DataDog
diff --git a/‎.circleci/config.yml‎
Lines changed: 0 additions & 16 deletions b/‎.circleci/config.yml‎
Lines changed: 0 additions & 16 deletions
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 16 additions & 5 deletions b/‎.github/CODEOWNERS‎
Lines changed: 16 additions & 5 deletions
diff --git a/‎.github/chainguard/self.add-release-to-cloudfoundry.sts.yaml‎
Lines changed: 12 additions & 0 deletions b/‎.github/chainguard/self.add-release-to-cloudfoundry.sts.yaml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎.github/chainguard/self.gitlab.github-access.read.sts.yaml‎
Lines changed: 7 additions & 0 deletions b/‎.github/chainguard/self.gitlab.github-access.read.sts.yaml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.github/workflows/README.md‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/README.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/add-milestone-to-pull-requests.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/add-milestone-to-pull-requests.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/add-release-to-cloudfoundry.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/add-release-to-cloudfoundry.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/analyze-changes.yaml‎
Lines changed: 8 additions & 15 deletions b/‎.github/workflows/analyze-changes.yaml‎
Lines changed: 8 additions & 15 deletions
diff --git a/‎.github/workflows/check-pull-requests.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/check-pull-requests.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/comment-on-submodule-update.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/comment-on-submodule-update.yaml‎
Lines changed: 1 addition & 1 deletion
@@ -28,8 +28,10 @@
 /internal-api/src/test/groovy/datadog/trace/api/sampling        @DataDog/apm-sdk-api-java
 
 # @DataDog/apm-serverless
-/dd-trace-core/src/main/java/datadog/trace/lambda/ @DataDog/apm-serverless
-/dd-trace-core/src/test/groovy/datadog/trace/lambda/ @DataDog/apm-serverless
+/dd-trace-core/src/main/java/datadog/trace/lambda/              @DataDog/apm-serverless
+/dd-trace-core/src/test/groovy/datadog/trace/lambda/            @DataDog/apm-serverless
+**/InferredProxy*.java                                          @DataDog/apm-serverless
+**/InferredProxy*.groovy                                        @DataDog/apm-serverless
 
 # @DataDog/apm-lang-platform-java
 /.circleci/                            @DataDog/apm-lang-platform-java
@@ -45,6 +47,7 @@
 # @DataDog/asm-java (AppSec/IAST)
 /buildSrc/call-site-instrumentation-plugin/                     @DataDog/asm-java
 /dd-java-agent/agent-iast/                                      @DataDog/asm-java
+/dd-java-agent/appsec/appsec-test-fixtures/                     @DataDog/asm-java
 /dd-java-agent/instrumentation/*iast*                           @DataDog/asm-java
 /dd-java-agent/instrumentation/*appsec*                         @DataDog/asm-java
 /dd-java-agent/instrumentation/json/                            @DataDog/asm-java
@@ -54,7 +57,7 @@
 /dd-smoke-tests/iast-util/                                      @DataDog/asm-java
 /dd-smoke-tests/spring-security/                                @DataDog/asm-java
 /dd-java-agent/instrumentation/commons-fileupload/              @DataDog/asm-java
-/dd-java-agent/instrumentation/spring-security-5/               @DataDog/asm-java
+/dd-java-agent/instrumentation/spring/spring-security/          @DataDog/asm-java
 /dd-trace-api/src/main/java/datadog/trace/api/EventTracker.java @DataDog/asm-java
 /internal-api/src/main/java/datadog/trace/api/gateway/          @DataDog/asm-java
 **/appsec/                                                      @DataDog/asm-java
@@ -87,15 +90,17 @@
 /dd-java-agent/instrumentation/maven-surefire/      @DataDog/ci-app-libraries-java
 /dd-java-agent/instrumentation/weaver/              @DataDog/ci-app-libraries-java
 /dd-smoke-tests/gradle/                             @DataDog/ci-app-libraries-java
+/dd-smoke-tests/junit-console/                      @DataDog/ci-app-libraries-java
 /dd-smoke-tests/maven/                              @DataDog/ci-app-libraries-java
 /internal-api/src/main/java/datadog/trace/api/git/  @DataDog/ci-app-libraries-java
 **/civisibility/                                    @DataDog/ci-app-libraries-java
 **/CiVisibility*.java                               @DataDog/ci-app-libraries-java
 **/CiVisibility*.groovy                             @DataDog/ci-app-libraries-java
 
