add CHANGELOG.md (#1187)

*Issue #, if available:*

*Description of changes:*
Add CHANGELOG.md to track future features and fixes made to ADOT.

Updated pr-build.yml workflow to check that CHANGELOG.md has been
updated for all changes that affect SDK behavior.

Updated pre-release-prepare.yml workflow to update CHANGELOG in both
release series branch, moving the Unreleased changes under a header for
the new release version. Updated post-release-version-bump.yml to merge
CHANGELOG back into main, resolving any conflicts.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

Author: ezhang6811

.github/workflows/post-release-version-bump.yml

@@ -0,0 +1,146 @@
+name: Post Release - Prepare Main for Next Development Cycle
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version number (e.g., 1.0.1)'
+        required: true
+    is_patch:
+        description: 'Is this a patch? (true or false)'
+        required: true
+        default: 'false'
+
+env:
+  AWS_DEFAULT_REGION: us-east-1
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+
+jobs:
+  check-version:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout main
+        uses: actions/checkout@v2
+        with:
+          ref: main
+          fetch-depth: 0
+
+      - name: Extract Major.Minor Version and setup Env variable
+        run: |
+          echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
+          echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
+
+      - name: Get current major.minor version from main branch
+        id: get_version
+        run: |
+          CURRENT_VERSION=$(grep '__version__' aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py | sed -E 's/__version__ = "([0-9]+\.[0-9]+)\.[0-9]+.*"/\1/')
+          echo "CURRENT_MAJOR_MINOR_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
+
+      - name: Set major and minor for current version
+        run: |
+          echo "CURRENT_MAJOR=$(echo $CURRENT_MAJOR_MINOR_VERSION | cut -d. -f1)" >> $GITHUB_ENV
+          echo "CURRENT_MINOR=$(echo $CURRENT_MAJOR_MINOR_VERSION | cut -d. -f2)" >> $GITHUB_ENV
+
+      - name: Set major and minor for input version
+        run: |
+          echo "INPUT_MAJOR=$(echo $MAJOR_MINOR | cut -d. -f1)" >> $GITHUB_ENV
+          echo "INPUT_MINOR=$(echo $MAJOR_MINOR | cut -d. -f2)" >> $GITHUB_ENV
+
+      - name: Compare major.minor version and skip if behind
+        run: |
+          if [ "$CURRENT_MAJOR" -gt "$INPUT_MAJOR" ] || { [ "$CURRENT_MAJOR" -eq "$INPUT_MAJOR" ] && [ "$CURRENT_MINOR" -gt "$INPUT_MINOR" ]; }; then
+            echo "Input version is behind main's current major.minor version, don't need to update major version"
+            exit 1
+          fi
+  
+
+  prepare-main:
+    runs-on: ubuntu-latest
+    needs: check-version
+    steps:
+      - name: Configure AWS credentials for BOT secrets
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRETS_MANAGER }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+
+      - name: Get Bot secrets
+        uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        id: bot_secrets
+        with:
+          secret-ids: |
+            BOT_TOKEN ,${{ secrets.BOT_TOKEN_SECRET_ARN }}
+          parse-json-secrets: true
+
+      - name: Setup Git
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          token: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }}
+
+      - name: Configure Git
+        run: |
+          git config user.name "github-actions"
+          git config user.email "[email protected]"
+
+      - name: Extract Major.Minor Version and setup Env variable
+        run: |
+          echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
+          echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
+
+      - name: Determine release branch and checkout
+        run: |
+          RELEASE_BRANCH="release/v${MAJOR_MINOR}.x"
+          git fetch origin $RELEASE_BRANCH
+          git checkout -b "prepare-main-for-next-dev-cycle-${VERSION}" origin/$RELEASE_BRANCH
+
+      - name: Update version to next development version in main
+        run: |
+          DEV_VERSION="${{ github.event.inputs.version }}.dev0"
+          sed -i'' -e "s/val adotVersion = \".*\"/val adotVersion = \"${DEV_VERSION}\"/" version.gradle.kts
+          VERSION="${{ github.event.inputs.version }}"
+          sed -i'' -e 's/adot-autoinstrumentation-java:v2.*"/adot-autoinstrumentation-java:v'$VERSION'"/' .github/workflows/daily-scan.yml
+
+          # for patch releases, avoid merge conflict by manually resolving CHANGELOG with main
+          if [[ "${{ github.event.inputs.is_patch }}" == "true" ]]; then
+            # Copy the patch release entries
+            sed -n "/^## v${VERSION}/,/^## v[0-9]/p" CHANGELOG.md | sed '$d' > /tmp/patch_release_section.txt
+            git fetch origin main
+            git show origin/main:CHANGELOG.md > CHANGELOG.md
+            # Insert the patch release entries after Unreleased
+            awk -i inplace '/^## v[0-9]/ && !inserted { system("cat /tmp/patch_release_section.txt"); inserted=1 } {print}' CHANGELOG.md
+          fi
+
+          git add version.gradle.kts
+          git add .github/workflows/daily-scan.yml
+          git add CHANGELOG.md
+          git commit -m "Prepare main for next development cycle: Update version to $DEV_VERSION"
+          git push --set-upstream origin "prepare-main-for-next-dev-cycle-${VERSION}"
+
+      - name: Create Pull Request to main
+        env:
+          GITHUB_TOKEN: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }}
+        run: |
+          DEV_VERSION="${{ github.event.inputs.version }}.dev0"
+          gh pr create --title "Post release $VERSION: Update version to $DEV_VERSION" \
+                       --body "This PR prepares the main branch for the next development cycle by updating the version to $DEV_VERSION and updating the image version to be scanned to the latest released.
+          
+          This PR should only be merge when release for version v$VERSION is success.
+          
+          By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice." \
+                       --head prepare-main-for-next-dev-cycle-${VERSION} \
+                       --base main
+
+      - name: Force our CHANGELOG to override merge conflicts
+        run: |
+          git merge origin/main || true
+          git checkout --ours CHANGELOG.md
+          git add CHANGELOG.md
+          if ! git diff --quiet --cached; then
+            git commit -m "Force our CHANGELOG to override merge conflicts"
+            git push origin "prepare-main-for-next-dev-cycle-${VERSION}"
+          fi

