Merge branch 'master' into dougqh/collection-benchmarks

Author: dougqh

.claude/skills/migrate-groovy-to-java/SKILL.md

@@ -5,16 +5,19 @@ description: migrate test groovy files to java
 
 Migrate test Groovy files to Java using JUnit 5
 
-1. List all groovy files of the current gradle module
-2. convert groovy files to Java using Junit 5
-3. make sure the tests are still passing after migration
-4. remove groovy files
+1. List all Groovy files of the current Gradle module
+2. Convert Groovy files to Java using JUnit 5
+3. Make sure the tests are still passing after migration and that the test count has not changed
+4. Remove Groovy files
+5. Add the migrated module path(s) to `.github/g2j-migrated-modules.txt`
 
-When converting groovy code to java code make sure that:
-- the Java code generated is compatible with JDK 8
-- when translating Spock test, favor using `@CsvSource` with `|` delimiters
-- when using a `@MethodSource`, use the test method name, and suffix it with `_arguments`
-- when converting tuples, create light dedicated structure instead to keep the typing system
+When converting Groovy code to Java code, make sure that:
+- The Java code generated is compatible with JDK 8
+- When translating Spock tests, favor using `@CsvSource` with `|` delimiters
+- When using `@MethodSource`, name the arguments method by appending `Arguments` using camelCase to the test method name (e.g. `testMethodArguments`) and return a `Stream` of arguments using `Stream.of(...)` and `arguments(...)` with static import.
+- Ensure parameterized test names are human-readable (i.e. no hashcodes); instead add a description string as the first `Arguments.arguments(...)` value or index the test case
+- When converting tuples, create a light dedicated structure instead to keep the typing system
 - Instead of checking a state and throwing an exception, use JUnit asserts
-- Do not wrap checked exception and throwing a Runtime exception, prefer adding a throws clause at method declaration
+- Do not wrap checked exceptions and throw a Runtime exception; prefer adding a throws clause at method declaration
 - Do not mark local variables `final`
+- Ensure variables are human-readable; avoid single-letter names and pre-define variables that are referenced multiple times

.github/chainguard/self.pin-system-tests.create-pr.sts.yaml

@@ -5,7 +5,7 @@ subject_pattern: repo:DataDog/dd-trace-java:ref:refs/(heads/master|tags/v\d+\.\d
 claim_pattern:
   event_name: (workflow_dispatch|push)
   ref: refs/(heads/master|tags/v\d+\.\d+\.0)
-  job_workflow_ref: DataDog/dd-trace-java/\.github/workflows/create-release-branch\.yaml@refs/heads/master
+  job_workflow_ref: DataDog/dd-trace-java/\.github/workflows/create-release-branch\.yaml@refs/(heads/master|tags/v\d+\.\d+\.0)
 
 permissions:
   contents: write

.github/g2j-migrated-modules.txt

@@ -0,0 +1,9 @@
+# This file lists modules that have been migrated from Groovy to Java / JUnit 5.
+# New *.groovy files under any src/<*test*>/groovy/ path
+# in these modules will fail the 'enforce-groovy-migration' PR check.
+#
+# After a module is migrated, add it on a new line here.
+# Use the filesystem path prefix as seen below.
+
+buildSrc/call-site-instrumentation-plugin
+components/json

.github/workflows/README.md

@@ -123,6 +123,19 @@ _Action:_
 
 _Recovery:_ Check at the milestone for the related issues and update them manually.
 
+### enforce-groovy-migration [🔗](enforce-groovy-migration.yaml)
+
+_Trigger:_ When creating or updating a pull request targeting `master`, or when labels are updated.
+
+_Actions:_
+
+* Fail the PR if a new Groovy test file is added to a module listed in [`.github/g2j-migrated-modules.txt`](../g2j-migrated-modules.txt) (hard enforcement),
+* Post a warning comment on the PR if a new Groovy test file is added to any other non-exempt module (soft warning). Instrumentation (`dd-java-agent/instrumentation/`) and smoke-test (`dd-smoke-tests/`) modules are exempt from this warning.
+
+_Recovery:_ Re-write the Groovy test files in Java / JUnit 5. To override this check entirely, add the `tag: override-groovy-enforcement` label to the PR. Remove the label to re-enable enforcement.
+
+_Notes:_ The migrated modules list is always read from `master`. Add a new entry to `.github/g2j-migrated-modules.txt` each time a module is migrated to Java / JUnit 5.
+
 ## Code Quality and Security
 
