From ef8a23a6174e3659cadb098aa2b1875f2bf69f2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 00:14:43 +0000 Subject: [PATCH 01/25] Bump docker/build-push-action from 5 to 6 (#929) --- .github/workflows/docker-build-corretto-slim.yml | 2 +- .github/workflows/patch-release-build.yml | 4 ++-- .github/workflows/pr-build.yml | 2 +- .github/workflows/release-build.yml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/docker-build-corretto-slim.yml b/.github/workflows/docker-build-corretto-slim.yml index ca7528e241..5265309aae 100644 --- a/.github/workflows/docker-build-corretto-slim.yml +++ b/.github/workflows/docker-build-corretto-slim.yml @@ -36,7 +36,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build docker image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: true context: scripts/docker/corretto-slim diff --git a/.github/workflows/patch-release-build.yml b/.github/workflows/patch-release-build.yml index 4cbc3965fa..5e80b52398 100644 --- a/.github/workflows/patch-release-build.yml +++ b/.github/workflows/patch-release-build.yml @@ -114,7 +114,7 @@ jobs: driver-opts: image=moby/buildkit:v0.15.1 - name: Build image for testing - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: false build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" @@ -128,7 +128,7 @@ jobs: run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}" - name: Build and push image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: true build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index fd2d7cf2ae..1c4e5f9810 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -131,7 +131,7 @@ jobs: if: ${{ matrix.os == 'ubuntu-latest' }} - name: Build image for testing - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 if: ${{ matrix.os == 'ubuntu-latest' }} with: push: false diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index ce9d29ddc8..372a796889 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -84,7 +84,7 @@ jobs: driver-opts: image=moby/buildkit:v0.15.1 - name: Build image for testing - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: false build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" @@ -98,7 +98,7 @@ jobs: run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}" - name: Build and push image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: push: true build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" From d5d888963d98c0543ab85a3116e008dae3be942b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 15:36:18 +0000 Subject: [PATCH 02/25] Bump actions/download-artifact from 4 to 5 (#1136) --- .github/workflows/application-signals-e2e-test.yml | 2 +- .github/workflows/release-lambda.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index e436bc82df..83e814df49 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -31,7 +31,7 @@ jobs: role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }} aws-region: us-east-1 - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v5 with: name: aws-opentelemetry-agent.jar diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml index ede635ec91..5c1c2d4990 100644 --- a/.github/workflows/release-lambda.yml +++ b/.github/workflows/release-lambda.yml @@ -99,7 +99,7 @@ jobs: echo BUCKET_NAME=java-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV - name: download layer.zip - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: aws-opentelemetry-java-layer.zip @@ -160,7 +160,7 @@ jobs: - uses: hashicorp/setup-terraform@v2 - name: download layerARNs - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: pattern: ${{ env.LAYER_NAME }}-* path: ${{ env.LAYER_NAME }} @@ -211,7 +211,7 @@ jobs: echo "}" >> ../layer_cdk cat ../layer_cdk - name: download aws-opentelemetry-java-layer.zip - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: aws-opentelemetry-java-layer.zip - name: rename to layer.zip From 1a0466852981b358c27d1e111f2d269fad0c773b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 19:08:29 +0000 Subject: [PATCH 03/25] Bump actions/setup-java from 3 to 4 (#1138) --- .github/workflows/release-udp-exporter.yml | 2 +- .github/workflows/udp-exporter-e2e-test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-udp-exporter.yml b/.github/workflows/release-udp-exporter.yml index e200a7c3a9..4ec892e421 100644 --- a/.github/workflows/release-udp-exporter.yml +++ b/.github/workflows/release-udp-exporter.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '17' distribution: 'temurin' diff --git a/.github/workflows/udp-exporter-e2e-test.yml b/.github/workflows/udp-exporter-e2e-test.yml index ead8a1f953..bbda252e70 100644 --- a/.github/workflows/udp-exporter-e2e-test.yml +++ b/.github/workflows/udp-exporter-e2e-test.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Java - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '17' distribution: 'temurin' From 14153aab744f5110c5d834d1b2bd902ab8bbb072 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 23:54:47 +0000 Subject: [PATCH 04/25] Bump codecov/codecov-action from 3 to 5 (#954) --- .github/workflows/e2e-tests-app-with-java-agent.yml | 2 +- .github/workflows/pr-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml index d09283cb8f..2e3da3c440 100644 --- a/.github/workflows/e2e-tests-app-with-java-agent.yml +++ b/.github/workflows/e2e-tests-app-with-java-agent.yml @@ -71,7 +71,7 @@ jobs: env: COMMIT_HASH: ${{ inputs.image_tag }} - - uses: codecov/codecov-action@v3 + - uses: codecov/codecov-action@v5 test_Spring_App_With_Java_Agent: name: Test Spring App with AWS OTel Java agent diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 1c4e5f9810..4e24101630 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -158,7 +158,7 @@ jobs: if: ${{ matrix.os != 'ubuntu-latest' && (hashFiles('.github/patches/opentelemetry-java*.patch') == '' || matrix.os != 'windows-latest' ) }} # build on windows as well unless a patch exists with: arguments: build --stacktrace -PenableCoverage=true - - uses: codecov/codecov-action@v3 + - uses: codecov/codecov-action@v5 build-lambda: runs-on: ubuntu-latest From 798a3e6b241f63300f075f3616b86858b6d9c2ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 07:53:57 -0700 Subject: [PATCH 05/25] Bump actions/checkout from 4 to 5 (#1143) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker-build-corretto-slim.yml | 2 +- .../docker-build-smoke-tests-fake-backend.yml | 2 +- .github/workflows/e2e-tests-app-with-java-agent.yml | 8 ++++---- .github/workflows/e2e-tests-with-operator.yml | 10 +++++----- .github/workflows/main-build.yml | 8 ++++---- .github/workflows/nightly-upstream-snapshot-build.yml | 4 ++-- .github/workflows/owasp.yml | 2 +- .github/workflows/patch-release-build.yml | 6 +++--- .github/workflows/pr-build.yml | 6 +++--- .github/workflows/release-build.yml | 2 +- .github/workflows/release-lambda.yml | 5 ++--- .github/workflows/release-udp-exporter.yml | 2 +- .github/workflows/soak-testing.yml | 2 +- .github/workflows/udp-exporter-e2e-test.yml | 2 +- 15 files changed, 31 insertions(+), 32 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 024cef746b..cea96c8cbe 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/docker-build-corretto-slim.yml b/.github/workflows/docker-build-corretto-slim.yml index 5265309aae..cab6cc17ac 100644 --- a/.github/workflows/docker-build-corretto-slim.yml +++ b/.github/workflows/docker-build-corretto-slim.yml @@ -19,7 +19,7 @@ jobs: build-corretto: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: gradle/wrapper-validation-action@v1 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 diff --git a/.github/workflows/docker-build-smoke-tests-fake-backend.yml b/.github/workflows/docker-build-smoke-tests-fake-backend.yml index 7bcb06a6fe..a94c5752c7 100644 --- a/.github/workflows/docker-build-smoke-tests-fake-backend.yml +++ b/.github/workflows/docker-build-smoke-tests-fake-backend.yml @@ -20,7 +20,7 @@ jobs: build-docker: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: java-version: 17 diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml index 2e3da3c440..f2fe9df20c 100644 --- a/.github/workflows/e2e-tests-app-with-java-agent.yml +++ b/.github/workflows/e2e-tests-app-with-java-agent.