Merge branch 'dougqh/cache-primary-instrumentation-name' of github.com:DataDog/dd-trace-java into dougqh/cache-primary-instrumentation-name

Author: dougqh

.claude/CLAUDE.md

@@ -0,0 +1,5 @@
+@../AGENTS.md
+
+## Claude Code workflow
+
+- Before creating a pull request, run `/techdebt` to check for technical debt, code duplication, and unnecessary complexity in the branch changes.

.claude/skills/migrate-groovy-to-java/SKILL.md

@@ -0,0 +1,20 @@
+---
+name: migrate-groovy-to-java
+description: migrate test groovy files to java
+---
+
+Migrate test Groovy files to Java using JUnit 5
+
+1. List all groovy files of the current gradle module
+2. convert groovy files to Java using Junit 5
+3. make sure the tests are still passing after migration
+4. remove groovy files
+
+When converting groovy code to java code make sure that:
+- the Java code generated is compatible with JDK 8
+- when translating Spock test, favor using `@CsvSource` with `|` delimiters
+- when using a `@MethodSource`, use the test method name, and suffix it with `_arguments`
+- when converting tuples, create light dedicated structure instead to keep the typing system
+- Instead of checking a state and throwing an exception, use JUnit asserts
+- Do not wrap checked exception and throwing a Runtime exception, prefer adding a throws clause at method declaration
+- Do not mark local variables `final`

.github/CODEOWNERS

@@ -98,26 +98,26 @@
 **/*Waf*.java                                                   @DataDog/asm-java
 **/*Waf*.groovy                                                 @DataDog/asm-java
 
-# @DataDog/ci-app-libraries-java
-/dd-java-agent/agent-ci-visibility/                 @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/cucumber-5.4/        @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/jacoco-0.8.9/        @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/junit                @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/karate/              @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/scalatest-3.0.8/     @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/selenium/            @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/testng/              @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/gradle/              @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/gradle-testing/      @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/maven                @DataDog/ci-app-libraries-java
-/dd-java-agent/instrumentation/weaver-0.9/          @DataDog/ci-app-libraries-java
-/dd-smoke-tests/gradle/                             @DataDog/ci-app-libraries-java
-/dd-smoke-tests/junit-console/                      @DataDog/ci-app-libraries-java
-/dd-smoke-tests/maven/                              @DataDog/ci-app-libraries-java
-/internal-api/src/main/java/datadog/trace/api/git/  @DataDog/ci-app-libraries-java
-**/civisibility/                                    @DataDog/ci-app-libraries-java
-**/CiVisibility*.java                               @DataDog/ci-app-libraries-java
-**/CiVisibility*.groovy                             @DataDog/ci-app-libraries-java
+# @DataDog/ci-app-libraries
+/dd-java-agent/agent-ci-visibility/                 @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/cucumber-5.4/        @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/jacoco-0.8.9/        @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/junit                @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/karate/              @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/scalatest-3.0.8/     @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/selenium/            @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/testng/              @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/gradle/              @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/gradle-testing/      @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/maven                @DataDog/ci-app-libraries
+/dd-java-agent/instrumentation/weaver-0.9/          @DataDog/ci-app-libraries
+/dd-smoke-tests/gradle/                             @DataDog/ci-app-libraries
+/dd-smoke-tests/junit-console/                      @DataDog/ci-app-libraries
+/dd-smoke-tests/maven/                              @DataDog/ci-app-libraries
+/internal-api/src/main/java/datadog/trace/api/git/  @DataDog/ci-app-libraries
+**/civisibility/                                    @DataDog/ci-app-libraries
+**/CiVisibility*.java                               @DataDog/ci-app-libraries
+**/CiVisibility*.groovy                             @DataDog/ci-app-libraries
 
 # @DataDog/debugger-java (Live Debugger)
 /dd-java-agent/agent-debugger/                                  @DataDog/debugger-java

.github/chainguard/self.enforce-datadog-merge-queue.comment-pr.sts.yaml

@@ -0,0 +1,11 @@
+issuer: https://token.actions.githubusercontent.com
+
+subject: repo:DataDog/dd-trace-java:pull_request
+
+claim_pattern:
+  event_name: pull_request
+  job_workflow_ref: DataDog/dd-trace-java/\.github/workflows/enforce-datadog-merge-queue\.yaml@refs/pull/[0-9]+/merge
+
+permissions:
+  issues: write
+  pull_requests: write

.github/dependabot.yml

@@ -19,3 +19,19 @@ updates:
       gh-actions-packages:
         patterns:
           - "*"
+
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    allow:
+      - dependency-name: "gradle"
+    ignore:
+      - dependency-name: "gradle"
+        update-types: ["version-update:semver-major"]
+    labels:
+      - "comp: tooling"
+      - "tag: dependencies"
+      - "tag: no release notes"
+    commit-message:
+      prefix: "chore(build): "

