Merge branch 'master' into andrea.marziali/test-union

Author: amarziali

.editorconfig

@@ -7,17 +7,54 @@ end_of_line=lf
 insert_final_newline=true
 indent_style=space
 indent_size=2
-
-[*.json]
-indent_style=space
-indent_size=2
+ij_continuation_indent_size=4
 
 [*.java]
-indent_style=space
-indent_size=2
-continuation_indent_size=4
+ij_java_class_count_to_use_import_on_demand = 99
+ij_java_insert_inner_class_imports = false
+ij_java_imports_layout = |,$*,|,*,|
+ij_java_layout_on_demand_import_from_same_package_first = true
+ij_java_layout_static_imports_separately = true
+ij_java_names_count_to_use_import_on_demand = 99
+ij_java_packages_to_use_import_on_demand = java.awt.*,javax.swing.*
+
+
+ij_java_block_comment_add_space = false
+ij_java_block_comment_at_first_column = false
+ij_java_line_comment_add_space = true
+ij_java_line_comment_add_space_on_reformat = false
+ij_java_line_comment_at_first_column = false
+
+
+[{*.groovy,*.gradle}]
+ij_groovy_class_count_to_use_import_on_demand = 99
+ij_groovy_imports_layout = $*,|,*,|
+ij_groovy_names_count_to_use_import_on_demand = 99
+ij_groovy_packages_to_use_import_on_demand = java.awt.*,javax.swing.*
+
+ij_groovy_block_comment_add_space = false
+ij_groovy_block_comment_at_first_column = false
+ij_groovy_line_comment_add_space = true
+ij_groovy_line_comment_add_space_on_reformat = false
+ij_groovy_line_comment_at_first_column = false
+
+[{*.kt,*.kts}]
+ij_kotlin_import_nested_classes = false
+ij_kotlin_imports_layout = *,java.**,javax.**,kotlin.**,^
+
+ij_kotlin_name_count_to_use_star_import = 99
+ij_kotlin_name_count_to_use_star_import_for_members = 99
+ij_kotlin_packages_to_use_import_on_demand = kotlinx.android.synthetic.**,io.ktor.**
+
+ij_kotlin_block_comment_add_space = false
+ij_kotlin_block_comment_at_first_column = false
+ij_kotlin_line_comment_add_space = true
+ij_kotlin_line_comment_add_space_on_reformat = false
+ij_kotlin_line_comment_at_first_column = false
+
 
 [{*.yml,*.yaml}]
-indent_style=space
-indent_size=2
+ij_yaml_line_comment_add_space = true
+ij_yaml_line_comment_add_space_on_reformat = false
+ij_yaml_line_comment_at_first_column = false
 

.github/CODEOWNERS

@@ -115,6 +115,10 @@
 **/datastreams/                                                              @DataDog/data-streams-monitoring
 **/DataStreams*                                                              @DataDog/data-streams-monitoring
 
+# @DataDog/feature-flagging-and-experimentation-sdk
+/dd-smoke-tests/openfeature/                                    @DataDog/feature-flagging-and-experimentation-sdk
+/products/feature-flagging/                                     @DataDog/feature-flagging-and-experimentation-sdk
+
 # @DataDog/profiling-java
 /dd-java-agent/agent-profiling/                                                             @DataDog/profiling-java
 /dd-java-agent/agent-crashtracking/                                                         @DataDog/profiling-java

.github/chainguard/self.add-release-to-cloudfoundry.sts.yaml

@@ -36,6 +36,14 @@ _Action:_ Check the pull request did not introduce unexpected label.
 
 _Recovery:_ Update the pull request or add a comment to trigger the action again.
 
+### create-release-branch [🔗](create-release-branch.yaml)
+
+_Trigger:_ When a git tag matching the pattern "vM.N.0" is pushed (e.g. for a minor release).
+
+_Action:_ Create a release branch that corresponds to the pushed tag (e.g. "release/vM.N.x").
+
+_Recovery:_ Manually create the branch from the "vM.N.0" git tag.
+
 ### draft-release-notes-on-tag [🔗](draft-release-notes-on-tag.yaml)
 
 _Trigger:_ When creating a tag, or manually (providing a tag)
@@ -61,6 +69,15 @@ _Recovery:_ Manually [close the related milestone and create a new one](https://
 
 _Notes:_ This action will not apply to release candidate versions using `-RC` tags.
 
