From 46b0717ebf78744bfdd29761c948366a3920f32c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 14:08:11 -0700 Subject: [PATCH 01/26] fix(deps): update dependency org.assertj:assertj-bom to v3.27.4 (#7538) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- dependencyManagement/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 79c6a114c5c..567c613de73 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -35,7 +35,7 @@ val DEPENDENCY_BOMS = listOf( "io.netty:netty-bom:4.2.3.Final", "io.zipkin.brave:brave-bom:6.3.0", "io.zipkin.reporter2:zipkin-reporter-bom:3.5.1", - "org.assertj:assertj-bom:3.27.3", + "org.assertj:assertj-bom:3.27.4", "org.testcontainers:testcontainers-bom:1.21.3", "org.snakeyaml:snakeyaml-engine:2.10" ) From 4b8be800224b3ca013373839949f06ef2cb89e6c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Aug 2025 14:08:54 -0700 Subject: [PATCH 02/26] fix(deps): update armeriaversion to v1.33.0 (#7530) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- dependencyManagement/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 567c613de73..097a847b70d 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -16,7 +16,7 @@ val mockitoVersion = "4.11.0" val slf4jVersion = "2.0.17" val opencensusVersion = "0.31.1" val prometheusServerVersion = "1.3.10" -val armeriaVersion = "1.32.5" +val armeriaVersion = "1.33.0" val junitVersion = "5.13.4" val okhttpVersion = "5.1.0" From 0aafadf6efc39f6581311fd0a0fb5f2a1e2bc431 Mon Sep 17 00:00:00 2001 From: Jay DeLuca Date: Tue, 12 Aug 2025 12:05:01 -0400 Subject: [PATCH 03/26] Update benchmark runner (#7532) --- .github/workflows/benchmark.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 310be8bf962..91303c58e26 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -13,7 +13,9 @@ jobs: permissions: contents: write # for git push to benchmarks branch name: Benchmark SDK - runs-on: equinix-bare-metal + runs-on: oracle-bare-metal-64cpu-512gb-x86-64 + container: + image: ubuntu-24.04 timeout-minutes: 10 steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 From 48927376711e7cc20a2e0dada3b44ed1f7e6a619 Mon Sep 17 00:00:00 2001 From: OpenTelemetry Bot <107717825+opentelemetrybot@users.noreply.github.com> Date: Tue, 12 Aug 2025 09:05:31 -0700 Subject: [PATCH 04/26] Add subscript to issue templates (#7524) Co-authored-by: otelbot <197425009+otelbot@users.noreply.github.com> --- .github/ISSUE_TEMPLATE/bug_report.md | 2 ++ .github/ISSUE_TEMPLATE/feature_request.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 6514766efb4..1bafe4e7d71 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -32,3 +32,5 @@ OS (if different from OS compiled on): (e.g., "Windows Server 2019") **Additional context** Add any other context about the problem here. + +**Tip**: [React](https://github.blog/news-insights/product-news/add-reactions-to-pull-requests-issues-and-comments/) with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding `+1` or `me too`, to help us triage it. Learn more [here](https://opentelemetry.io/community/end-user/issue-participation/). diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 7b124ce80f0..d212bc8bedc 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -18,3 +18,5 @@ A clear and concise description of any alternative solutions or features you've **Additional context** Add any other context or screenshots about the feature request here. + +**Tip**: [React](https://github.blog/news-insights/product-news/add-reactions-to-pull-requests-issues-and-comments/) with 👍 to help prioritize this issue. Please use comments to provide useful context, avoiding `+1` or `me too`, to help us triage it. Learn more [here](https://opentelemetry.io/community/end-user/issue-participation/). From b2c476c405168510a21761a77a5d85a3a891180d Mon Sep 17 00:00:00 2001 From: Jay DeLuca Date: Tue, 12 Aug 2025 13:34:20 -0400 Subject: [PATCH 05/26] Fix benchmark container image (#7559) --- .github/workflows/benchmark.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 91303c58e26..84353d2f15f 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -15,7 +15,7 @@ jobs: name: Benchmark SDK runs-on: oracle-bare-metal-64cpu-512gb-x86-64 container: - image: ubuntu-24.04 + image: ubuntu:24.04 timeout-minutes: 10 steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 From bd9ec81243de87e9fcbbf26fc6312b4a0bf91c9f Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Tue, 12 Aug 2025 15:50:24 -0700 Subject: [PATCH 06/26] Use more reliable release badge (#7564) --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 1f66ecd2d0b..fd710e03e7c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # OpenTelemetry Java -[![Maven Central][maven-image]][maven-url] +[![Release](https://img.shields.io/github/v/release/open-telemetry/opentelemetry-java?include_prereleases&style=)](https://github.com/open-telemetry/opentelemetry-java/releases/) [![Coverage Status][codecov-image]][codecov-url] [![FOSSA License Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fopen-telemetry%2Fopentelemetry-java.svg?type=shield&issueType=license)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fopen-telemetry%2Fopentelemetry-java?ref=badge_shield&issueType=license) [![FOSSA Security Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fopen-telemetry%2Fopentelemetry-java.svg?type=shield&issueType=security)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fopen-telemetry%2Fopentelemetry-java?ref=badge_shield&issueType=security) @@ -303,5 +303,3 @@ We are currently resource constrained and are actively seeking new contributors [codecov-image]: https://codecov.io/gh/open-telemetry/opentelemetry-java/branch/main/graph/badge.svg [codecov-url]: https://app.codecov.io/gh/open-telemetry/opentelemetry-java/branch/main/ [dependencies-and-boms]: https://opentelemetry.io/docs/languages/java/intro/#dependencies-and-boms -[maven-image]: https://maven-badges.sml.io/maven-central/io.opentelemetry/opentelemetry-api/badge.svg -[maven-url]: https://maven-badges.sml.io/maven-central/io.opentelemetry/opentelemetry-api From 3286f41ab8e216ec8350a29041fc4e4852b33a91 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Tue, 12 Aug 2025 15:51:46 -0700 Subject: [PATCH 07/26] Fix broken anchors (#7563) Co-authored-by: Jay DeLuca --- CHANGELOG.md | 2 +- README.md | 2 +- RELEASING.md | 2 +- VERSIONING.md | 2 +- .../opentelemetry/extension/trace/propagation/B3Propagator.java | 2 +- .../extension/trace/propagation/JaegerPropagator.java | 2 +- sdk-extensions/jaeger-remote-sampler/README.md | 2 +- .../sdk/metrics/internal/data/ImmutableHistogramData.java | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ef846d64bb4..4f2846fea2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2758,7 +2758,7 @@ should not be many. Thanks for bearing with us on this. This provides improved ergonomics and control around autoconfigure customization. - Added experimental support for enabling OTLP retry support for the `grpc` exporters. If enabled via `otel.experimental.exporter.otlp.retry.enabled`, - a [default retry