Skip to content

Cherry-pick changes for v2.11.6 release #1248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 25 commits into from
Closed

Cherry-pick changes for v2.11.6 release #1248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
ef8a23a
Bump docker/build-push-action from 5 to 6 (#929)
dependabot[bot] Aug 12, 2025
d5d8889
Bump actions/download-artifact from 4 to 5 (#1136)
dependabot[bot] Aug 12, 2025
1a04668
Bump actions/setup-java from 3 to 4 (#1138)
dependabot[bot] Aug 12, 2025
14153aa
Bump codecov/codecov-action from 3 to 5 (#954)
dependabot[bot] Aug 12, 2025
798a3e6
Bump actions/checkout from 4 to 5 (#1143)
dependabot[bot] Aug 13, 2025
e995568
Bump aws-actions/aws-secretsmanager-get-secrets from 1 to 2 (#930)
dependabot[bot] Aug 13, 2025
52f4405
Bump burrunan/gradle-cache-action from 2 to 3 (#1153)
dependabot[bot] Aug 19, 2025
a868378
Add pre-release and post-release workflows (#1123)
ezhang6811 Sep 5, 2025
3f0ece7
Add main build validation for release workflow (#1125)
ezhang6811 Sep 5, 2025
715df21
Bump actions/setup-java from 4.7.1 to 5.0.0 (#1167)
dependabot[bot] Sep 8, 2025
918f05f
Bump actions/setup-go from 5 to 6 (#1182)
dependabot[bot] Sep 10, 2025
22a48a9
Bump gradle/actions from 4.4.2 to 4.4.3 (#1189)
dependabot[bot] Sep 16, 2025
9c7b228
add CHANGELOG.md (#1187)
ezhang6811 Sep 16, 2025
0c25131
update for 8/14 non-release workflow documents (#1193)
Miqueasher Sep 17, 2025
22fdff3
Revert "update for 8/14 non-release workflow documents (#1193)" (#1195)
Miqueasher Sep 17, 2025
fb1dc05
Reverting previous revert for 3p actions update (#1198)
Miqueasher Sep 18, 2025
2107713
Update main-build.yml (#1200)
Miqueasher Sep 19, 2025
c3aec08
feat: add self-validating workflow gate jobs (#1213)
thpierce Sep 23, 2025
47152b4
Update 3p actions from VID to CSHA (#1205)
Miqueasher Sep 23, 2025
298b414
feat: prevent versioned 3P GitHub actions in PR builds (#1212)
thpierce Sep 23, 2025
8b922b6
Update action.yml (#1220)
Miqueasher Sep 24, 2025
af94b77
fix cargo-audit version (#1245)
ezhang6811 Oct 24, 2025
d1e4a11
Support Trace Context extraction from Lambda Context object, and resp…
jj22ee Sep 20, 2025
aba62f3
Fix Trace Context extraction from Lambda Context object by bypassing …
jj22ee Sep 24, 2025
aaec1de
adapt patches (#1191) (#1218) into release/v2.11.x branch
jj22ee Oct 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/actions/cpUtility-testing/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,28 +25,28 @@ runs:
using: "composite"
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1
with:
driver-opts: image=moby/buildkit:v0.15.1

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
with:
role-to-assume: ${{ inputs.snapshot-ecr-role }}
aws-region: ${{ inputs.aws-region }}

- name: Login to private staging ecr
uses: docker/login-action@v3
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
with:
registry: ${{ inputs.image_registry }}
env:
AWS_REGION: ${{ inputs.aws-region }}

- name: Build image for testing
uses: docker/build-push-action@v5
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
with:
push: false
build-args: "ADOT_JAVA_VERSION=${{ inputs.adot-java-version }}"
Expand All @@ -60,7 +60,7 @@ runs:
run: .github/scripts/test-adot-javaagent-image.sh "${{ inputs.image_uri_with_tag }}" "${{ inputs.adot-java-version }}"

- name: Build and push image
uses: docker/build-push-action@v5
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0
with:
push: true
build-args: "ADOT_JAVA_VERSION=${{ inputs.adot-java-version }}"
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/image_scan/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ runs:
run: docker logout public.ecr.aws

- name: Run Trivy vulnerability scanner on image
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 #v0.33.1
with:
image-ref: ${{ inputs.image-ref }}
severity: ${{ inputs.severity }}
Expand Down
14 changes: 7 additions & 7 deletions .github/actions/patch-dependencies/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,14 +64,14 @@ runs:
shell: bash

- name: Build opentelemetry-java with tests
uses: gradle/gradle-build-action@v2
uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2
if: ${{ env.patch_otel_java == 'true' && inputs.run_tests != 'false' }}
with:
arguments: build publishToMavenLocal
build-root-directory: opentelemetry-java

- name: Build opentelemetry-java
uses: gradle/gradle-build-action@v2
uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2
if: ${{ env.patch_otel_java == 'true' && inputs.run_tests == 'false' }}
with:
arguments: publishToMavenLocal
Expand All @@ -83,14 +83,14 @@ runs:
shell: bash

- name: Build opentelemetry-java-contrib with tests
uses: gradle/gradle-build-action@v2
uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2
if: ${{ env.patch_otel_java_contrib == 'true' && inputs.run_tests != 'false' }}
with:
arguments: build publishToMavenLocal
build-root-directory: opentelemetry-java-contrib

- name: Build opentelemetry-java-contrib
uses: gradle/gradle-build-action@v2
uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2
if: ${{ env.patch_otel_java_contrib == 'true' && inputs.run_tests == 'false' }}
with:
arguments: publishToMavenLocal
Expand All @@ -102,14 +102,14 @@ runs:
shell: bash

