Merge branch 'main' into stress-test

Author: lalitb

.clang-format

@@ -59,3 +59,15 @@ IndentPPDirectives: AfterHash
 
 # Include blocks style
 IncludeBlocks: Preserve
+
+AttributeMacros:
+  - OPENTELEMETRY_UNLIKELY
+  - OPENTELEMETRY_LIKELY
+  - OPENTELEMETRY_MAYBE_UNUSED
+  - OPENTELEMETRY_DEPRECATED
+  - OPENTELEMETRY_API_SINGLETON
+  - OPENTELEMETRY_LOCAL_SYMBOL
+  - OPENTELEMETRY_EXPORT
+  - OPENTELEMETRY_SANITIZER_NO_MEMORY
+  - OPENTELEMETRY_SANITIZER_NO_THREAD
+  - OPENTELEMETRY_SANITIZER_NO_ADDRESS

.devcontainer/Dockerfile.conan

@@ -0,0 +1,55 @@
+# Copyright The OpenTelemetry Authors
+# SPDX-License-Identifier: Apache-2.0
+FROM ubuntu:24.04@sha256:1e622c5f073b4f6bfad6632f2616c7f59ef256e96fe78bf6a595d1dc4376ac02
+
+RUN apt update && apt install -y \
+	build-essential \
+	ca-certificates \
+	wget \
+	cmake \
+	git \
+	sudo \
+	nano \
+	pkg-config \
+	ninja-build \
+	clang-format \
+	clang-tidy \
+	autoconf \
+	automake \
+	libtool \
+	python3-pip
+
+RUN pip install "conan==2.15.1" --break-system-packages
+
+ARG USER_UID=1000
+ARG USER_GID=1000
+ARG USER_NAME=devuser
+ENV USER_NAME=devuser
+ENV USER_UID=${USER_UID}
+ENV USER_GID=${USER_GID}
+ENV INSTALL_PACKAGES=
+ENV IS_CONTAINER_BUILD=true
+
+COPY ./.devcontainer/customize_container.sh /tmp/opentelemetry_cpp/devcontainer/customize_container.sh
+RUN /tmp/opentelemetry_cpp/devcontainer/customize_container.sh
+USER devuser
+
+RUN conan profile detect --force	
+
+ARG CONAN_FILE=conanfile_stable.txt
+ARG CONAN_BUILD_TYPE=Debug
+ARG CXX_STANDARD=17
+WORKDIR /home/devuser/conan
+COPY ./install/conan/ .
+
+RUN conan install ./${CONAN_FILE} --build=missing -s build_type=${CONAN_BUILD_TYPE}
+ENV CMAKE_TOOLCHAIN_FILE=/home/devuser/conan/build/${CONAN_BUILD_TYPE}/generators/conan_toolchain.cmake
+ENV CXX_STANDARD=${CXX_STANDARD}
+ENV BUILD_TYPE=${CONAN_BUILD_TYPE}
+ENV CONAN_FILE=${CONAN_FILE}
+
+WORKDIR  /workspaces/opentelemetry-cpp
+
+ENTRYPOINT []
+
+CMD ["/bin/bash"]

.devcontainer/Dockerfile.dev

@@ -0,0 +1,52 @@
+# Copyright The OpenTelemetry Authors
+# SPDX-License-Identifier: Apache-2.0
+
+FROM otel/cpp_format_tools
+
+ARG USER_UID=1000
+ARG USER_GID=1000
+ARG INSTALL_PACKAGES=
+
+ARG CXX_STANDARD=17
+
+ENV CXX_STANDARD=${CXX_STANDARD}
+
+COPY ci /opt/ci
+
+RUN apt update && apt install -y wget \
+    ninja-build \
+    llvm-dev \
+    libclang-dev \
+    clang-tidy \
+    shellcheck \
+    sudo \
+    cmake
+
+RUN cd /opt/ci && bash setup_ci_environment.sh
+RUN cd /opt/ci && bash install_iwyu.sh
+
+ADD https://github.com/bazelbuild/bazelisk/releases/download/v1.22.1/bazelisk-linux-amd64 /usr/local/bin
+	
+RUN git config --global core.autocrlf input \
+	&& chmod +x /usr/local/bin/bazelisk-linux-amd64
+
+ENV INSTALL_PACKAGES=${INSTALL_PACKAGES}
+ENV USER_NAME=devuser
+ENV USER_UID=${USER_UID}
+ENV USER_GID=${USER_GID}
+ENV IS_CONTAINER_BUILD=true
+
+COPY install /opt/install
+COPY ./.devcontainer/customize_container.sh /tmp/opentelemetry_cpp/devcontainer/customize_container.sh
+RUN /tmp/opentelemetry_cpp/devcontainer/customize_container.sh
+RUN apt install -y npm && npm install -g [email protected]
+
+USER devuser
+
+WORKDIR  /workspaces/opentelemetry-cpp
+RUN cd /opt && bash ci/install_thirdparty.sh --install-dir /home/devuser/third-party/install-stable --tags-file install/cmake/third_party_stable
+ENV CMAKE_PREFIX_PATH=/home/devuser/third-party/install-stable
+
+ENTRYPOINT []
+
+CMD ["/bin/bash"]