policy](https://github.com/open-telemetry/opentelemetry-java/tree/main/sdk-extensions/autoconfigure#otlp-exporter-retry) + a [default retry policy](https://opentelemetry.io/docs/languages/java/configuration/#properties-exporters) will be used. - The metric export interval of `PeriodicMetricReader` is now configured via `otel.metric.export.interval`. The existing `otel.imr.export.interval` property has been diff --git a/README.md b/README.md index fd710e03e7c..7b4eeb1353f 100644 --- a/README.md +++ b/README.md @@ -235,7 +235,7 @@ See the [VERSIONING.md](VERSIONING.md) for complete details on compatibility pol ## Contacting us -We hold regular meetings. See details at [community page](https://github.com/open-telemetry/community#java-sdk). +We hold regular meetings. See details at [community page](https://github.com/open-telemetry/community#implementation-sigs). To report a bug, or request a new feature, please [open an issue](https://github.com/open-telemetry/opentelemetry-java/issues/new/choose). diff --git a/RELEASING.md b/RELEASING.md index aa40c2105b4..fde9c2307da 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -76,7 +76,7 @@ The following credentials are required for building or publishing (and automatic * `SONATYPE_USER` and `SONATYPE_KEY`: Sonatype username and password. * Each maintainer will have their own set of Sonotype credentials with permission to publish to the `io.opentelemetry` group prefix. - * [Register to publish](https://central.sonatype.org/register/central-portal/#and-publishing-is-easy) + * [Register to publish](https://central.sonatype.org/register/central-portal/#publishing) and comment on [OSSRH-63768](https://issues.sonatype.org/browse/OSSRH-63768) with confirmation from another maintainer. * To obtain `SONATYPE_USER` and `SONATYPE_KEY` for your account, login diff --git a/VERSIONING.md b/VERSIONING.md index 2d7eb31a9f4..94f5a33db3a 100644 --- a/VERSIONING.md +++ b/VERSIONING.md @@ -73,7 +73,7 @@ respect to semantic versioning. |----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Java | 8+ | All artifacts, unless otherwise noted | Changing requires major version bump. | | Android | 23+ (NOTE: [desugaring](https://developer.android.com/studio/write/java8-support#library-desugaring) is required. We stay up to date with the latest version of [desugar_jdk_libs](https://github.com/google/desugar_jdk_libs).) | Artifacts using `otel.animalsniffer-conventions` plugin | Kept in sync with minimum requirements for [Google Play services](https://developers.google.com/android/guides/setup). Subject to change in minor version. | -| Kotlin | 1.8+ | Only applies to `opentelemetry-extension-kotlin` | Kept in sync with [minimum non-deprecated](https://kotlinlang.org/docs/gradle-compiler-options.html#attributes-common-to-jvm-and-js) version. Subject to change in minor versions. | +| Kotlin | 1.8+ | Only applies to `opentelemetry-extension-kotlin` | Kept in sync with [minimum non-deprecated](https://kotlinlang.org/docs/gradle-compiler-options.html#attributes-common-to-jvm-and-javascript) version. Subject to change in minor versions. | ## API vs SDK diff --git a/extensions/trace-propagators/src/main/java/io/opentelemetry/extension/trace/propagation/B3Propagator.java b/extensions/trace-propagators/src/main/java/io/opentelemetry/extension/trace/propagation/B3Propagator.java index fb77ce0d2e8..301a9c6c83c 100644 --- a/extensions/trace-propagators/src/main/java/io/opentelemetry/extension/trace/propagation/B3Propagator.java +++ b/extensions/trace-propagators/src/main/java/io/opentelemetry/extension/trace/propagation/B3Propagator.java @@ -20,7 +20,7 @@ * href=https://github.com/openzipkin/b3-propagation>openzipkin/b3-propagation. * *

Also see B3 + * href="https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/context/api-propagators.md#b3-requirements">B3 * Requirements * *

To register the default B3 propagator, which injects a single header, use: diff --git a/extensions/trace-propagators/src/main/java/io/opentelemetry/extension/trace/propagation/JaegerPropagator.java b/extensions/trace-propagators/src/main/java/io/opentelemetry/extension/trace/propagation/JaegerPropagator.java index 290a62bef0e..e3c39078e42 100644 --- a/extensions/trace-propagators/src/main/java/io/opentelemetry/extension/trace/propagation/JaegerPropagator.java +++ b/extensions/trace-propagators/src/main/java/io/opentelemetry/extension/trace/propagation/JaegerPropagator.java @@ -30,7 +30,7 @@ /** * Implementation of the Jaeger propagation protocol. See Jaeger Propagation + * href="https://www.jaegertracing.io/docs/client-libraries/#propagation-format">Jaeger Propagation * Format. */ @Immutable diff --git a/sdk-extensions/jaeger-remote-sampler/README.md b/sdk-extensions/jaeger-remote-sampler/README.md index 0c4af5fa7b4..76a1f8f088c 100644 --- a/sdk-extensions/jaeger-remote-sampler/README.md +++ b/sdk-extensions/jaeger-remote-sampler/README.md @@ -1,6 +1,6 @@ # Jaeger Remote Sampler -This module implements [Jaeger remote sampler](https://www.jaegertracing.io/docs/latest/sampling/#collector-sampling-configuration). +This module implements [Jaeger remote sampler](https://www.jaegertracing.io/docs/latest/sampling/#remote-sampling). The sampler configuration is received from collector's gRPC endpoint. ### Example diff --git a/sdk/metrics/src/main/java/io/opentelemetry/sdk/metrics/internal/data/ImmutableHistogramData.java b/sdk/metrics/src/main/java/io/opentelemetry/sdk/metrics/internal/data/ImmutableHistogramData.java index 20a7dc2a848..952371d4ef7 100644 --- a/sdk/metrics/src/main/java/io/opentelemetry/sdk/metrics/internal/data/ImmutableHistogramData.java +++ b/sdk/metrics/src/main/java/io/opentelemetry/sdk/metrics/internal/data/ImmutableHistogramData.java @@ -17,7 +17,7 @@ * A histogram metric point. * *

See: - * https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/datamodel.md#histogram + * https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/metrics/data-model.md#histogram * *

This class is internal and is hence not for public use. Its APIs are unstable and can change * at any time. From ed9c65e29b209489f4e097f1f807e0259af639eb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 13:07:22 -0700 Subject: [PATCH 08/26] fix(deps): update dependency io.netty:netty-bom to v4.2.4.final (#7567) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- dependencyManagement/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 097a847b70d..94983f06b2c 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -32,7 +32,7 @@ val DEPENDENCY_BOMS = listOf( "com.squareup.okhttp3:okhttp-bom:$okhttpVersion", "com.squareup.okio:okio-bom:3.16.0", // applies to transitive dependencies of okhttp "io.grpc:grpc-bom:1.74.0", - "io.netty:netty-bom:4.2.3.Final", + "io.netty:netty-bom:4.2.4.Final", "io.zipkin.brave:brave-bom:6.3.0", "io.zipkin.reporter2:zipkin-reporter-bom:3.5.1", "org.assertj:assertj-bom:3.27.4", From 53f739e1a12570ef598cf5ea66643195375b9b12 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 13:07:46 -0700 Subject: [PATCH 09/26] chore(deps): update