include something secret inside this job, as
+    # the result of it will be stored in a public artifact
+    # For instance, do not use GH_TOKEN here
     needs:
     - impacted_libraries
     strategy:
@@ -78,18 +81,12 @@ jobs:
       - name: Get agent artifact
         run: ./utils/scripts/load-binary.sh agent
 
-      # ### appsec-event-rules is now a private repo. The GH_TOKEN provided can't read private repos.
-      # ### skipping this, waiting for a proper solution
-      # - name: Load WAF rules
-      #   if: matrix.version == 'dev'
-      #   run: ./utils/scripts/load-binary.sh waf_rule_set
-      #   env:
-      #     GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
           name: binaries_dev_${{ matrix.library }}
           path: binaries/
+          include-hidden-files: ${{ matrix.library == 'python' }}
 
   fail-if-target-branch:
     name: Fail if target branch is specified

utils/scripts/load-binary.sh

@@ -186,8 +186,14 @@ elif [ "$TARGET" = "python" ]; then
     assert_version_is_dev
 
     TARGET_BRANCH="${TARGET_BRANCH:-main}"
-    echo "git+https://github.com/DataDog/dd-trace-py.git@$TARGET_BRANCH" > python-load-from-pip
-    echo "Using $(cat python-load-from-pip)"
+    rm -rf dd-trace-py/
+    git clone --depth 1 --branch $TARGET_BRANCH https://github.com/DataDog/dd-trace-py.git
+    # NB this is necessary to keep the checkout out of detached HEAD state, which setuptools_scm requires for
+    # proper version guessing
+    cd dd-trace-py
+    git checkout --detach
+    echo "Checking out the ref"
+    git log -1 --format=%H
 
 elif [ "$TARGET" = "ruby" ]; then
     assert_version_is_dev