Merge branch 'main' into elasticjob

Author: laurit

.fossa.yml

@@ -190,6 +190,9 @@ targets:
     - type: gradle
       path: ./
       target: ':instrumentation:jdbc:library'
+    - type: gradle
+      path: ./
+      target: ':instrumentation:jfinal-3.2:javaagent'
     - type: gradle
       path: ./
       target: ':instrumentation:jmx-metrics:javaagent'

.github/renovate.json5

@@ -7,23 +7,18 @@
   ignorePaths: [
     'instrumentation/**',
   ],
-  // needed in order to get patch-only updates in package rules below
-  // unfortunately you can't combine updateTypes and separateMinorPatch in the same package rule
-  // so we have to apply it globally here, see
-  // https://github.com/renovatebot/renovate/discussions/8399#discussioncomment-305798
-  separateMinorPatch: true,
   packageRules: [
     {
       // this is to reduce the number of renovate PRs
       matchManagers: [
         'github-actions',
         'dockerfile',
+        'custom.regex',
       ],
       extends: [
         'schedule:weekly',
       ],
       groupName: 'weekly update',
-      separateMinorPatch: false,  // overrides separateMinorPatch specified above
     },
     {
       matchPackageNames: [
@@ -43,6 +38,14 @@
       ignoreUnstable: false,
       allowedVersions: '!/\\-SNAPSHOT$/',
     },
+    {
+      // currently using gradle plugin org.playframework.play 3.1.0 milestone releases
+      // but don't want to pick up SNAPSHOT releases
+      matchPackageNames: [
+        'org.playframework.play:**',
+      ],
+      allowedVersions: '!/\\-SNAPSHOT$/',
+    },
     {
       groupName: 'quarkus packages',
       matchPackageNames: [
@@ -143,11 +146,7 @@
       matchPackageNames: [
         'uk.org.webcompere:system-stubs-jupiter',
       ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
-      ],
-      enabled: false,
+      allowedVersions: '/^2\\.0\\./',
     },
     {
       // wiremock 3+ requires Java 11+
@@ -169,6 +168,16 @@
         'org.snakeyaml:snakeyaml-engine'
       ],
     },
+    {
+      // groovy 5+ requires Java 11+
+      matchUpdateTypes: [
+        'major',
+      ],
+      enabled: false,
+      matchPackageNames: [
+        'org.apache.groovy:**'
+      ],
+    },
     {
       // vaadin 14 tests require node 16
       matchPackageNames: [
@@ -180,9 +189,7 @@
       enabled: false,
     },
     {
-      // intentionally using Spring Boot 2 in this smoke tests
-      // new versions of Spring Boot 3 are tested with
-      // https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/dc4330e0a3060bd7d8c4090ad0b8fc4727e68113/settings.gradle.kts#L43-L45
+      // intentionally using Spring Boot 2 in these smoke tests
       matchFileNames: [
         'smoke-tests/images/spring-boot/build.gradle.kts',
         'smoke-tests-otel-starter/spring-boot-2/build.gradle.kts',
@@ -193,42 +200,24 @@
       ],
       matchPackageNames: [
         'org.slf4j:slf4j-api',
-        'org.springframework.boot:org.springframework.boot.gradle.plugin', // this is for plugin id "org.springframework.boot"
-        'org.springframework.boot:spring-boot-dependencies',
+        'org.springframework.boot:**',
       ],
       matchUpdateTypes: [
         'major',
-        'minor',
       ],
       enabled: false,
     },
     {
-      // intentionally using Spring Boot 2 in this smoke tests
+      // intentionally using Logback 1.2 (for Spring Boot 2) in these smoke tests
       matchFileNames: [
+        'smoke-tests/images/spring-boot/build.gradle.kts',
         'smoke-tests-otel-starter/spring-boot-2/build.gradle.kts',
         'smoke-tests-otel-starter/spring-boot-reactive-2/build.gradle.kts',
       ],
-      matchPackageNames: [
-        'ch.qos.logback:logback-classic',
-      ],
-      matchUpdateTypes: [
-        'minor',
-      ],
-      enabled: false,
-    },
-    {
-      // intentionally using logback 1.2 in this smoke tests
-      matchFileNames: [
-        'smoke-tests/images/spring-boot/build.gradle.kts',
-      ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
-      ],
-      enabled: false,
       matchPackageNames: [
         'ch.qos.logback:**',
       ],
+      allowedVersions: '/^1\\.2\\./',
     },
     {
       // intentionally using slf4j 1 in this smoke tests
@@ -259,18 +248,26 @@
       ],
     },
     {
-      // intentionally aligning both netty 4.0 and 4.1 version in this convention
+      // intentionally aligning netty 4.0 versions in this convention
       matchFileNames: [
         'conventions/src/main/kotlin/otel.java-conventions.gradle.kts',
       ],
       matchPackageNames: [
         'io.netty:netty-bom',
       ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
+      matchCurrentVersion: '/^4\\.0\\./',
+      allowedVersions: '/^4\\.0\\./',
+    },
+    {
+      // intentionally aligning netty 4.1 versions in this convention
+      matchFileNames: [
+        'conventions/src/main/kotlin/otel.java-conventions.gradle.kts',
       ],
-      enabled: false,
+      matchPackageNames: [
+        'io.netty:netty-bom',
+      ],
+      matchCurrentVersion: '/^4\\.1\\./',
+      allowedVersions: '/^4\\.1\\./',
     },
     {
       // intentionally using scala 2.11 in otel.scala-conventions.gradle.kts
@@ -280,14 +277,10 @@
       matchPackageNames: [
         'org.scala-lang:scala-library',
       ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
-      ],
-      enabled: false,
+      allowedVersions: '/^2\\.11\\./',
     },
     {
-      // intentionally using Java 11 in some examples
+      // intentionally testing against specific major Java versions
       matchPackageNames: [
         'eclipse-temurin',
       ],
@@ -325,14 +318,10 @@
       matchFileNames: [
         'dependencyManagement/build.gradle.kts',
       ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
-      ],
-      enabled: false,
       matchPackageNames: [
         'ch.qos.logback:**',
       ],
+      allowedVersions: '/^1\\.3\\./',
     },
     {
       // intentionally using Spring Boot 2 in dependency management (for Java 8 support)
@@ -367,20 +356,31 @@
       datasourceTemplate: 'java-version',
       managerFilePatterns: [
         '.github/workflows/**',
-        '**/*.gradle.kts'
+        '**/*.gradle.kts',
       ],
       matchStrings: [
-        '(?<currentValue>\\d+) # renovate: datasource=java-version',
-        '"(?<currentValue>\\d+)" // renovate: datasource=java-version',
+        '(?<currentValue>\\d+) # renovate\\(java-version\\)',
+        '"(?<currentValue>\\d+)" // renovate\\(java-version\\)',
       ],
       depNameTemplate: 'java',
       extractVersionTemplate: '^(?<version>\\d+)',
     },
+    {
+      customType: 'regex',
+      datasourceTemplate: 'docker',
+      managerFilePatterns: [
+        '**/build.gradle.kts',
+      ],
+      matchStrings: [
+        '"(?<depName>eclipse-temurin):(?<currentValue>[^"@]+)@(?<currentDigest>sha256:[0-9a-f]+)"',
+        '"(?<depName>ibm-semeru-runtimes):(?<currentValue>[^"@]+)@(?<currentDigest>sha256:[0-9a-f]+)"',
+      ],
+    },
     {
       customType: 'regex',
       datasourceTemplate: 'pypi',
       managerFilePatterns: [
-        '/^.github/workflows//',
+        '.github/workflows/**',
       ],
       matchStrings: [
         'pip install (?<depName>[^=]+)==(?<currentValue>[^\\s]+)',
@@ -390,7 +390,7 @@
       customType: 'regex',
       datasourceTemplate: 'npm',
       managerFilePatterns: [
-        '/^.github/workflows//',
+        '.github/workflows/**',
       ],
       matchStrings: [
         'npx (?<depName>[^@]+)@(?<currentValue>[^\\s]+)',