weekly update (#7555) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Trask Stalnaker --- .github/workflows/backport.yml | 4 ++-- .github/workflows/benchmark-tags.yml | 4 ++-- .github/workflows/benchmark.yml | 6 +++--- .github/workflows/build-tracecontext-testsuite.yml | 2 +- .github/workflows/build.yml | 10 +++++----- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/fossa.yml | 2 +- .github/workflows/gradle-wrapper-validation.yml | 4 ++-- .../workflows/issue-management-feedback-label.yml | 2 +- .github/workflows/javadoc-crawler.yml | 4 ++-- .github/workflows/ossf-scorecard.yml | 4 ++-- .github/workflows/owasp-dependency-check-daily.yml | 4 ++-- .github/workflows/prepare-patch-release.yml | 4 ++-- .github/workflows/prepare-release-branch.yml | 10 +++++----- .github/workflows/release.yml | 14 +++++++------- .github/workflows/reusable-markdown-link-check.yml | 5 +++-- .github/workflows/reusable-misspell-check.yml | 2 +- .../workflows/reusable-open-issue-on-failure.yml | 2 +- .../workflows/reusable-workflow-notification.yml | 2 +- integration-tests/tracecontext/docker/Dockerfile | 4 ++-- 20 files changed, 49 insertions(+), 48 deletions(-) diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 9926527b8f3..b89ebeefa11 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -21,7 +21,7 @@ jobs: exit 1 fi - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: # history is needed to run git cherry-pick below fetch-depth: 0 @@ -29,7 +29,7 @@ jobs: - name: Use CLA approved github bot run: .github/scripts/use-cla-approved-github-bot.sh - - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} diff --git a/.github/workflows/benchmark-tags.yml b/.github/workflows/benchmark-tags.yml index b6485ae8089..ca595c4ad2a 100644 --- a/.github/workflows/benchmark-tags.yml +++ b/.github/workflows/benchmark-tags.yml @@ -44,7 +44,7 @@ jobs: - v1.30.0 - v1.30.1 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ matrix.tag-version }} @@ -56,7 +56,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Run jmh run: ./gradlew jmhJar diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 84353d2f15f..591b6b85368 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -15,10 +15,10 @@ jobs: name: Benchmark SDK runs-on: oracle-bare-metal-64cpu-512gb-x86-64 container: - image: ubuntu:24.04 + image: ubuntu:24.04@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061 timeout-minutes: 10 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - id: setup-java name: Set up Java for build @@ -28,7 +28,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Run jmh run: ./gradlew jmhJar diff --git a/.github/workflows/build-tracecontext-testsuite.yml b/.github/workflows/build-tracecontext-testsuite.yml index 500034a5539..3d2319ae914 100644 --- a/.github/workflows/build-tracecontext-testsuite.yml +++ b/.github/workflows/build-tracecontext-testsuite.yml @@ -19,7 +19,7 @@ jobs: packages: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Login to GitHub package registry uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d323bd561e5..ebf7b5d65d3 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,7 +52,7 @@ jobs: - os: macos-13 test-java-version: 23 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - id: setup-java-test name: Set up Java ${{ matrix.test-java-version }} for tests @@ -69,7 +69,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Build run: > ./gradlew build @@ -135,7 +135,7 @@ jobs: needs: build runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - id: setup-java name: Set up Java @@ -145,7 +145,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 # skipping release branches because the versions in those branches are not snapshots # (also this skips pull requests) if: ${{ github.ref_name == 'main' && github.repository == 'open-telemetry/opentelemetry-java' }} @@ -170,7 +170,7 @@ jobs: - 21 - 23 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: graalvm/setup-graalvm@7f488cf82a3629ee755e4e97342c01d6bed318fa # v1.3.5 with: java-version: ${{ matrix.test-graal-version }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a3bf1ef31d8..9092402c62d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,7 +31,7 @@ jobs: - language: java runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Set up Java 17 if: matrix.language == 'java' @@ -42,10 +42,10 @@ jobs: - name: Set up gradle if: matrix.language == 'java' - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Initialize CodeQL - uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 with: languages: ${{ matrix.language }} # using "latest" helps to keep up with the latest Kotlin support @@ -60,6 +60,6 @@ jobs: run: ./gradlew assemble --no-build-cache --no-daemon - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 with: category: "/language:${{matrix.language}}" \ No newline at end of file diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index ddc524464ed..ae8e2b7fb32 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -12,7 +12,7 @@ jobs: fossa: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 with: diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml index ded780070b3..27f55b2edb8 100644 --- a/.github/workflows/gradle-wrapper-validation.yml +++ b/.github/workflows/gradle-wrapper-validation.yml @@ -11,6 +11,6 @@ jobs: gradle-wrapper-validation: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: gradle/actions/wrapper-validation@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + - uses: gradle/actions/wrapper-validation@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 diff --git a/.github/workflows/issue-management-feedback-label.yml b/.github/workflows/issue-management-feedback-label.yml index 411db8293ad..7ad667b29fb 100644 --- a/.github/workflows/issue-management-feedback-label.yml +++ b/.github/workflows/issue-management-feedback-label.yml @@ -18,7 +18,7 @@ jobs: github.event.comment.user.login == github.event.issue.user.login runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Remove label env: diff --git a/.github/workflows/javadoc-crawler.yml b/.github/workflows/javadoc-crawler.yml index 9567c385068..73c45c77ce6 100644 --- a/.github/workflows/javadoc-crawler.yml +++ b/.github/workflows/javadoc-crawler.yml @@ -12,7 +12,7 @@ jobs: crawl: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: @@ -20,7 +20,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Run crawler run: ./gradlew :javadoc-crawler:crawl diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index cb38b120d9b..6cba9eeae43 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -19,7 +19,7 @@ jobs: # Needed for GitHub OIDC token if publish_results is true id-token: write steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -42,6 +42,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 + uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 with: sarif_file: results.sarif diff --git a/.github/workflows/owasp-dependency-check-daily.yml b/.github/workflows/owasp-dependency-check-daily.yml index dc485ade1bc..675bfce47cc 100644 --- a/.github/workflows/owasp-dependency-check-daily.yml +++ b/.github/workflows/owasp-dependency-check-daily.yml @@ -14,7 +14,7 @@ jobs: analyze: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: @@ -22,7 +22,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Check dependencies run: ./gradlew dependencyCheckAnalyze diff --git a/.github/workflows/prepare-patch-release.yml b/.github/workflows/prepare-patch-release.yml index 634164d3025..6ed95f67e48 100644 --- a/.github/workflows/prepare-patch-release.yml +++ b/.github/workflows/prepare-patch-release.yml @@ -11,7 +11,7 @@ jobs: contents: write # for git push to PR branch runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - run: | if [[ ! $GITHUB_REF_NAME =~ ^release/v[0-9]+\.