.devcontainer/README.md

@@ -0,0 +1,38 @@
+# Customizing Your Dev Container
+
+Customize your dev container using build arguments (for direct Docker builds) or
+environment variables (for evaluation in `devcontainer.json`).
+
+* **CXX standard:**
+  This is the C++ standard to build from (eg: 17, 20, ...). (Default: 17)
+  * Docker ARG:
+   `CXX_STANDARD`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_CXX_STANDARD`
+
+* **User ID (UID):**
+  User ID (Default: `1000`)
+  * Docker ARG:
+   `USER_UID`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_USER_UID`
+
+* **Group ID (GID):**
+  User group ID (Default: `1000`)
+  * Docker ARG:
+   `USER_GID`
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_USER_GID`
+
+* **Install Packages:**
+  These are the additional packages that will be installed via `apt install` in the devcontainer. This is a space separated list.
+  * Docker ARG:
+   `INSTALL_PACKAGES`  (Default: ``)
+  * Host Environment Variable:
+   `OTEL_CPP_DEVCONTAINER_INSTALL_PACKAGES` (Default: ``)
+
+## Examples
+
+* `docker build --build-arg CXX_STANDARD="20" --build-arg INSTALL_PACKAGES="nano gitk"...`
+* `export OTEL_CPP_DEVCONTAINER_CXX_STANDARD=20`
+* `export OTEL_CPP_DEVCONTAINER_INSTALL_PACKAGES="nano gitk"`

.devcontainer/customize_container.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Copyright The OpenTelemetry Authors
+# SPDX-License-Identifier: Apache-2.0
+
+set -eu
+
+if [[ $IS_CONTAINER_BUILD != "true" ]]; then
+     echo "This script should only run inside a Docker container."
+     exit 1
+fi
+
+if [[ -n "$INSTALL_PACKAGES" ]]; then
+    packages=($INSTALL_PACKAGES)
+    for package in "${packages[@]}"; do
+        apt install -y "$package"
+    done
+fi
+
+if [[ $(id "$USER_NAME" 2>/dev/null) ]]; then
+    echo "User '$USER_NAME' already exists. Removing it."
+    userdel -rf "$USER_NAME"
+elif [[ $(id -u "$USER_UID" 2>/dev/null) ]]; then
+    OTHER_USER=$(getent passwd "$USER_UID" | cut -d: -f1)
+    echo "User '$OTHER_USER' exists with UID $USER_UID. Removing it."
+    userdel -rf "$OTHER_USER"
+fi
+
+if [[ ! $(getent group "$USER_GID" 2>/dev/null) ]]; then
+    echo "Group '$USER_GID' does not exist. Adding it."
+    groupadd -g "$USER_GID" "$USER_NAME"
+fi
+
+useradd -m -u "$USER_UID" -g "$USER_GID" -s /bin/bash "$USER_NAME"
+echo "Created user '$USER_NAME' (UID: $USER_UID, GID: $USER_GID)."
+
+echo "$USER_NAME ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/"$USER_NAME"
+
+echo "User and group setup complete."

.devcontainer/devcontainer.json

@@ -0,0 +1,31 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+// https://github.com/microsoft/vscode-dev-containers/tree/v0.162.0/containers/javascript-node
+{
+	"name": "opentelemetry-cpp",
+	"build": {
+		"context": "..",
+		"dockerfile": "Dockerfile.dev",
+		"args": {
+			"USER_UID": "${localEnv:OTEL_CPP_DEVCONTAINER_USER_UID:1000}",
+			"USER_GID": "${localEnv:OTEL_CPP_DEVCONTAINER_USER_GID:1000}",
+			"INSTALL_PACKAGES": "${localEnv:OTEL_CPP_DEVCONTAINER_INSTALL_PACKAGES:}",
+			"CXX_STANDARD": "${localEnv:OTEL_CPP_DEVCONTAINER_CXX_STANDARD:17}"
+		}
+	},
+	"customizations": {
+		"vscode": {
+			"extensions": [
+				"ms-vscode.cpptools",
+				"ms-azuretools.vscode-docker",
+				"ms-vscode.cpptools-extension-pack"
+			],
+			"settings": {
+				"terminal.integrated.shell.linux": "/bin/bash",
+			}
+		}
+	},
+
+	"remoteUser": "devuser"
+}

.github/dependabot.yml

@@ -6,3 +6,8 @@ updates:
       interval: "daily"
     labels:
       - "GHA"
+
+  - package-ecosystem: "devcontainers"
+    directory: "/"
+    schedule:
+     interval: daily

.github/workflows/benchmark.yml

@@ -5,19 +5,23 @@ on:
       - main
 
 permissions:
-  contents: write
-  deployments: write
+  contents: read
 
 jobs:
   benchmark:
     name: Run OpenTelemetry-cpp benchmarks
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           submodules: 'recursive'
       - name: Mount Bazel Cache
-        uses: actions/cache@v4
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         env:
           cache-name: bazel_cache
         with:
@@ -35,20 +39,28 @@ jobs:
           mv api-benchmark_result.json benchmarks
           mv sdk-benchmark_result.json benchmarks
           mv exporters-benchmark_result.json benchmarks
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@6027e3dd177782cd8ab9af838c04fd81a07f1d47 # main March 2025
         with:
           name: benchmark_results
           path: benchmarks
   store_benchmark:
     needs: benchmark
+    permissions:
+      contents: write
+      deployments: write
     strategy:
       matrix:
         components: ["api", "sdk", "exporters"]
     name: Store benchmark result
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/download-artifact@master
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # main March 2025
         with:
           name: benchmark_results
           path: benchmarks
@@ -57,7 +69,7 @@ jobs:
         run: |
           cat benchmarks/*
       - name: Push benchmark result
-        uses: benchmark-action/github-action-benchmark@v1
+        uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7 # v1.20.4
         with:
           name: OpenTelemetry-cpp ${{ matrix.components }} Benchmark
           tool: 'googlecpp'