Merge branch 'main' into feat/add-jvm-file-descriptors-to-runtime-instrumentation

Author: laurit

.github/repository-settings.md

@@ -132,6 +132,7 @@ settings](https://github.com/open-telemetry/community/blob/main/docs/how-to-conf
 
 - `FOSSA_API_KEY`
 - `OTELBOT_PRIVATE_KEY`
+- `OTELBOT_JAVA_INSTRUMENTATION_PRIVATE_KEY`
 
 ### Organization variables
 

.github/workflows/auto-license-report.yml

@@ -0,0 +1,56 @@
+name: Auto license report
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Free disk space
+        run: .github/scripts/gha-free-disk-space.sh
+
+      - name: Set up JDK for running Gradle
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          distribution: temurin
+          java-version-file: .java-version
+
+      - name: Set up gradle
+        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        with:
+          cache-read-only: true
+
+      - name: Check out PR branch
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr checkout ${{ github.event.pull_request.number }}
+
+      - name: Update license report
+        run: ./gradlew generateLicenseReport --no-build-cache
+
+      - id: create-patch
+        name: Create patch file
+        run: |
+          git diff > patch
+          if [ -s patch ]; then
+            echo "exists=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Upload patch file
+        if: steps.create-patch.outputs.exists == 'true'
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          path: patch
+          name: patch

.github/workflows/auto-spotless.yml

@@ -0,0 +1,56 @@
+name: Auto spotless
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Free disk space
+        run: .github/scripts/gha-free-disk-space.sh
+
+      - name: Set up JDK for running Gradle
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          distribution: temurin
+          java-version-file: .java-version
+
+      - name: Set up gradle
+        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1
+        with:
+          cache-read-only: true
+
+      - name: Check out PR branch
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr checkout ${{ github.event.pull_request.number }}
+
+      - name: Spotless
+        run: ./gradlew spotlessApply
+
+      - id: create-patch
+        name: Create patch file
+        run: |
+          git diff > patch
+          if [ -s patch ]; then
+            echo "exists=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Upload patch file
+        if: steps.create-patch.outputs.exists == 'true'
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          path: patch
+          name: patch

.github/workflows/auto-update-pull-request.yml

@@ -0,0 +1,96 @@
+name: Auto update pull request
+on:
+  workflow_run:
+    workflows:
+      - "Auto spotless"
+      - "Auto license report"
+    types:
+      - completed
+
+permissions:
+  contents: read
+
+jobs:
+  apply:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Download patch
+        uses: actions/[email protected]
+        with:
+          run-id: ${{ github.event.workflow_run.id }}
+          path: ${{ runner.temp }}
+          merge-multiple: true
+          github-token: ${{ github.token }}
+
+      - id: unzip-patch
+        name: Unzip patch
+        working-directory: ${{ runner.temp }}
+        run: |
+          if [ -f patch ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+          fi
+
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        if: steps.unzip-patch.outputs.exists == 'true'
+        id: otelbot-token
+        with:
+          app-id: 1295839
+          private-key: ${{ secrets.OTELBOT_JAVA_INSTRUMENTATION_PRIVATE_KEY }}
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        if: steps.unzip-patch.outputs.exists == 'true'
+        with:
+          token: ${{ steps.otelbot-token.outputs.token }}
+
+      - id: get-pr
+        if: steps.unzip-patch.outputs.exists == 'true'
+        name: Get PR
+        env:
+          PR_BRANCH: |-
+            ${{
+              (github.event.workflow_run.head_repository.owner.login != github.event.workflow_run.repository.owner.login)
+                && format('{0}:{1}', github.event.workflow_run.head_repository.owner.login, github.event.workflow_run.head_branch)
+                || github.event.workflow_run.head_branch
+            }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          echo gh pr view "${PR_BRANCH}" --json number --jq .number
+          number=$(gh pr view "${PR_BRANCH}" --json number --jq .number)
+          echo $number
+          echo "number=$number" >> $GITHUB_OUTPUT
+
+      - name: Check out PR branch
+        if: steps.unzip-patch.outputs.exists == 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: gh pr checkout ${{ steps.get-pr.outputs.number }}
+
+      - name: Use CLA approved github bot
+        if: steps.unzip-patch.outputs.exists == 'true'
+        # IMPORTANT do not call the .github/scripts/use-cla-approved-bot.sh
+        # since that script could have been compromised in the PR branch
+        run: |
+          git config user.name otelbot
+          git config user.email [email protected]
+
+      - name: Apply patch and push
+        if: steps.unzip-patch.outputs.exists == 'true'
+        run: |
+          git apply "${{ runner.temp }}/patch"
+          git commit -a -m "./gradlew spotlessApply"
+          git push
+
+      - if: steps.unzip-patch.outputs.exists == 'true' && success()
+        env:
+          GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
+        run: |
+          gh pr comment ${{ steps.get-pr.outputs.number }} --body "🔧 The result from spotlessApply was committed to the PR branch."
+
+      - if: steps.unzip-patch.outputs.exists == 'true' && failure()
+        env:
+          GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
+        run: |
+          gh pr comment ${{ steps.get-pr.outputs.number }} --body "❌ The result from spotlessApply could not be committed to the PR branch, see logs: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID."