- name: Build opentelemetry-java-instrumentation with tests
uses: gradle/gradle-build-action@v2
uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2
if: ${{ env.patch_otel_java_instrumentation == 'true' && inputs.run_tests != 'false' }}
with:
arguments: check -x spotlessCheck publishToMavenLocal
build-root-directory: opentelemetry-java-instrumentation

- name: Build opentelemetry java instrumentation
uses: gradle/gradle-build-action@v2
uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2
if: ${{ env.patch_otel_java_instrumentation == 'true' && inputs.run_tests == 'false' }}
with:
arguments: publishToMavenLocal
Expand All @@ -118,4 +118,4 @@ runs:
- name: cleanup opentelmetry-java-instrumentation
run: rm -rf opentelemetry-java-instrumentation
if: ${{ env.patch_otel_java_instrumentation == 'true' }}
shell: bash
shell: bash
4 changes: 2 additions & 2 deletions .github/workflows/application-signals-e2e-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0
with:
role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }}
aws-region: us-east-1

- uses: actions/download-artifact@v4
- uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #5.0.0
with:
name: aws-opentelemetry-agent.jar

Expand Down
49 changes: 42 additions & 7 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,21 +23,21 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3
with:
languages: java

- uses: actions/setup-java@v4
- uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: 17
distribution: temurin

- name: Cache local Maven repository
uses: actions/cache@v3
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4
with:
path: |
~/.m2/repository/io/opentelemetry/
Expand All @@ -50,12 +50,47 @@ jobs:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_password: ${{ secrets.GPG_PASSPHRASE }}

- uses: gradle/wrapper-validation-action@v1
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3

- name: Manually build to avoid autobuild failures
uses: gradle/gradle-build-action@v3
uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0
with:
arguments: build

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3

all-codeql-checks-pass:
runs-on: ubuntu-latest
needs: [analyze]
if: always()
steps:
- name: Checkout to get workflow file
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0

- name: Check all jobs succeeded and none missing
run: |
# Check if all needed jobs succeeded
results='${{ toJSON(needs) }}'
if echo "$results" | jq -r '.[] | .result' | grep -v success; then
echo "Some jobs failed"
exit 1
fi

# Extract all job names from workflow (excluding this gate job)
all_jobs=$(yq eval '.jobs | keys | .[]' .github/workflows/codeql.yml | grep -v "all-codeql-checks-pass" | sort)

# Extract job names from needs array
needed_jobs='${{ toJSON(needs) }}'
needs_list=$(echo "$needed_jobs" | jq -r 'keys[]' | sort)

# Check if any jobs are missing from needs
missing_jobs=$(comm -23 <(echo "$all_jobs") <(echo "$needs_list"))
if [ -n "$missing_jobs" ]; then
echo "ERROR: Jobs missing from needs array in all-codeql-checks-pass:"
echo "$missing_jobs"
echo "Please add these jobs to the needs array of all-codeql-checks-pass"
exit 1
fi

echo "All CodeQL checks passed and no jobs missing from gate!"
23 changes: 17 additions & 6 deletions .github/workflows/owasp.yml → .github/workflows/daily-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,24 +24,24 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repo for dependency scan
uses: actions/checkout@v4
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0
with:
fetch-depth: 0

- name: Set up Java for dependency scan
uses: actions/setup-java@v4
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: 17
distribution: 'temurin'

- name: Configure AWS credentials for dependency scan
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0
with:
role-to-assume: ${{ secrets.SECRET_MANAGER_ROLE_ARN }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}

- name: Get NVD API key for dependency scan
uses: aws-actions/aws-secretsmanager-get-secrets@v1
uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10
id: nvd_api_key
with:
secret-ids: ${{ secrets.NVD_API_KEY_SECRET_ARN }}
Expand All @@ -51,7 +51,7 @@ jobs:
uses: ./.github/actions/patch-dependencies

- name: Build JAR
uses: gradle/gradle-build-action@v3
uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0
with:
arguments: assemble -PlocalDocker=true

Expand All @@ -76,6 +76,17 @@ jobs:
if: ${{ steps.dep_scan.outcome != 'success' }}
run: less dependency-check-report.html

- name: Configure AWS credentials for image scan
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}

- name: Login to Public ECR
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
with:
registry: public.ecr.aws

- name: Perform high image scan on v1
if: always()
id: high_scan_v1
Expand Down Expand Up @@ -110,7 +121,7 @@ jobs:

- name: Configure AWS Credentials for emitting metrics
if: always()
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0
with:
role-to-assume: ${{ secrets.METRICS_ROLE_ARN }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/docker-build-corretto-slim.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,24 @@ jobs:
build-corretto:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: gradle/wrapper-validation-action@v1
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Log in to AWS ECR
uses: docker/login-action@v3
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
with:
registry: public.ecr.aws

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1
- name: Build docker image
uses: docker/build-push-action@v5
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #6.18.0
with:
push: true
context: scripts/docker/corretto-slim
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/docker-build-smoke-tests-fake-backend.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,14 @@ jobs:
build-docker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0
- uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version: 17
distribution: 'temurin'
# cache local patch outputs
- name: Cache local Maven repository
uses: actions/cache@v3
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4
with:
path: |
~/.m2/repository/io/opentelemetry/
Expand All @@ -38,18 +38,18 @@ jobs:
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_password: ${{ secrets.GPG_PASSPHRASE }}
- uses: gradle/wrapper-validation-action@v1
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Log in to AWS ECR
uses: docker/login-action@v3
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
with:
registry: public.ecr.aws

- name: Build and push docker image
uses: gradle/gradle-build-action@v3
uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0
with:
arguments: :smoke-tests:fakebackend:jib
Loading
Loading