+### prune-old-pull-requests [🔗](prune-old-pull-requests.yaml)
+
+_Trigger:_ Every month or manually.
+
+_Action:_ Mark as stale and comment on pull requests with no update during the last quarter.
+Close them if no following update within a week.
+
+_Recovery:_ Manually trigger the action again.
+
 ### update-docker-build-image [🔗](update-docker-build-image.yaml)
 
 _Trigger:_ Quarterly released, loosely [a day after the new image tag is created](https://github.com/DataDog/dd-trace-java-docker-build/blob/master/.github/workflows/docker-tag.yml).
@@ -93,25 +110,15 @@ _Action:_
 
 _Recovery:_ Check at the milestone for the related issues and update them manually.
 
-
-### prune-old-pull-requests [🔗](prune-old-pull-requests.yaml)
-
-_Trigger:_ Every month or manually.
-
-_Action:_ Mark as stale and comment on pull requests with no update during the last quarter.
-Close them if no following update within a week.
-
-_Recovery:_ Manually trigger the action again.
-
 ## Code Quality and Security
 
 ### analyze-changes [🔗](analyze-changes.yaml)
 
-_Trigger:_ When pushing commits to `master`.
+_Trigger:_ Every day or manually.
 
 _Action:_
 
-* Run [GitHub CodeQL](https://codeql.github.com/) action, upload result to GitHub security tab -- do not apply to pull request, only when pushing to `master`,
+* Run [GitHub CodeQL](https://codeql.github.com/) action, upload result to GitHub security tab -- do not apply to pull request, only to `master`,
 * Run [Trivy security scanner](https://github.com/aquasecurity/trivy) on built artifacts and upload result to GitHub security tab and Datadog Code Analysis.
 
 _Notes:_ Results are sent on both production and staging environments.
@@ -122,14 +129,6 @@ _Trigger:_ When creating a PR commits to `master` or a `release/*` branch with a
 
 _Action:_ Notify the PR author through comments that about the Git Submodule update.
 
-### update-gradle-dependencies [🔗](update-gradle-dependencies.yaml)
-
-_Trigger:_ Every week or manually.
-
-_Action:_ Create a PR updating the Grade dependencies and their locking files.
-
-_Recovery:_ Manually trigger the action again.
-
 ### run-system-tests [🔗](run-system-tests.yaml)
 
 _Trigger:_ When pushing commits to `master` or manually.
@@ -138,6 +137,14 @@ _Action:_ Build the Java Client Library and runs [the system tests](https://gith
 
 _Recovery:_ Manually trigger the action on the desired branch.
 
+### update-gradle-dependencies [🔗](update-gradle-dependencies.yaml)
+
+_Trigger:_ Every week or manually.
+
+_Action:_ Create a PR updating the Grade dependencies and their locking files.
+
+_Recovery:_ Manually trigger the action again.
+
 ### update-jmxfetch-submodule [🔗](update-jmxfetch-submodule.yaml)
 
 _Trigger:_ Monthly or manually

.github/workflows/README.md

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout "cloudfoundry" branch
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
         with:
           ref: cloudfoundry
       - name: Get release version
@@ -42,11 +42,24 @@ jobs:
       - name: Append release to Cloud Foundry repository
         run: |
           echo "${{ steps.get-release-version.outputs.VERSION }}: ${{ steps.get-release-url.outputs.URL }}" >> index.yml
-      - name: Commit and push changes
-        uses: planetscale/ghcommit-action@f24050e41f8694750427d111b52f4ef9ca81a32d # v0.2.18
+      - name: Commit changes
+        id: create-commit
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+          if [[ -z "$(git status -s)" ]]; then
+            echo "No changes to commit, exiting."
+            exit 0;
+          fi
+
+          git add --all
+          git commit -m "chore: Add version ${{ steps.get-release-version.outputs.VERSION }} to Cloud Foundry"
+          echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+      - name: Push changes
+        uses: DataDog/commit-headless@5a0f3876e0fbdd3a86b3e008acf4ec562db59eee # action/v2.0.1
+        if: ${{ steps.create-commit.outputs.commit != '' }}
         with:
-          commit_message: "chore: Add version ${{ steps.get-release-version.outputs.VERSION }} to Cloud Foundry"
-          repo: ${{ github.repository }}
           branch: cloudfoundry
-        env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+          command: push
+          commits: "${{ steps.create-commit.outputs.commit }}"

