Merge branch 'main' into MCP-Instrumentor

Author: liustve

.github/actions/artifacts_build/action.yml

@@ -104,4 +104,5 @@ runs:
       uses: ./.github/actions/image_scan
       with:
         image-ref: ${{ inputs.image_uri_with_tag }}
-        severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
+        severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
+        logout: 'true'

.github/actions/image_scan/action.yml

@@ -11,6 +11,11 @@ inputs:
   severity:
     required: true
     description: "List of severities that will cause a failure"
+  logout:
+    required: true
+    description: |
+      Whether to logout of public AWS ECR. Set to 'true' for PR workflows to avoid potential call failures,
+      'false' for daily scans which has a higher bar for passing regularly and specifically wants to sign in.
 
 runs:
   using: "composite"
@@ -22,6 +27,7 @@ runs:
   # ensure we can make unauthenticated call. This is important for making the pr_build workflow run on
   # PRs created from forked repos.
   - name: Logout of public AWS ECR
+    if: inputs.logout == 'true'
     shell: bash
     run: docker logout public.ecr.aws
 
@@ -30,4 +36,4 @@ runs:
     with:
       image-ref: ${{ inputs.image-ref }}
       severity: ${{ inputs.severity }}
-      exit-code: '1'
+      exit-code: '1'

.github/workflows/daily_scan.yml renamed to .github/workflows/daily-scan.yml

@@ -8,8 +8,10 @@
 name: Daily scan
 
 on:
-  schedule:
-    - cron: '0 18 * * *' # scheduled to run at 18:00 UTC every day
+  schedule: # scheduled to run at 14:00, 20:00, 02:00 UTC every day
+    - cron: '0 14 * * *' # 6:00/7:00   PST/PDT (14:00 UTC)
+    - cron: '0 20 * * *' # 12:00/13:00 PST/PDT (20:00 UTC)
+    - cron: '0 02 * * *' # 18:00/19:00 PST/PDT (02:00 UTC)
   workflow_dispatch: # be able to run the workflow on demand
 
 env:
@@ -77,21 +79,34 @@ jobs:
         if: ${{ steps.dep_scan.outcome != 'success' }}
         run: less dependency-check-report.html
 
+      - name: Configure AWS credentials for image scan
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+
+      - name: Login to Public ECR
+        uses: docker/login-action@v3
+        with:
+          registry: public.ecr.aws
+          
       - name: Perform high image scan
         if: always()
         id: high_scan
         uses: ./.github/actions/image_scan
         with:
-          image-ref: "public.ecr.aws/aws-observability/adot-autoinstrumentation-python:v0.10.1"
+          image-ref: "public.ecr.aws/aws-observability/adot-autoinstrumentation-python:v0.12.0"
           severity: 'CRITICAL,HIGH'
+          logout: 'false'
 
       - name: Perform low image scan
         if: always()
         id: low_scan
         uses: ./.github/actions/image_scan
         with:
-          image-ref: "public.ecr.aws/aws-observability/adot-autoinstrumentation-python:v0.10.1"
+          image-ref: "public.ecr.aws/aws-observability/adot-autoinstrumentation-python:v0.12.0"
           severity: 'MEDIUM,LOW,UNKNOWN'
+          logout: 'false'
 
       - name: Configure AWS Credentials for emitting metrics
         if: always()

.github/workflows/main-build.yml

@@ -109,3 +109,23 @@ jobs:
     with:
       staging-wheel-name: ${{ needs.build.outputs.staging_wheel_file }}
       adot-image-name: ${{ needs.build.outputs.staging_registry }}/aws-observability/adot-autoinstrumentation-python-staging:${{ needs.build.outputs.python_image_tag }}
+
+  publish-main-build-status:
+    name: "Publish Main Build Status"
+    needs: [ build, application-signals-e2e-test ]
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - name: Configure AWS Credentials for emitting metrics
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.MONITORING_ROLE_ARN }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+
+      - name: Publish main build status
+        run: |
+          value="${{ needs.build.result == 'success' && needs.application-signals-e2e-test.result == 'success' && '0.0' || '1.0'}}"
+          aws cloudwatch put-metric-data --namespace 'ADOT/GitHubActions' \
+            --metric-name Failure \
+            --dimensions repository=${{ github.repository }},branch=${{ github.ref_name }},workflow=main_build \
+            --value $value

