open-telemetry
diff --git a/‎.github/renovate.json5‎
Lines changed: 3 additions & 4 deletions b/‎.github/renovate.json5‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎.github/repository-settings.md‎
Lines changed: 25 additions & 2 deletions b/‎.github/repository-settings.md‎
Lines changed: 25 additions & 2 deletions
diff --git a/‎.github/scripts/generate-release-contributors.sh‎
Lines changed: 0 additions & 2 deletions b/‎.github/scripts/generate-release-contributors.sh‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎.github/workflows/backport.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/backport.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/prepare-patch-release.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/prepare-patch-release.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/prepare-release-branch.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/prepare-release-branch.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/reusable-markdown-link-check.yml‎
Lines changed: 3 additions & 2 deletions b/‎.github/workflows/reusable-markdown-link-check.yml‎
Lines changed: 3 additions & 2 deletions
@@ -1,8 +1,7 @@
 {
   $schema: 'https://docs.renovatebot.com/renovate-schema.json',
   extends: [
-    'config:recommended',
-    'docker:pinDigests',
+    'config:best-practices',
     'helpers:pinGitHubActionDigestsToSemver',
   ],
   ignorePresets: [
@@ -170,8 +169,8 @@
     {
       customType: 'regex',
       datasourceTemplate: 'npm',
-      fileMatch: [
-        '^.github/workflows/',
+      managerFilePatterns: [
+        '/^.github/workflows//',
       ],
       matchStrings: [
         'npx (?<depName>[^@]+)@(?<currentValue>[^\\s]+)',
 
@@ -2,5 +2,28 @@
 
 Same
 as [opentelemetry-java-instrumentation repository settings](https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/.github/repository-settings.md#repository-settings),
-except that the rules for `gh-pages` and `cloudfoundry` branches are not relevant in this
-repository.
+except for
+
+- The rules for `gh-pages` and `cloudfoundry` branches are not relevant in this repository.
+
+and the enablement of merge queues below.
+
+## Merge queue
+
+Needs to be enabled using classic branch protection (instead of rule set)
+because of our use of the classic branch protection "Restrict who can push to matching branches"
+which otherwise will block the merge queue from merging to main.
+
+### Restrict branch creation
+
+- Additional exclusion for `gh-readonly-queue/main/pr-*`
+
+### Classic branch protection for `main`
+
+- Require merge queue: CHECKED
+  - Build concurrency: 5
+  - Maximum pull requests to build: 5
+  - Minimum pull requests to merge: 1, or after 5 minutes
+  - Maximum pull requests to merge: 5
+  - Only merge non-failing pull requests: CHECKED
+  - Status check timeout: 60 minutes
@@ -85,8 +85,6 @@ echo $contributors1 $contributors2 \
   | sort -uf \
   | grep -v linux-foundation-easycla \
   | grep -v github-actions \
-  | grep -v dependabot \
   | grep -v renovate \
-  | grep -v opentelemetrybot \
   | grep -v otelbot \
   | sed 's/^/@/'
@@ -29,7 +29,7 @@ jobs:
       - name: Use CLA approved bot
         run: .github/scripts/use-cla-approved-bot.sh
 
-      - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
 
@@ -38,7 +38,7 @@ jobs:
         uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           languages: java, actions
           # using "latest" helps to keep up with the latest Kotlin support
@@ -52,4 +52,4 @@ jobs:
         run: ./gradlew assemble --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           sarif_file: results.sarif
@@ -47,7 +47,7 @@ jobs:
       - name: Use CLA approved bot
         run: .github/scripts/use-cla-approved-bot.sh
 
-      - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
 
@@ -59,7 +59,7 @@ jobs:
       - name: Use CLA approved bot
         run: .github/scripts/use-cla-approved-bot.sh
 
-      - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
@@ -116,7 +116,7 @@ jobs:
       - name: Use CLA approved bot
         run: .github/scripts/use-cla-approved-bot.sh
 
-      - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
 
@@ -221,7 +221,7 @@ jobs:
       - name: Use CLA approved bot
         run: .github/scripts/use-cla-approved-bot.sh
 
-      - uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
 
@@ -12,11 +12,12 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: lycheeverse/lychee-action@1d97d84f0bc547f7b25f4c2170d87d810dc2fb2c # v2.4.0
+      - uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1
         with:
           # excluding links to pull requests and issues is done for performance
           args: >
             --include-fragments
-            --exclude "^https://github.com/open-telemetry/opentelemetry-java-contrib/(issue|pull)/\\d+$"
+            --exclude "^https://github.com/open-telemetry/opentelemetry-java-contrib/(issues|pull)/\\d+$"
             --max-retries 6
+            --max-concurrency 1
             .