.github/workflows/pr-build.yml

@@ -1,13 +1,55 @@
 name: PR Build
 on:
   pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - labeled
+      - unlabeled
     branches:
       - main
       - "release/v*"
 env:
   TEST_TAG: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:test-v2
 
 jobs:
+  changelog-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          
+      - name: Check CHANGELOG
+        run: |
+          # Check if PR is from workflows bot or dependabot
+          if [[ "${{ github.event.pull_request.user.login }}" == "aws-application-signals-bot" ]]; then
+            echo "Skipping check: PR from aws-application-signals-bot"
+            exit 0
+          fi
+          
+          if [[ "${{ github.event.pull_request.user.login }}" == "dependabot[bot]" ]]; then
+            echo "Skipping check: PR from dependabot"
+            exit 0
+          fi
+          
+          # Check for skip changelog label
+          if echo '${{ toJSON(github.event.pull_request.labels.*.name) }}' | jq -r '.[]' | grep -q "skip changelog"; then
+            echo "Skipping check: skip changelog label found"
+            exit 0
+          fi
+          
+          # Fetch base branch and check for CHANGELOG modifications
+          git fetch origin ${{ github.base_ref }}
+          if git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -q "CHANGELOG.md"; then
+            echo "CHANGELOG.md entry found - check passed"
+            exit 0
+          fi
+          
+          echo "It looks like you didn't add an entry to CHANGELOG.md. If this change affects the SDK behavior, please update CHANGELOG.md and link this PR in your entry. If this PR does not need a CHANGELOG entry, you can add the 'Skip Changelog' label to this PR."
+          exit 1
+
   testpatch:
     name: Test patches applied to dependencies
     runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core