 ### analyze-changes [🔗](analyze-changes.yaml)

.github/workflows/analyze-changes.yaml

@@ -30,7 +30,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
+        uses: github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -39,17 +39,11 @@ jobs:
         env:
           ORG_GRADLE_PROJECT_akkaRepositoryToken: ${{ secrets.AKKA_REPO_TOKEN }}
         run: |
-          GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx3G -Xms2G'" \
-          JAVA_HOME=$JAVA_HOME_8_X64 \
-          JAVA_8_HOME=$JAVA_HOME_8_X64 \
-          JAVA_11_HOME=$JAVA_HOME_11_X64 \
-          JAVA_17_HOME=$JAVA_HOME_17_X64 \
-          JAVA_21_HOME=$JAVA_HOME_21_X64 \
-          ./gradlew clean :dd-java-agent:shadowJar \
-            --build-cache --parallel --stacktrace --no-daemon --max-workers=4
+          GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xms2G -Xmx3G'" \
+          ./gradlew clean :dd-java-agent:shadowJar --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
+        uses: github/codeql-action/analyze@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
 
   trivy:
     name: Analyze changes with Trivy
@@ -85,14 +79,8 @@ jobs:
         env:
           ORG_GRADLE_PROJECT_akkaRepositoryToken: ${{ secrets.AKKA_REPO_TOKEN }}
         run: |
-          GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xmx3G -Xms2G'" \
-          JAVA_HOME=$JAVA_HOME_8_X64 \
-          JAVA_8_HOME=$JAVA_HOME_8_X64 \
-          JAVA_11_HOME=$JAVA_HOME_11_X64 \
-          JAVA_17_HOME=$JAVA_HOME_17_X64 \
-          JAVA_21_HOME=$JAVA_HOME_21_X64 \
-          ./gradlew clean publishToMavenLocal \
-            --build-cache --parallel --stacktrace --no-daemon --max-workers=4
+          GRADLE_OPTS="-Dorg.gradle.jvmargs='-Xms2G -Xmx3G'" \
+          ./gradlew clean publishToMavenLocal --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Copy published artifacts
         run: |
@@ -101,7 +89,7 @@ jobs:
           ls -laR "./workspace/.trivy"
 
       - name: Run Trivy security scanner
-        uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # v0.34.1
+        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
         with:
           scan-type: rootfs
           scan-ref: './workspace/.trivy/'
@@ -114,7 +102,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
+        uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/enforce-groovy-migration.yaml

@@ -0,0 +1,169 @@
+name: Enforce Groovy Migration
+on:
+  pull_request:
+    types: [opened, edited, ready_for_review, labeled, unlabeled, synchronize]
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  enforce_groovy_migration:
+    name: Enforce Groovy migration
+    permissions:
+      issues: write # Required to create a comment on the pull request
+      pull-requests: write # Required to create a comment on the pull request
+      contents: read # Required to read migrated modules file
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check for Groovy regressions
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            // Skip draft pull requests
+            if (context.payload.pull_request.draft) {
+              return
+            }
+
+            // Check for override label — skip all checks if label present
+            const labels = context.payload.pull_request.labels.map(l => l.name)
+            if (labels.includes('tag: override-groovy-enforcement')) {
+              console.log('tag: override-groovy-enforcement label detected — skipping all checks.')
+              return
+            }
+
+            // Read migrated modules list from master
+            const migratedMods = await github.rest.repos.getContent({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              path: '.github/g2j-migrated-modules.txt',
+              ref: 'master'
+            })
+            const migratedPrefixes = Buffer.from(migratedMods.data.content, 'base64')
+              .toString()
+              .split('\n')
+              .map(l => l.trim())
+              .filter(l => l && !l.startsWith('#'))
+
+            // Get all files changed in this PR
+            const allFiles = await github.paginate(github.rest.pulls.listFiles, {
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.payload.pull_request.number
+            })
+
+            // Filter these changed files to newly added Groovy files in any test source set
+            const addedGroovy = allFiles.filter(f =>
+              f.status === 'added' &&
+              /\/src\/[^/]*[tT]est[^/]*\/groovy\/.*\.groovy$/.test(f.filename)
+            )
+
+            // Extract module prefix from file path (everything before /src/(test|testFixtures)/groovy/)
+            const moduleOf = path => {
+              const m = path.match(/^(.*?)\/src\/(test|testFixtures)\/groovy\//)
+              return m ? m[1] : null
+            }
+
+            // Classify each added Groovy file
+            const regressions = []
+            const warnings = []
+            for (const file of addedGroovy) {
+              const path = file.filename
+              const mod = moduleOf(path)
+              if (migratedPrefixes.some(prefix => path.startsWith(prefix + '/'))) {
+                regressions.push({ path, mod })
+              } else if (
+                path.startsWith('dd-java-agent/instrumentation/') ||
+                path.startsWith('dd-smoke-tests/')
+              ) {
+                // ignore Groovy file additions to instrumentations and smoke-tests for now
+              } else {
+                warnings.push({ path, mod })
+              }
+            }
+
+            // Fetch existing comments once
+            const comments = await github.rest.issues.listComments({
+              issue_number: context.payload.pull_request.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo
+            })
+
+            const regressionMarker = '<!-- dd-trace-java-groovy-regression -->'
+            const warningMarker = '<!-- dd-trace-java-groovy-warning -->'
+            const existingRegressionComment = comments.data.find(c => c.body.includes(regressionMarker))
+            const existingWarningComment = comments.data.find(c => c.body.includes(warningMarker))
+
+            // Handle regression comment
+            if (regressions.length > 0) {
+              const fileList = regressions
+                .map(({ path, mod }) => `- \`${path}\` (module: \`${mod}\`)`)
+                .join('\n')
+              const body = `**❌ Groovy Test Regression Detected**\n\n` +
+                `The following files add Groovy tests to modules that have been fully migrated to Java / JUnit 5:\n\n` +
+                `${fileList}\n\n` +
+                `These modules no longer accept Groovy test files. Please rewrite the test in Java / JUnit 5 instead.\n\n` +
+                regressionMarker
+              if (existingRegressionComment) {
+                await github.rest.issues.updateComment({
+                  comment_id: existingRegressionComment.id,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  body
+                })
+              } else {
+                await github.rest.issues.createComment({
+                  issue_number: context.payload.pull_request.number,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  body
+                })
+              }
+            } else if (existingRegressionComment) {
+              await github.rest.issues.deleteComment({
+                comment_id: existingRegressionComment.id,
+                owner: context.repo.owner,
+                repo: context.repo.repo
+              })
+            }
+
+            // Handle warning comment
+            if (warnings.length > 0) {
+              const fileList = warnings
+                .map(({ path, mod }) => `- \`${path}\` (module: \`${mod}\`)`)
+                .join('\n')
+              const body = `**⚠️ New Groovy Test Files Added**\n\n` +
+                `The following files add Groovy tests to modules that are candidates for migration to Java / JUnit 5:\n\n` +
+                `${fileList}\n\n` +
+                `Consider writing these tests in Java / JUnit 5 instead to help with the ongoing migration effort.\n\n` +
+                warningMarker
+              if (existingWarningComment) {
+                await github.rest.issues.updateComment({
+                  comment_id: existingWarningComment.id,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  body
+                })
+              } else {
+                await github.rest.issues.createComment({
+                  issue_number: context.payload.pull_request.number,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  body
+                })
+              }
+            } else if (existingWarningComment) {
+              await github.rest.issues.deleteComment({
+                comment_id: existingWarningComment.id,
+                owner: context.repo.owner,
+                repo: context.repo.repo
+              })
+            }
+
+            // Fail the check if there are regressions
+            if (regressions.length > 0) {
+              core.setFailed(`${regressions.length} Groovy regression(s) detected in migrated module(s). See PR comment for details. To skip this check entirely, add the 'tag: override-groovy-enforcement' label.`)
+            }

.github/workflows/run-system-tests.yaml

@@ -53,7 +53,7 @@ jobs:
             --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Upload artifact
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
         with:
           name: binaries
           path: workspace/dd-java-agent/build/libs/

.gitignore

@@ -60,6 +60,7 @@ out/
 
 # Others #
 ##########
+/dumps
 /logs/*
 /bin
 /out

.gitlab/ci_visibility_generate_job.sh

@@ -42,7 +42,19 @@ if [ -z "$pr_number" ]; then
   exit 0
 fi
 
-echo "PR #${pr_number} found, checking labels..."
+echo "PR #${pr_number} found, checking target branch..."
+set +e
+base_branch=$(gh pr view "$pr_number" --repo DataDog/dd-trace-java --json baseRefName --jq '.baseRefName' 2>&1)
+base_branch_status=$?
+set -e
+
+if [ $base_branch_status -eq 0 ] && [[ "$base_branch" == release/* ]]; then
+  echo "PR #$pr_number targets release branch '$base_branch' - skipping trigger"
+  add_dummy_job
+  exit 0
+fi
+
+echo "Checking labels..."
 set +e
 labels=$(gh pr view "$pr_number" --repo DataDog/dd-trace-java --json labels --jq '.labels[].name' 2>&1)
 labels_status=$?