.github/workflows/reusable-markdown-lint-check.yml

@@ -14,4 +14,4 @@ jobs:
 
       - name: Run markdownlint
         run: |
-          npx markdownlint-cli@0.44.0 -c .github/config/markdownlint.yml -p .gitignore **/*.md -i licenses/licenses.md
+          npx markdownlint-cli@0.45.0 -c .github/config/markdownlint.yml -p .gitignore **/*.md -i licenses/licenses.md

benchmark-overhead-jmh/build.gradle.kts

@@ -13,7 +13,7 @@ otelJava {
 }
 
 dependencies {
-  jmhImplementation("org.springframework.boot:spring-boot-starter-web:3.4.5")
+  jmhImplementation("org.springframework.boot:spring-boot-starter-web:3.4.6")
 }
 
 tasks {

conventions/src/main/kotlin/otel.java-conventions.gradle.kts

@@ -431,7 +431,7 @@ codenarc {
 checkstyle {
   configFile = rootProject.file("buildscripts/checkstyle.xml")
   // this version should match the version of google_checks.xml used as basis for above configuration
-  toolVersion = "10.23.1"
+  toolVersion = "10.24.0"
   maxWarnings = 0
 }
 

dependencyManagement/build.gradle.kts

@@ -108,7 +108,7 @@ val DEPENDENCIES = listOf(
   "io.opentelemetry.contrib:opentelemetry-gcp-resources:${otelContribVersion}",
   "io.opentelemetry.contrib:opentelemetry-cloudfoundry-resources:${otelContribVersion}",
   "io.opentelemetry.contrib:opentelemetry-baggage-processor:${otelContribVersion}",
-  "io.opentelemetry.proto:opentelemetry-proto:1.5.0-alpha",
+  "io.opentelemetry.proto:opentelemetry-proto:1.7.0-alpha",
   "io.opentelemetry:opentelemetry-extension-annotations:1.18.0", // deprecated, no longer part of bom
   "org.assertj:assertj-core:3.27.3",
   "org.awaitility:awaitility:4.3.0",

docs/contributing/running-tests.md

@@ -2,7 +2,7 @@
 
 ## Java versions
 
-Open Telemetry Auto Instrumentation's minimal supported version is java 8.
+OpenTelemetry Auto Instrumentation's minimal supported version is java 8.
 All jar files that we produce, unless noted otherwise, have bytecode
 compatibility with the java 8 runtime. Our test suite is executed against
 java 8, all LTS versions and the latest non-LTS version.

docs/safety-mechanisms.md

@@ -29,7 +29,7 @@ of the agent.
 ## Muzzle compile time checks
 
 Muzzle is the tool we use to ensure we do not apply agent instrumentation if it would break the
-user's app. Details on its implementation can be found [here](./contributing/muzzle.md).
+user's app. Details on its implementation can be found in [muzzle](./contributing/muzzle.md).
 
 Continuous build runs a muzzle compile time check for every library. This check will select random
 versions of the library available in Maven and check if our agent will cleanly apply to it. The
@@ -51,7 +51,7 @@ potentially cause linkage errors.
 
 ## Classloader separation
 
-See more detail about the class loader separation [here](./contributing/javaagent-structure.md).
+See more details about the class loader separation in [javaagent structure](./contributing/javaagent-structure.md).
 
 The Java agent makes sure to include as little code as possible in the user app's class loader, and
 all code that is included is either unique to the agent itself or shaded in the agent build. This is