[0-9]+\.x$ ]]; then @@ -47,7 +47,7 @@ jobs: - name: Use CLA approved github bot run: .github/scripts/use-cla-approved-github-bot.sh - - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} diff --git a/.github/workflows/prepare-release-branch.yml b/.github/workflows/prepare-release-branch.yml index 485be66a5b2..081ea8851e3 100644 --- a/.github/workflows/prepare-release-branch.yml +++ b/.github/workflows/prepare-release-branch.yml @@ -9,7 +9,7 @@ jobs: prereqs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Verify prerequisites run: | @@ -30,7 +30,7 @@ jobs: needs: - prereqs steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Create release branch run: | @@ -59,7 +59,7 @@ jobs: - name: Use CLA approved github bot run: .github/scripts/use-cla-approved-github-bot.sh - - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} @@ -87,7 +87,7 @@ jobs: needs: - prereqs steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Set environment variables run: | @@ -115,7 +115,7 @@ jobs: - name: Use CLA approved github bot run: .github/scripts/use-cla-approved-github-bot.sh - - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index de9d7c15336..b677f968af6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: exit 1 fi - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: @@ -28,7 +28,7 @@ jobs: java-version: 17 - name: Set up gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Build and publish artifacts run: ./gradlew assemble publishToSonatype closeAndReleaseSonatypeStagingRepository @@ -65,7 +65,7 @@ jobs: # check out main branch to verify there won't be problems with merging the change log # at the end of this workflow - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: main @@ -80,7 +80,7 @@ jobs: fi # back to the release branch - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: # tags are needed for the generate-release-contributors.sh script fetch-depth: 0 @@ -142,7 +142,7 @@ jobs: steps: # add change log sync (if any) into this PR since the apidiff update # is required before any other PR can be merged anyway - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Copy change log section from release branch env: @@ -151,7 +151,7 @@ jobs: sed -n "0,/^## Version $VERSION /d;/^## Version /q;p" CHANGELOG.md \ > /tmp/changelog-section.md - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: main @@ -197,7 +197,7 @@ jobs: - name: Use CLA approved bot run: .github/scripts/use-cla-approved-github-bot.sh - - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 + - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 id: otelbot-token with: app-id: ${{ vars.OTELBOT_APP_ID }} diff --git a/.github/workflows/reusable-markdown-link-check.yml b/.github/workflows/reusable-markdown-link-check.yml index 36de638d8b9..c94e1e57a9c 100644 --- a/.github/workflows/reusable-markdown-link-check.yml +++ b/.github/workflows/reusable-markdown-link-check.yml @@ -10,10 +10,11 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1 + - uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 # v2.5.0 with: + lycheeVersion: v0.18.1 # excluding links to pull requests and issues is done for performance args: > --include-fragments diff --git a/.github/workflows/reusable-misspell-check.yml b/.github/workflows/reusable-misspell-check.yml index 76d361c777b..088062464e9 100644 --- a/.github/workflows/reusable-misspell-check.yml +++ b/.github/workflows/reusable-misspell-check.yml @@ -10,7 +10,7 @@ jobs: misspell-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Install misspell run: | diff --git a/.github/workflows/reusable-open-issue-on-failure.yml b/.github/workflows/reusable-open-issue-on-failure.yml index 15a46db455a..ab4830fcf19 100644 --- a/.github/workflows/reusable-open-issue-on-failure.yml +++ b/.github/workflows/reusable-open-issue-on-failure.yml @@ -13,7 +13,7 @@ jobs: issues: write # for creating the issue runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Open issue env: diff --git a/.github/workflows/reusable-workflow-notification.yml b/.github/workflows/reusable-workflow-notification.yml index 701f90f5a08..51ec76b42e1 100644 --- a/.github/workflows/reusable-workflow-notification.yml +++ b/.github/workflows/reusable-workflow-notification.yml @@ -19,7 +19,7 @@ jobs: issues: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Open issue or add comment if issue already open env: diff --git a/integration-tests/tracecontext/docker/Dockerfile b/integration-tests/tracecontext/docker/Dockerfile index 2a594686068..e82df5cba48 100644 --- a/integration-tests/tracecontext/docker/Dockerfile +++ b/integration-tests/tracecontext/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.13.5@sha256:4ea77121eab13d9e71f2783d7505f5655b25bb7b2c263e8020aae3b555dbc0b2 AS build +FROM python:3.13.6@sha256:68d0775234842868248bfe185eece56e725d3cb195f511a21233d0f564dee501 AS build # Main branch SHA as of April-1-2021 ARG TRACECONTEXT_GIT_TAG="dcd3ad9b7d6ac36f70ff3739874b73c11b0302a1" @@ -11,7 +11,7 @@ RUN unzip trace-context.zip RUN rm trace-context.zip RUN mv trace-context-${TRACECONTEXT_GIT_TAG}/test /tracecontext-testsuite -FROM python:3.13.5-slim@sha256:4c2cf9917bd1cbacc5e9b07320025bdb7cdf2df7b0ceaccb55e9dd7e30987419 +FROM python:3.13.6-slim@sha256:6f79e7a10bb7d0b0a50534a70ebc78823f941fba26143ecd7e6c5dca9d7d7e8a RUN pip install aiohttp From 3dbd67b6895c92a71e7728a77daa459d67a74d64 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 13:08:17 -0700 Subject: [PATCH 10/26] fix(deps): update dependency com.squareup.wire:wire-bom to v5.3.10 (#7566) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- buildSrc/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts index f5c34cef8ac..f4a3c1570ac 100644 --- a/buildSrc/build.gradle.kts +++ b/buildSrc/build.gradle.kts @@ -50,7 +50,7 @@ repositories { } dependencies { - implementation(enforcedPlatform("com.squareup.wire:wire-bom:5.3.8")) + implementation(enforcedPlatform("com.squareup.wire:wire-bom:5.3.10")) implementation("com.google.auto.value:auto-value-annotations:1.11.0") // When updating, update above in plugins too implementation("com.diffplug.spotless:spotless-plugin-gradle:7.2.1") From 7de6b0babba443c7bea7d5040936286ac326c758 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Wed, 13 Aug 2025 13:11:04 -0700 Subject: [PATCH 11/26] Speed up link checking (#7561) --- .github/workflows/reusable-markdown-link-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-markdown-link-check.yml b/.github/workflows/reusable-markdown-link-check.yml index c94e1e57a9c..5af456030e9 100644 --- a/.github/workflows/reusable-markdown-link-check.yml +++ b/.github/workflows/reusable-markdown-link-check.yml @@ -21,5 +21,5 @@ jobs: --exclude "^https://github.com/open-telemetry/opentelemetry-java/(issues|pull)/\\d+$" --max-retries 6 --retry-wait-time 10 - --max-concurrency 1 + --max-concurrency 4 . From 38385e2fa7b0c74e9feaeee66cf5d4e348067bd2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 14 Aug 2025 13:01:08 -0700 Subject: [PATCH 12/26] fix(deps): update dependency org.jetbrains.kotlin:kotlin-gradle-plugin to v2.2.10 (#7570) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- buildSrc/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts index f4a3c1570ac..2f468a894aa 100644 --- a/buildSrc/build.gradle.kts +++ b/buildSrc/build.gradle.kts @@ -64,7 +64,7 @@ dependencies { implementation("me.champeau.jmh:jmh-gradle-plugin:0.7.3") implementation("net.ltgt.gradle:gradle-errorprone-plugin:4.3.0") implementation("net.ltgt.gradle:gradle-nullaway-plugin:2.2.0") - implementation("org.jetbrains.kotlin:kotlin-gradle-plugin:2.2.0") + implementation("org.jetbrains.kotlin:kotlin-gradle-plugin:2.2.10") implementation("org.owasp:dependency-check-gradle:12.1.3") implementation("ru.vyarus:gradle-animalsniffer-plugin:2.0.1") } From 64acfd0ce0f5b9836583f360e92d74e6c34299b4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 14 Aug 2025 13:02:59 -0700 Subject: [PATCH 13/26] fix(deps): update armeriaversion to v1.33.1 (#7569) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- dependencyManagement/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 94983f06b2c..9cc8013a52c 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -16,7 +16,7 @@ val mockitoVersion = "4.11.0" val slf4jVersion = "2.0.17" val opencensusVersion = "0.31.1" val prometheusServerVersion = "1.3.10" -val armeriaVersion = "1.33.0" +val armeriaVersion = "1.33.1" val junitVersion = "5.13.4" val okhttpVersion = "5.1.0" From 514c2428a5363194c93baca5296c7729007e862d Mon Sep 17 00:00:00 2001 From: Gregor Zeitlinger Date: Fri, 15 Aug 2025 17:34:23 +0200 Subject: [PATCH 14/26] pin otel collector version (#7576) --- .github/renovate.json5 | 1 + .github/workflows/build.yml | 5 +++++ .../docker-test-containers-daily.yml | 19 +++++++++++++++++-- .../prometheus/CollectorIntegrationTest.java | 13 ++++++++++++- .../OtlpExporterIntegrationTest.java | 13 ++++++++++++- 5 files changed, 47 insertions(+), 4 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 6db27ec1fc5..6260c821e04 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -3,6 +3,7 @@ extends: [ 'config:best-practices', 'helpers:pinGitHubActionDigestsToSemver', + 'customManagers:githubActionsVersions' ], packageRules: [ { diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ebf7b5d65d3..1538a49bd1c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,6 +8,11 @@ on: pull_request: workflow_dispatch: +#env: + # uncomment once the collector has been pushed in the daily workflow + # renovate: datasource=github-releases depName=opentelemetry-collector packageName=open-telemetry/opentelemetry-collector-releases + # OTEL_COLLECTOR_VERSION: v0.132.2 + concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} cancel-in-progress: true diff --git a/.github/workflows/docker-test-containers-daily.yml b/.github/workflows/docker-test-containers-daily.yml index e7f655bb44a..90ecaaff6e7 100644 --- a/.github/workflows/docker-test-containers-daily.yml +++ b/.github/workflows/docker-test-containers-daily.yml @@ -8,8 +8,23 @@ on: permissions: contents: read +env: + # renovate: datasource=github-releases depName=opentelemetry-collector packageName=open-telemetry/opentelemetry-collector-releases + OTEL_COLLECTOR_VERSION: v0.132.2 + jobs: + set-collector-version: + runs-on: ubuntu-latest + outputs: + otel_collector_version: ${{ steps.set-version.outputs.version }} + steps: + - name: Set OpenTelemetry Collector version + id: set-version + # strip the "v" from the version + run: echo "version=${OTEL_COLLECTOR_VERSION#v}" >> $GITHUB_OUTPUT + copy-images: + needs: set-collector-version permissions: contents: read packages: write @@ -18,8 +33,8 @@ jobs: include: - source: jaegertracing/all-in-one:1.32 target_image: jaeger:1.32 - - source: otel/opentelemetry-collector-contrib:latest - target_image: otel-collector + - source: otel/opentelemetry-collector-contrib:${{ needs.set-collector-version.outputs.otel_collector_version }} + target_image: otel-collector:${{ needs.set-collector-version.outputs.otel_collector_version }} - source: shopify/toxiproxy:latest target_image: toxiproxy - source: eclipse-temurin:17-jre-focal diff --git a/exporters/prometheus/src/test/java/io/opentelemetry/exporter/prometheus/CollectorIntegrationTest.java b/exporters/prometheus/src/test/java/io/opentelemetry/exporter/prometheus/CollectorIntegrationTest.java index dac5109ad4a..ada7a6a32f3 100644 --- a/exporters/prometheus/src/test/java/io/opentelemetry/exporter/prometheus/CollectorIntegrationTest.java +++ b/exporters/prometheus/src/test/java/io/opentelemetry/exporter/prometheus/CollectorIntegrationTest.java @@ -60,7 +60,18 @@ class CollectorIntegrationTest { private static final String COLLECTOR_IMAGE = - "ghcr.io/open-telemetry/opentelemetry-java/otel-collector"; + "ghcr.io/open-telemetry/opentelemetry-java/otel-collector" + collectorVersion(); + + private static String collectorVersion() { + String otelCollectorVersion = System.getenv("OTEL_COLLECTOR_VERSION"); + if (otelCollectorVersion != null) { + // strip the leading 'v' + return ":" + otelCollectorVersion.substring(1); + } + // Default to latest if not set + return ":latest"; + } + private static final Integer COLLECTOR_HEALTH_CHECK_PORT = 13133; private static int prometheusPort; diff --git a/integration-tests/otlp/src/main/java/io/opentelemetry/integrationtest/OtlpExporterIntegrationTest.java b/integration-tests/otlp/src/main/java/io/opentelemetry/integrationtest/OtlpExporterIntegrationTest.java index 83121892006..aaddfbfd07e 100644 --- a/integration-tests/otlp/src/main/java/io/opentelemetry/integrationtest/OtlpExporterIntegrationTest.java +++ b/integration-tests/otlp/src/main/java/io/opentelemetry/integrationtest/OtlpExporterIntegrationTest.java @@ -115,7 +115,18 @@ abstract class OtlpExporterIntegrationTest { private static final AttributeKey SERVICE_NAME = AttributeKey.stringKey("service.name"); private static final String COLLECTOR_IMAGE = - "ghcr.io/open-telemetry/opentelemetry-java/otel-collector"; + "ghcr.io/open-telemetry/opentelemetry-java/otel-collector" + collectorVersion(); + + private static String collectorVersion() { + String otelCollectorVersion = System.getenv("OTEL_COLLECTOR_VERSION"); + if (otelCollectorVersion != null) { + // strip the leading 'v' + return ":" + otelCollectorVersion.substring(1); + } + // Default to latest if not set + return ":latest"; + } + private static final Integer COLLECTOR_OTLP_GRPC_PORT = 4317; private static final Integer COLLECTOR_OTLP_HTTP_PORT = 4318; private static final Integer COLLECTOR_OTLP_GRPC_MTLS_PORT = 5317; From ae329f48089219e38929b34c11c0773d8e9811dc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 08:35:42 -0700 Subject: [PATCH 15/26] chore(deps): update plugin com.gradleup.shadow to v9.0.2 (#7552) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- settings.