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Java Instrumentation repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 @@ -79,7 +79,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: @@ -110,7 +110,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: @@ -141,7 +141,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: diff --git a/.github/workflows/e2e-tests-with-operator.yml b/.github/workflows/e2e-tests-with-operator.yml index ffacf0c74c..ab207d1a6d 100644 --- a/.github/workflows/e2e-tests-with-operator.yml +++ b/.github/workflows/e2e-tests-with-operator.yml @@ -34,7 +34,7 @@ jobs: build-sample-app: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 @@ -84,14 +84,14 @@ jobs: test-case-batch-value: ${{ steps.set-batches.outputs.batch-values }} steps: - name: Checkout Testing Framework repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: ${{ env.TESTING_FRAMEWORK_REPO }} path: testing-framework ref: ${{ inputs.test_ref }} - name: Checkout Java Instrumentation repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 path: aws-otel-java-instrumentation @@ -126,7 +126,7 @@ jobs: steps: # required for versioning - name: Checkout Java Instrumentation repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 path: aws-otel-java-instrumentation @@ -151,7 +151,7 @@ jobs: role-duration-seconds: 14400 - name: Checkout Testing Framework repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: ${{ env.TESTING_FRAMEWORK_REPO }} path: testing-framework diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 30c74f3c87..3ad56a8744 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -22,7 +22,7 @@ jobs: name: Test patches applied to dependencies runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: java-version: 17 @@ -54,7 +54,7 @@ jobs: staging_registry: ${{ steps.imageOutput.outputs.stagingRegistry }} staging_repository: ${{ steps.imageOutput.outputs.stagingRepository }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: actions/setup-java@v4 @@ -189,7 +189,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: actions/setup-java@v4 @@ -229,7 +229,7 @@ jobs: application-signals-lambda-layer-build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: actions/setup-java@v4 diff --git a/.github/workflows/nightly-upstream-snapshot-build.yml b/.github/workflows/nightly-upstream-snapshot-build.yml index c97db6704c..cd9ccf0da6 100644 --- a/.github/workflows/nightly-upstream-snapshot-build.yml +++ b/.github/workflows/nightly-upstream-snapshot-build.yml @@ -23,7 +23,7 @@ jobs: image_name: ${{ steps.imageOutput.outputs.imageName }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 @@ -129,7 +129,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: actions/setup-java@v4 diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml index 54ce812326..e232154277 100644 --- a/.github/workflows/owasp.yml +++ b/.github/workflows/owasp.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo for dependency scan - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/patch-release-build.yml b/.github/workflows/patch-release-build.yml index 5e80b52398..725661e5aa 100644 --- a/.github/workflows/patch-release-build.yml +++ b/.github/workflows/patch-release-build.yml @@ -37,14 +37,14 @@ jobs: name: Check out release branch # Will fail if there is no release branch yet or succeed otherwise continue-on-error: true - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ steps.parse-release-branch.outputs.release-branch-name }} - id: checkout-release-tag name: Check out release tag # If there is already a release branch, the previous step succeeds and we don't run this or the next one. if: ${{ steps.checkout-release-branch.outcome == 'failure' }} - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ steps.parse-release-branch.outputs.release-tag-name }} - name: Create release branch @@ -57,7 +57,7 @@ jobs: needs: prepare-release-branch steps: - name: Checkout release branch - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ needs.prepare-release-branch.outputs.release-branch-name }} diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 4e24101630..85215e88e1 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -12,7 +12,7 @@ jobs: name: Test patches applied to dependencies runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: @@ -54,7 +54,7 @@ jobs: # https://github.com/open-telemetry/opentelemetry-java/issues/4560 - os: ${{ startsWith(github.event.pull_request.base.ref, 'release/v') && 'windows-latest' || '' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: @@ -164,7 +164,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Java uses: actions/setup-java@v4 diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 372a796889..0221866cf4 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -24,7 +24,7 @@ jobs: environment: Release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: java-version: 17 diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml index 5c1c2d4990..2c0162d22a 100644 --- a/.github/workflows/release-lambda.yml +++ b/.github/workflows/release-lambda.yml @@ -41,7 +41,7 @@ jobs: echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 + uses: actions/checkout@v5 - uses: actions/setup-java@v4 with: @@ -155,8 +155,7 @@ jobs: needs: publish-prod steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 - + uses: actions/checkout@v5 - uses: hashicorp/setup-terraform@v2 - name: download layerARNs diff --git a/.github/workflows/release-udp-exporter.yml b/.github/workflows/release-udp-exporter.yml index 4ec892e421..8d39e7308c 100644 --- a/.github/workflows/release-udp-exporter.yml +++ b/.github/workflows/release-udp-exporter.yml @@ -26,7 +26,7 @@ jobs: needs: validate-udp-exporter-e2e-test steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Java uses: actions/setup-java@v4 diff --git a/.github/workflows/soak-testing.yml b/.github/workflows/soak-testing.yml index c007d3fb4e..4d5117aea7 100644 --- a/.github/workflows/soak-testing.yml +++ b/.github/workflows/soak-testing.yml @@ -63,7 +63,7 @@ jobs: run: | echo "TEST_DURATION_MINUTES=${{ github.event.inputs.test_duration_minutes || env.DEFAULT_TEST_DURATION_MINUTES }}" | tee --append $GITHUB_ENV; - name: Clone This Repo @ ${{ env.TARGET_SHA }} - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: ${{ env.TARGET_SHA }} diff --git a/.github/workflows/udp-exporter-e2e-test.yml b/.github/workflows/udp-exporter-e2e-test.yml index bbda252e70..33ad3d756a 100644 --- a/.github/workflows/udp-exporter-e2e-test.yml +++ b/.github/workflows/udp-exporter-e2e-test.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Java uses: actions/setup-java@v4 From e995568c7cea2665af21e3b7f38055585365f1d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Aug 2025 18:55:02 +0000 Subject: [PATCH 06/25] Bump aws-actions/aws-secretsmanager-get-secrets from 1 to 2 (#930) --- .github/workflows/owasp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/owasp.yml b/.github/workflows/owasp.yml index e232154277..ab83f3a1a2 100644 --- a/.github/workflows/owasp.yml +++ b/.github/workflows/owasp.yml @@ -41,7 +41,7 @@ jobs: aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Get NVD API key for dependency scan - uses: aws-actions/aws-secretsmanager-get-secrets@v1 + uses: aws-actions/aws-secretsmanager-get-secrets@v2 id: nvd_api_key with: secret-ids: ${{ secrets.NVD_API_KEY_SECRET_ARN }} From 52f440546bf91686e5e9e67f6d0d5235688d5282 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Aug 2025 23:15:30 +0000 Subject: [PATCH 07/25] Bump burrunan/gradle-cache-action from 2 to 3 (#1153) --- .github/workflows/soak-testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/soak-testing.yml b/.github/workflows/soak-testing.yml index 4d5117aea7..3fd1173c85 100644 --- a/.github/workflows/soak-testing.yml +++ b/.github/workflows/soak-testing.yml @@ -110,7 +110,7 @@ jobs: aws ecr-public get-login-password | docker login --username AWS --password-stdin public.ecr.aws - name: Build Sample App locally directly to the Docker daemon - uses: burrunan/gradle-cache-action@v1 + uses: burrunan/gradle-cache-action@v3 with: arguments: jibDockerBuild env: From a8683787f816c56423d1964f7bb2980888ee0394 Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Fri, 5 Sep 2025 14:13:21 -0700 Subject: [PATCH 08/25] Add pre-release and post-release workflows (#1123) *Issue #, if available:* *Description of changes:* Added pre-release and post-release workflows to Java. These workflows replace the manual effort needed to create pre-release and post-release branches and update the project version during the release process. Successful run in test branch: https://github.com/ezhang6811/aws-otel-java-instrumentation/actions/runs/16606979278 https://github.com/ezhang6811/aws-otel-java-instrumentation/pull/9 