Merge branch 'master' into brian.marks/fix-synapse-instrumentation-bugs

Author: jordan-wong

.claude/skills/migrate-groovy-to-java/SKILL.md

@@ -32,10 +32,6 @@ When converting Groovy code to Java code, make sure that:
 - When translating Spock `Mock(...)` usage, use `libs.bundles.mockito` instead of writing manual recording/stub implementations
 
 TableTest usage
-  Dependency, if missing add:
-    - Groovy: testImplementation libs.tabletest
-    - Kotlin: testImplementation(libs.tabletest)
-
   Import: `import org.tabletest.junit.TableTest;`
 
   JDK 8 rules:

.claude/skills/migrate-junit-source-to-tabletest/SKILL.md

@@ -11,11 +11,6 @@ Process (do in this order):
 4) Write each modified file once in full using Write (no incremental per-test edits).
 5) Run module tests once and verify "BUILD SUCCESSFUL". If failed, inspect JUnit XML report.
 
-Dependency:
-- If missing, add:
-  - Groovy: testImplementation libs.tabletest
-  - Kotlin: testImplementation(libs.tabletest)
-
 Import: `import org.tabletest.junit.TableTest;`
 
 JDK 8 rules:
@@ -34,6 +29,7 @@ Table formatting rules (mandatory):
 - Use '|' as delimiter.
 - Align columns with spaces so pipes line up vertically.
 - Prefer single quotes for strings requiring quotes (e.g., 'a|b', '[]', '{}', ' ').
+- Use value sets (`{a, b, c}`) instead of matrix-style repetition when only one dimension varies across otherwise-identical rows.
 
 Conversions:
 A) @CsvSource
@@ -42,7 +38,8 @@ A) @CsvSource
 - If delimiter is ',' (default): replace ',' with '|' in rows.
 
 B) @ValueSource
-- Convert to @TableTest with header from parameter name.
+- Keep single-parameter tests on `@ValueSource` (and `@NullSource` when null cases are needed).
+- Otherwise convert to @TableTest with header from parameter name.
 - Each value becomes one row.
 - Add "scenario" column using common sense for name.
 
@@ -60,6 +57,11 @@ C) @MethodSource (convert only if values are representable as strings)
 - '' = empty string.
 - For String params that start with '[' or '{', quote to avoid collection parsing (prefer '[]'/'{}').
 
+D) @TypeConverter
+- Use `@TypeConverter` for symbolic constants used by migrated table rows (e.g. `Long.MAX_VALUE`, `DDSpanId.MAX`).
+- Prefer explicit one-case-one-return mappings.
+- Prefer shared converter utilities (e.g. in `utils/test-utils`) when reuse across modules is likely.
+
 Scenario handling:
 - If MethodSource includes a leading description string OR @ParameterizedTest(name=...) uses {0}, convert that to a scenario column and remove that parameter from method signature.
 

.github/CODEOWNERS

@@ -45,10 +45,14 @@
 /internal-api/src/test/groovy/datadog/trace/api/sampling        @DataDog/apm-sdk-capabilities-java
 
 # @DataDog/apm-serverless
-/dd-trace-core/src/main/java/datadog/trace/lambda/              @DataDog/apm-serverless
-/dd-trace-core/src/test/groovy/datadog/trace/lambda/            @DataDog/apm-serverless
-**/InferredProxy*.java                                          @DataDog/apm-serverless
-**/InferredProxy*.groovy                                        @DataDog/apm-serverless
+/dd-java-agent/instrumentation/aws-java/aws-java-lambda-handler-1.2/    @DataDog/apm-serverless
+/dd-java-agent/instrumentation/azure-functions/                         @DataDog/apm-serverless
+/dd-java-agent/instrumentation/azure-functions-1.2.2/                   @DataDog/apm-serverless
+/dd-trace-core/src/main/java/datadog/trace/lambda/                      @DataDog/apm-serverless
+/dd-trace-core/src/test/groovy/datadog/trace/lambda/                    @DataDog/apm-serverless
+/utils/container-utils/                                                 @DataDog/apm-serverless
+**/InferredProxy*.java                                                  @DataDog/apm-serverless
+**/InferredProxy*.groovy                                                @DataDog/apm-serverless
 
 # @DataDog/apm-lang-platform-java
 /.github/                               @DataDog/apm-lang-platform-java
@@ -188,5 +192,6 @@
 # @DataDog/rum
 /internal-api/src/main/java/datadog/trace/api/rum/   @DataDog/rum
 /internal-api/src/test/groovy/datadog/trace/api/rum/ @DataDog/rum
+/dd-smoke-tests/rum/                                 @DataDog/rum
 /telemetry/src/main/java/datadog/telemetry/rum/      @DataDog/rum
 /telemetry/src/test/groovy/datadog/telemetry/rum/    @DataDog/rum