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.gradle.kts b/settings.gradle.kts index 8678ff0b8bf..dc1e8a79398 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -1,6 +1,6 @@ pluginManagement { plugins { - id("com.gradleup.shadow") version "9.0.0" + id("com.gradleup.shadow") version "9.0.2" id("com.gradle.develocity") version "4.1" id("de.undercouch.download") version "5.6.0" id("org.jsonschema2pojo") version "1.2.2" From 129c0e06b6c528b1200be803c27824b5d3dcce46 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Aug 2025 08:37:10 -0700 Subject: [PATCH 16/26] fix(deps): update dependency com.google.protobuf:protobuf-bom to v4.32.0 (#7574) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- dependencyManagement/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index 9cc8013a52c..a0207170a5f 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -28,7 +28,7 @@ val DEPENDENCY_BOMS = listOf( "com.fasterxml.jackson:jackson-bom:2.19.2", "com.google.guava:guava-bom:33.4.8-jre", - "com.google.protobuf:protobuf-bom:4.31.1", + "com.google.protobuf:protobuf-bom:4.32.0", "com.squareup.okhttp3:okhttp-bom:$okhttpVersion", "com.squareup.okio:okio-bom:3.16.0", // applies to transitive dependencies of okhttp "io.grpc:grpc-bom:1.74.0", From 8a02314f94492919c80ca97d19f95ec030b0a953 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 15 Aug 2025 08:37:48 -0700 Subject: [PATCH 17/26] Auto-update Java (#7572) --- .github/renovate.json5 | 13 +++++++++++++ .github/workflows/build.yml | 6 +++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 6260c821e04..f73bd08bfa2 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -83,4 +83,17 @@ enabled: false } ], + customManagers: [ + { + customType: 'regex', + datasourceTemplate: 'java-version', + managerFilePatterns: [ + '.github/workflows/**' + ], + matchStrings: [ + '(?\\d+) # renovate: datasource=java-version', + ], + depNameTemplate: 'java', + }, + ], } diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1538a49bd1c..35a8251fa8a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,14 +37,14 @@ jobs: - 11 - 17 - 21 - - 23 + - 23 # renovate: datasource=java-version # Collect coverage on latest LTS include: - os: ubuntu-latest test-java-version: 21 coverage: true jmh-based-tests: true - # macos-latest drops support for java 8 temurin. Run java 8 on macos-13. Run java 11, 17, 21 on macos-latest. + # macos-latest drops support for java 8 temurin. Run java 8 on macos-13. Run java 11+ on macos-latest. exclude: - os: macos-latest test-java-version: 8 @@ -55,7 +55,7 @@ jobs: - os: macos-13 test-java-version: 21 - os: macos-13 - test-java-version: 23 + test-java-version: 23 # renovate: datasource=java-version steps: - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 From 9d5e9be337641b29ef7183293be74fd25dac738c Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 15 Aug 2025 12:28:14 -0700 Subject: [PATCH 18/26] Fix benchmark action (#7578) --- .github/workflows/benchmark.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 591b6b85368..1f661e398b2 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -37,6 +37,11 @@ jobs: cd sdk/trace/build java -jar libs/opentelemetry-sdk-trace-*-jmh.jar -rf json SpanBenchmark SpanPipelineBenchmark ExporterBenchmark + - name: Install Git # since Git isn't available in the container image used above + run: | + apt-get update + apt-get install -y git + - name: Store benchmark results uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7 # v1.20.4 with: From 1d541382c76be96c568052709bc2046041d9e3b5 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 15 Aug 2025 12:29:41 -0700 Subject: [PATCH 19/26] Simplify build and use docker images directly (#7579) --- .../docker-test-containers-daily.yml | 55 ------------------- .../prometheus/CollectorIntegrationTest.java | 2 +- .../OtlpExporterIntegrationTest.java | 2 +- .../TraceContextIntegrationTest.java | 3 +- .../perf/OtlpPipelineStressTest.java | 6 +- .../JaegerRemoteSamplerIntegrationTest.java | 4 +- 6 files changed, 6 insertions(+), 66 deletions(-) delete mode 100644 .github/workflows/docker-test-containers-daily.yml diff --git a/.github/workflows/docker-test-containers-daily.yml b/.github/workflows/docker-test-containers-daily.yml deleted file mode 100644 index 90ecaaff6e7..00000000000 --- a/.github/workflows/docker-test-containers-daily.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: Copy test container docker images (daily) - -on: - schedule: - - cron: "23 3 * * *" - workflow_dispatch: - -permissions: - contents: read - -env: - # renovate: datasource=github-releases depName=opentelemetry-collector packageName=open-telemetry/opentelemetry-collector-releases - OTEL_COLLECTOR_VERSION: v0.132.2 - -jobs: - set-collector-version: - runs-on: ubuntu-latest - outputs: - otel_collector_version: ${{ steps.set-version.outputs.version }} - steps: - - name: Set OpenTelemetry Collector version - id: set-version - # strip the "v" from the version - run: echo "version=${OTEL_COLLECTOR_VERSION#v}" >> $GITHUB_OUTPUT - - copy-images: - needs: set-collector-version - permissions: - contents: read - packages: write - strategy: - matrix: - include: - - source: jaegertracing/all-in-one:1.32 - target_image: jaeger:1.32 - - source: otel/opentelemetry-collector-contrib:${{ needs.set-collector-version.outputs.otel_collector_version }} - target_image: otel-collector:${{ needs.set-collector-version.outputs.otel_collector_version }} - - source: shopify/toxiproxy:latest - target_image: toxiproxy - - source: eclipse-temurin:17-jre-focal - target_image: openjdk17 - runs-on: ubuntu-latest - steps: - - name: Docker login - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Copy image - # Non-debug image doesn't seem to support reading the .docker creds. - run: | - docker run --rm -v $HOME/.docker:/root/.docker gcr.io/go-containerregistry/crane:debug \ - cp ${{ matrix.source }} ghcr.io/open-telemetry/opentelemetry-java/${{ matrix.target_image }} diff --git a/exporters/prometheus/src/test/java/io/opentelemetry/exporter/prometheus/CollectorIntegrationTest.java b/exporters/prometheus/src/test/java/io/opentelemetry/exporter/prometheus/CollectorIntegrationTest.java index ada7a6a32f3..36373157231 100644 --- a/exporters/prometheus/src/test/java/io/opentelemetry/exporter/prometheus/CollectorIntegrationTest.java +++ b/exporters/prometheus/src/test/java/io/opentelemetry/exporter/prometheus/CollectorIntegrationTest.java @@ -60,7 +60,7 @@ class CollectorIntegrationTest { private static final String COLLECTOR_IMAGE = - "ghcr.io/open-telemetry/opentelemetry-java/otel-collector" + collectorVersion(); + "otel/opentelemetry-collector-contrib" + collectorVersion(); private static String collectorVersion() { String otelCollectorVersion = System.getenv("OTEL_COLLECTOR_VERSION"); diff --git a/integration-tests/otlp/src/main/java/io/opentelemetry/integrationtest/OtlpExporterIntegrationTest.java b/integration-tests/otlp/src/main/java/io/opentelemetry/integrationtest/OtlpExporterIntegrationTest.java index aaddfbfd07e..bd182012f46 100644 --- a/integration-tests/otlp/src/main/java/io/opentelemetry/integrationtest/OtlpExporterIntegrationTest.java +++ b/integration-tests/otlp/src/main/java/io/opentelemetry/integrationtest/OtlpExporterIntegrationTest.java @@ -115,7 +115,7 @@ abstract class OtlpExporterIntegrationTest { private static final AttributeKey SERVICE_NAME = AttributeKey.stringKey("service.name"); private static final String COLLECTOR_IMAGE = - "ghcr.io/open-telemetry/opentelemetry-java/otel-collector" + collectorVersion(); + "otel/opentelemetry-collector-contrib" + collectorVersion(); private static String collectorVersion() { String otelCollectorVersion = System.getenv("OTEL_COLLECTOR_VERSION"); diff --git a/integration-tests/tracecontext/src/test/java/io/opentelemetry/integrationtests/tracecontext/TraceContextIntegrationTest.java b/integration-tests/tracecontext/src/test/java/io/opentelemetry/integrationtests/tracecontext/TraceContextIntegrationTest.java index 703f8e4aae8..64b6ef19f37 100644 --- a/integration-tests/tracecontext/src/test/java/io/opentelemetry/integrationtests/tracecontext/TraceContextIntegrationTest.java +++ b/integration-tests/tracecontext/src/test/java/io/opentelemetry/integrationtests/tracecontext/TraceContextIntegrationTest.java @@ -24,8 +24,7 @@ class TraceContextIntegrationTest { @Container private static final GenericContainer appContainer = - new GenericContainer<>( - DockerImageName.parse("ghcr.io/open-telemetry/opentelemetry-java/openjdk17")) + new GenericContainer<>(DockerImageName.parse("eclipse-temurin:17-jre-focal")) .withExposedPorts(5000) .withNetwork(Network.SHARED) .withNetworkAliases("app") diff --git a/perf-harness/src/test/java/io/opentelemetry/perf/OtlpPipelineStressTest.java b/perf-harness/src/test/java/io/opentelemetry/perf/OtlpPipelineStressTest.java index 5ab5db7214c..845b2388b9a 100644 --- a/perf-harness/src/test/java/io/opentelemetry/perf/OtlpPipelineStressTest.java +++ b/perf-harness/src/test/java/io/opentelemetry/perf/OtlpPipelineStressTest.java @@ -68,8 +68,7 @@ public class OtlpPipelineStressTest { @Container public static final GenericContainer collectorContainer = - new GenericContainer<>( - DockerImageName.parse("ghcr.io/open-telemetry/opentelemetry-java/otel-collector")) + new GenericContainer<>(DockerImageName.parse("otel/opentelemetry-collector-contrib:latest")) .withImagePullPolicy(PullPolicy.alwaysPull()) .withNetwork(network) .withNetworkAliases("otel-collector") @@ -94,8 +93,7 @@ public class OtlpPipelineStressTest { @Container public static final GenericContainer toxiproxyContainer = - new GenericContainer<>( - DockerImageName.parse("ghcr.io/open-telemetry/opentelemetry-java/toxiproxy")) + new GenericContainer<>(DockerImageName.parse("shopify/toxiproxy:latest")) .withImagePullPolicy(PullPolicy.alwaysPull()) .withNetwork(network) .withNetworkAliases("toxiproxy") diff --git a/sdk-extensions/jaeger-remote-sampler/src/test/java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerIntegrationTest.java b/sdk-extensions/jaeger-remote-sampler/src/test/java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerIntegrationTest.java index c873808c332..8fcceac649f 100644 --- a/sdk-extensions/jaeger-remote-sampler/src/test/java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerIntegrationTest.java +++ b/sdk-extensions/jaeger-remote-sampler/src/test/java/io/opentelemetry/sdk/extension/trace/jaeger/sampler/JaegerRemoteSamplerIntegrationTest.java @@ -20,7 +20,6 @@ import org.testcontainers.containers.BindMode; import org.testcontainers.containers.GenericContainer; import org.testcontainers.containers.wait.strategy.Wait; -import org.testcontainers.images.PullPolicy; import org.testcontainers.junit.jupiter.Container; import org.testcontainers.junit.jupiter.Testcontainers; @@ -36,8 +35,7 @@ class JaegerRemoteSamplerIntegrationTest { @Container public static final GenericContainer jaegerContainer = - new GenericContainer<>("ghcr.io/open-telemetry/opentelemetry-java/jaeger:1.32") - .withImagePullPolicy(PullPolicy.alwaysPull()) + new GenericContainer<>("jaegertracing/all-in-one:1.32") .withCommand("--sampling.strategies-file=/sampling.json") .withExposedPorts(COLLECTOR_PORT, QUERY_PORT, HEALTH_PORT) .waitingFor(Wait.forHttp("/").forPort(HEALTH_PORT)) From a0d13cfa80ce40455acbc01306279400e394ea39 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Fri, 15 Aug 2025 12:30:27 -0700 Subject: [PATCH 20/26] Remove incorrect dependency (#7577) --- dependencyManagement/build.gradle.kts | 1 - 1 file changed, 1 deletion(-) diff --git a/dependencyManagement/build.gradle.kts b/dependencyManagement/build.gradle.kts index a0207170a5f..cd598f16067 100644 --- a/dependencyManagement/build.gradle.kts +++ b/dependencyManagement/build.gradle.kts @@ -43,7 +43,6 @@ val DEPENDENCY_BOMS = listOf( val DEPENDENCIES = listOf( "org.junit.jupiter:junit-jupiter-api:${junitVersion}", "org.junit.jupiter:junit-jupiter-params:${junitVersion}", - "org.junit.jupiter:junit-jupiter-pioneer:${junitVersion}", "com.linecorp.armeria:armeria:${armeriaVersion}", "com.linecorp.armeria:armeria-grpc:${armeriaVersion}", "com.linecorp.armeria:armeria-grpc-protocol:${armeriaVersion}", From 07a90ffc7573230b2b5e457a763703a3d4315603 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Mon, 18 Aug 2025 08:52:36 -0700 Subject: [PATCH 21/26] Fix benchmark (#7580) --- .github/workflows/benchmark.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 1f661e398b2..58451e852a0 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -18,6 +18,14 @@ jobs: image: ubuntu:24.04@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061 timeout-minutes: 10 steps: + - name: Install Git + run: | + apt-get update + apt-get install -y git + + - name: Configure Git safe directory + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - id: setup-java @@ -37,11 +45,9 @@ jobs: cd sdk/trace/build java -jar libs/opentelemetry-sdk-trace-*-jmh.jar -rf json SpanBenchmark SpanPipelineBenchmark ExporterBenchmark - - name: Install Git # since Git isn't available in the container image used above - run: | - apt-get update - apt-get install -y git - + - name: Use CLA approved github bot + run: .github/scripts/use-cla-approved-github-bot.sh + - name: Store benchmark results uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7 # v1.20.4 with: From 02effc2f3b8028ff708be16ee2ba4fbf01f49174 Mon Sep 17 00:00:00 2001 From: Gregor Zeitlinger Date: Mon, 18 Aug 2025 17:53:20 +0200 Subject: [PATCH 22/26] Pin collector (#7581) --- .github/workflows/build.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 35a8251fa8a..0fc0ff154f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,10 +8,9 @@ on: pull_request: workflow_dispatch: -#env: - # uncomment once the collector has been pushed in the daily workflow +env: # renovate: datasource=github-releases depName=opentelemetry-collector packageName=open-telemetry/opentelemetry-collector-releases - # OTEL_COLLECTOR_VERSION: v0.132.2 + OTEL_COLLECTOR_VERSION: v0.132.2 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} From 33eb34bf55177200fdfcdaa42f7302198bca719d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 08:55:30 -0700 Subject: [PATCH 23/26] chore(deps): update weekly update (#7582) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/benchmark.yml | 2 +- .github/workflows/codeql.yml | 4 ++-- .github/workflows/ossf-scorecard.yml | 2 +- integration-tests/tracecontext/docker/Dockerfile | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 58451e852a0..9968df94b8d 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -15,7 +15,7 @@ jobs: name: Benchmark SDK runs-on: oracle-bare-metal-64cpu-512gb-x86-64 container: - image: ubuntu:24.04@sha256:a08e551cb33850e4740772b38217fc1796a66da2506d312abe51acda354ff061 + image: ubuntu:24.04@sha256:7c06e91f61fa88c08cc74f7e1b7c69ae24910d745357e0dfe1d2c0322aaf20f9 timeout-minutes: 10 steps: - name: Install Git diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9092402c62d..b6205bf97bc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,7 +45,7 @@ jobs: uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 - name: Initialize CodeQL - uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 + uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: languages: ${{ matrix.language }} # using "latest" helps to keep up with the latest Kotlin support @@ -60,6 +60,6 @@ jobs: run: ./gradlew assemble --no-build-cache --no-daemon - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 + uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: category: "/language:${{matrix.language}}" \ No newline at end of file diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 6cba9eeae43..f14f9f4b103 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -42,6 +42,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9 + uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c # v3.29.10 with: sarif_file: results.sarif diff --git a/integration-tests/tracecontext/docker/Dockerfile b/integration-tests/tracecontext/docker/Dockerfile index e82df5cba48..e34a6ee9975 100644 --- a/integration-tests/tracecontext/docker/Dockerfile +++ b/integration-tests/tracecontext/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.13.6@sha256:68d0775234842868248bfe185eece56e725d3cb195f511a21233d0f564dee501 AS build +FROM python:3.13.7@sha256:3b2f1b9c9948e9dc96e1a2f4668ba9870ff43ab834f91155697476142b3bc299 AS build # Main branch SHA as of April-1-2021 ARG TRACECONTEXT_GIT_TAG="dcd3ad9b7d6ac36f70ff3739874b73c11b0302a1" @@ -11,7 +11,7 @@ RUN unzip trace-context.zip RUN rm trace-context.zip RUN mv trace-context-${TRACECONTEXT_GIT_TAG}/test /tracecontext-testsuite -FROM python:3.13.6-slim@sha256:6f79e7a10bb7d0b0a50534a70ebc78823f941fba26143ecd7e6c5dca9d7d7e8a +FROM python:3.13.7-slim@sha256:8220ccec22e88cddd9a541cacd1bf48423bda8cdeb1015249e4b298edf86cdc7 RUN pip install aiohttp From 18aca411af1f3696a676d97856648faa12d7c620 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 08:56:02 -0700 Subject: [PATCH 24/26] fix(deps): update dependency net.ltgt.gradle:gradle-nullaway-plugin to v2.3.0 (#7583) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- buildSrc/build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts index 2f468a894aa..fd3489aecaf 100644 --- a/buildSrc/build.gradle.kts +++ b/buildSrc/build.gradle.kts @@ -63,7 +63,7 @@ dependencies { implementation("me.champeau.gradle:japicmp-gradle-plugin:0.4.6") implementation("me.champeau.jmh:jmh-gradle-plugin:0.7.3") implementation("net.ltgt.gradle:gradle-errorprone-plugin:4.3.0") - implementation("net.ltgt.gradle:gradle-nullaway-plugin:2.2.0") + implementation("net.ltgt.gradle:gradle-nullaway-plugin:2.3.0") implementation("org.jetbrains.kotlin:kotlin-gradle-plugin:2.2.10") implementation("org.owasp:dependency-check-gradle:12.1.3") implementation("ru.vyarus:gradle-animalsniffer-plugin:2.0.1") From 422403a6c2a13e63e4b74f83040810249221831e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 31 Jul 2025 20:03:58 +0000 Subject: [PATCH 25/26] chore(deps): update dependency gradle to v9 --- gradle/wrapper/gradle-wrapper.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 78cb6e16a49..3e781fbad9c 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,7 +1,7 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionSha256Sum=bd71102213493060956ec229d946beee57158dbd89d0e62b91bca0fa2c5f3531 -distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip +distributionSha256Sum=8fad3d78296ca518113f3d29016617c7f9367dc005f932bd9d93bf45ba46072b +distributionUrl=https\://services.gradle.org/distributions/gradle-9.0.0-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME From 8de2379a13936e6c72bec83936fa1bed250f1df7 Mon Sep 17 00:00:00 2001 From: Jay DeLuca Date: Sat, 9 Aug 2025 13:31:25 -0400 Subject: [PATCH 26/26] fix gradle errors --- animal-sniffer-signature/build.gradle.kts | 3 --- buildSrc/build.gradle.kts | 2 +- custom-checks/build.gradle.kts | 2 +- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/animal-sniffer-signature/build.gradle.kts b/animal-sniffer-signature/build.gradle.kts index f9e67347a07..be649012e55 100644 --- a/animal-sniffer-signature/build.gradle.kts +++ b/animal-sniffer-signature/build.gradle.kts @@ -22,9 +22,6 @@ val generatedSignature = configurations.create("generatedSignature") { isCanBeConsumed = true isCanBeResolved = false } -configurations.add(signatureJar) -configurations.add(signatureJarClasspath) -configurations.add(generatedSignature) dependencies { signature("com.toasttab.android:gummy-bears-api-23:0.12.0@signature") diff --git a/buildSrc/build.gradle.kts b/buildSrc/build.gradle.kts index fd3489aecaf..7aa0f156dc8 100644 --- a/buildSrc/build.gradle.kts +++ b/buildSrc/build.gradle.kts @@ -58,7 +58,7 @@ dependencies { implementation("com.squareup:javapoet:1.13.0") implementation("com.squareup.wire:wire-compiler") implementation("com.squareup.wire:wire-gradle-plugin") - implementation("gradle.plugin.com.google.protobuf:protobuf-gradle-plugin:0.8.18") + implementation("com.google.protobuf:protobuf-gradle-plugin:0.9.4") implementation("gradle.plugin.io.morethan.jmhreport:gradle-jmh-report:0.9.6") implementation("me.champeau.gradle:japicmp-gradle-plugin:0.4.6") implementation("me.champeau.jmh:jmh-gradle-plugin:0.7.3") diff --git a/custom-checks/build.gradle.kts b/custom-checks/build.gradle.kts index 22ce0614b30..adce219eff0 100644 --- a/custom-checks/build.gradle.kts +++ b/custom-checks/build.gradle.kts @@ -76,7 +76,7 @@ tasks.withType().configureEach { configurations { named("errorprone") { dependencies.removeIf { - it is ProjectDependency && it.dependencyProject == project + it is ProjectDependency && it.name == project.name } } }