Merge main into develop-windows (#1474)

* Bump the github_actions group with 2 updates (#1466)

Bumps the github_actions group with 2 updates: [codecov/codecov-action](https://github.com/codecov/codecov-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `codecov/codecov-action` from 5.4.3 to 5.5.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@18283e0...fdcc847)

Updates `github/codeql-action` from 3.29.10 to 3.29.11
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@96f518a...3c3833e)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github_actions
- dependency-name: github/codeql-action
  dependency-version: 3.29.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github_actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* Safeguards for deepest unique path (#1450)

* Safeguards for deepest unique path

* Remove breakpoint

---------

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* Add try-except to web request parsing (#1449)

* Add try-except to web request parsing

* Fix parsing logic

* Add clarifying comment

---------

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* Use legacy bitnami for now (#1471)

* Use legacy bitnami for now

* Revert solr change

* Revert zookeeper change

* Add graphene-django instrumentation (#1451)

* Add graphene-django instrumentation

* Increase naming priority

* Remove unused import

* Add sychronous schema tests

* Clean up test files

* Remove commented out code

* Megalinter fixes

* Add operation & resolver tests

* Refine tests

* MegaLinter fixes

* Suggested reviewer changes

* Megalinter fixes

* Django middleware filtering settings (#1444)

* Reduce number of spans in django framework (#779)

* Do not wrap useless middlewares

* Fixup: use frozenset

* Add config settings

* Add middleware enable/disable options

* Add testing

* Testing exclude/include settings

* Add optional fixture scope argument

* Rewrite tests to use fixtures

* Add new fixture

* Fix tests

* Fix ruff errors

* MegaLinter Fixes

* Add config file tests

* MegaLinter fixes

* Reviewer changes

* MegaLinter fixes

* Add InstrumentationMiddlewareSettings

* More exclude/include filter tests

* Megalinter fixes

* Tests to increase coverage

* Megalinter fixes

* More coverage tests

* ANOTHER TEST:

---------

Co-authored-by: Hannah Stepanek <hstepanek@newrelic.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* Pin bitnami images to bitnamilegacy (#1475)

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

* Distributed CI Image Build (#1478)

* Distribute build of CI image across runners

* Add weekly CI image rebuild

* Add rust to toolchain

* Add human readable job names

* Linting

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Lalleh Rafeei <84813886+lrafeei@users.noreply.github.com>
Co-authored-by: Hannah Stepanek <hstepanek@newrelic.com>

Author: 5 people

.github/containers/Dockerfile

@@ -50,6 +50,7 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
         pkg-config \
         python3-dev \
         python3-pip \
+        rustc \
         sudo \
         tzdata \
         unixodbc-dev \

.github/workflows/build-ci-image.yml

@@ -16,21 +16,31 @@ name: Build CI Image
 
 on:
   workflow_dispatch: # Allow manual trigger
+  schedule:
+    - cron: "15 16 * * 0" # At 16:15 UTC on Sunday
 
 permissions:
   contents: read
+  packages: write
 
 concurrency:
   group: ${{ github.ref || github.run_id }}
   cancel-in-progress: true
 
 jobs:
   build:
-    runs-on: ubuntu-24.04
+    strategy:
+      matrix:
+        include:
+          - platform: linux/amd64
+            cache_tag: linux-amd64
+            runner: ubuntu-24.04
+          - platform: linux/arm64
+            cache_tag: linux-arm64
+            runner: ubuntu-24.04-arm
 
-    permissions:
-      contents: read
-      packages: write
+    runs-on: ${{ matrix.runner }}
+    name: Docker Build ${{ matrix.platform }}
 
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
@@ -42,11 +52,17 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # 3.11.1
 
+      # Lowercase image name and append -ci
+      - name: Generate Image Name
+        id: image-name
+        run: |
+          echo "IMAGE_NAME=${GITHUB_REPOSITORY@L}-ci" >>"${GITHUB_OUTPUT}"
+
       - name: Generate Docker Metadata (Tags and Labels)
         id: meta
         uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # 5.8.0
         with:
-          images: ghcr.io/${{ github.repository }}-ci
+          images: ghcr.io/${{ steps.image-name.outputs.IMAGE_NAME }}
           flavor: |
             prefix=
             suffix=
@@ -65,11 +81,86 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build and Publish Image
+      - name: Build and Push Image by Digest
+        id: build
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # 6.18.0
         with:
-          push: ${{ github.event_name != 'pull_request' }}
           context: .github/containers
-          platforms: ${{ (format('refs/heads/{0}', github.event.repository.default_branch) == github.ref) && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
-          tags: ${{ steps.meta.outputs.tags }}
+          platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,name=ghcr.io/${{ steps.image-name.outputs.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha,scope=build-${{ matrix.cache_tag }}
+          cache-to: type=gha,scope=build-${{ matrix.cache_tag }}
+
+      - name: Export Digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload Digest
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
+        with:
+          name: digests-${{ matrix.cache_tag }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    if: github.event_name != 'pull_request'
+    needs:
+      - build
+
+    name: Docker Merge Image
+
+    steps:
+      - name: Download Digests
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # 5.0.0
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to GitHub Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # 3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # 3.11.1
+
+      # Lowercase image name and append -ci
+      - name: Generate Image Name
+        id: image-name
+        run: |
+          echo "IMAGE_NAME=${GITHUB_REPOSITORY@L}-ci" >>"${GITHUB_OUTPUT}"
+
+      - name: Generate Docker Metadata (Tags and Labels)
+        id: meta
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # 5.8.0
+        with:
+          images: ghcr.io/${{ steps.image-name.outputs.IMAGE_NAME }}
+          flavor: |
+            prefix=
+            suffix=
+            latest=false
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=schedule,pattern={{date 'YYYY-MM-DD'}}
+            type=sha,format=short,prefix=sha-
+            type=sha,format=long,prefix=sha-
+
+      - name: Create Manifest List and Push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          # shellcheck disable=SC2046
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'ghcr.io/${{ steps.image-name.outputs.IMAGE_NAME }}@sha256:%s ' *)
+
+      - name: Inspect Image
+        run: |
+          docker buildx imagetools inspect ghcr.io/${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.meta.outputs.version }}

.github/workflows/tests.yml

@@ -108,7 +108,7 @@ jobs:
           coverage xml
 
       - name: Upload Coverage to Codecov
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # 5.4.3
+        uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # 5.5.0
         with:
           files: coverage.xml
           fail_ci_if_error: true
@@ -764,7 +764,7 @@ jobs:
     timeout-minutes: 30
     services:
       solr:
-        image: bitnami/solr:8.8.2
+        image: bitnamilegacy/solr:8.8.2
         env:
           SOLR_CORE: collection
         ports:
@@ -1026,15 +1026,15 @@ jobs:
     timeout-minutes: 30
     services:
       zookeeper:
-        image: bitnami/zookeeper:3.9.1
+        image: bitnamilegacy/zookeeper:3.9.1
         env:
           ALLOW_ANONYMOUS_LOGIN: yes
 
         ports:
           - 2181:2181
 
       kafka:
-        image: bitnami/kafka:3.6.1
+        image: bitnamilegacy/kafka:3.3.2
         ports:
           - 8080:8080
           - 8082:8082

.github/workflows/trivy.yml

@@ -61,6 +61,6 @@ jobs:
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: ${{ github.event_name == 'schedule' }}
-        uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # 3.29.10
+        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # 3.29.11
         with:
           sarif_file: "trivy-results.sarif"

newrelic/api/web_transaction.py

@@ -665,13 +665,22 @@ def __init__(self, application, environ, source=None):
         self._request_uri = request_uri
 
         if self._request_uri is not None:
-            # Need to make sure we drop off any query string
-            # arguments on the path if we have to fallback
-            # to using the original REQUEST_URI. Can't use
-            # attribute access on result as only support for
-            # Python 2.5+.
-
-            self._request_uri = urlparse.urlparse(self._request_uri)[2]
+            # This try/except logic is to handle cases where
+            # `REQUEST_URI` is malformed or contains invalid
+            # characters.  This can happen at this point if
+            # a malformed request is passed in and for versions
+            # of `urllib` in the Python standard library older
+            # than what has been released Jan 31, 2025.
+            try:
+                # Need to make sure we drop off any query string
+                # arguments on the path if we have to fallback
+                # to using the original REQUEST_URI. Can't use
+                # attribute access on result as only support for
+                # Python 2.5+.
+                self._request_uri = urlparse.urlparse(self._request_uri)[2]
+            except:
+                # If `self._request_uri` is invalid, set to `None`
+                self._request_uri = None
 
         if script_name is not None or path_info is not None:
             if path_info is None:

newrelic/config.py

@@ -215,6 +215,10 @@ def _map_inc_excl_attributes(s):
     return newrelic.core.config._parse_attributes(s)
 