.github/workflows/pre-release-prepare.yml

@@ -0,0 +1,114 @@
+name: Pre Release Prepare - Update Version and Create PR
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version number (e.g., 1.0.1)'
+        required: true
+      is_patch:
+        description: 'Is this a patch? (true or false)'
+        required: true
+        default: 'false'
+
+env:
+  AWS_DEFAULT_REGION: us-east-1
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+
+jobs:
+  update-version-and-create-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS credentials for BOT secrets
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRETS_MANAGER }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+
+      - name: Get Bot secrets
+        uses: aws-actions/aws-secretsmanager-get-secrets@v1
+        id: bot_secrets
+        with:
+          secret-ids: |
+            BOT_TOKEN ,${{ secrets.BOT_TOKEN_SECRET_ARN }}
+          parse-json-secrets: true
+
+      - name: Checkout main branch
+        uses: actions/checkout@v3
+        with:
+          ref: 'main'
+          token: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }}
+
+      - name: Setup Git
+        run: |
+          git config user.name "github-actions"
+          git config user.email "[email protected]"
+
+      - name: Extract Major.Minor Version and setup Env variable
+        run: |
+          echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV
+          echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV
+
+      - name: Create branches
+        run: |
+          IS_PATCH=${{ github.event.inputs.is_patch }}
+          if [[ "$IS_PATCH" != "true" && "$IS_PATCH" != "false" ]]; then
+            echo "Invalid input for IS_PATCH. Must be 'true' or 'false'."
+            exit 1
+          fi
+          
+          
+          if git ls-remote --heads origin release/v${MAJOR_MINOR}.x | grep -q "release/v${MAJOR_MINOR}.x"; then
+            if [ "$IS_PATCH" = "true" ]; then
+              git fetch origin release/v${MAJOR_MINOR}.x
+              echo "Branch release/v${MAJOR_MINOR}.x already exists, checking out."
+              git checkout "release/v${MAJOR_MINOR}.x"
+            else 
+              echo "Error, release series branch release/v${MAJOR_MINOR}.x exist for non-patch release"
+              echo "Check your input or branch"
+              exit 1
+            fi
+          else
+            if [ "$IS_PATCH" = "true" ]; then
+              echo "Error, release series branch release/v${MAJOR_MINOR}.x NOT exist for patch release"
+              echo "Check your input or branch"
+              exit 1
+            else 
+              echo "Creating branch release/v${MAJOR_MINOR}.x."
+              git checkout -b "release/v${MAJOR_MINOR}.x"
+              git push origin "release/v${MAJOR_MINOR}.x"
+            fi
+          fi
+          
+          git checkout -b "v${VERSION}_release"
+          git push origin "v${VERSION}_release"
+
+      - name: Update version in file
+        run: |
+          sed -i'' -e "s/val adotVersion = \".*\"/val adotVersion = \"${VERSION}\"/" version.gradle.kts
+          git commit -am "Update version to ${VERSION}"
+          git push origin "v${VERSION}_release"
+
+      - name: Update CHANGELOG for release
+        if: github.event.inputs.is_patch != 'true'
+        run: |
+          sed -i "s/## Unreleased/## Unreleased\n\n## v${VERSION} - $(date +%Y-%m-%d)/" CHANGELOG.md
+          git add CHANGELOG.md
+          git commit -m "Update CHANGELOG for version ${VERSION}"
+          git push origin "v${VERSION}_release"
+
+      - name: Create pull request against the release branch
+        env:
+          GITHUB_TOKEN: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }}
+        run: |
+          gh pr create --title "Pre-release: Update version to ${VERSION}" \
+                       --body "This PR updates the version to ${VERSION}.
+          
+          By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice." \
+                       --head v${{ github.event.inputs.version }}_release \
+                       --base release/v${MAJOR_MINOR}.x

CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+> **Note:** This CHANGELOG was created starting after version 2.11.5. Earlier changes are not documented here.
+
+For any change that affects end users of this package, please add an entry under the **Unreleased** section. Briefly summarize the change and provide the link to the PR. Example:
+
+- add SigV4 authentication for HTTP exporter
+  ([#1019](https://github.com/aws-observability/aws-otel-java-instrumentation/pull/1019))
+
+If your change does not need a CHANGELOG entry, add the "skip changelog" label to your PR.
+
+## Unreleased