Merge remote-tracking branch 'origin/main' into feature/cel-sampler

Author: dol

.github/scripts/dependencies.Dockerfile

@@ -0,0 +1,3 @@
+# this file exists so that Renovate can auto-update docker image versions that are then used elsewhere
+
+FROM lycheeverse/lychee:sha-2aa22f8@sha256:2e3786630482c41f9f2dd081e06d7da1c36d66996e8cf6573409b8bc418d48c4 AS lychee

.github/scripts/link-check.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+set -e
+
+export MSYS_NO_PATHCONV=1 # for Git Bash on Windows
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ROOT_DIR="$SCRIPT_DIR/../.."
+DEPENDENCIES_DOCKERFILE="$SCRIPT_DIR/dependencies.Dockerfile"
+
+# Parse command line arguments
+LOCAL_LINKS_ONLY=false
+TARGET=""
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --local-links-only)
+            LOCAL_LINKS_ONLY=true
+            shift
+            ;;
+        *)
+            # Treat any other arguments as file paths
+            TARGET="$TARGET $1"
+            shift
+            ;;
+    esac
+done
+
+# Extract lychee version from dependencies.dockerfile
+LYCHEE_VERSION=$(grep "FROM lycheeverse/lychee:" "$DEPENDENCIES_DOCKERFILE" | sed 's/.*FROM lycheeverse\/lychee:\([^ ]*\).*/\1/')
+
+if [[ -z "$TARGET" ]]; then
+    TARGET="."
+fi
+
+# Build the lychee command with optional GitHub token
+CMD="lycheeverse/lychee:$LYCHEE_VERSION --verbose --root-dir /data"
+
+# Add GitHub token if available
+if [[ -n "$GITHUB_TOKEN" ]]; then
+    CMD="$CMD --github-token $GITHUB_TOKEN"
+fi
+
+if [[ "$LOCAL_LINKS_ONLY" == "true" ]]; then
+    CMD="$CMD --scheme file --include-fragments"
+else
+    CMD="$CMD --config .github/scripts/lychee-config.toml"
+fi
+
+CMD="$CMD $TARGET"
+
+# Determine if we should allocate a TTY
+DOCKER_FLAGS="--rm --init"
+if [[ -t 0 ]]; then
+    DOCKER_FLAGS="$DOCKER_FLAGS -it"
+else
+    DOCKER_FLAGS="$DOCKER_FLAGS -i"
+fi
+
+# Run lychee with proper signal handling
+# shellcheck disable=SC2086
+exec docker run $DOCKER_FLAGS -v "$ROOT_DIR":/data -w /data $CMD

.github/scripts/lychee-config.toml

@@ -0,0 +1,16 @@
+timeout = 30
+retry_wait_time = 5
+max_retries = 6
+max_concurrency = 4
+
+# Check link anchors
+include_fragments = true
+
+# excluding links to pull requests and issues is done for performance
+# sonatype snapshots are currrently unbrowseable
+exclude = [
+  "^https://github.com/open-telemetry/opentelemetry-java-contrib/(issues|pull)/\\d+$",
+  '^https://central.sonatype.com/service/rest/repository/browse/maven-snapshots/io/opentelemetry/contrib/$',
+]
+
+

.github/workflows/assign-reviewers.yml

@@ -18,6 +18,6 @@ jobs:
       pull-requests: write  # for assigning reviewers
     runs-on: ubuntu-latest
     steps:
-      - uses: open-telemetry/assign-reviewers-action@cb42e3ee14a59c01abccd401f126a0f4c3991cb3 # main
+      - uses: open-telemetry/assign-reviewers-action@fcd27c5381c10288b23d423ab85473710a33389e # main
         with:
           config-file: .github/component_owners.yml

