Merge branch 'main' of https://github.com/open-telemetry/opentelemetry-java into update-is-enabled-methods

Author: jack-berg

.clomonitor.yml

@@ -1,5 +1,8 @@
+# see https://github.com/cncf/clomonitor/blob/main/docs/checks.md#exemptions
 exemptions:
   - check: artifacthub_badge
     reason: "Artifact Hub doesn't support Java packages"
   - check: signed_releases
     reason: "Maven central releases are signed and there are no GitHub release artifacts"
+  - check: openssf_badge
+    reason: "ETOOMANYBADGES, but the work has been done: https://www.bestpractices.dev/projects/9991"

.github/renovate.json5

@@ -1,60 +1,85 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:recommended",
-    "docker:pinDigests",
-    "helpers:pinGitHubActionDigests"
+  $schema: 'https://docs.renovatebot.com/renovate-schema.json',
+  extends: [
+    'config:best-practices',
+    'helpers:pinGitHubActionDigestsToSemver',
   ],
-  "packageRules": [
+  packageRules: [
     {
       // this is to reduce the number of renovate PRs
-      "matchManagers": [
-        "github-actions",
-        "dockerfile"
+      matchManagers: [
+        'github-actions',
+        'dockerfile',
       ],
-      "extends": ["schedule:weekly"],
-      "groupName": "weekly update"
+      extends: [
+        'schedule:weekly',
+      ],
+      groupName: 'weekly update',
     },
     {
-      "matchPackageNames": [
-        "io.opentelemetry.contrib:opentelemetry-aws-xray-propagator",
-        "io.opentelemetry.proto:opentelemetry-proto",
-        "io.opentelemetry.semconv:opentelemetry-semconv-incubating"
+      matchPackageNames: [
+        'io.opentelemetry.contrib:opentelemetry-aws-xray-propagator',
+        'io.opentelemetry.proto:opentelemetry-proto',
+        'io.opentelemetry.semconv:opentelemetry-semconv-incubating',
       ],
       // Renovate's default behavior is only to update from unstable -> unstable if it's for the
       // major.minor.patch, under the assumption that you would want to update to the stable version
       // of that release instead of the unstable version for a future release
       // (TODO remove once the artifacts above release stable versions)
-      "ignoreUnstable": false,
-      "allowedVersions": "!/\\-SNAPSHOT$/"
+      ignoreUnstable: false,
+      allowedVersions: '!/\\-SNAPSHOT$/',
     },
     {
       // junit-pioneer 2+ requires Java 11+
-      "matchPackageNames": ["org.junit-pioneer:junit-pioneer"],
-      "matchUpdateTypes": ["major"],
-      "enabled": false
+      matchPackageNames: [
+        'org.junit-pioneer:junit-pioneer',
+      ],
+      matchUpdateTypes: [
+        'major',
+      ],
+      enabled: false,
     },
     {
       // mockito 5+ requires Java 11+
-      "matchPackagePrefixes": ["org.mockito:"],
-      "matchUpdateTypes": ["major"],
-      "enabled": false
+      matchUpdateTypes: [
+        'major',
+      ],
+      enabled: false,
+      matchPackageNames: [
+        'org.mockito:{/,}**',
+      ],
     },
     {
       // jqf-fuzz version 1.8+ requires Java 11+
-      "matchPackageNames": ["edu.berkeley.cs.jqf:jqf-fuzz"],
-      "matchUpdateTypes": ["major", "minor"],
-      "enabled": false
+      matchPackageNames: [
+        'edu.berkeley.cs.jqf:jqf-fuzz',
+      ],
+      matchUpdateTypes: [
+        'major',
+        'minor',
+      ],
+      enabled: false,
     },
     {
       // pinned version for compatibility
-      "matchPackageNames": ["org.jetbrains.kotlinx:kotlinx-coroutines-core"],
-      "matchCurrentVersion": "1.5.2",
-      "enabled": false
+      matchPackageNames: [
+        'org.jetbrains.kotlinx:kotlinx-coroutines-core',
+      ],
+      matchCurrentVersion: '1.5.2',
+      enabled: false,
+    },
+    {
+      groupName: 'spotless packages',
+      matchPackageNames: [
+        'com.diffplug.spotless{/,}**',
+      ],
     },
     {
-      "matchPackagePrefixes": ["com.diffplug.spotless"],
-      "groupName": "spotless packages"
+      // equals verifier v4+ requires java 17+
+      groupName: 'nl.jqno.equalsverifier',
+      matchPackageNames: [ 'equalsverifier'],
+      matchUpdateTypes: [ 'major' ],
+      enabled: false
     }
-  ]
+  ],
 }

