Merge branch 'master' into sarahchen6/move-macrobenchmarks

Author: sarahchen6

.claude/CLAUDE.md

@@ -0,0 +1,5 @@
+@../AGENTS.md
+
+## Claude Code workflow
+
+- Before creating a pull request, run `/techdebt` to check for technical debt, code duplication, and unnecessary complexity in the branch changes.

.claude/skills/techdebt/SKILL.md

@@ -0,0 +1,67 @@
+---
+name: techdebt
+description: Analyze branch changes for technical debt, code duplication, and unnecessary complexity
+user-invocable: true
+context: fork
+allowed-tools:
+  - Bash
+  - Read
+  - Grep
+  - Glob
+---
+
+# Techdebt Cleanup Skill
+
+Analyze changes on the current branch to identify and fix technical debt, code duplication, and unnecessary complexity.
+
+## Instructions
+
+### Step 1: Get Branch Changes
+
+Find the merge-base (where this branch diverged from master) and compare against it:
+
+```bash
+# Find upstream (DataDog org repo)
+UPSTREAM=$(git remote -v | grep -E 'DataDog/[^/]+(.git)?\s' | head -1 | awk '{print $1}')
+if [ -z "$UPSTREAM" ]; then
+  echo "No DataDog upstream found, using origin"
+  UPSTREAM="origin"
+fi
+
+# Find the merge-base (commit where this branch diverged from master)
+MERGE_BASE=$(git merge-base HEAD ${UPSTREAM}/master)
+echo "Comparing changes introduced on this branch since diverging from master using base commit: $MERGE_BASE"
+
+git diff $MERGE_BASE --stat
+git diff $MERGE_BASE --name-status
+```
+
+If no changes exist, inform the user and stop.
+
+If changes exist, read the diff and the full content of modified source files (not test files) to understand context.
+
+### Step 2: Analyze for Issues
+
+Look for:
+
+**Code Duplication**
+- Similar code blocks that should be extracted into shared functions
+- Copy-pasted logic with minor variations
+
+**Unnecessary Complexity**
+- Over-engineered solutions (abstractions used only once)
+- Excessive indirection or layers
+- Backward compatibility shims that aren't needed
+
+**Redundant Code**
+- Dead code paths
+- Overly defensive checks for impossible scenarios
+
+### Step 3: Report and Fix
+
+Present a concise summary of issues found with file:line references.
+
+Then ask the user if they want you to fix the issues. When fixing:
+- Make one logical change at a time
+- Do NOT change behavior, only refactor
+- Skip trivial or stylistic issues

.github/CODEOWNERS

@@ -98,26 +98,26 @@
 **/*Waf*.java                                                   @DataDog/asm-java
 **/*Waf*.groovy                                                 @DataDog/asm-java
 
-# @DataDog/ci-app-libraries-java
-/dd-java-agent/agent-ci-visibility/                 @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/cucumber-5.4/        @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/jacoco-0.8.9/        @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/junit                @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/karate/              @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/scalatest-3.0.8/     @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/selenium/            @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/testng/              @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/gradle/              @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/gradle-testing/      @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/maven                @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/weaver-0.9/          @DataDog/ci-app-libraries-java
-/dd-smoke-tests/gradle/                             @DataDog/ci-app-libraries-java
-/dd-smoke-tests/junit-console/                      @DataDog/ci-app-libraries-java
-/dd-smoke-tests/maven/                              @DataDog/ci-app-libraries-java
-/internal-api/src/main/java/datadog/trace/api/git/  @DataDog/ci-app-libraries-java
-**/civisibility/                                    @DataDog/ci-app-libraries-java
-**/CiVisibility*.java                               @DataDog/ci-app-libraries-java
-**/CiVisibility*.groovy                             @DataDog/ci-app-libraries-java
+# @DataDog/ci-app-libraries
+/dd-java-agent/agent-ci-visibility/                 @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/cucumber-5.4/        @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/jacoco-0.8.9/        @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/junit                @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/karate/              @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/scalatest-3.0.8/     @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/selenium/            @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/testng/              @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/gradle/              @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/gradle-testing/      @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/maven                @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/weaver-0.9/          @DataDog/ci-app-libraries
+/dd-smoke-tests/gradle/                             @DataDog/ci-app-libraries
+/dd-smoke-tests/junit-console/                      @DataDog/ci-app-libraries
+/dd-smoke-tests/maven/                              @DataDog/ci-app-libraries
+/internal-api/src/main/java/datadog/trace/api/git/  @DataDog/ci-app-libraries
+**/civisibility/                                    @DataDog/ci-app-libraries
+**/CiVisibility*.java                               @DataDog/ci-app-libraries
+**/CiVisibility*.groovy                             @DataDog/ci-app-libraries
 
 # @DataDog/debugger-java (Live Debugger)
 /dd-java-agent/agent-debugger/                                  @DataDog/debugger-java

.github/dependabot.yml

@@ -19,3 +19,19 @@ updates:
       gh-actions-packages:
         patterns:
           - "*"
+
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    allow:
+      - dependency-name: "gradle"
+    ignore:
+      - dependency-name: "gradle"
+        update-types: ["version-update:semver-major"]
+    labels:
+      - "comp: tooling"
+      - "tag: dependencies"
+      - "tag: no release notes"
+    commit-message:
+      prefix: "chore(build): "