 
+def _map_inc_excl_middleware(s):
+    return newrelic.core.config._parse_attributes(s, middleware=True)
+
+
 def _map_case_insensitive_excl_labels(s):
     return [v.lower() for v in newrelic.core.config._parse_attributes(s)]
 
@@ -510,6 +514,9 @@ def _process_configuration(section):
         section, "instrumentation.kombu.ignored_exchanges", "get", newrelic.core.config.parse_space_separated_into_list
     )
     _process_setting(section, "instrumentation.kombu.consumer.enabled", "getboolean", None)
+    _process_setting(section, "instrumentation.middleware.django.enabled", "getboolean", None)
+    _process_setting(section, "instrumentation.middleware.django.exclude", "get", _map_inc_excl_middleware)
+    _process_setting(section, "instrumentation.middleware.django.include", "get", _map_inc_excl_middleware)
 
 
 # Loading of configuration from specified file and for specified
@@ -2701,6 +2708,10 @@ def _process_module_builtin_defaults():
         "graphene.types.schema", "newrelic.hooks.framework_graphene", "instrument_graphene_types_schema"
     )
 
+    _process_module_definition(
+        "graphene_django.views", "newrelic.hooks.component_graphenedjango", "instrument_graphene_django_views"
+    )
+
     _process_module_definition("graphql.graphql", "newrelic.hooks.framework_graphql", "instrument_graphql")
     _process_module_definition(
         "graphql.execution.execute", "newrelic.hooks.framework_graphql", "instrument_graphql_execute"

newrelic/core/config.py

@@ -321,6 +321,14 @@ class SpanEventAttributesSettings(Settings):
     pass
 
 
+class InstrumentationMiddlewareSettings(Settings):
+    pass
+
+
+class InstrumentationDjangoMiddlewareSettings(Settings):
+    pass
+
+
 class DistributedTracingSettings(Settings):
     pass
 
@@ -508,6 +516,8 @@ class EventHarvestConfigHarvestLimitSettings(Settings):
 _settings.instrumentation.kombu = InstrumentationKombuSettings()
 _settings.instrumentation.kombu.ignored_exchanges = InstrumentationKombuIgnoredExchangesSettings()
 _settings.instrumentation.kombu.consumer = InstrumentationKombuConsumerSettings()
+_settings.instrumentation.middleware = InstrumentationMiddlewareSettings()
+_settings.instrumentation.middleware.django = InstrumentationDjangoMiddlewareSettings()
 _settings.message_tracer = MessageTracerSettings()
 _settings.process_host = ProcessHostSettings()
 _settings.rum = RumSettings()
@@ -635,11 +645,15 @@ def _parse_status_codes(value, target):
     return target
 
 
-def _parse_attributes(s):
+# Called from newrelic.config.py to parse
+# attributes and django middleware lists
+def _parse_attributes(s, middleware=False):
     valid = []
     for item in s.split():
         if "*" not in item[:-1] and len(item.encode("utf-8")) < 256:
             valid.append(item)
+        elif middleware:
+            _logger.warning("Improperly formatted middleware: %r", item)
         else:
             _logger.warning("Improperly formatted attribute: %r", item)
     return valid
@@ -905,6 +919,12 @@ def default_otlp_host(host):
     "NEW_RELIC_INSTRUMENTATION_KOMBU_CONSUMER_ENABLED", default=False
 )
 
+_settings.instrumentation.middleware.django.enabled = _environ_as_bool(
+    "NEW_RELIC_INSTRUMENTATION_DJANGO_MIDDLEWARE_ENABLED", default=True
+)
+_settings.instrumentation.middleware.django.exclude = []
+_settings.instrumentation.middleware.django.include = []
+
 _settings.event_harvest_config.harvest_limits.analytic_event_data = _environ_as_int(
     "NEW_RELIC_ANALYTICS_EVENTS_MAX_SAMPLES_STORED", DEFAULT_RESERVOIR_SIZE
 )