Merge branch 'main' into add_metric_annotation_instrument

Author: Duncan-tree-zhou

.fossa.yml

@@ -190,6 +190,9 @@ targets:
     - type: gradle
       path: ./
       target: ':instrumentation:jdbc:library'
+    - type: gradle
+      path: ./
+      target: ':instrumentation:jfinal-3.2:javaagent'
     - type: gradle
       path: ./
       target: ':instrumentation:jmx-metrics:javaagent'
@@ -337,6 +340,12 @@ targets:
     - type: gradle
       path: ./
       target: ':instrumentation:armeria:armeria-grpc-1.14:javaagent'
+    - type: gradle
+      path: ./
+      target: ':instrumentation:async-http-client:async-http-client-1-common:javaagent'
+    - type: gradle
+      path: ./
+      target: ':instrumentation:async-http-client:async-http-client-1.8:javaagent'
     - type: gradle
       path: ./
       target: ':instrumentation:async-http-client:async-http-client-1.9:javaagent'

.github/CODEOWNERS

@@ -1,10 +1,6 @@
 #
 # Learn about membership in OpenTelemetry community:
 #  https://github.com/open-telemetry/community/blob/main/guides/contributor/membership.md
-# 
-#
-# Learn about CODEOWNERS file format: 
-#  https://help.github.com/en/articles/about-code-owners
 #
 
 * @open-telemetry/java-instrumentation-approvers

.github/config/lychee.toml

@@ -1,3 +1,6 @@
+# Lychee configuration file
+# See https://lychee.cli.rs/config/
+
 timeout = 30
 retry_wait_time = 5
 max_retries = 6

.github/renovate.json5

@@ -7,23 +7,18 @@
   ignorePaths: [
     'instrumentation/**',
   ],
-  // needed in order to get patch-only updates in package rules below
-  // unfortunately you can't combine updateTypes and separateMinorPatch in the same package rule
-  // so we have to apply it globally here, see
-  // https://github.com/renovatebot/renovate/discussions/8399#discussioncomment-305798
-  separateMinorPatch: true,
   packageRules: [
     {
       // this is to reduce the number of renovate PRs
       matchManagers: [
         'github-actions',
         'dockerfile',
+        'custom.regex',
       ],
       extends: [
         'schedule:weekly',
       ],
       groupName: 'weekly update',
-      separateMinorPatch: false,  // overrides separateMinorPatch specified above
     },
     {
       matchPackageNames: [
@@ -43,6 +38,14 @@
       ignoreUnstable: false,
       allowedVersions: '!/\\-SNAPSHOT$/',
     },
+    {
+      // currently using gradle plugin org.playframework.play 3.1.0 milestone releases
+      // but don't want to pick up SNAPSHOT releases
+      matchPackageNames: [
+        'org.playframework.play:**',
+      ],
+      allowedVersions: '!/\\-SNAPSHOT$/',
+    },
     {
       groupName: 'quarkus packages',
       matchPackageNames: [
@@ -93,13 +96,6 @@
         'com.fasterxml.jackson.core:**',
       ],
     },
-    {
-      // prevent update to 2.4-groovy-4.0-SNAPSHOT
-      allowedVersions: '!/\\-SNAPSHOT$/',
-      matchPackageNames: [
-        'org.spockframework:**',
-      ],
-    },
     {
       // prevent 3.0.1u2 -> 3.0.1
       matchPackageNames: [
@@ -150,72 +146,78 @@
       matchPackageNames: [
         'uk.org.webcompere:system-stubs-jupiter',
       ],
+      allowedVersions: '/^2\\.0\\./',
+    },
+    {
+      // wiremock 3+ requires Java 11+
       matchUpdateTypes: [
         'major',
-        'minor',
       ],
       enabled: false,
+      matchPackageNames: [
+        'com.github.tomakehurst:wiremock-jre8'
+      ],
     },
     {
-      // wiremock 3+ requires Java 11+
+      // snakeyaml-engine 3+ requires Java 11+
       matchUpdateTypes: [
         'major',
       ],
       enabled: false,
       matchPackageNames: [
-        'com.github.tomakehurst:wiremock-jre8'
+        'org.snakeyaml:snakeyaml-engine'
       ],
     },
     {
-      // intentionally using Spring Boot 2 in this smoke tests
-      // new versions of Spring Boot 3 are tested with
-      // https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/dc4330e0a3060bd7d8c4090ad0b8fc4727e68113/settings.gradle.kts#L43-L45
-      matchFileNames: [
-        'smoke-tests/images/spring-boot/build.gradle.kts',
-        'smoke-tests-otel-starter/spring-boot-2/build.gradle.kts',
-        'smoke-tests-otel-starter/spring-boot-common/build.gradle.kts',
-        'smoke-tests-otel-starter/spring-boot-reactive-2/build.gradle.kts',
-        'smoke-tests-otel-starter/spring-boot-reactive-common/build.gradle.kts',
-        'smoke-tests-otel-starter/spring-smoke-testing/build.gradle.kts',
+      // groovy 5+ requires Java 11+
+      matchUpdateTypes: [
+        'major',
       ],
+      enabled: false,
       matchPackageNames: [
-        'org.slf4j:slf4j-api',
-        'org.springframework.boot:org.springframework.boot.gradle.plugin', // this is for plugin id "org.springframework.boot"
-        'org.springframework.boot:spring-boot-dependencies',
+        'org.apache.groovy:**'
+      ],
+    },
+    {
+      // vaadin 14 tests require node 16
+      matchPackageNames: [
+        'actions/node-versions',
       ],
       matchUpdateTypes: [
         'major',
-        'minor',
       ],
       enabled: false,
     },
     {
-      // intentionally using Spring Boot 2 in this smoke tests
+      // intentionally using Spring Boot 2 in these smoke tests
       matchFileNames: [
+        'smoke-tests/images/spring-boot/build.gradle.kts',
         'smoke-tests-otel-starter/spring-boot-2/build.gradle.kts',
+        'smoke-tests-otel-starter/spring-boot-common/build.gradle.kts',
         'smoke-tests-otel-starter/spring-boot-reactive-2/build.gradle.kts',
+        'smoke-tests-otel-starter/spring-boot-reactive-common/build.gradle.kts',
+        'smoke-tests-otel-starter/spring-smoke-testing/build.gradle.kts',
       ],
       matchPackageNames: [
-        'ch.qos.logback:logback-classic',
+        'org.slf4j:slf4j-api',
+        'org.springframework.boot:**',
       ],
       matchUpdateTypes: [
-        'minor',
+        'major',
       ],
       enabled: false,
     },
     {
-      // intentionally using logback 1.2 in this smoke tests
+      // intentionally using Logback 1.2 (for Spring Boot 2) in these smoke tests
       matchFileNames: [
         'smoke-tests/images/spring-boot/build.gradle.kts',
+        'smoke-tests-otel-starter/spring-boot-2/build.gradle.kts',
+        'smoke-tests-otel-starter/spring-boot-reactive-2/build.gradle.kts',
       ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
-      ],
-      enabled: false,
       matchPackageNames: [
         'ch.qos.logback:**',
       ],
+      allowedVersions: '/^1\\.2\\./',
     },
     {
       // intentionally using slf4j 1 in this smoke tests
@@ -246,18 +248,26 @@
       ],
     },
     {
-      // intentionally aligning both netty 4.0 and 4.1 version in this convention
+      // intentionally aligning netty 4.0 versions in this convention
       matchFileNames: [
         'conventions/src/main/kotlin/otel.java-conventions.gradle.kts',
       ],
       matchPackageNames: [
         'io.netty:netty-bom',
       ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
+      matchCurrentVersion: '/^4\\.0\\./',
+      allowedVersions: '/^4\\.0\\./',
+    },
+    {
+      // intentionally aligning netty 4.1 versions in this convention
+      matchFileNames: [
+        'conventions/src/main/kotlin/otel.java-conventions.gradle.kts',
       ],
-      enabled: false,
+      matchPackageNames: [
+        'io.netty:netty-bom',
+      ],
+      matchCurrentVersion: '/^4\\.1\\./',
+      allowedVersions: '/^4\\.1\\./',
     },
     {
       // intentionally using scala 2.11 in otel.scala-conventions.gradle.kts
@@ -267,14 +277,10 @@
       matchPackageNames: [
         'org.scala-lang:scala-library',
       ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
-      ],
-      enabled: false,
+      allowedVersions: '/^2\\.11\\./',
     },
     {
-      // intentionally using Java 11 in some examples
+      // intentionally testing against specific major Java versions
       matchPackageNames: [
         'eclipse-temurin',
       ],
@@ -312,14 +318,10 @@
       matchFileNames: [
         'dependencyManagement/build.gradle.kts',
       ],
-      matchUpdateTypes: [
-        'major',
-        'minor',
-      ],
-      enabled: false,
       matchPackageNames: [
         'ch.qos.logback:**',
       ],
+      allowedVersions: '/^1\\.3\\./',
     },
     {
       // intentionally using Spring Boot 2 in dependency management (for Java 8 support)
@@ -354,20 +356,31 @@
       datasourceTemplate: 'java-version',
       managerFilePatterns: [
         '.github/workflows/**',
-        '**/*.gradle.kts'
+        '**/*.gradle.kts',
       ],
       matchStrings: [
-        '(?<currentValue>\\d+) # renovate: datasource=java-version',
-        '"(?<currentValue>\\d+)" // renovate: datasource=java-version',
+        '(?<currentValue>\\d+) # renovate\\(java-version\\)',
+        '"(?<currentValue>\\d+)" // renovate\\(java-version\\)',
       ],
       depNameTemplate: 'java',
       extractVersionTemplate: '^(?<version>\\d+)',
     },
+    {
+      customType: 'regex',
+      datasourceTemplate: 'docker',
+      managerFilePatterns: [
+        '**/build.gradle.kts',
+      ],
+      matchStrings: [
+        '"(?<depName>eclipse-temurin):(?<currentValue>[^"@]+)@(?<currentDigest>sha256:[0-9a-f]+)"',
+        '"(?<depName>ibm-semeru-runtimes):(?<currentValue>[^"@]+)@(?<currentDigest>sha256:[0-9a-f]+)"',
+      ],
+    },
     {
       customType: 'regex',
       datasourceTemplate: 'pypi',
       managerFilePatterns: [
-        '/^.github/workflows//',
+        '.github/workflows/**',
       ],
       matchStrings: [
         'pip install (?<depName>[^=]+)==(?<currentValue>[^\\s]+)',
@@ -377,7 +390,7 @@
       customType: 'regex',
       datasourceTemplate: 'npm',
       managerFilePatterns: [
-        '/^.github/workflows//',
+        '.github/workflows/**',
       ],
       matchStrings: [
         'npx (?<depName>[^@]+)@(?<currentValue>[^\\s]+)',

.github/repository-settings.md

@@ -11,8 +11,8 @@ private admin repo.
 - `FLAKY_TEST_REPORTER_ACCESS_KEY` - owned by [@laurit](https://github.com/laurit)
 - `GPG_PASSWORD` - stored in OpenTelemetry-Java 1Password
 - `GPG_PRIVATE_KEY` - stored in OpenTelemetry-Java 1Password
-- `GRADLE_PUBLISH_KEY`
-- `GRADLE_PUBLISH_SECRET`
+- `GRADLE_PUBLISH_KEY` - owned by [@trask](https://github.com/trask)
+- `GRADLE_PUBLISH_SECRET` - owned by [@trask](https://github.com/trask)
 - `NVD_API_KEY` - stored in OpenTelemetry-Java 1Password
   - Generated at https://nvd.nist.gov/developers/request-an-api-key
   - Key is associated with [@trask](https://github.com/trask)'s gmail address

.github/workflows/build-common.yml

@@ -246,7 +246,8 @@ jobs:
           - 11
           - 17
           - 21
-          - 25 # renovate: datasource=java-version
+          - 25 # renovate(java-version)
+          - 25-deny-unsafe
         vm:
           - hotspot
           - openj9
@@ -260,6 +261,8 @@ jobs:
           - true
         exclude:
           - vm: ${{ inputs.skip-openj9-tests && 'openj9' || '' }}
+          - test-java-version: 25-deny-unsafe
+            vm: openj9
       fail-fast: false
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -273,7 +276,7 @@ jobs:
         with:
           # using zulu because new releases get published quickly
           distribution: ${{ matrix.vm == 'hotspot' && 'zulu' || 'adopt-openj9'}}
-          java-version: ${{ matrix.test-java-version }}
+          java-version: ${{ matrix.test-java-version != '25-deny-unsafe' && matrix.test-java-version || '25' }}
 
       - name: Set up JDK for running Gradle
         uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
@@ -329,6 +332,7 @@ jobs:
           -PtestJavaVersion=${{ matrix.test-java-version }}
           -PtestJavaVM=${{ matrix.vm }}
           -PtestIndy=${{ matrix.test-indy }}
+          -PdenyUnsafe=${{ matrix.test-java-version == '25-deny-unsafe' && 'true' || 'false' }}
           -Porg.gradle.java.installations.paths=${{ steps.setup-test-java.outputs.path }}
           -Porg.gradle.java.installations.auto-download=false
           ${{ inputs.no-build-cache && ' --no-build-cache' || '' }}

.github/workflows/codeql.yml

@@ -63,7 +63,7 @@ jobs:
           cache-read-only: ${{ github.event_name == 'pull_request' }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+        uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
         with:
           languages: ${{ matrix.language }}
           # using "linked" helps to keep up with the linked Kotlin support
@@ -84,6 +84,6 @@ jobs:
           --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+        uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -19,4 +19,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
+        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2

.github/workflows/ossf-scorecard.yml

@@ -8,7 +8,8 @@ on:
     - cron: "43 6 * * 5" # weekly at 06:43 (UTC) on Friday
   workflow_dispatch:
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   analysis:
@@ -42,6 +43,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+        uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3
         with:
           sarif_file: results.sarif