Merge branch 'main' of github.com:open-telemetry/opentelemetry-java-instrumentation into semconv-stable-code

Author: SylvainJuge

.github/repository-settings.md

@@ -1,117 +1,8 @@
 # Repository settings
 
 This document describes any changes that have been made to the
-settings for this repository beyond the [OpenTelemetry default repository
-settings](https://github.com/open-telemetry/community/blob/main/docs/how-to-configure-new-repository.md#repository-settings).
-
-## General > Pull Requests
-
-- Allow squash merging > Default to pull request title
-
-- Allow auto-merge
-
-## Actions > General
-
-- Fork pull request workflows from outside collaborators:
-  "Require approval for first-time contributors who are new to GitHub"
-
-  (To reduce friction for new contributors,
-  as the default is "Require approval for first-time contributors")
-
-- Workflow permissions
-  - Default permissions granted to the `GITHUB_TOKEN` when running workflows in this repository:
-    Read repository contents and packages permissions
-  - Allow GitHub Actions to create and approve pull requests: UNCHECKED
-
-## Rules > Rulesets
-
-### `main` and release branches
-
-- Targeted branches:
-  - `main`
-  - `release/*`
-- Branch rules
-  - Restrict deletions: CHECKED
-  - Require a pull request before merging: CHECKED
-    - Required approvals: 1
-    - Require review from Code Owners: CHECKED
-    - Allowed merge methods: Squash
-  - Require status checks to pass
-    - Do not require status checks on creation: CHECKED
-    - Status checks that are required
-      - EasyCLA
-      - `required-status-check`
-      - `gradle-wrapper-validation`
-  - Block force pushes: CHECKED
-  - Require code scanning results: CHECKED
-    - CodeQL
-      - Security alerts: High or higher
-      - Alerts: Errors
-
-> [!NOTE]
-> This repository can't "require linear history" because there is an old merge commit on `main`
-> (and so also on the release branches).
-
-### `cloudfoundry` branch
-
-- Targeted branches:
-  - `cloudfoundry`
-- Branch rules
-  - Restrict deletions: CHECKED
-  - Require linear history: CHECKED
-  - Require a pull request before merging: CHECKED
-    - Required approvals: 1
-    - Require review from Code Owners: CHECKED
-    - Allowed merge methods: Squash
-  - Require status checks to pass
-    - EasyCLA
-  - Block force pushes: CHECKED
-
-### `gh-pages` branch
-
-- Targeted branches:
-  - `gh-pages`
-- Branch rules
-  - Restrict deletions: CHECKED
-  - Require linear history: CHECKED
-  - Block force pushes: CHECKED
-
-### Old-style release branches
-
-- Targeted branches:
-  - `v0.*`
-  - `v1.*`
-- Branch rules
-  - Restrict creations: CHECKED
-  - Restrict updates: CHECKED
-  - Restrict deletions: CHECKED
-
-### Restrict branch creation
-
-- Targeted branches
-  - Exclude:
-    - `release/*`
-    - `renovate/**/*`
-    - `otelbot/**/*`
-    - `revert-*/**/*` (these are created when using the GitHub UI to revert a PR)
-- Restrict creations: CHECKED
-
-### Restrict updating tags
-
-- Targeted tags
-  - All tags
-- Restrict updates: CHECKED
-- Restrict deletions: CHECKED
-
-## Branch protections
-
-### `main`, `release/*`, `cloudfoundry`
-
-- Restrict who can push to matching branches: CHECKED
-
-## Code security and analysis
-
-- Secret scanning: Enabled
+settings in this repository outside the settings tracked in the
+private admin repo.
 
 ## Secrets and variables > Actions
 

.github/workflows/codeql.yml

@@ -50,7 +50,7 @@ jobs:
           cache-read-only: ${{ github.event_name == 'pull_request' }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/init@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
         with:
           languages: java, actions
           # using "latest" helps to keep up with the latest Kotlin support
@@ -65,4 +65,4 @@ jobs:
         run: ./gradlew assemble -x javadoc -x :instrumentation:quarkus-resteasy-reactive:quarkus3-testing:quarkusGenerateCodeDev -x :instrumentation:quarkus-resteasy-reactive:quarkus2-testing:quarkusGenerateCodeDev --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/analyze@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19

.github/workflows/issue-management-feedback-label.yml

@@ -12,6 +12,7 @@ jobs:
     permissions:
       contents: read
       issues: write
+      pull-requests: write
     if: >
       contains(github.event.issue.labels.*.name, 'needs author feedback') &&
       github.event.comment.user.login == github.event.issue.user.login

.github/workflows/ossf-scorecard.yml

@@ -23,7 +23,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+      - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
         with:
           sarif_file: results.sarif

