Merge branch 'main' into logger-instrumentation

Author: kaylareopelle

.github/actions/test_gem/action.yml

@@ -84,7 +84,7 @@ runs:
     # ...but not for appraisals, sadly.
     - name: Install Ruby ${{ inputs.ruby }} with dependencies
       if: "${{ steps.setup.outputs.appraisals == 'false' }}"
-      uses: ruby/setup-ruby@v1.255.0
+      uses: ruby/setup-ruby@v1.258.0
       with:
         ruby-version: "${{ inputs.ruby }}"
         working-directory: "${{ steps.setup.outputs.gem_dir }}"
@@ -95,7 +95,7 @@ runs:
     # If we're using appraisals, do it all manually.
     - name: Install Ruby ${{ inputs.ruby }} without dependencies
       if: "${{ steps.setup.outputs.appraisals == 'true' }}"
-      uses: ruby/setup-ruby@v1.255.0
+      uses: ruby/setup-ruby@v1.258.0
       with:
         ruby-version: "${{ inputs.ruby }}"
         bundler:  "latest"

.github/workflows/ci-instrumentation-with-services.yml

@@ -212,7 +212,7 @@ jobs:
           build: true
     services:
       redis:
-        image: bitnami/redis:6.2
+        image: bitnamilegacy/redis:6.2
         ports:
           - 6379:6379
         options: >-

.github/workflows/fossa.yml

@@ -15,6 +15,33 @@ jobs:
     steps:
       - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
 
+      - name: Install Ruby 3.4
+        uses: ruby/[email protected]
+        with:
+          ruby-version: 3.4
+      - name: Generate Gemfile.lock
+        run: |
+          echo "Finding all Gemfiles in the project..."
+          echo "======================================="
+          ORIGINAL_DIR=$(pwd)
+
+          find . -type f -name "Gemfile" -not -path "*/example/*" -not -path "*/releases/*" | sort | while read gemfile; do
+              gemfile_dir=$(dirname "$gemfile")
+              
+              # Change to the Gemfile's directory
+              echo "Changing to directory: $gemfile_dir"
+              
+              cd "$gemfile_dir" || continue
+
+              echo "Current directory: $(pwd)"
+              echo "Creating lock file for: $gemfile"
+              
+              # Generate the gemlock files
+              bundle lock || echo "Warning: Failed to generate lock file for $gemfile, continuing..."
+
+              cd "$ORIGINAL_DIR" || exit 1
+          done
+
       - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
         with:
           api-key: ${{secrets.FOSSA_API_KEY}}

.github/workflows/installation-tests.yml

@@ -28,7 +28,7 @@ jobs:
       - uses: actions/checkout@v5
         # ATTENTION: Dependabot does not know how to update shared actions file.
         # If you see it update setup-ruby here also update it as part of actions/test_gem/action.yml
-      - uses: ruby/setup-ruby@v1.255.0
+      - uses: ruby/setup-ruby@v1.263.0
         with:
           ruby-version: ${{ matrix.ruby-version }}
       - name: "Install Latest Gem Versions on ${{ matrix.ruby-version }}"

.github/workflows/ossf-scorecard.yml

@@ -24,7 +24,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+      - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -43,6 +43,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
+        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
         with:
           sarif_file: results.sarif

.github/workflows/release-hook-on-closed.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Ruby ${{ env.ruby_version }}
-        uses: ruby/setup-ruby@v1.255.0
+        uses: ruby/setup-ruby@v1.263.0
         with:
           ruby-version: ${{ env.ruby_version }}
       - name: Checkout repo

.github/workflows/release-hook-on-push.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Ruby ${{ env.ruby_version }}
-        uses: ruby/setup-ruby@v1.255.0
+        uses: ruby/setup-ruby@v1.263.0
         with:
           ruby-version: ${{ env.ruby_version }}
       - name: Checkout repo

.github/workflows/release-perform.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Ruby ${{ env.ruby_version }}
-        uses: ruby/setup-ruby@v1.255.0
+        uses: ruby/setup-ruby@v1.263.0
         with:
           ruby-version: ${{ env.ruby_version }}
       - name: Checkout repo

.github/workflows/release-please.yaml

@@ -19,12 +19,12 @@ jobs:
     name: Process Release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
           private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
-      - uses: googleapis/release-please-action@v4.2.0
+      - uses: googleapis/release-please-action@v4.3.0
         id: prepare
         # with:
         #   token: ${{ steps.otelbot-token.outputs.token }}
@@ -57,7 +57,7 @@ jobs:
           chmod 0600 $HOME/.gem/credentials
           printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
 
-      - uses: ruby/setup-ruby@v1.255.0
+      - uses: ruby/setup-ruby@v1.263.0
         with:
           ruby-version: "3.1"
           bundler: latest

.github/workflows/release-request-weekly.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install Ruby ${{ env.ruby_version }}
-        uses: ruby/setup-ruby@v1.255.0
+        uses: ruby/setup-ruby@v1.263.0
         with:
           ruby-version: ${{ env.ruby_version }}
 
@@ -28,16 +28,17 @@ jobs:
       - name: Install Toys
         run: "gem install --no-document toys -v 0.15.5"
 
-      - name: Create otelbot token
-        uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
-        id: otelbot-token
+      - name: Create otelbot app token
+        uses: actions/[email protected].4
+        id: app-token
         with:
-          app-id: ${{ vars.OTELBOT_APP_ID }}
-          private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
+          app-id: ${{ vars.OTELBOT_RUBY_CONTRIB_APP_ID }}
+          private-key: ${{ secrets.OTELBOT_RUBY_CONTRIB_PRIVATE_KEY }}
 
       - name: Open release pull request
         env:
-          GITHUB_TOKEN: ${{ steps.otelbot-token.outputs.token }}
+          # Using the app token instead of GITHUB_TOKEN to trigger workflows
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
         run: |
           toys release request --yes --verbose \
             "--release-ref=${{ github.ref }}" \