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .../workflows/{owasp.yml => daily-scan.yml} | 0 .../workflows/post-release-version-bump.yml | 120 ++++++++++++++++++ .github/workflows/pre-release-prepare.yml | 106 ++++++++++++++++ 3 files changed, 226 insertions(+) rename .github/workflows/{owasp.yml => daily-scan.yml} (100%) create mode 100644 .github/workflows/post-release-version-bump.yml create mode 100644 .github/workflows/pre-release-prepare.yml diff --git a/.github/workflows/owasp.yml b/.github/workflows/daily-scan.yml similarity index 100% rename from .github/workflows/owasp.yml rename to .github/workflows/daily-scan.yml diff --git a/.github/workflows/post-release-version-bump.yml b/.github/workflows/post-release-version-bump.yml new file mode 100644 index 0000000000..7f619bbbe9 --- /dev/null +++ b/.github/workflows/post-release-version-bump.yml @@ -0,0 +1,120 @@ +name: Post Release - Prepare Main for Next Development Cycle + +on: + workflow_dispatch: + inputs: + version: + description: 'Version number (e.g., 1.0.1)' + required: true + +env: + AWS_DEFAULT_REGION: us-east-1 + +permissions: + id-token: write + contents: write + pull-requests: write + +jobs: + check-version: + runs-on: ubuntu-latest + steps: + - name: Checkout main + uses: actions/checkout@v2 + with: + ref: main + fetch-depth: 0 + + - name: Extract Major.Minor Version and setup Env variable + run: | + echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV + echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV + + - name: Get current major.minor version from main branch + id: get_version + run: | + CURRENT_VERSION=$(grep '__version__' aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py | sed -E 's/__version__ = "([0-9]+\.[0-9]+)\.[0-9]+.*"/\1/') + echo "CURRENT_MAJOR_MINOR_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV + + - name: Set major and minor for current version + run: | + echo "CURRENT_MAJOR=$(echo $CURRENT_MAJOR_MINOR_VERSION | cut -d. -f1)" >> $GITHUB_ENV + echo "CURRENT_MINOR=$(echo $CURRENT_MAJOR_MINOR_VERSION | cut -d. -f2)" >> $GITHUB_ENV + + - name: Set major and minor for input version + run: | + echo "INPUT_MAJOR=$(echo $MAJOR_MINOR | cut -d. -f1)" >> $GITHUB_ENV + echo "INPUT_MINOR=$(echo $MAJOR_MINOR | cut -d. -f2)" >> $GITHUB_ENV + + - name: Compare major.minor version and skip if behind + run: | + if [ "$CURRENT_MAJOR" -gt "$INPUT_MAJOR" ] || { [ "$CURRENT_MAJOR" -eq "$INPUT_MAJOR" ] && [ "$CURRENT_MINOR" -gt "$INPUT_MINOR" ]; }; then + echo "Input version is behind main's current major.minor version, don't need to update major version" + exit 1 + fi + + + prepare-main: + runs-on: ubuntu-latest + needs: check-version + steps: + - name: Configure AWS credentials for BOT secrets + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRETS_MANAGER }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + + - name: Get Bot secrets + uses: aws-actions/aws-secretsmanager-get-secrets@v1 + id: bot_secrets + with: + secret-ids: | + BOT_TOKEN ,${{ secrets.BOT_TOKEN_SECRET_ARN }} + parse-json-secrets: true + + - name: Setup Git + uses: actions/checkout@v2 + with: + fetch-depth: 0 + token: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }} + + - name: Configure Git + run: | + git config user.name "github-actions" + git config user.email "github-actions@github.com" + + - name: Extract Major.Minor Version and setup Env variable + run: | + echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV + echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV + + - name: Determine release branch and checkout + run: | + RELEASE_BRANCH="release/v${MAJOR_MINOR}.x" + git fetch origin $RELEASE_BRANCH + git checkout -b "prepare-main-for-next-dev-cycle-${VERSION}" origin/$RELEASE_BRANCH + + - name: Update version to next development version in main + run: | + DEV_VERSION="${{ github.event.inputs.version }}.dev0" + sed -i'' -e "s/val adotVersion = \".*\"/val adotVersion = \"${DEV_VERSION}\"/" version.gradle.kts + VERSION="${{ github.event.inputs.version }}" + sed -i'' -e 's/adot-autoinstrumentation-java:v2.*"/adot-autoinstrumentation-java:v'$VERSION'"/' .github/workflows/daily-scan.yml + git add version.gradle.kts + git add .github/workflows/daily-scan.yml + git commit -m "Prepare main for next development cycle: Update version to $DEV_VERSION" + git push --set-upstream origin "prepare-main-for-next-dev-cycle-${VERSION}" + + - name: Create Pull Request to main + env: + GITHUB_TOKEN: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }} + run: | + DEV_VERSION="${{ github.event.inputs.version }}.dev0" + gh pr create --title "Post release $VERSION: Update version to $DEV_VERSION" \ + --body "This PR prepares the main branch for the next development cycle by updating the version to $DEV_VERSION and updating the image version to be scanned to the latest released. + + This PR should only be merge when release for version v$VERSION is success. + + By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice." \ + --head prepare-main-for-next-dev-cycle-${VERSION} \ + --base main \ No newline at end of file diff --git a/.github/workflows/pre-release-prepare.yml b/.github/workflows/pre-release-prepare.yml new file mode 100644 index 0000000000..9e4c634467 --- /dev/null +++ b/.github/workflows/pre-release-prepare.yml @@ -0,0 +1,106 @@ +name: Pre Release Prepare - Update Version and Create PR + +on: + workflow_dispatch: + inputs: + version: + description: 'Version number (e.g., 1.0.1)' + required: true + is_patch: + description: 'Is this a patch? (true or false)' + required: true + default: 'false' + +env: + AWS_DEFAULT_REGION: us-east-1 + +permissions: + contents: write + pull-requests: write + id-token: write + + +jobs: + update-version-and-create-pr: + runs-on: ubuntu-latest + steps: + - name: Configure AWS credentials for BOT secrets + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRETS_MANAGER }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + + - name: Get Bot secrets + uses: aws-actions/aws-secretsmanager-get-secrets@v1 + id: bot_secrets + with: + secret-ids: | + BOT_TOKEN ,${{ secrets.BOT_TOKEN_SECRET_ARN }} + parse-json-secrets: true + + - name: Checkout main branch + uses: actions/checkout@v3 + with: + ref: 'main' + token: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }} + + - name: Setup Git + run: | + git config user.name "github-actions" + git config user.email "github-actions@github.com" + + - name: Extract Major.Minor Version and setup Env variable + run: | + echo "VERSION=${{ github.event.inputs.version }}" >> $GITHUB_ENV + echo "MAJOR_MINOR=$(echo ${{ github.event.inputs.version }} | sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+/\1/')" >> $GITHUB_ENV + + - name: Create branches + run: | + IS_PATCH=${{ github.event.inputs.is_patch }} + if [[ "$IS_PATCH" != "true" && "$IS_PATCH" != "false" ]]; then + echo "Invalid input for IS_PATCH. Must be 'true' or 'false'." + exit 1 + fi + + + if git ls-remote --heads origin release/v${MAJOR_MINOR}.x | grep -q "release/v${MAJOR_MINOR}.x"; then + if [ "$IS_PATCH" = "true" ]; then + git fetch origin release/v${MAJOR_MINOR}.x + echo "Branch release/v${MAJOR_MINOR}.x already exists, checking out." + git checkout "release/v${MAJOR_MINOR}.x" + else + echo "Error, release series branch release/v${MAJOR_MINOR}.x exist for non-patch release" + echo "Check your input or branch" + exit 1 + fi + else + if [ "$IS_PATCH" = "true" ]; then + echo "Error, release series branch release/v${MAJOR_MINOR}.x NOT exist for patch release" + echo "Check your input or branch" + exit 1 + else + echo "Creating branch release/v${MAJOR_MINOR}.x." + git checkout -b "release/v${MAJOR_MINOR}.x" + git push origin "release/v${MAJOR_MINOR}.x" + fi + fi + + git checkout -b "v${VERSION}_release" + git push origin "v${VERSION}_release" + + - name: Update version in file + run: | + sed -i'' -e "s/val adotVersion = \".