.github/repository-settings.md

@@ -1,98 +1,8 @@
 # Repository settings
 
-Repository settings in addition to what's documented already at
-<https://github.com/open-telemetry/community/blob/main/docs/how-to-configure-new-repository.md>.
-
-## General > Pull Requests
-
-- Allow squash merging > Default to pull request title
-
-- Allow auto-merge
-
-## Actions > General
-
-- Fork pull request workflows from outside collaborators:
-  "Require approval for first-time contributors who are new to GitHub"
-
-  (To reduce friction for new contributors,
-  as the default is "Require approval for first-time contributors")
-
-- Workflow permissions
-  - Default permissions granted to the `GITHUB_TOKEN` when running workflows in this repository:
-    Read repository contents and packages permissions
-  - Allow GitHub Actions to create and approve pull requests: UNCHECKED
-
-## Rules > Rulesets
-
-### `main` and release branches
-
-- Targeted branches:
-  - `main`
-  - `release/*`
-- Branch rules
-  - Restrict deletions: CHECKED
-  - Require linear history: CHECKED
-  - Require a pull request before merging: CHECKED
-    - Required approvals: 1
-    - Require review from Code Owners: CHECKED
-    - Allowed merge methods: Squash
-  - Require status checks to pass
-    - Do not require status checks on creation: CHECKED
-    - Status checks that are required
-      - EasyCLA
-      - `required-status-check`
-      - `gradle-wrapper-validation`
-  - Block force pushes: CHECKED
-  - Require code scanning results: CHECKED
-    - CodeQL
-      - Security alerts: High or higher
-      - Alerts: Errors
-
-### `benchmarks` branch
-
-- Targeted branches:
-  - `benchmarks`
-- Branch rules
-  - Restrict deletions: CHECKED
-  - Require linear history: CHECKED
-  - Block force pushes: CHECKED
-
-### Old-style release branches
-
-- Targeted branches:
-  - `v0.*`
-  - `v1.*`
-- Branch rules
-  - Restrict creations: CHECKED
-  - Restrict updates: CHECKED
-  - Restrict deletions: CHECKED
-
-### Restrict branch creation
-
-- Targeted branches
-  - Exclude:
-    - `release/*`
-    - `renovate/**/*`
-    - `otelbot/**/*`
-    - `revert-*/**/*` (these are created when using the GitHub UI to revert a PR)
-- Restrict creations: CHECKED
-
-### Restrict updating tags
-
-- Targeted tags
-  - All tags
-- Restrict updates: CHECKED
-- Restrict deletions: CHECKED
-
-## Branch protections
-
-### `main`, `release/*`
-
-- Restrict who can push to matching branches: CHECKED
-
-## Code security and analysis
-
-- Secret scanning: Enabled
+This document describes any changes that have been made to the
+settings in this repository outside the settings tracked in the
+private admin repo.
 
 ## Secrets and variables > Actions
 
@@ -103,3 +13,12 @@ Repository settings in addition to what's documented already at
   - Key is associated with [@trask](https://github.com/trask)'s gmail address
 - `SONATYPE_KEY` - owned by [@jack-berg](https://github.com/jack-berg)
 - `SONATYPE_USER` - owned by [@jack-berg](https://github.com/jack-berg)
+
+### Organization secrets
+
+- `FOSSA_API_KEY`
+- `OTELBOT_PRIVATE_KEY`
+
+### Organization variables
+
+- `OTELBOT_APP_ID`

.github/scripts/generate-release-contributors.sh

@@ -86,5 +86,5 @@ echo $contributors1 $contributors2 \
   | grep -v github-actions \
   | grep -v renovate \
   | grep -v codecov \
-  | grep -v opentelemetrybot \
+  | grep -v otelbot \
   | sed 's/^/@/'

.github/scripts/update-version.sh

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+version=$1
+versionWithSnapshot="$version-SNAPSHOT"
+
+sed -Ei "s/[0-9]+\.[0-9]+\.[0-9]+/$version/" version.gradle.kts
+
+sed -Ei "1 s/(Comparing source compatibility of [a-z-]+)-[0-9]+\.[0-9]+\.[0-9]+(-SNAPSHOT)?.jar/\1-$versionWithSnapshot.jar/" docs/apidiffs/current_vs_latest/*.txt

.github/scripts/use-cla-approved-github-bot.sh

@@ -1,4 +1,4 @@
 #!/bin/bash -e
 
-git config user.name opentelemetrybot
-git config user.email 107717825+opentelemetrybot@users.noreply.github.com
+git config user.name otelbot
+git config user.email 197425009+otelbot@users.noreply.github.com

.github/workflows/backport.yml

@@ -29,16 +29,22 @@ jobs:
       - name: Use CLA approved github bot
         run: .github/scripts/use-cla-approved-github-bot.sh
 
+      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        id: otelbot-token
+        with:
+          app-id: ${{ vars.OTELBOT_APP_ID }}
+          private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
+
       - name: Create pull request
         env:
           NUMBER: ${{ github.event.inputs.number }}
           # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
-          GH_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }}
+          GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}
         run: |
           commit=$(gh pr view $NUMBER --json mergeCommit --jq .mergeCommit.oid)
           title=$(gh pr view $NUMBER --json title --jq .title)
 
-          branch="opentelemetrybot/backport-${NUMBER}-to-${GITHUB_REF_NAME//\//-}"
+          branch="otelbot/backport-${NUMBER}-to-${GITHUB_REF_NAME//\//-}"
 
           git checkout -b $branch
           git cherry-pick $commit

.github/workflows/benchmark-tags.yml

@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: write # for git push to benchmarks branch
     name: Benchmark SDK
-    runs-on: self-hosted
+    runs-on: equinix-bare-metal
     timeout-minutes: 10
     strategy:
       fail-fast: false
@@ -50,13 +50,13 @@ jobs:
 
       - id: setup-java
         name: Set up Java for build
-        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: temurin
           java-version: 17
 
       - name: Set up gradle
-        uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0
+        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
       - name: Run jmh
         run: ./gradlew jmhJar
 

.github/workflows/benchmark.yml

@@ -13,20 +13,20 @@ jobs:
     permissions:
       contents: write # for git push to benchmarks branch
     name: Benchmark SDK
-    runs-on: self-hosted
+    runs-on: equinix-bare-metal
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - id: setup-java
         name: Set up Java for build
-        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: temurin
           java-version: 17
 
       - name: Set up gradle
-        uses: gradle/actions/setup-gradle@94baf225fe0a508e581a564467443d0e2379123b # v4.3.0
+        uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1
       - name: Run jmh
         run: ./gradlew jmhJar
 

.github/workflows/build-tracecontext-testsuite.yml

@@ -22,14 +22,14 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to GitHub package registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: integration-tests/tracecontext/docker
           push: true