.github/pull_request_template.md

@@ -6,15 +6,17 @@
 
 # Contributor Checklist
 
-- Format the title [according the contribution guidelines](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#title-format)
-- Assign the `type:` and (`comp:` or `inst:`) labels in addition to [any useful labels](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#labels)
-- Don't use `close`, `fix` or any [linking keywords](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) when referencing an issue.  
+- Format the title according to [the contribution guidelines](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#title-format)
+- Assign the `type:` and (`comp:` or `inst:`) labels in addition to [any other useful labels](https://github.com/DataDog/dd-trace-java/blob/master/CONTRIBUTING.md#labels)
+- Avoid using `close`, `fix`, or [any linking keywords](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword) when referencing an issue  
   Use `solves` instead, and assign the PR [milestone](https://github.com/DataDog/dd-trace-java/milestones) to the issue
-- Update the [CODEOWNERS](https://github.com/DataDog/dd-trace-java/blob/master/.github/CODEOWNERS) file on source file addition, move, or deletion
-- Update the [public documentation](https://docs.datadoghq.com/tracing/trace_collection/library_config/java/) in case of new configuration flag or behavior
+- Update the [CODEOWNERS](https://github.com/DataDog/dd-trace-java/blob/master/.github/CODEOWNERS) file on source file addition, migration, or deletion
+- Update [public documentation](https://docs.datadoghq.com/tracing/trace_collection/library_config/java/) with any new configuration flags or behaviors
 
 Jira ticket: [PROJ-IDENT]
 
+***Note:*** **Once your PR is ready to merge, add it to the merge queue by commenting `/merge`.** `/merge -c` cancels the queue request. `/merge -f --reason "reason"` skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see [this doc](https://datadoghq.atlassian.net/wiki/spaces/DEVX/pages/3121612126/MergeQueue).
+
 <!--
 # Opening vs Drafting a PR:
 When opening a pull request, please open it as a draft to not auto assign reviewers before you feel the pull request is in a reviewable state.

.github/workflows/README.md

@@ -36,6 +36,19 @@ _Action:_ Check the pull request did not introduce unexpected label.
 
 _Recovery:_ Update the pull request or add a comment to trigger the action again.
 
+### enforce-datadog-merge-queue [🔗](enforce-datadog-merge-queue.yaml)
+
+_Trigger:_ When creating or updating a pull request, or when a pull request is added to GitHub merge queue.
+
+_Actions:_
+
+* Pass the `Merge queue check` status check on pull requests so they remain in a mergeable state,
+* When a pull request is enqueued in GitHub merge queue, post a `/merge` comment to trigger the Datadog merge queue,
+* Fail the `Merge queue check` status check on merge groups to prevent GitHub from merging directly.
+
+_Recovery:_ The workflow is expected to fail to block GitHub merge queue.
+This redirects GitHub's "Merge when ready" button to the Datadog merge queue system.
+
 ### create-release-branch [🔗](create-release-branch.yaml)
 
 _Trigger:_ When a git tag matching the pattern "vM.N.0" is pushed (e.g. for a minor release).

.github/workflows/analyze-changes.yaml

@@ -30,7 +30,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1
+        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -49,7 +49,7 @@ jobs:
             --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1
+        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
 
   trivy:
     name: Analyze changes with Trivy
@@ -101,7 +101,7 @@ jobs:
           ls -laR "./workspace/.trivy"
 
       - name: Run Trivy security scanner
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
         with:
           scan-type: rootfs
           scan-ref: './workspace/.trivy/'
@@ -114,7 +114,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1
+        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/check-pull-request-labels.yaml

@@ -31,6 +31,7 @@ jobs:
               'inst:',
               'tag:',
               'mergequeue-status:',
+              'team:',
               'performance:',  // To refactor to 'ci: ' in the future
               'run-tests:'     // Unused since GitLab migration
             ]
@@ -55,7 +56,7 @@ jobs:
                 '**This PR is blocked until:**\n' +
                 '1. The invalid labels are deleted, and\n' +
                 '2. A maintainer deletes this comment to unblock the PR\n\n' +
-                '**Note:** Simply removing labels from the pull request is not enough - a maintainer must remove the label and delete this comment to remove the block.\n\n' +
+                '**Note:** Simply removing labels from the pull request is not enough - a maintainer must delete this comment then remove the label to remove the block.\n\n' +
                 commentMarker
 
               if (blockingComment) {
@@ -79,5 +80,9 @@ jobs:
             }
             if (blockingComment) {
               // Block the PR by failing the workflow
-              core.setFailed(`PR blocked: Invalid labels detected: (${invalidLabels.join(', ')}). A maintainer must delete the blocking comment after fixing the labels to allow merging.`)
+              if (hasInvalidLabels) {
+                core.setFailed(`PR blocked: Invalid labels detected: (${invalidLabels.join(', ')}). A maintainer must delete the blocking comment after fixing the labels to allow merging.`)
+              } else {
+                core.setFailed(`PR blocked: A previous blocking comment still exists. A maintainer must delete it to allow merging.`)
+              }
             }

.github/workflows/enforce-datadog-merge-queue.yaml

@@ -0,0 +1,40 @@
+name: Enforce Datadog Merge Queue
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, enqueued]
+    branches:
+      - master
+  merge_group:
+
+jobs:
+  enforce_datadog_merge_queue:
+    name: Merge queue check
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # required for OIDC token federation
+    steps:
+      - name: Block GitHub merge queue
+        if: github.event_name == 'merge_group'
+        run: |
+          echo "Merge is handled by the Datadog merge queue system. Use the /merge command to enqueue your PR for merging."
+          exit 1
+      - name: Get OIDC token
+        if: github.event.action == 'enqueued'
+        uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+        id: octo-sts
+        with:
+          scope: DataDog/dd-trace-java
+          policy: self.enforce-datadog-merge-queue.comment-pr
+      - name: Post /merge comment
+        if: github.event.action == 'enqueued'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0
+        with:
+          github-token: ${{ steps.octo-sts.outputs.token }}
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.payload.pull_request.number,
+              body: '/merge'
+            });