*\"/val adotVersion = \"${VERSION}\"/" version.gradle.kts + git commit -am "Update version to ${VERSION}" + git push origin "v${VERSION}_release" + + - name: Create pull request against the release branch + env: + GITHUB_TOKEN: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }} + run: | + gh pr create --title "Pre-release: Update version to ${VERSION}" \ + --body "This PR updates the version to ${VERSION}. + + By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice." \ + --head v${{ github.event.inputs.version }}_release \ + --base release/v${MAJOR_MINOR}.x \ No newline at end of file From 3f0ece799710d0d4551ab65cadb48ffe640feb8d Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Fri, 5 Sep 2025 15:22:42 -0700 Subject: [PATCH 09/25] Add main build validation for release workflow (#1125) *Issue #, if available:* *Description of changes:* This PR modifies the release build workflow to wait for the main build workflow in the same branch to complete successfully. before proceeding with the release. see [Python PR](https://github.com/aws-observability/aws-otel-python-instrumentation/pull/443) for more details and testing. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .github/workflows/main-build.yml | 1 + .github/workflows/release-build.yml | 20 +++++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 3ad56a8744..93be3b976c 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -256,6 +256,7 @@ jobs: aws s3 cp ./build/distributions/aws-opentelemetry-java-layer.zip s3://adot-main-build-staging-jar/adot-java-lambda-layer-${{ github.run_id }}.zip application-signals-e2e-test: + name: "Application Signals E2E Test" needs: [build, application-signals-lambda-layer-build] uses: ./.github/workflows/application-signals-e2e-test.yml secrets: inherit diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 0221866cf4..3c37809af1 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -25,7 +25,25 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + + - name: Check main build status + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + WORKFLOW_ID=$(gh api repos/${{ github.repository }}/actions/workflows --jq '.workflows[] | select(.name=="Java Agent Main Build") | .id') + LATEST_RUN=$(gh api repos/${{ github.repository }}/actions/workflows/$WORKFLOW_ID/runs --jq '[.workflow_runs[] | select(.head_branch=="${{ github.ref_name }}")] | sort_by(.created_at) | .[-1] | {conclusion, status}') + STATUS=$(echo "$LATEST_RUN" | jq -r '.status') + CONCLUSION=$(echo "$LATEST_RUN" | jq -r '.conclusion') + + if [ "$STATUS" = "in_progress" ] || [ "$STATUS" = "queued" ]; then + echo "Main build is still running (status: $STATUS). Cannot proceed with release." + exit 1 + elif [ "$CONCLUSION" != "success" ]; then + echo "Latest main build on branch ${{ github.ref_name }} conclusion: $CONCLUSION" + exit 1 + fi + echo "Main build succeeded, proceeding with release" + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: java-version: 17 distribution: 'temurin' From 715df21eb2e7f756de940ca4c9a993755b9e1ef9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 18:21:06 +0000 Subject: [PATCH 10/25] Bump actions/setup-java from 4.7.1 to 5.0.0 (#1167) --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/daily-scan.yml | 2 +- .../docker-build-smoke-tests-fake-backend.yml | 2 +- .github/workflows/e2e-tests-app-with-java-agent.yml | 8 ++++---- .github/workflows/e2e-tests-with-operator.yml | 4 ++-- .github/workflows/main-build.yml | 8 ++++---- .github/workflows/nightly-upstream-snapshot-build.yml | 4 ++-- .github/workflows/patch-release-build.yml | 2 +- .github/workflows/pr-build.yml | 10 +++++----- .github/workflows/release-build.yml | 2 +- .github/workflows/release-lambda.yml | 2 +- .github/workflows/release-udp-exporter.yml | 2 +- .github/workflows/udp-exporter-e2e-test.yml | 2 +- 13 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index cea96c8cbe..b9de35a3b3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -31,7 +31,7 @@ jobs: with: languages: java - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin diff --git a/.github/workflows/daily-scan.yml b/.github/workflows/daily-scan.yml index ab83f3a1a2..f3601a9b63 100644 --- a/.github/workflows/daily-scan.yml +++ b/.github/workflows/daily-scan.yml @@ -29,7 +29,7 @@ jobs: fetch-depth: 0 - name: Set up Java for dependency scan - uses: actions/setup-java@v4 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' diff --git a/.github/workflows/docker-build-smoke-tests-fake-backend.yml b/.github/workflows/docker-build-smoke-tests-fake-backend.yml index a94c5752c7..b94dc424f7 100644 --- a/.github/workflows/docker-build-smoke-tests-fake-backend.yml +++ b/.github/workflows/docker-build-smoke-tests-fake-backend.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml index f2fe9df20c..f46e0bc8ec 100644 --- a/.github/workflows/e2e-tests-app-with-java-agent.yml +++ b/.github/workflows/e2e-tests-app-with-java-agent.yml @@ -29,7 +29,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin @@ -81,7 +81,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' @@ -112,7 +112,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' @@ -143,7 +143,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' diff --git a/.github/workflows/e2e-tests-with-operator.yml b/.github/workflows/e2e-tests-with-operator.yml index ab207d1a6d..ec7d363042 100644 --- a/.github/workflows/e2e-tests-with-operator.yml +++ b/.github/workflows/e2e-tests-with-operator.yml @@ -38,7 +38,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin @@ -132,7 +132,7 @@ jobs: path: aws-otel-java-instrumentation - name: Set up JDK 11 - uses: actions/setup-java@v4 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: 'zulu' java-version: '11' diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 93be3b976c..fdc366b2fa 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -23,7 +23,7 @@ jobs: runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core steps: - uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin @@ -57,7 +57,7 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin @@ -192,7 +192,7 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 23 distribution: 'temurin' @@ -232,7 +232,7 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' diff --git a/.github/workflows/nightly-upstream-snapshot-build.yml b/.github/workflows/nightly-upstream-snapshot-build.yml index cd9ccf0da6..922d27dddc 100644 --- a/.github/workflows/nightly-upstream-snapshot-build.yml +++ b/.github/workflows/nightly-upstream-snapshot-build.yml @@ -27,7 +27,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' @@ -132,7 +132,7 @@ jobs: - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 23 distribution: 'temurin' diff --git a/.github/workflows/patch-release-build.yml b/.github/workflows/patch-release-build.yml index 725661e5aa..a956d37c23 100644 --- a/.github/workflows/patch-release-build.yml +++ b/.github/workflows/patch-release-build.yml @@ -61,7 +61,7 @@ jobs: with: ref: ${{ needs.prepare-release-branch.outputs.release-branch-name }} - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 85215e88e1..db0ae80b25 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin @@ -56,7 +56,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin @@ -93,7 +93,7 @@ jobs: ./gradlew build -p exporters/aws-distro-opentelemetry-xray-udp-span-exporter - name: Set up Java version for tests - uses: actions/setup-java@v4 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 23 distribution: temurin @@ -109,7 +109,7 @@ jobs: arguments: contractTests -PlocalDocker=true -i - name: Set up Java version for image build - uses: actions/setup-java@v4 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin @@ -167,7 +167,7 @@ jobs: uses: actions/checkout@v5 - name: Setup Java - uses: actions/setup-java@v4 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 3c37809af1..28bc269fc3 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -43,7 +43,7 @@ jobs: exit 1 fi echo "Main build succeeded, proceeding with release" - - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml index 2c0162d22a..7feeb5b14d 100644 --- a/.github/workflows/release-lambda.yml +++ b/.github/workflows/release-lambda.yml @@ -43,7 +43,7 @@ jobs: - name: Checkout Repo @ SHA - ${{ github.sha }} uses: actions/checkout@v5 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' diff --git a/.github/workflows/release-udp-exporter.yml b/.github/workflows/release-udp-exporter.yml index 8d39e7308c..0ef7995b9b 100644 --- a/.github/workflows/release-udp-exporter.yml +++ b/.github/workflows/release-udp-exporter.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@v5 - name: Set up Java - uses: actions/setup-java@v4 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: '17' distribution: 'temurin' diff --git a/.github/workflows/udp-exporter-e2e-test.yml b/.github/workflows/udp-exporter-e2e-test.yml index 33ad3d756a..4983306491 100644 --- a/.github/workflows/udp-exporter-e2e-test.yml +++ b/.github/workflows/udp-exporter-e2e-test.