 # @DataDog/debugger-java (Live Debugger)
-/dd-java-agent/agent-debugger/               @DataDog/debugger-java
-/dd-smoke-tests/debugger-integration-tests/  @DataDog/debugger-java
+/dd-java-agent/agent-debugger/                          @DataDog/debugger-java
+/dd-smoke-tests/debugger-integration-tests/             @DataDog/debugger-java
+/internal-api/src/main/java/datadog/trace/api/debugger/ @DataDog/debugger-java
 
 # @DataDog/data-jobs-monitoring
 /dd-java-agent/instrumentation/spark/           @DataDog/data-jobs-monitoring
@@ -128,3 +133,9 @@ dd-trace-api/src/main/java/datadog/trace/api/llmobs/ @DataDog/ml-observability
 dd-java-agent/agent-llmobs/                          @DataDog/ml-observability
 dd-trace-core/src/main/java/datadog/trace/llmobs/    @DataDog/ml-observability
 dd-trace-core/src/test/groovy/datadog/trace/llmobs/  @DataDog/ml-observability
+
+# @DataDog/rum
+/internal-api/src/main/java/datadog/trace/api/rum/   @DataDog/rum
+/internal-api/src/test/groovy/datadog/trace/api/rum/ @DataDog/rum
+/telemetry/src/main/java/datadog/telemetry/rum/      @DataDog/rum
+/telemetry/src/test/groovy/datadog/telemetry/rum/    @DataDog/rum
@@ -0,0 +1,12 @@
+issuer: https://token.actions.githubusercontent.com
+
+subject: repo:DataDog/dd-trace-java:ref:refs/heads/master
+
+claim_pattern:
+  event_name: release
+  ref: refs/heads/master
+  ref_protected: "true"
+  job_workflow_ref: DataDog/dd-trace-java/\.github/workflows/add-release-to-cloudfoundry\.yaml@refs/heads/master
+
+permissions:
+  contents: write
@@ -0,0 +1,7 @@
+issuer: https://gitlab.ddbuild.io
+
+subject_pattern: "project_path:DataDog/apm-reliability/dd-trace-java:ref_type:(branch|tag):ref:.*"
+
+permissions:
+  contents: read
+
@@ -151,8 +151,9 @@ find .github/workflows -name "*.yaml" -exec  awk '/uses:/{print $2 ","}' {} \; |
 ## Testing
 
 Workflows can be locally tested using the [`act` CLI](https://github.com/nektos/act/).
+Docker and [GiHub CLI](https://cli.github.com/) need also to be installed.
 The [.github/workflows/tests/](./tests) folder contains test scripts and event payloads to locally trigger workflows.
 
 > [!WARNING]
-> Locally running workflows will still query GitHub backend and will update the GitHub project accordingly.
+> Local workflow tests run against the repository and will potentially alter existing issues, milestones and releases.  
 > Pay extra attention to the workflow jobs you trigger to not create development disruption.
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Add milestone to merged pull requests
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0
         with:
           retries: 3
           retry-exempt-status-codes: 400,401
 
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout "cloudfoundry" branch
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
         with:
           ref: cloudfoundry
       - name: Get release version
 
@@ -3,9 +3,6 @@ name: Analyze changes
 on:
   push:
     branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
 
 # Cancel long-running jobs when a new commit is pushed
 concurrency:
@@ -15,8 +12,6 @@ concurrency:
 jobs:
   codeql:
     name: Analyze changes with GitHub CodeQL
-    # Don’t run on PR, only when pushing to master
-    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -25,12 +20,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
         with:
           submodules: 'recursive'
 
       - name: Cache Gradle dependencies
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ~/.gradle/caches
@@ -40,7 +35,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -57,12 +52,10 @@ jobs:
             --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5
 
   trivy:
     name: Analyze changes with Trivy
-    # Don’t run on PR, only when pushing to master
-    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -71,12 +64,12 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
         with:
           submodules: 'recursive'
 
       - name: Cache Gradle dependencies
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
         with:
           path: |
             ~/.gradle/caches
@@ -109,7 +102,7 @@ jobs:
           ls -laR "./workspace/.trivy"
 
       - name: Run Trivy security scanner
-        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
         with:
           scan-type: rootfs
           scan-ref: './workspace/.trivy/'
@@ -122,7 +115,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+        uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'
 
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check pull requests
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
 
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Post comment on submodule update
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |