Merge branch 'main' into xray-header-from-context-support-latest-adot

jj22ee · web-flow · commit d63472e6bd8f · 2025-09-16T17:07:18.000-07:00
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -50,7 +50,7 @@ jobs:
         gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
         gpg_password: ${{ secrets.GPG_PASSPHRASE }}
         
-    - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+    - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
     - name: Manually build to avoid autobuild failures
       uses: gradle/gradle-build-action@v3
diff --git a/.github/workflows/docker-build-corretto-slim.yml b/.github/workflows/docker-build-corretto-slim.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
diff --git a/.github/workflows/docker-build-smoke-tests-fake-backend.yml b/.github/workflows/docker-build-smoke-tests-fake-backend.yml
@@ -38,7 +38,7 @@ jobs:
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg_password: ${{ secrets.GPG_PASSPHRASE }}
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml
@@ -51,7 +51,7 @@ jobs:
           gpg_password: ${{ secrets.GPG_PASSPHRASE }}
 
       - name: Validate the checksums of Gradle Wrapper
-        uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+        uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml
@@ -39,7 +39,7 @@ jobs:
         with:
           path: ~/.pnpm-store
           key: ${{ runner.os }}-test-cache-pnpm-modules
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
       - uses: ./.github/actions/patch-dependencies
         with:
           run_tests: "true"
@@ -76,7 +76,7 @@ jobs:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg_password: ${{ secrets.GPG_PASSPHRASE }}
 
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -196,7 +196,7 @@ jobs:
         with:
           java-version: 23
           distribution: 'temurin'
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
diff --git a/.github/workflows/nightly-upstream-snapshot-build.yml b/.github/workflows/nightly-upstream-snapshot-build.yml
@@ -46,7 +46,7 @@ jobs:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg_password: ${{ secrets.GPG_PASSPHRASE }}
 
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -136,7 +136,7 @@ jobs:
         with:
           java-version: 23
           distribution: 'temurin'
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
diff --git a/.github/workflows/post-release-version-bump.yml b/.github/workflows/post-release-version-bump.yml
@@ -6,6 +6,10 @@ on:
       version:
         description: 'Version number (e.g., 1.0.1)'
         required: true
+    is_patch:
+        description: 'Is this a patch? (true or false)'
+        required: true
+        default: 'false'
 
 env:
   AWS_DEFAULT_REGION: us-east-1
@@ -100,8 +104,20 @@ jobs:
           sed -i'' -e "s/val adotVersion = \".*\"/val adotVersion = \"${DEV_VERSION}\"/" version.gradle.kts
           VERSION="${{ github.event.inputs.version }}"
           sed -i'' -e 's/adot-autoinstrumentation-java:v2.*"/adot-autoinstrumentation-java:v'$VERSION'"/' .github/workflows/daily-scan.yml
+
+          # for patch releases, avoid merge conflict by manually resolving CHANGELOG with main
+          if [[ "${{ github.event.inputs.is_patch }}" == "true" ]]; then
+            # Copy the patch release entries
+            sed -n "/^## v${VERSION}/,/^## v[0-9]/p" CHANGELOG.md | sed '$d' > /tmp/patch_release_section.txt
+            git fetch origin main
+            git show origin/main:CHANGELOG.md > CHANGELOG.md
+            # Insert the patch release entries after Unreleased
+            awk -i inplace '/^## v[0-9]/ && !inserted { system("cat /tmp/patch_release_section.txt"); inserted=1 } {print}' CHANGELOG.md
+          fi
+
           git add version.gradle.kts
           git add .github/workflows/daily-scan.yml
+          git add CHANGELOG.md
           git commit -m "Prepare main for next development cycle: Update version to $DEV_VERSION"
           git push --set-upstream origin "prepare-main-for-next-dev-cycle-${VERSION}"
 
@@ -117,4 +133,14 @@ jobs:
           
           By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice." \
                        --head prepare-main-for-next-dev-cycle-${VERSION} \
-                       --base main
+                       --base main
+
+      - name: Force our CHANGELOG to override merge conflicts
+        run: |
+          git merge origin/main || true
+          git checkout --ours CHANGELOG.md
+          git add CHANGELOG.md
+          if ! git diff --quiet --cached; then
+            git commit -m "Force our CHANGELOG to override merge conflicts"
+            git push origin "prepare-main-for-next-dev-cycle-${VERSION}"
+          fi
diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -1,13 +1,55 @@
 name: PR Build
 on:
   pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - labeled
+      - unlabeled
     branches:
       - main
       - "release/v*"
 env:
   TEST_TAG: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:test-v2
 
 jobs:
+  changelog-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          
+      - name: Check CHANGELOG
+        run: |
+          # Check if PR is from workflows bot or dependabot
+          if [[ "${{ github.event.pull_request.user.login }}" == "aws-application-signals-bot" ]]; then
+            echo "Skipping check: PR from aws-application-signals-bot"
+            exit 0
+          fi
+          
+          if [[ "${{ github.event.pull_request.user.login }}" == "dependabot[bot]" ]]; then
+            echo "Skipping check: PR from dependabot"
+            exit 0
+          fi
+          
+          # Check for skip changelog label
+          if echo '${{ toJSON(github.event.pull_request.labels.*.name) }}' | jq -r '.[]' | grep -q "skip changelog"; then
+            echo "Skipping check: skip changelog label found"
+            exit 0
+          fi
+          
+          # Fetch base branch and check for CHANGELOG modifications
+          git fetch origin ${{ github.base_ref }}
+          if git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -q "CHANGELOG.md"; then
+            echo "CHANGELOG.md entry found - check passed"
+            exit 0
+          fi
+          
+          echo "It looks like you didn't add an entry to CHANGELOG.md. If this change affects the SDK behavior, please update CHANGELOG.md and link this PR in your entry. If this PR does not need a CHANGELOG entry, you can add the 'Skip Changelog' label to this PR."
+          exit 1
+
   testpatch:
     name: Test patches applied to dependencies
     runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core
@@ -31,7 +73,7 @@ jobs:
           path: ~/.pnpm-store
           key: ${{ runner.os }}-test-cache-pnpm-modules
 
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - uses: ./.github/actions/patch-dependencies
         with:
@@ -61,7 +103,7 @@ jobs:
           java-version-file: .java-version
           distribution: temurin
 
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
         # Cleanup directories before proceeding with setup
       - name: Clean up old installations
diff --git a/.github/workflows/pre-release-prepare.yml b/.github/workflows/pre-release-prepare.yml
@@ -94,6 +94,14 @@ jobs:
           git commit -am "Update version to ${VERSION}"
           git push origin "v${VERSION}_release"
 
+      - name: Update CHANGELOG for release
+        if: github.event.inputs.is_patch != 'true'
+        run: |
+          sed -i "s/## Unreleased/## Unreleased\n\n## v${VERSION} - $(date +%Y-%m-%d)/" CHANGELOG.md
+          git add CHANGELOG.md
+          git commit -m "Update CHANGELOG for version ${VERSION}"
+          git push origin "v${VERSION}_release"
+
       - name: Create pull request against the release branch
         env:
           GITHUB_TOKEN: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }}
diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
@@ -47,7 +47,7 @@ jobs:
         with:
           java-version-file: .java-version
           distribution: 'temurin'
-      - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2
+      - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - name: Publish patched dependencies to maven local
         uses: ./.github/actions/patch-dependencies
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,14 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+> **Note:** This CHANGELOG was created starting after version 2.11.5. Earlier changes are not documented here.
+
+For any change that affects end users of this package, please add an entry under the **Unreleased** section. Briefly summarize the change and provide the link to the PR. Example:
+
+- add SigV4 authentication for HTTP exporter
+  ([#1019](https://github.com/aws-observability/aws-otel-java-instrumentation/pull/1019))
+
+If your change does not need a CHANGELOG entry, add the "skip changelog" label to your PR.
+
+## Unreleased
diff --git a/tools/cp-utility/Cargo.lock b/tools/cp-utility/Cargo.lock
diff --git a/tools/cp-utility/Cargo.toml b/tools/cp-utility/Cargo.toml
@@ -10,7 +10,7 @@ edition = "2021"
 
 [dev-dependencies]
 # dependencies only used during tests
-tempfile = "3.21.0"
+tempfile = "3.22.0"
 uuid = { version = "1.18.0", features = ["v4", "fast-rng"] }
 
 [profile.release]