.github/workflows/build.yml

@@ -8,6 +8,9 @@ on:
   pull_request:
   merge_group:
   workflow_dispatch:
+  schedule:
+    # Run daily at 7:30 AM UTC
+    - cron: '30 7 * * *'
 
 permissions:
   contents: read
@@ -36,29 +39,46 @@ jobs:
         run: ./gradlew build -x test
 
   test:
-    name: test (${{ matrix.test-java-version }})
-    runs-on: ubuntu-latest
+    name: Test
+    runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
+        os:
+          - macos-latest
+          - macos-13
+          - ubuntu-latest
+          - windows-latest
         test-java-version:
           - 8
           - 11
           - 17
           - 21
           - 23
-      fail-fast: false
+        # macos-latest drops support for java 8 temurin. Run java 8 on macos-13. Run java 11, 17, 21 on macos-latest.
+        exclude:
+          - os: macos-latest
+            test-java-version: 8
+          - os: macos-13
+            test-java-version: 11
+          - os: macos-13
+            test-java-version: 17
+          - os: macos-13
+            test-java-version: 21
+          - os: macos-13
+            test-java-version: 23
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - id: setup-test-java
-        name: Set up JDK ${{ matrix.test-java-version }} for running tests
+      - id: setup-java-test
+        name: Set up Java ${{ matrix.test-java-version }} for tests
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
-          # using zulu because new releases get published quickly
-          distribution: zulu
+          distribution: temurin
           java-version: ${{ matrix.test-java-version }}
 
-      - name: Set up JDK for running Gradle
+      - id: setup-java
+        name: Set up Java for build
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: temurin
@@ -71,9 +91,9 @@ jobs:
       - name: Gradle test
         run: >
           ./gradlew test
-          -PtestJavaVersion=${{ matrix.test-java-version }}
-          -Porg.gradle.java.installations.paths=${{ steps.setup-test-java.outputs.path }}
-          -Porg.gradle.java.installations.auto-download=false
+          "-PtestJavaVersion=${{ matrix.test-java-version }}"
+          "-Porg.gradle.java.installations.paths=${{ steps.setup-java-test.outputs.path }}"
+          "-Porg.gradle.java.installations.auto-download=false"
 
   integration-test:
     runs-on: ubuntu-latest
@@ -101,8 +121,15 @@ jobs:
           name: integration-test-results
           path: jmx-metrics/build/reports/tests/integrationTest
 
-  markdown-link-check:
-    uses: ./.github/workflows/reusable-markdown-link-check.yml
+  link-check:
+    # merge group and push events are excluded to avoid unnecessary CI failures
+    # (these failures will instead be captured by the daily scheduled run)
+    #
+    # release branches are excluded to avoid unnecessary maintenance if external links break
+    # (and also because the README.md might need update on release branches before the release
+    # download has been published)
+    if: github.event_name != 'merge_group' && github.event_name != 'push' && !startsWith(github.ref_name, 'release/')
+    uses: ./.github/workflows/reusable-link-check.yml
 
   markdown-lint-check:
     uses: ./.github/workflows/reusable-markdown-lint.yml
@@ -125,7 +152,7 @@ jobs:
     # and so would not short-circuit if used in the second-last position
     name: publish-snapshots${{ (github.ref_name != 'main' || github.repository != 'open-telemetry/opentelemetry-java-contrib') && ' (skipped)' || '' }}
     needs:
-      # intentionally not blocking snapshot publishing on markdown-link-check or misspell-check
+      # intentionally not blocking snapshot publishing on link-check or misspell-check
       - build
       - integration-test
     runs-on: ubuntu-latest
@@ -178,3 +205,31 @@ jobs:
             )
           )
         run: exit 1 # fail
+
+  workflow-notification:
+    permissions:
+      contents: read
+      issues: write
+    if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && always()
+    needs:
+      - build
+      - test
+      - integration-test
+      - link-check
+      - markdown-lint-check
+      - misspell-check
+      - shell-script-check
+      - publish-snapshots
+    uses: ./.github/workflows/reusable-workflow-notification.yml
+    with:
+      success: >-
+        ${{
+          needs.build.result == 'success' &&
+          needs.test.result == 'success' &&
+          needs.integration-test.result == 'success' &&
+          needs.link-check.result == 'success' &&
+          needs.markdown-lint-check.result == 'success' &&
+          needs.misspell-check.result == 'success' &&
+          needs.shell-script-check.result == 'success' &&
+          needs.publish-snapshots.result == 'success'
+        }}

