aws-observability
diff --git a/‎.github/actions/cpUtility-testing/action.yml‎
Lines changed: 6 additions & 6 deletions b/‎.github/actions/cpUtility-testing/action.yml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/actions/patch-dependencies/action.yml‎
Lines changed: 24 additions & 18 deletions b/‎.github/actions/patch-dependencies/action.yml‎
Lines changed: 24 additions & 18 deletions
diff --git a/‎.github/workflows/main-build.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/main-build.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/nightly-upstream-snapshot-build.yml‎
Lines changed: 17 additions & 15 deletions b/‎.github/workflows/nightly-upstream-snapshot-build.yml‎
Lines changed: 17 additions & 15 deletions
diff --git a/‎.github/workflows/patch-release-build.yml‎
Lines changed: 19 additions & 17 deletions b/‎.github/workflows/patch-release-build.yml‎
Lines changed: 19 additions & 17 deletions
diff --git a/‎.github/workflows/post-release-version-bump.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/post-release-version-bump.yml‎
Lines changed: 4 additions & 4 deletions
@@ -25,28 +25,28 @@ runs:
   using: "composite"
   steps:
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1
       with:
         driver-opts: image=moby/buildkit:v0.15.1
 
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@v4
+      uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
       with:
         role-to-assume: ${{ inputs.snapshot-ecr-role }}
         aws-region: ${{ inputs.aws-region }}
 
     - name: Login to private staging ecr
-      uses: docker/login-action@v3
+      uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
       with:
         registry: ${{ inputs.image_registry }}
       env:
         AWS_REGION: ${{ inputs.aws-region }}
 
     - name: Build image for testing
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
       with:
         push: false
         build-args: "ADOT_JAVA_VERSION=${{ inputs.adot-java-version }}"
@@ -60,7 +60,7 @@ runs:
       run: .github/scripts/test-adot-javaagent-image.sh "${{ inputs.image_uri_with_tag }}" "${{ inputs.adot-java-version }}"
 
     - name: Build and push image
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
       with:
         push: true
         build-args: "ADOT_JAVA_VERSION=${{ inputs.adot-java-version }}"
 
@@ -60,38 +60,44 @@ runs:
               env.patch_otel_java_contrib == 'true' }}
       shell: bash
 
-    - name: Build opentelemetry-java with tests
-      uses: gradle/gradle-build-action@v2
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3
       if: ${{ env.patch_otel_java == 'true' && inputs.run_tests != 'false' }}
-      with:
-        arguments: build publishToMavenLocal
-        build-root-directory: opentelemetry-java
+     
+    - name: Build opentelemetry-java with tests
+      build-root-directory: opentelemetry-java
+      run: ./gradlew build publishToMavenLocal
 
-    - name: Build opentelemetry-java
-      uses: gradle/gradle-build-action@v2
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3
       if: ${{ env.patch_otel_java == 'true' && inputs.run_tests == 'false' }}
-      with:
-        arguments: publishToMavenLocal
-        build-root-directory: opentelemetry-java
+      
+    - name: Build opentelemetry-java
+      uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3
+      if: ${{ env.patch_otel_java == 'true' && inputs.run_tests == 'false' }}working-directory opentelemetry-java
+
+      run: ./gradlew publishToMavenLocal
 
     - name: cleanup opentelemetry-java
       run: rm -rf opentelemetry-java
       if: ${{ env.patch_otel_java == 'true' }}
       shell: bash
 
     - name: Build opentelemetry-java-contrib with tests
-      uses: gradle/gradle-build-action@v2
+      uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3
       if: ${{ env.patch_otel_java_contrib == 'true' && inputs.run_tests != 'false' }}
-      with:
-        arguments: build publishToMavenLocal
-        build-root-directory: opentelemetry-java-contrib
+    
+    - name: Build opentelemetry-java-contrib without tests
+      build-root-directory: opentelemetry-java-contrib
+      run: ./gradlew build publishToMavenLocal
 
     - name: Build opentelemetry-java-contrib
-      uses: gradle/gradle-build-action@v2
+      uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3
       if: ${{ env.patch_otel_java_contrib == 'true' && inputs.run_tests == 'false' }}
-      with:
-        arguments: publishToMavenLocal
-        build-root-directory: opentelemetry-java-contrib
+
+    - name: Build opentelemetry-java-contrib
+      build-root-directory: opentelemetry-java-contrib
+      run: ./gradlew build publishToMavenLocal
 
     - name: cleanup opentelemetry-java-contrib
       run: rm -rf opentelemetry-java-contrib
 
@@ -226,7 +226,7 @@ jobs:
         uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3
 
       - name: Build snapshot with Gradle
-        run: contractTests -PlocalDocker=true
+        run: ./gradlew contractTests -PlocalDocker=true
 
   application-signals-lambda-layer-build:
     runs-on: ubuntu-latest
 
@@ -23,7 +23,7 @@ jobs:
       image_name: ${{ steps.imageOutput.outputs.imageName }}
 
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
 
@@ -34,7 +34,7 @@ jobs:
 