.github/pull_request_template.md

@@ -6,15 +6,17 @@
 
 # Contributor Checklist
 
-- Format the title [according the contribution guidelines](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#title-format)
-- Assign the `type:` and (`comp:` or `inst:`) labels in addition to [any useful labels](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#labels)
-- Don't use `close`, `fix` or any [linking keywords](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) when referencing an issue.  
+- Format the title according to [the contribution guidelines](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#title-format)
+- Assign the `type:` and (`comp:` or `inst:`) labels in addition to [any other useful labels](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#labels)
+- Avoid using `close`, `fix`, or [any linking keywords](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) when referencing an issue  
   Use `solves` instead, and assign the PR [milestone](https://github.com/DataDog/dd-trace-java/milestones) to the issue
-- Update the [CODEOWNERS](https://github.com/DataDog/dd-trace-java/blob/master/.github/CODEOWNERS) file on source file addition, move, or deletion
-- Update the [public documentation](https://docs.datadoghq.com/tracing/trace_collection/library_config/java/) in case of new configuration flag or behavior
+- Update the [CODEOWNERS](https://github.com/DataDog/dd-trace-java/blob/master/.github/CODEOWNERS) file on source file addition, migration, or deletion
+- Update [public documentation](https://docs.datadoghq.com/tracing/trace_collection/library_config/java/) with any new configuration flags or behaviors
 
 Jira ticket: [PROJ-IDENT]
 
+***Note:*** **Once your PR is ready to merge, add it to the merge queue by commenting `/merge`.** `/merge -c` cancels the queue request. `/merge -f --reason "reason"` skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see [this doc](https://datadoghq.atlassian.net/wiki/spaces/DEVX/pages/3121612126/MergeQueue).
+
 <!--
 # Opening vs Drafting a PR:
 When opening a pull request, please open it as a draft to not auto assign reviewers before you feel the pull request is in a reviewable state.

.github/workflows/add-release-to-cloudfoundry.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout "cloudfoundry" branch
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
         with:
           ref: cloudfoundry
       - name: Get release version
@@ -57,7 +57,7 @@ jobs:
           git commit -m "chore: Add version ${{ steps.get-release-version.outputs.VERSION }} to Cloud Foundry"
           echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
       - name: Push changes
-        uses: DataDog/commit-headless@583489e08d78037e7fa256c14adf998d5463f6a0 # action/v2.0.2
+        uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
         if: ${{ steps.create-commit.outputs.commit != '' }}
         with:
           branch: cloudfoundry

.github/workflows/analyze-changes.yaml

@@ -16,11 +16,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
         with:
           submodules: 'recursive'
       - name: Cache Gradle dependencies
-        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         with:
           path: |
             ~/.gradle/caches
@@ -30,7 +30,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -49,7 +49,7 @@ jobs:
             --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
 
   trivy:
     name: Analyze changes with Trivy
@@ -61,12 +61,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
         with:
           submodules: 'recursive'
 
       - name: Cache Gradle dependencies
-        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         with:
           path: |
             ~/.gradle/caches
@@ -101,7 +101,7 @@ jobs:
           ls -laR "./workspace/.trivy"
 
       - name: Run Trivy security scanner
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
         with:
           scan-type: rootfs
           scan-ref: './workspace/.trivy/'
@@ -114,7 +114,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/check-pull-request-labels.yaml

@@ -30,6 +30,8 @@ jobs:
               'comp:',
               'inst:',
               'tag:',
+              'mergequeue-status:',
+              'team:',
               'performance:',  // To refactor to 'ci: ' in the future
               'run-tests:'     // Unused since GitLab migration
             ]
@@ -54,7 +56,7 @@ jobs:
                 '**This PR is blocked until:**\n' +
                 '1. The invalid labels are deleted, and\n' +
                 '2. A maintainer deletes this comment to unblock the PR\n\n' +
-                '**Note:** Simply removing labels from the pull request is not enough - a maintainer must remove the label and delete this comment to remove the block.\n\n' +
+                '**Note:** Simply removing labels from the pull request is not enough - a maintainer must delete this comment then remove the label to remove the block.\n\n' +
                 commentMarker
 
               if (blockingComment) {
@@ -78,5 +80,9 @@ jobs:
             }
             if (blockingComment) {
               // Block the PR by failing the workflow
-              core.setFailed(`PR blocked: Invalid labels detected: (${invalidLabels.join(', ')}). A maintainer must delete the blocking comment after fixing the labels to allow merging.`)
+              if (hasInvalidLabels) {
+                core.setFailed(`PR blocked: Invalid labels detected: (${invalidLabels.join(', ')}). A maintainer must delete the blocking comment after fixing the labels to allow merging.`)
+              } else {
+                core.setFailed(`PR blocked: A previous blocking comment still exists. A maintainer must delete it to allow merging.`)
+              }
             }

.github/workflows/create-release-branch.yaml

@@ -38,7 +38,7 @@ jobs:
           echo "branch=release/${TAG%.0}.x" >> "$GITHUB_OUTPUT"
 
       - name: Checkout dd-trace-java at tag
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
         with:
           ref: ${{ steps.determine-tag.outputs.tag }}
 

.github/workflows/pin-system-tests.yaml

@@ -45,7 +45,7 @@ jobs:
           echo "base_branch=${BASE_BRANCH}" >> $GITHUB_OUTPUT
       
       - name: Checkout the repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: ${{ steps.define-base-branch.outputs.base_branch }}
 
@@ -92,7 +92,7 @@ jobs:
           echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
       
       - name: Push changes
-        uses: DataDog/commit-headless@583489e08d78037e7fa256c14adf998d5463f6a0 # action/v2.0.2
+        uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
         with:
           token: "${{ steps.octo-sts.outputs.token }}"
           branch: "${{ steps.define-branch.outputs.branch }}"