.github/workflows/codeql.yml

@@ -50,7 +50,7 @@ jobs:
         uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
         with:
           languages: ${{ matrix.language }}
           # using "latest" helps to keep up with the latest Kotlin support
@@ -65,6 +65,6 @@ jobs:
         run: ./gradlew assemble --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/ossf-scorecard.yml

@@ -23,8 +23,18 @@ jobs:
         with:
           persist-credentials: false
 
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        id: create-token
+        with:
+          # analyzing classic branch protections requires a token with admin read permissions
+          # see https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
+          # and https://github.com/open-telemetry/community/issues/2769
+          app-id: ${{ vars.OSSF_SCORECARD_APP_ID }}
+          private-key: ${{ secrets.OSSF_SCORECARD_PRIVATE_KEY }}
+
       - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
+          repo_token:  ${{ steps.create-token.outputs.token }}
           results_file: results.sarif
           results_format: sarif
           publish_results: true
@@ -42,6 +52,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
         with:
           sarif_file: results.sarif

.github/workflows/reusable-link-check.yml

@@ -0,0 +1,45 @@
+name: Reusable - Link check
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  link-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # needed for merge-base below
+
+      - name: Link check - relative links (all files)
+        if: github.event_name == 'pull_request'
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: ./.github/scripts/link-check.sh --local-links-only
+
+      - name: Get modified files
+        if: github.event_name == 'pull_request'
+        id: modified-files
+        run: |
+          merge_base=$(git merge-base origin/${{ github.base_ref }} HEAD)
+          # Using lychee's default extension filter here to match when it runs against all files
+          modified_files=$(git diff --name-only $merge_base...${{ github.event.pull_request.head.sha }} \
+                            | grep -E '\.(md|mkd|mdx|mdown|mdwn|mkdn|mkdown|markdown|html|htm|txt)$' \
+                            | tr '\n' ' ' || true)
+          echo "files=$modified_files" >> $GITHUB_OUTPUT
+          echo "Modified files: $modified_files"
+
+      - name: Link check - all links (modified files only)
+        if: github.event_name == 'pull_request' && steps.modified-files.outputs.files != ''
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: ./.github/scripts/link-check.sh ${{ steps.modified-files.outputs.files }}
+
+      - name: Link check - all links (all files)
+        if: github.event_name != 'pull_request'
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: ./.github/scripts/link-check.sh

.github/workflows/reusable-markdown-link-check.yml

@@ -2,11 +2,26 @@
 
 ## Unreleased
 
+## Version 1.47.0 (2025-07-04)
+
+### Disk buffering
+
+- Shared storage
+  ([#1912](https://github.com/open-telemetry/opentelemetry-java-contrib/pull/1912))
+- Implementing ExtendedLogRecordData
+  ([#1918](https://github.com/open-telemetry/opentelemetry-java-contrib/pull/1918))
+- Add missing EventName to disk-buffering LogRecordDataMapper
+  ([#1950](https://github.com/open-telemetry/opentelemetry-java-contrib/pull/1950))
+
 ### GCP authentication extension
 
 - Update the internal implementation such that the required headers are retrieved
   from the Google Auth Library instead of manually constructing and passing them.
   ([#1860](https://github.com/open-telemetry/opentelemetry-java-contrib/pull/1860))
+- Add metrics support to auth extension
+  ([#1891](https://github.com/open-telemetry/opentelemetry-java-contrib/pull/1891))
+- Update ConfigurableOptions to read from ConfigProperties
+  ([#1904](https://github.com/open-telemetry/opentelemetry-java-contrib/pull/1904))
 
 ### Inferred spans