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v5 - name: Set up Java - uses: actions/setup-java@v4 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: '17' distribution: 'temurin' From 918f05f35b9115819770528d466fdda661f6537e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 10 Sep 2025 15:49:53 +0000 Subject: [PATCH 11/25] Bump actions/setup-go from 5 to 6 (#1182) --- .github/workflows/e2e-tests-with-operator.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-tests-with-operator.yml b/.github/workflows/e2e-tests-with-operator.yml index ec7d363042..62e9c7438b 100644 --- a/.github/workflows/e2e-tests-with-operator.yml +++ b/.github/workflows/e2e-tests-with-operator.yml @@ -97,7 +97,7 @@ jobs: path: aws-otel-java-instrumentation - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '~1.18.9' From 22a48a9919dabac71e47b7100da7717b26fe3ba4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Sep 2025 17:25:07 +0000 Subject: [PATCH 12/25] Bump gradle/actions from 4.4.2 to 4.4.3 (#1189) --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker-build-corretto-slim.yml | 2 +- .github/workflows/docker-build-smoke-tests-fake-backend.yml | 2 +- .github/workflows/e2e-tests-app-with-java-agent.yml | 2 +- .github/workflows/main-build.yml | 6 +++--- .github/workflows/nightly-upstream-snapshot-build.yml | 4 ++-- .github/workflows/pr-build.yml | 4 ++-- .github/workflows/release-build.yml | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b9de35a3b3..893264a19e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -50,7 +50,7 @@ jobs: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} gpg_password: ${{ secrets.GPG_PASSPHRASE }} - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Manually build to avoid autobuild failures uses: gradle/gradle-build-action@v3 diff --git a/.github/workflows/docker-build-corretto-slim.yml b/.github/workflows/docker-build-corretto-slim.yml index cab6cc17ac..d883c4a9de 100644 --- a/.github/workflows/docker-build-corretto-slim.yml +++ b/.github/workflows/docker-build-corretto-slim.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: diff --git a/.github/workflows/docker-build-smoke-tests-fake-backend.yml b/.github/workflows/docker-build-smoke-tests-fake-backend.yml index b94dc424f7..d398c21be7 100644 --- a/.github/workflows/docker-build-smoke-tests-fake-backend.yml +++ b/.github/workflows/docker-build-smoke-tests-fake-backend.yml @@ -38,7 +38,7 @@ jobs: with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} gpg_password: ${{ secrets.GPG_PASSPHRASE }} - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml index f46e0bc8ec..9ac83bc9a7 100644 --- a/.github/workflows/e2e-tests-app-with-java-agent.yml +++ b/.github/workflows/e2e-tests-app-with-java-agent.yml @@ -51,7 +51,7 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - name: Validate the checksums of Gradle Wrapper - uses: gradle/wrapper-validation-action@v1 + uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index fdc366b2fa..7beae23b2c 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -39,7 +39,7 @@ jobs: with: path: ~/.pnpm-store key: ${{ runner.os }}-test-cache-pnpm-modules - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - uses: ./.github/actions/patch-dependencies with: run_tests: "true" @@ -76,7 +76,7 @@ jobs: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} gpg_password: ${{ secrets.GPG_PASSPHRASE }} - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 @@ -196,7 +196,7 @@ jobs: with: java-version: 23 distribution: 'temurin' - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 diff --git a/.github/workflows/nightly-upstream-snapshot-build.yml b/.github/workflows/nightly-upstream-snapshot-build.yml index 922d27dddc..abd99d145c 100644 --- a/.github/workflows/nightly-upstream-snapshot-build.yml +++ b/.github/workflows/nightly-upstream-snapshot-build.yml @@ -46,7 +46,7 @@ jobs: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} gpg_password: ${{ secrets.GPG_PASSPHRASE }} - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 @@ -136,7 +136,7 @@ jobs: with: java-version: 23 distribution: 'temurin' - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index db0ae80b25..1907325b2b 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -31,7 +31,7 @@ jobs: path: ~/.pnpm-store key: ${{ runner.os }}-test-cache-pnpm-modules - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - uses: ./.github/actions/patch-dependencies with: @@ -61,7 +61,7 @@ jobs: java-version: 17 distribution: temurin - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 # Cleanup directories before proceeding with setup - name: Clean up old installations diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 28bc269fc3..196678b15d 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -47,7 +47,7 @@ jobs: with: java-version: 17 distribution: 'temurin' - - uses: gradle/wrapper-validation-action@v1 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Publish patched dependencies to maven local uses: ./.github/actions/patch-dependencies From 9c7b228c555be5d51672543dbd9fe50fdd96dbd7 Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Tue, 16 Sep 2025 16:34:35 -0700 Subject: [PATCH 13/25] add CHANGELOG.md (#1187) *Issue #, if available:* *Description of changes:* Add CHANGELOG.md to track future features and fixes made to ADOT. Updated pr-build.yml workflow to check that CHANGELOG.md has been updated for all changes that affect SDK behavior. Updated pre-release-prepare.yml workflow to update CHANGELOG in both release series branch, moving the Unreleased changes under a header for the new release version. Updated post-release-version-bump.yml to merge CHANGELOG back into main, resolving any conflicts. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .../workflows/post-release-version-bump.yml | 28 ++++++++++++- .github/workflows/pr-build.yml | 42 +++++++++++++++++++ .github/workflows/pre-release-prepare.yml | 8 ++++ CHANGELOG.md | 14 +++++++ 4 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 CHANGELOG.md diff --git a/.github/workflows/post-release-version-bump.yml b/.github/workflows/post-release-version-bump.yml index 7f619bbbe9..6413b86d14 100644 --- a/.github/workflows/post-release-version-bump.yml +++ b/.github/workflows/post-release-version-bump.yml @@ -6,6 +6,10 @@ on: version: description: 'Version number (e.g., 1.0.1)' required: true + is_patch: + description: 'Is this a patch? (true or false)' + required: true + default: 'false' env: AWS_DEFAULT_REGION: us-east-1 @@ -100,8 +104,20 @@ jobs: sed -i'' -e "s/val adotVersion = \".*\"/val adotVersion = \"${DEV_VERSION}\"/" version.gradle.kts VERSION="${{ github.event.inputs.version }}" sed -i'' -e 's/adot-autoinstrumentation-java:v2.*"/adot-autoinstrumentation-java:v'$VERSION'"/' .github/workflows/daily-scan.yml + + # for patch releases, avoid merge conflict by manually resolving CHANGELOG with main + if [[ "${{ github.event.inputs.is_patch }}" == "true" ]]; then + # Copy the patch release entries + sed -n "/^## v${VERSION}/,/^## v[0-9]/p" CHANGELOG.md | sed '$d' > /tmp/patch_release_section.txt + git fetch origin main + git show origin/main:CHANGELOG.md > CHANGELOG.md + # Insert the patch release entries after Unreleased + awk -i inplace '/^## v[0-9]/ && !inserted { system("cat /tmp/patch_release_section.txt"); inserted=1 } {print}' CHANGELOG.md + fi + git add version.gradle.kts git add .github/workflows/daily-scan.yml + git add CHANGELOG.md git commit -m "Prepare main for next development cycle: Update version to $DEV_VERSION" git push --set-upstream origin "prepare-main-for-next-dev-cycle-${VERSION}" @@ -117,4 +133,14 @@ jobs: By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice." \ --head prepare-main-for-next-dev-cycle-${VERSION} \ - --base main \ No newline at end of file + --base main + + - name: Force our CHANGELOG to override merge conflicts + run: | + git merge origin/main || true + git checkout --ours CHANGELOG.md + git add CHANGELOG.md + if ! git diff --quiet --cached; then + git commit -m "Force our CHANGELOG to override merge conflicts" + git push origin "prepare-main-for-next-dev-cycle-${VERSION}" + fi \ No newline at end of file diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 1907325b2b..b8e0050ebb 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -1,6 +1,12 @@ name: PR Build on: pull_request: + types: + - opened + - reopened + - synchronize + - labeled + - unlabeled branches: - main - "release/v*" @@ -8,6 +14,42 @@ env: TEST_TAG: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:test-v2 jobs: + changelog-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Check CHANGELOG + run: | + # Check if PR is from workflows bot or dependabot + if [[ "${{ github.event.pull_request.user.login }}" == "aws-application-signals-bot" ]]; then + echo "Skipping check: PR from aws-application-signals-bot" + exit 0 + fi + + if [[ "${{ github.event.pull_request.user.login }}" == "dependabot[bot]" ]]; then + echo "Skipping check: PR from dependabot" + exit 0 + fi + + # Check for skip changelog label + if echo '${{ toJSON(github.event.pull_request.labels.