.github/dependabot.yml

@@ -1,37 +1,38 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
 # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
 updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
+  - package-ecosystem: github-actions
+    directory: /
     schedule:
-      interval: "weekly"
+      interval: weekly
     labels:
-      - "comp: tooling"
-      - "tag: dependencies"
-      - "tag: no release notes"
+      - 'comp: tooling'
+      - 'tag: dependencies'
+      - 'tag: no release notes'
     commit-message:
-      prefix: "chore(ci): "
+      prefix: 'chore(ci): '
     groups:
       gh-actions-packages:
         patterns:
-          - "*"
+          - '*'
+    cooldown:
+      default-days: 2
 
-  - package-ecosystem: "gradle"
-    directory: "/"
+  - package-ecosystem: gradle
+    directory: /
     schedule:
-      interval: "weekly"
+      interval: weekly
     allow:
-      - dependency-name: "gradle"
+      - dependency-name: gradle
     ignore:
-      - dependency-name: "gradle"
-        update-types: ["version-update:semver-major"]
+      - dependency-name: gradle
+        update-types:
+          - version-update:semver-major
     labels:
-      - "comp: tooling"
-      - "tag: dependencies"
-      - "tag: no release notes"
+      - 'comp: tooling'
+      - 'tag: dependencies'
+      - 'tag: no release notes'
     commit-message:
-      prefix: "chore(build): "
+      prefix: 'chore(build): '
+    cooldown:
+      default-days: 2

.github/workflows/analyze-changes.yaml

@@ -20,7 +20,7 @@ jobs:
         with:
           submodules: 'recursive'
       - name: Cache Gradle dependencies
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.gradle/caches
@@ -30,7 +30,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -43,7 +43,7 @@ jobs:
           ./gradlew clean :dd-java-agent:shadowJar --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
 
   trivy:
     name: Analyze changes with Trivy
@@ -60,7 +60,7 @@ jobs:
           submodules: 'recursive'
 
       - name: Cache Gradle dependencies
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.gradle/caches
@@ -102,7 +102,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/create-release-branch.yaml

@@ -69,7 +69,7 @@ jobs:
       contents: write
       id-token: write # required for OIDC token federation
     steps:
-      - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+      - uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
         id: octo-sts
         with:
           scope: DataDog/dd-trace-java
@@ -119,7 +119,7 @@ jobs:
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git commit -m "chore: Pin system-tests for release branch" .github/workflows/run-system-tests.yaml
+          git commit -m "chore: Pin system-tests for release branch" .github/workflows/run-system-tests.yaml .gitlab-ci.yml
           echo "commit=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
       
       - name: Push changes

.github/workflows/enforce-datadog-merge-queue.yaml

@@ -21,7 +21,7 @@ jobs:
           exit 1
       - name: Get OIDC token
         if: github.event.action == 'enqueued'
-        uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+        uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
         id: octo-sts
         with:
           scope: DataDog/dd-trace-java

.github/workflows/enforce-groovy-migration.yaml

@@ -4,6 +4,7 @@ on:
     types: [opened, edited, ready_for_review, labeled, unlabeled, synchronize]
     branches:
       - master
+      - 'release/v*'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/run-system-tests.yaml

@@ -30,7 +30,7 @@ jobs:
           fetch-depth: 0
 
       - name: Cache Gradle dependencies
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.gradle/caches
@@ -62,23 +62,21 @@ jobs:
     needs:
     - build
     # If you change the following comment, update the pattern in the update_system_test_reference.sh script to match.
-    uses: DataDog/system-tests/.github/workflows/system-tests.yml@main # system tests are pinned for releases only
-    secrets:
-      TEST_OPTIMIZATION_API_KEY: ${{ secrets.DATADOG_API_KEY_PROD }}
+    uses: DataDog/system-tests/.github/workflows/system-tests.yml@main # system tests are pinned on release branches only
     permissions:
       contents: read
       id-token: write
       packages: write
     with:
       library: java
        # If you change the following comment, update the pattern in the update_system_test_reference.sh script to match.
-      ref: main # system tests are pinned for releases only
+      ref: "main" # system tests are pinned on release branches only
       binaries_artifact: binaries
       desired_execution_time: 900  # 15 minutes
       scenarios_groups: tracer-release
       excluded_scenarios: APM_TRACING_E2E_OTEL,APM_TRACING_E2E_SINGLE_SPAN,PROFILING  # exclude flaky scenarios
       skip_empty_scenarios: true
-      push_to_test_optimization: true
+      push_to_test_optimization: false # disabled to avoid pushing to Test Optimization while API key is transitioning to system-tests
 
   # Ensure the main job is run to completion
   check:

.github/workflows/update-gradle-dependencies.yaml

@@ -12,7 +12,7 @@ jobs:
       contents: read
       id-token: write # Required for OIDC token federation
     steps:
-      - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+      - uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
         id: octo-sts
         with:
           scope: DataDog/dd-trace-java