.github/workflows/publish-petclinic-benchmark-image.yml

@@ -32,7 +32,7 @@ jobs:
         run: echo "TS=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_ENV
 
       - name: Push to GitHub packages
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           push: true
           file: benchmark-overhead/Dockerfile.petclinic

CHANGELOG.md

@@ -2,6 +2,33 @@
 
 ## Unreleased
 
+### Migration notes
+- Tomcat metrics definitions provided by JMX Metric Insight subsystem
+  - metric `http.server.tomcat.errorCount` --> `tomcat.error.count`
+    - attribute: `name` --> `tomcat.request.processor.name`
+    - type: Gauge --> Counter
+  - metric `http.server.tomcat.requestCount` --> `tomcat.request.count`
+    - attribute: `name` --> `tomcat.request.processor.name`
+    - type: Gauge --> Counter
+  - metric `http.server.tomcat.maxTime` --> `tomcat.request.duration.max`
+    - attribute: `name` --> `tomcat.request.processor.name`
+    - unit: `ms` --> `s`
+  - metric `http.server.tomcat.processingTime` --> `tomcat.request.duration.sum`
+    - attribute: `name` --> `tomcat.request.processor.name`
+    - unit: `ms` --> `s`
+  - metric `http.server.tomcat.traffic` --> `tomcat.network.io`
+    - attribute: `name` --> `tomcat.request.processor.name`, `direction` --> `network.io.direction`
+  - metric `http.server.tomcat.sessions.activeSessions` --> `tomcat.session.active.count`
+    - attribute: `context` --> `tomcat.context`
+  - metric `http.server.tomcat.threads` split into two metrics: `tomcat.thread.count` and `tomcat.thread.busy.count`
+    - attribute: `name` --> `tomcat.thread.pool.name`, `state` removed
+
+### 📈 Enhancements
+
+- **JMX Metric Insight**: improved Tomcat metrics alignment to semconv (see Migration notes above for details) and added new Tomcat metrics: `tomcat.session.active.limit`, `tomcat.thread.limit`
+  ([#13650](https://github.com/open-telemetry/opentelemetry-java-instrumentation/pull/13650))
+
+
 ## Version 2.16.0 (2025-05-15)
 
 ### ⚠️⚠️ Breaking changes ⚠️⚠️
@@ -11,7 +38,6 @@
 - Remove deprecated property for disabling kafka metrics
   ([#13803](https://github.com/open-telemetry/opentelemetry-java-instrumentation/pull/13803))
 
-
 ### 🌟 New javaagent instrumentation
 
 - Add Avaje Jex Instrumentation

CONTRIBUTING.md

@@ -17,8 +17,8 @@ See [Running the tests](./docs/contributing/running-tests.md) for more details.
 
 For developers testing code changes before a release is complete, there are
 snapshot builds of the `main` branch. They are available from
-the Sonatype OSS snapshots repository at `https://oss.sonatype.org/content/repositories/snapshots/`
-([browse](https://oss.sonatype.org/content/repositories/snapshots/io/opentelemetry/))
+the Sonatype snapshot repository at `https://central.sonatype.com/repository/maven-snapshots/`
+([browse](https://central.sonatype.com/service/rest/repository/browse/maven-snapshots/io/opentelemetry/)).
 
 ### Building from source
 

RELEASING.md

@@ -8,7 +8,7 @@ The version is specified in [version.gradle.kts](version.gradle.kts).
 
 Every successful CI build of the main branch automatically executes `./gradlew publishToSonatype`
 as the last step, which publishes a snapshot build to
-[Sonatype OSS snapshots repository](https://oss.sonatype.org/content/repositories/snapshots/io/opentelemetry/).
+[Sonatype snapshot repository](https://central.sonatype.com/service/rest/repository/browse/maven-snapshots/io/opentelemetry/).
 
 ## Release cadence
 

benchmark-overhead/Dockerfile.petclinic

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:11.0.27_6-jdk@sha256:2efe33b5bd32f948e827c66761f0190150103ba3316395703a6e14322b0f4b87 as app-build
+FROM eclipse-temurin:11.0.27_6-jdk@sha256:2ecaad32bb7a709078bac5a56669c292cfb1bb2cbabcdbe8340e9367bbf7e5d4 as app-build
 
 # This is the base image that will contain a built version of the spring-petclinic-rest
 # application. Installing the dependencies and maven compiling the application is time

benchmark-overhead/build.gradle.kts

@@ -16,7 +16,7 @@ repositories {
 }
 
 dependencies {
-  implementation(enforcedPlatform("org.junit:junit-bom:5.12.2"))
+  implementation(enforcedPlatform("org.junit:junit-bom:5.13.1"))
 
   testImplementation("org.testcontainers:testcontainers:1.21.1")
   testImplementation("org.testcontainers:postgresql:1.21.1")