*.name) }}' | jq -r '.[]' | grep -q "skip changelog"; then + echo "Skipping check: skip changelog label found" + exit 0 + fi + + # Fetch base branch and check for CHANGELOG modifications + git fetch origin ${{ github.base_ref }} + if git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -q "CHANGELOG.md"; then + echo "CHANGELOG.md entry found - check passed" + exit 0 + fi + + echo "It looks like you didn't add an entry to CHANGELOG.md. If this change affects the SDK behavior, please update CHANGELOG.md and link this PR in your entry. If this PR does not need a CHANGELOG entry, you can add the 'Skip Changelog' label to this PR." + exit 1 + testpatch: name: Test patches applied to dependencies runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core diff --git a/.github/workflows/pre-release-prepare.yml b/.github/workflows/pre-release-prepare.yml index 9e4c634467..3459ef288d 100644 --- a/.github/workflows/pre-release-prepare.yml +++ b/.github/workflows/pre-release-prepare.yml @@ -94,6 +94,14 @@ jobs: git commit -am "Update version to ${VERSION}" git push origin "v${VERSION}_release" + - name: Update CHANGELOG for release + if: github.event.inputs.is_patch != 'true' + run: | + sed -i "s/## Unreleased/## Unreleased\n\n## v${VERSION} - $(date +%Y-%m-%d)/" CHANGELOG.md + git add CHANGELOG.md + git commit -m "Update CHANGELOG for version ${VERSION}" + git push origin "v${VERSION}_release" + - name: Create pull request against the release branch env: GITHUB_TOKEN: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }} diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000000..4732100a6e --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +> **Note:** This CHANGELOG was created starting after version 2.11.5. Earlier changes are not documented here. + +For any change that affects end users of this package, please add an entry under the **Unreleased** section. Briefly summarize the change and provide the link to the PR. Example: + +- add SigV4 authentication for HTTP exporter + ([#1019](https://github.com/aws-observability/aws-otel-java-instrumentation/pull/1019)) + +If your change does not need a CHANGELOG entry, add the "skip changelog" label to your PR. + +## Unreleased From 0c25131fd0c299df7036bba7b506c4deb1c0e375 Mon Sep 17 00:00:00 2001 From: Miqueas Herrera Date: Wed, 17 Sep 2025 12:32:55 -0700 Subject: [PATCH 14/25] update for 8/14 non-release workflow documents (#1193) This PR updates the 3P actions in 8/14 *non-release* workflow files. References: https://github.com/aws-actions/configure-aws-credentials https://github.com/actions/setup-node https://github.com/actions/download-artifact https://github.com/github/codeql-action https://github.com/aws-actions/aws-secretsmanager-get-secrets https://github.com/docker/login-action https://github.com/actions/upload-artifact https://github.com/docker/setup-buildx-action https://github.com/docker/setup-qemu-action https://github.com/actions/download-artifact https://github.com/docker/build-push-action https://github.com/actions/cache https://github.com/github/codeql-action https://github.com/docker/setup-buildx-action https://github.com/codecov/codecov-action https://github.com/actions/setup-go https://github.com/hashicorp/setup-terraform https://github.com/actions/setup-java By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Thomas Pierce --- .../application-signals-e2e-test.yml | 4 +- .github/workflows/codeql-analysis.yml | 10 ++-- .github/workflows/daily-scan.yml | 21 ++++++-- .../workflows/docker-build-corretto-slim.yml | 12 ++--- .../docker-build-smoke-tests-fake-backend.yml | 10 ++-- .../e2e-tests-app-with-java-agent.yml | 36 ++++++------- .github/workflows/e2e-tests-with-operator.yml | 26 +++++----- .github/workflows/main-build.yml | 50 +++++++++---------- 8 files changed, 90 insertions(+), 79 deletions(-) diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index 83e814df49..1f369b8316 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -26,12 +26,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }} aws-region: us-east-1 - - uses: actions/download-artifact@v5 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #5.0.0 with: name: aws-opentelemetry-agent.jar diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 893264a19e..993a56bec1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,11 +23,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3 with: languages: java @@ -37,7 +37,7 @@ jobs: distribution: temurin - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -53,9 +53,9 @@ jobs: - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Manually build to avoid autobuild failures - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 with: arguments: build - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3 diff --git a/.github/workflows/daily-scan.yml b/.github/workflows/daily-scan.yml index f3601a9b63..43a86c6d05 100644 --- a/.github/workflows/daily-scan.yml +++ b/.github/workflows/daily-scan.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo for dependency scan - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 with: fetch-depth: 0 @@ -35,13 +35,13 @@ jobs: distribution: 'temurin' - name: Configure AWS credentials for dependency scan - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.SECRET_MANAGER_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Get NVD API key for dependency scan - uses: aws-actions/aws-secretsmanager-get-secrets@v2 + uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10 id: nvd_api_key with: secret-ids: ${{ secrets.NVD_API_KEY_SECRET_ARN }} @@ -51,7 +51,7 @@ jobs: uses: ./.github/actions/patch-dependencies - name: Build JAR - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 with: arguments: assemble -PlocalDocker=true @@ -76,6 +76,17 @@ jobs: if: ${{ steps.dep_scan.outcome != 'success' }} run: less dependency-check-report.html + - name: Configure AWS credentials for image scan + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + + - name: Login to Public ECR + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + with: + registry: public.ecr.aws + - name: Perform high image scan on v1 if: always() id: high_scan_v1 @@ -110,7 +121,7 @@ jobs: - name: Configure AWS Credentials for emitting metrics if: always() - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.METRICS_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} diff --git a/.github/workflows/docker-build-corretto-slim.yml b/.github/workflows/docker-build-corretto-slim.yml index d883c4a9de..6c61ffdd3a 100644 --- a/.github/workflows/docker-build-corretto-slim.yml +++ b/.github/workflows/docker-build-corretto-slim.yml @@ -19,24 +19,24 @@ jobs: build-corretto: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 - name: Build docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #6.18.0 with: push: true context: scripts/docker/corretto-slim diff --git a/.github/workflows/docker-build-smoke-tests-fake-backend.yml b/.github/workflows/docker-build-smoke-tests-fake-backend.yml index d398c21be7..e58ed4b643 100644 --- a/.github/workflows/docker-build-smoke-tests-fake-backend.yml +++ b/.github/workflows/docker-build-smoke-tests-fake-backend.yml @@ -20,14 +20,14 @@ jobs: build-docker: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' # cache local patch outputs - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -40,16 +40,16 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Build and push docker image - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 with: arguments: :smoke-tests:fakebackend:jib diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml index 9ac83bc9a7..37300dca61 100644 --- a/.github/workflows/e2e-tests-app-with-java-agent.yml +++ b/.github/workflows/e2e-tests-app-with-java-agent.yml @@ -25,11 +25,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Java