.github/workflows/post_release_version_bump.yml renamed to .github/workflows/post-release-version-bump.yml

@@ -99,9 +99,9 @@ jobs:
           DEV_VERSION="${{ github.event.inputs.version }}.dev0"
           sed -i 's/__version__ = ".*"/__version__ = "'$DEV_VERSION'"/' aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py
           VERSION="${{ github.event.inputs.version }}"
-          sed -i 's/python:v.*"/python:v'$VERSION'"/' .github/workflows/daily_scan.yml
+          sed -i 's/python:v.*"/python:v'$VERSION'"/' .github/workflows/daily-scan.yml
           git add aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py
-          git add .github/workflows/daily_scan.yml
+          git add .github/workflows/daily-scan.yml
           git commit -m "Prepare main for next development cycle: Update version to $DEV_VERSION"
           git push --set-upstream origin "prepare-main-for-next-dev-cycle-${VERSION}"
 

.github/workflows/pr_build.yml renamed to .github/workflows/pr-build.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Build Wheel and Image Files
         uses: ./.github/actions/artifacts_build
         with:
-          image_uri_with_tag: pr_build/${{ matrix.python-version }}
+          image_uri_with_tag: pr-build/${{ matrix.python-version }}
           push_image: false
           load_image: true
           python_version: ${{ matrix.python-version }}

.github/workflows/pre_release_prepare.yml renamed to .github/workflows/pre-release-prepare.yml

@@ -12,7 +12,8 @@ on:
         default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1'
 
 env:
-  COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1
+  # Legacy list of commercial regions to deploy to. New regions should NOT be added here, and instead should be added to the `aws_region` default input to the workflow.
+  LEGACY_COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1
   LAYER_NAME: AWSOpenTelemetryDistroPython
 
 permissions:
@@ -63,21 +64,21 @@ jobs:
     steps:
       - name: role arn
         env:
-          COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }}
+          LEGACY_COMMERCIAL_REGIONS: ${{ env.LEGACY_COMMERCIAL_REGIONS }}
         run: |
-          COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ })
+          LEGACY_COMMERCIAL_REGIONS_ARRAY=(${LEGACY_COMMERCIAL_REGIONS//,/ })
           FOUND=false
-          for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do
+          for REGION in "${LEGACY_COMMERCIAL_REGIONS_ARRAY[@]}"; do
             if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then
               FOUND=true
               break
             fi
           done
           if [ "$FOUND" = true ]; then
-            echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS"
+            echo "Found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS"
             SECRET_KEY="LAMBDA_LAYER_RELEASE"
           else
-            echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS"
+            echo "Not found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS"
             SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE"
           fi
           SECRET_KEY=${SECRET_KEY//-/_}

.github/workflows/release_build.yml renamed to .github/workflows/release-build.yml

@@ -3,7 +3,7 @@
 import importlib
 import os
 import sys
-from logging import Logger, getLogger
+from logging import ERROR, Logger, getLogger
 
 from amazon.opentelemetry.distro._utils import get_aws_region, is_agent_observability_enabled
 from amazon.opentelemetry.distro.aws_opentelemetry_configurator import (
@@ -22,12 +22,17 @@
 from opentelemetry import propagate
 from opentelemetry.distro import OpenTelemetryDistro
 from opentelemetry.environment_variables import OTEL_PROPAGATORS, OTEL_PYTHON_ID_GENERATOR
+from opentelemetry.instrumentation.auto_instrumentation import _load
+from opentelemetry.instrumentation.logging import LEVELS
+from opentelemetry.instrumentation.logging.environment_variables import OTEL_PYTHON_LOG_LEVEL
 from opentelemetry.sdk.environment_variables import (
     OTEL_EXPORTER_OTLP_METRICS_DEFAULT_HISTOGRAM_AGGREGATION,
     OTEL_EXPORTER_OTLP_PROTOCOL,
 )
 
 _logger: Logger = getLogger(__name__)
+# Suppress configurator warnings from auto-instrumentation
+_load._logger.setLevel(LEVELS.get(os.environ.get(OTEL_PYTHON_LOG_LEVEL, "error").lower(), ERROR))
 
 
 class AwsOpenTelemetryDistro(OpenTelemetryDistro):