.github/repository-settings.md

@@ -11,8 +11,8 @@ private admin repo.
 - `FLAKY_TEST_REPORTER_ACCESS_KEY` - owned by [@laurit](https://github.com/laurit)
 - `GPG_PASSWORD` - stored in OpenTelemetry-Java 1Password
 - `GPG_PRIVATE_KEY` - stored in OpenTelemetry-Java 1Password
-- `GRADLE_PUBLISH_KEY`
-- `GRADLE_PUBLISH_SECRET`
+- `GRADLE_PUBLISH_KEY` - owned by [@trask](https://github.com/trask)
+- `GRADLE_PUBLISH_SECRET` - owned by [@trask](https://github.com/trask)
 - `NVD_API_KEY` - stored in OpenTelemetry-Java 1Password
   - Generated at https://nvd.nist.gov/developers/request-an-api-key
   - Key is associated with [@trask](https://github.com/trask)'s gmail address

.github/workflows/build-common.yml

@@ -246,7 +246,7 @@ jobs:
           - 11
           - 17
           - 21
-          - 25 # renovate: datasource=java-version
+          - 25 # renovate(java-version)
           - 25-deny-unsafe
         vm:
           - hotspot

.github/workflows/codeql.yml

@@ -63,7 +63,7 @@ jobs:
           cache-read-only: ${{ github.event_name == 'pull_request' }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
         with:
           languages: ${{ matrix.language }}
           # using "linked" helps to keep up with the linked Kotlin support
@@ -84,6 +84,6 @@ jobs:
           --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -19,4 +19,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
+        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2

.github/workflows/ossf-scorecard.yml

@@ -43,6 +43,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
+        uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
         with:
           sarif_file: results.sarif

.github/workflows/reusable-link-check.yml

@@ -14,7 +14,7 @@ jobs:
         with:
           fetch-depth: 0 # needed for merge-base used in lint:links-in-modified-files
 
-      - uses: jdx/mise-action@be3be2260bc02bc3fbf94c5e2fed8b7964baf074 # v3.4.0
+      - uses: jdx/mise-action@9dc7d5dd454262207dea3ab5a06a3df6afc8ff26 # v3.4.1
 
       - name: Link check - relative links (all files)
         if: github.event_name == 'pull_request'

.github/workflows/reusable-pr-smoke-test-images.yml

@@ -30,7 +30,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     env:
-      LATEST_JAVA_VERSION: 25 # renovate: datasource=java-version
+      LATEST_JAVA_VERSION: 25 # renovate(java-version)
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 

.github/workflows/reusable-publish-smoke-test-images.yml

@@ -33,7 +33,7 @@ jobs:
       contents: read
       packages: write
     env:
-      LATEST_JAVA_VERSION: 25 # renovate: datasource=java-version
+      LATEST_JAVA_VERSION: 25 # renovate(java-version)
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0