.github/workflows/add-release-to-cloudfoundry.yaml

@@ -1,13 +1,9 @@
 name: Analyze changes
 
 on:
-  push:
-    branches: [ master ]
-
-# Cancel long-running jobs when a new commit is pushed
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  schedule:
+    - cron: "0 20 * * *"
+  workflow_dispatch:
 
 jobs:
   codeql:
@@ -20,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
         with:
           submodules: 'recursive'
       - name: Cache Gradle dependencies
@@ -34,7 +30,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+        uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -53,7 +49,7 @@ jobs:
             --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+        uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
 
   trivy:
     name: Analyze changes with Trivy
@@ -65,7 +61,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
         with:
           submodules: 'recursive'
 
@@ -118,7 +114,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5
+        uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/analyze-changes.yaml

@@ -45,7 +45,7 @@ jobs:
               repo: context.repo.repo
             })
             const commentMarker = '<!-- dd-trace-java-check-pr-labels-workflow -->'
-            const blockingComment = comments.data.find(comment => comment.body.includes(commentMarker))
+            let blockingComment = comments.data.find(comment => comment.body.includes(commentMarker))
             // Create or update blocking comment if there are invalid labels
             if (hasInvalidLabels) {
               const commentBody = '**PR Blocked - Invalid Label**\n\n' +

.github/workflows/check-pull-request-labels.yaml

@@ -0,0 +1,61 @@
+name: Create Release Branch
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.0' # Trigger on minor release tags (e.g. v1.54.0)
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'The minor release tag (e.g. v1.54.0)'
+        required: true
+        type: string
+
+jobs:
+  create-release-branch:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # Allow pushing the release branch
+    steps:
+      - name: Determine tag
+        id: determine-tag
+        run: |
+          if [ -n "${{ github.event.inputs.tag }}" ]; then
+            TAG=${{ github.event.inputs.tag }}
+          else
+            TAG=${GITHUB_REF#refs/tags/}
+          fi
+          if ! [[ "$TAG" =~ ^v[0-9]+\.[0-9]+\.0$ ]]; then
+            echo "Error: Tag $TAG is not in the expected format: vX.Y.0"
+            exit 1
+          fi
+          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
+
+      - name: Define branch name from tag
+        id: define-branch
+        run: |
+          TAG=${{ steps.determine-tag.outputs.tag }}
+          echo "branch=release/${TAG%.0}.x" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout dd-trace-java at tag
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
+        with:
+          ref: ${{ steps.determine-tag.outputs.tag }}
+
+      - name: Check if branch already exists
+        id: check-branch
+        run: |
+          BRANCH=${{ steps.define-branch.outputs.branch }}
+          if git ls-remote --heads origin "$BRANCH" | grep -q "$BRANCH"; then
+            echo "creating_new_branch=false" >> "$GITHUB_OUTPUT"
+            echo "Branch $BRANCH already exists - skipping creation"
+          else
+            echo "creating_new_branch=true" >> "$GITHUB_OUTPUT"
+            echo "Branch $BRANCH does not exist - creating it now"
+          fi
+
+      - name: Create and push release branch
+        if: steps.check-branch.outputs.creating_new_branch == 'true'
+        run: |
+          git checkout -b "${{ steps.define-branch.outputs.branch }}"
+          git push -u origin "${{ steps.define-branch.outputs.branch }}"

.github/workflows/create-release-branch.yaml

@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
     steps:
     - name: Prune old pull requests
-      uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
+      uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
       with:
         days-before-stale: -1 # Disable general stale bot
         days-before-pr-stale: 90 # Only enable stale bot for PRs with no activity for 90 days