Instrumentation repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: temurin @@ -37,7 +37,7 @@ jobs: # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -51,27 +51,27 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - name: Validate the checksums of Gradle Wrapper - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Build and push agent and testing docker images with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 with: arguments: jib env: COMMIT_HASH: ${{ inputs.image_tag }} - - uses: codecov/codecov-action@v5 + - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 #v5.5.1 test_Spring_App_With_Java_Agent: name: Test Spring App with AWS OTel Java agent @@ -79,19 +79,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws @@ -110,19 +110,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws @@ -141,19 +141,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws diff --git a/.github/workflows/e2e-tests-with-operator.yml b/.github/workflows/e2e-tests-with-operator.yml index 62e9c7438b..b1c44ab897 100644 --- a/.github/workflows/e2e-tests-with-operator.yml +++ b/.github/workflows/e2e-tests-with-operator.yml @@ -34,7 +34,7 @@ jobs: build-sample-app: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 @@ -46,7 +46,7 @@ jobs: # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -60,18 +60,18 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Build and push Sample-Apps without Auto-Instrumentation Agent - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 with: arguments: jibBuildWithoutAgent env: @@ -84,20 +84,20 @@ jobs: test-case-batch-value: ${{ steps.set-batches.outputs.batch-values }} steps: - name: Checkout Testing Framework repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: repository: ${{ env.TESTING_FRAMEWORK_REPO }} path: testing-framework ref: ${{ inputs.test_ref }} - name: Checkout Java Instrumentation repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 path: aws-otel-java-instrumentation - name: Set up Go 1.x - uses: actions/setup-go@v6 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 #v6.0.0 with: go-version: '~1.18.9' @@ -126,24 +126,24 @@ jobs: steps: # required for versioning - name: Checkout Java Instrumentation repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 path: aws-otel-java-instrumentation - name: Set up JDK 11 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: distribution: 'zulu' java-version: '11' - name: Set up terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd #v3.1.2 with: terraform_version: "~1.5" - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.JAVA_INSTRUMENTATION_INTEG_TEST_ARN}} aws-region: us-west-2 @@ -151,7 +151,7 @@ jobs: role-duration-seconds: 14400 - name: Checkout Testing Framework repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: repository: ${{ env.TESTING_FRAMEWORK_REPO }} path: testing-framework diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 7beae23b2c..98b909172b 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -22,24 +22,24 @@ jobs: name: Test patches applied to dependencies runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core steps: - - uses: actions/checkout@v5 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: temurin # vaadin 14 tests fail with node 18 - name: Set up Node - uses: actions/setup-node@v4 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 #v5.0.0 with: node-version: 16 # vaadin tests use pnpm - name: Cache pnpm modules - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: ~/.pnpm-store key: ${{ runner.os }}-test-cache-pnpm-modules - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - uses: ./.github/actions/patch-dependencies with: run_tests: "true" @@ -54,17 +54,17 @@ jobs: staging_registry: ${{ steps.imageOutput.outputs.stagingRegistry }} staging_repository: ${{ steps.imageOutput.outputs.stagingRepository }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: temurin # cache local patch outputs - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -76,21 +76,21 @@ jobs: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} gpg_password: ${{ secrets.GPG_PASSPHRASE }} - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Build snapshot with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 with: arguments: build integrationTests snapshot --stacktrace -PenableCoverage=true -PlocalDocker=true env: @@ -128,7 +128,7 @@ jobs: snapshot-ecr-role: ${{ secrets.JAVA_INSTRUMENTATION_SNAPSHOT_ECR }} - name: Upload to GitHub Actions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: aws-opentelemetry-agent.jar path: otelagent/build/libs/aws-opentelemetry-agent-*.jar @@ -189,30 +189,30 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 23 distribution: 'temurin' - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -222,17 +222,17 @@ jobs: run: docker pull public.ecr.aws/docker/library/amazoncorretto:23-alpine - name: Build snapshot with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 with: arguments: contractTests -PlocalDocker=true application-signals-lambda-layer-build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: 'temurin' @@ -241,12 +241,12 @@ jobs: run: | ./build-layer.sh - name: Upload layer zip to GitHub Actions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: aws-opentelemetry-java-layer.zip path: lambda-layer/build/distributions/aws-opentelemetry-java-layer.zip - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }} aws-region: us-east-1 @@ -270,7 +270,7 @@ jobs: if: always() steps: - name: Configure AWS Credentials for emitting metrics - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.METRICS_ROLE_ARN }} aws-region: us-east-1 From 22fdff3fd4c91124abd400f9f107bcfa21be34a5 Mon Sep 17 00:00:00 2001 From: Miqueas Herrera Date: Wed, 17 Sep 2025 13:42:17 -0700 Subject: [PATCH 15/25] Revert "update for 8/14 non-release workflow documents (#1193)" (#1195) This reverts commit 069ea22c27b58e11a2daf09adf104eb6ca51ef04. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .../application-signals-e2e-test.yml | 4 +- .github/workflows/codeql-analysis.yml | 10 ++-- .github/workflows/daily-scan.yml | 14 +++--- .../workflows/docker-build-corretto-slim.yml | 12 ++--- .../docker-build-smoke-tests-fake-backend.yml | 10 ++-- .../e2e-tests-app-with-java-agent.yml | 36 ++++++------- .github/workflows/e2e-tests-with-operator.yml | 26 +++++----- .github/workflows/main-build.yml | 50 +++++++++---------- 8 files changed, 81 insertions(+), 81 deletions(-) diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index 1f369b8316..83e814df49 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -26,12 +26,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }} aws-region: us-east-1 - - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #5.0.0 + - uses: actions/download-artifact@v5 with: name: aws-opentelemetry-agent.jar diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 993a56bec1..893264a19e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,11 +23,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 + uses: actions/checkout@v5 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3 + uses: github/codeql-action/init@v3 with: languages: java @@ -37,7 +37,7 @@ jobs: distribution: temurin - name: Cache local Maven repository - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 + uses: actions/cache@v3 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -53,9 +53,9 @@ jobs: - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Manually build to avoid autobuild failures - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + uses: gradle/gradle-build-action@v3 with: arguments: build - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/daily-scan.yml b/.github/workflows/daily-scan.yml index 43a86c6d05..cd245e572c 100644 --- a/.github/workflows/daily-scan.yml +++ b/.github/workflows/daily-scan.