         # cache local patch outputs
       - name: Cache local Maven repository
-        uses: actions/cache@v3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ~/.m2/repository/io/opentelemetry/
@@ -49,20 +49,21 @@ jobs:
       - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
         with:
           role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
 
       - name: Log in to AWS ECR
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
         with:
           registry: public.ecr.aws
 
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
+      
       - name: Build snapshot with Gradle
-        uses: gradle/gradle-build-action@v3
-        with:
-          arguments: build --stacktrace -PenableCoverage=true -PtestUpstreamSnapshots=true
+        run: ./gradlew build --stacktrace -PenableCoverage=true -PtestUpstreamSnapshots=true
         env:
           PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }}
           PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }}
@@ -95,7 +96,7 @@ jobs:
           snapshot-ecr-role: ${{ secrets.JAVA_INSTRUMENTATION_SNAPSHOT_ECR }}
 
       - name: Upload to GitHub Actions
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
         with:
           name: aws-opentelemetry-agent.jar
           path: otelagent/build/libs/aws-opentelemetry-agent-*.jar
@@ -129,7 +130,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: build
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
       - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
@@ -139,23 +140,24 @@ jobs:
       - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
         with:
           role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
 
       - name: Log in to AWS ECR
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
         with:
           registry: public.ecr.aws
 
       - name: Pull base image of Contract Tests Sample Apps
         run: docker pull public.ecr.aws/docker/library/amazoncorretto:23-alpine
 
-      - name: Build snapshot with Gradle
-        uses: gradle/gradle-build-action@v3
-        with:
-          arguments: contractTests -PtestUpstreamSnapshots=true -PlocalDocker=true
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3
+
+      - name: Build snapshot with Gradle  
+        run: ./gradlew contractTests -PtestUpstreamSnapshots=true -PlocalDocker=true
 
   # AppSignals specific e2e tests
   appsignals-e2e-test:
 
@@ -37,14 +37,14 @@ jobs:
         name: Check out release branch
         # Will fail if there is no release branch yet or succeed otherwise
         continue-on-error: true
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           ref: ${{ steps.parse-release-branch.outputs.release-branch-name }}
       - id: checkout-release-tag
         name: Check out release tag
         # If there is already a release branch, the previous step succeeds and we don't run this or the next one.
         if: ${{ steps.checkout-release-branch.outcome == 'failure' }}
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           ref: ${{ steps.parse-release-branch.outputs.release-tag-name }}
       - name: Create release branch
@@ -57,7 +57,7 @@ jobs:
     needs: prepare-release-branch
     steps:
       - name: Checkout release branch
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           ref: ${{ needs.prepare-release-branch.outputs.release-branch-name }}
 
@@ -66,12 +66,12 @@ jobs:
           java-version-file: .java-version
           distribution: 'temurin'
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
         with:
           role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
       - name: Log in to AWS ECR
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
         with:
           registry: public.ecr.aws
 
@@ -89,32 +89,33 @@ jobs:
               echo $word | sed 's/ *$//g' | sed 's/^ *//g' | git cherry-pick --stdin
           done
 
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3
+
       - name: Build release with Gradle
-        uses: gradle/gradle-build-action@v3
-        with:
-          arguments: build integrationTests -PlocalDocker=true -Prelease.version=${{ github.event.inputs.version }} --stacktrace
+        run: ./gradlew build integrationTests -PlocalDocker=true -Prelease.version=${{ github.event.inputs.version }} --stacktrace
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
         with:
           role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
 
       - name: Log in to AWS ECR
-        uses: docker/login-action@v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
         with:
           registry: public.ecr.aws
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1
         with:
           driver-opts: image=moby/buildkit:v0.15.1
 
       - name: Build image for testing
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
         with:
           push: false
           build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}"
@@ -128,7 +129,7 @@ jobs:
         run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}"
 
       - name: Build and push image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
         with:
           push: true
           build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}"
@@ -137,10 +138,11 @@ jobs:
           tags: |
             public.ecr.aws/aws-observability/adot-autoinstrumentation-java:v${{ github.event.inputs.version }}
 
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3
+
       - name: Build and Publish release with Gradle
-        uses: gradle/gradle-build-action@v3
-        with:
-          arguments: build final closeAndReleaseSonatypeStagingRepository -Prelease.version=${{ github.event.inputs.version }} --stacktrace
+        run: ./gradlew build final closeAndReleaseSonatypeStagingRepository -Prelease.version=${{ github.event.inputs.version }} --stacktrace
         env:
           PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }}
           PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }}
 
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout main
-        uses: actions/checkout@v2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           ref: main
           fetch-depth: 0
@@ -63,21 +63,21 @@ jobs:
     needs: check-version
     steps:
       - name: Configure AWS credentials for BOT secrets
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
         with:
           role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRETS_MANAGER }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
 
       - name: Get Bot secrets
-        uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10
         id: bot_secrets
         with:
           secret-ids: |
             BOT_TOKEN ,${{ secrets.BOT_TOKEN_SECRET_ARN }}
           parse-json-secrets: true
 
       - name: Setup Git
-        uses: actions/checkout@v2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           fetch-depth: 0
           token: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }}