Merge branch 'main' into nats-instrumentation

Author: jaydeluca

.fossa.yml

@@ -100,6 +100,9 @@ targets:
     - type: gradle
       path: ./
       target: ':instrumentation:external-annotations:javaagent'
+    - type: gradle
+      path: ./
+      target: ':instrumentation:failsafe-3.0:library'
     - type: gradle
       path: ./
       target: ':instrumentation:finagle-http-23.11:javaagent'

.github/renovate.json5

@@ -112,6 +112,17 @@
         'io.opentelemetry:{/,}**',
       ],
     },
+    {
+      // junit 6+ requires Java 17+
+      matchPackageNames: [
+        'org.junit:**',
+        'org.junit.jupiter:**',
+      ],
+      matchUpdateTypes: [
+        'major',
+      ],
+      enabled: false,
+    },
     {
       // junit-pioneer 2+ requires Java 11+
       matchPackageNames: [

.github/scripts/dependencies.dockerfile

@@ -1,3 +1,3 @@
 # this file exists so that Renovate can auto-update docker image versions that are then used elsewhere
 
-FROM lycheeverse/lychee:sha-2aa22f8@sha256:2e3786630482c41f9f2dd081e06d7da1c36d66996e8cf6573409b8bc418d48c4 AS lychee
+FROM lycheeverse/lychee:sha-8222559@sha256:6f49010cc46543af3b765f19d5319c0cdd4e8415d7596e1b401d5b4cec29c799 AS lychee

.github/workflows/build-common.yml

@@ -289,7 +289,7 @@ jobs:
 
       # vaadin tests use pnpm
       - name: Cache pnpm modules
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.pnpm-store
           key: ${{ runner.os }}-test-cache-pnpm-modules

.github/workflows/codeql.yml

@@ -63,7 +63,7 @@ jobs:
           cache-read-only: ${{ github.event_name == 'pull_request' }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           languages: ${{ matrix.language }}
           # using "linked" helps to keep up with the linked Kotlin support
@@ -84,6 +84,6 @@ jobs:
           --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -19,4 +19,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3
+        uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0

.github/workflows/documentation-disable-list-audit.yml

@@ -0,0 +1,57 @@
+name: Documentation Synchronization Audit (opentelemetry.io)
+
+on:
+  push:
+    tags:
+      - 'v*' # run on release tags
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  crawl:
+    runs-on: ubuntu-latest
+    outputs:
+      audit-output: ${{ steps.audit.outputs.AUDIT_OUTPUT }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Set up gradle
+        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
+
+      - name: Run instrumentation analyzer (identify any module changes)
+        run: ./gradlew :instrumentation-docs:runAnalysis
+
+      - name: Run doc site audit
+        id: audit
+        run: |
+          if ! output=$(./gradlew :instrumentation-docs:docSiteAudit 2>&1); then
+            echo "AUDIT_FAILED=true" >> $GITHUB_OUTPUT
+            echo "AUDIT_OUTPUT<<EOF" >> $GITHUB_OUTPUT
+            # Extract only the content between our custom markers
+            echo "$output" | sed -n '/=== AUDIT_FAILURE_START ===/,/=== AUDIT_FAILURE_END ===/p' | \
+              sed '/=== AUDIT_FAILURE_START ===/d' | \
+              sed '/=== AUDIT_FAILURE_END ===/d' >> $GITHUB_OUTPUT
+            echo "EOF" >> $GITHUB_OUTPUT
+            exit 1
+          else
+            echo "AUDIT_FAILED=false" >> $GITHUB_OUTPUT
+          fi
+
+  workflow-notification:
+    permissions:
+      contents: read
+      issues: write
+    needs:
+      - crawl
+    if: always()
+    uses: ./.github/workflows/reusable-workflow-notification.yml
+    with:
+      success: ${{ needs.crawl.result == 'success' }}
+      failure-details: ${{ needs.crawl.outputs.audit-output }}

.github/workflows/documentation-synchronization-audit.yml

@@ -4,6 +4,7 @@ on:
   schedule:
     # hourly at minute 23
     - cron: "23 * * * *"
+  workflow_dispatch:
 
 permissions:
   contents: read
@@ -12,25 +13,57 @@ jobs:
   stale:
     permissions:
       contents: read
+      actions: write # because actions/stale deletes its old cache before saving new one
       issues: write  # for actions/stale to close stale issues
       pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
+      # Action #1: Handle issues/PRs awaiting author feedback
+      # - After 7 days inactive: Adds "stale" label + warning comment
+      # - After 7 more days inactive: Closes
       - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          only-labels: "needs author feedback"
           days-before-stale: 7
           days-before-close: 7
-          only-labels: "needs author feedback"
           stale-issue-label: stale
           stale-issue-message: >
-            This has been automatically marked as stale because it has been marked
-            as needing author feedback and has not had any activity for 7 days.
-            It will be closed automatically if there is no response from the author
-            within 7 additional days from this comment.
+            This issue has been labeled as stale due to lack of activity and needing author feedback.
+            It will be automatically closed if there is no further activity over the next 7 days.
+          stale-pr-label: stale
+          stale-pr-message: >
+            This PR has been labeled as stale due to lack of activity and needing author feedback.
+            It will be automatically closed if there is no further activity over the next 7 days.
+
+      # Action #2: Close old enhancement requests
+      # - Targets: Issues with "enhancement" label (but NOT "needs author feedback")
+      # - After 365 days inactive: Adds "stale" label + closes immediately (no warning period)
+      # - Skips: Issues with "needs author feedback" to avoid conflicts with Action #1
+      - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
+        with:
+          only-labels: "enhancement"
+          # Skip issues that need author feedback (handled by the first action with 7+7 day policy)
+          exempt-issue-labels: "needs author feedback"
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          days-before-stale: 365
+          days-before-close: 0
+          close-issue-label: stale
+          close-issue-message: >
+            Since there has been no activity on this enhancement for the past year we are closing it to help maintain our backlog.
+            Anyone who would like to work on it is still welcome to do so, and we can re-open it at that time.
+
+      # Action #3: Handle stale PRs
+      # - After 180 days inactive: Adds "stale" label + warning comment
+      # - After 14 more days inactive: Closes
+      - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
+        with:
+          days-before-issue-stale: -1
+          days-before-issue-close: -1
+          days-before-pr-stale: 180
+          days-before-pr-close: 14
           stale-pr-label: stale
           stale-pr-message: >
-            This has been automatically marked as stale because it has been marked
-            as needing author feedback and has not had any activity for 7 days.
-            It will be closed automatically if there is no response from the author
-            within 7 additional days from this comment.
+            This PR has been labeled as stale due to lack of activity.
+            It will be automatically closed if there is no further activity over the next 14 days.
+          exempt-draft-pr: false

.github/workflows/issue-management-stale-action.yml

@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           sarif_file: results.sarif