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo for dependency scan - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 + uses: actions/checkout@v5 with: fetch-depth: 0 @@ -35,13 +35,13 @@ jobs: distribution: 'temurin' - name: Configure AWS credentials for dependency scan - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.SECRET_MANAGER_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Get NVD API key for dependency scan - uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10 + uses: aws-actions/aws-secretsmanager-get-secrets@v2 id: nvd_api_key with: secret-ids: ${{ secrets.NVD_API_KEY_SECRET_ARN }} @@ -51,7 +51,7 @@ jobs: uses: ./.github/actions/patch-dependencies - name: Build JAR - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + uses: gradle/gradle-build-action@v3 with: arguments: assemble -PlocalDocker=true @@ -77,13 +77,13 @@ jobs: run: less dependency-check-report.html - name: Configure AWS credentials for image scan - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Login to Public ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws @@ -121,7 +121,7 @@ jobs: - name: Configure AWS Credentials for emitting metrics if: always() - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.METRICS_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} diff --git a/.github/workflows/docker-build-corretto-slim.yml b/.github/workflows/docker-build-corretto-slim.yml index 6c61ffdd3a..d883c4a9de 100644 --- a/.github/workflows/docker-build-corretto-slim.yml +++ b/.github/workflows/docker-build-corretto-slim.yml @@ -19,24 +19,24 @@ jobs: build-corretto: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 + - uses: actions/checkout@v5 - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 + uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 + uses: docker/setup-buildx-action@v3 - name: Build docker image - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #6.18.0 + uses: docker/build-push-action@v6 with: push: true context: scripts/docker/corretto-slim diff --git a/.github/workflows/docker-build-smoke-tests-fake-backend.yml b/.github/workflows/docker-build-smoke-tests-fake-backend.yml index e58ed4b643..d398c21be7 100644 --- a/.github/workflows/docker-build-smoke-tests-fake-backend.yml +++ b/.github/workflows/docker-build-smoke-tests-fake-backend.yml @@ -20,14 +20,14 @@ jobs: build-docker: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 + - uses: actions/checkout@v5 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' # cache local patch outputs - name: Cache local Maven repository - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 + uses: actions/cache@v3 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -40,16 +40,16 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws - name: Build and push docker image - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + uses: gradle/gradle-build-action@v3 with: arguments: :smoke-tests:fakebackend:jib diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml index 37300dca61..9ac83bc9a7 100644 --- a/.github/workflows/e2e-tests-app-with-java-agent.yml +++ b/.github/workflows/e2e-tests-app-with-java-agent.yml @@ -25,11 +25,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Java Instrumentation repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin @@ -37,7 +37,7 @@ jobs: # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 + uses: actions/cache@v3 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -51,27 +51,27 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - name: Validate the checksums of Gradle Wrapper - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws - name: Build and push agent and testing docker images with Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + uses: gradle/gradle-build-action@v3 with: arguments: jib env: COMMIT_HASH: ${{ inputs.image_tag }} - - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 #v5.5.1 + - uses: codecov/codecov-action@v5 test_Spring_App_With_Java_Agent: name: Test Spring App with AWS OTel Java agent @@ -79,19 +79,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@v5 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws @@ -110,19 +110,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@v5 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws @@ -141,19 +141,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@v5 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws diff --git a/.github/workflows/e2e-tests-with-operator.yml b/.github/workflows/e2e-tests-with-operator.yml index b1c44ab897..62e9c7438b 100644 --- a/.github/workflows/e2e-tests-with-operator.yml +++ b/.github/workflows/e2e-tests-with-operator.yml @@ -34,7 +34,7 @@ jobs: build-sample-app: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@v5 with: fetch-depth: 0 @@ -46,7 +46,7 @@ jobs: # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 + uses: actions/cache@v3 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -60,18 +60,18 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws - name: Build and push Sample-Apps without Auto-Instrumentation Agent - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + uses: gradle/gradle-build-action@v3 with: arguments: jibBuildWithoutAgent env: @@ -84,20 +84,20 @@ jobs: test-case-batch-value: ${{ steps.set-batches.outputs.batch-values }} steps: - name: Checkout Testing Framework repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + uses: actions/checkout@v5 with: repository: ${{ env.TESTING_FRAMEWORK_REPO }} path: testing-framework ref: ${{ inputs.test_ref }} - name: Checkout Java Instrumentation repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + uses: actions/checkout@v5 with: fetch-depth: 0 path: aws-otel-java-instrumentation - name: Set up Go 1.x - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 #v6.0.0 + uses: actions/setup-go@v6 with: go-version: '~1.18.9' @@ -126,24 +126,24 @@ jobs: steps: # required for versioning - name: Checkout Java Instrumentation repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + uses: actions/checkout@v5 with: fetch-depth: 0 path: aws-otel-java-instrumentation - name: Set up JDK 11 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: 'zulu' java-version: '11' - name: Set up terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd #v3.1.2 + uses: hashicorp/setup-terraform@v3 with: terraform_version: "~1.5" - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.JAVA_INSTRUMENTATION_INTEG_TEST_ARN}} aws-region: us-west-2 @@ -151,7 +151,7 @@ jobs: role-duration-seconds: 14400 - name: Checkout Testing Framework repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + uses: actions/checkout@v5 with: repository: ${{ env.TESTING_FRAMEWORK_REPO }} path: testing-framework diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 98b909172b..7beae23b2c 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -22,24 +22,24 @@ jobs: name: Test patches applied to dependencies runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 + - uses: actions/checkout@v5 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin # vaadin 14 tests fail with node 18 - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 #v5.0.0 + uses: actions/setup-node@v4 with: node-version: 16 # vaadin tests use pnpm - name: Cache pnpm modules - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 + uses: actions/cache@v3 with: path: ~/.pnpm-store key: ${{ runner.os }}-test-cache-pnpm-modules - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - uses: ./.github/actions/patch-dependencies with: run_tests: "true" @@ -54,17 +54,17 @@ jobs: staging_registry: ${{ steps.imageOutput.outputs.stagingRegistry }} staging_repository: ${{ steps.imageOutput.outputs.stagingRepository }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: temurin # cache local patch outputs - name: Cache local Maven repository - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 + uses: actions/cache@v3 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -76,21 +76,21 @@ jobs: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} gpg_password: ${{ secrets.GPG_PASSPHRASE }} - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws - name: Build snapshot with Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + uses: gradle/gradle-build-action@v3 with: arguments: build integrationTests snapshot --stacktrace -PenableCoverage=true -PlocalDocker=true env: @@ -128,7 +128,7 @@ jobs: snapshot-ecr-role: ${{ secrets.JAVA_INSTRUMENTATION_SNAPSHOT_ECR }} - name: Upload to GitHub Actions - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 + uses: actions/upload-artifact@v4 with: name: aws-opentelemetry-agent.jar path: otelagent/build/libs/aws-opentelemetry-agent-*.jar @@ -189,30 +189,30 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 23 distribution: 'temurin' - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 + uses: docker/login-action@v3 with: registry: public.ecr.aws # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 + uses: actions/cache@v3 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -222,17 +222,17 @@ jobs: run: docker pull public.ecr.aws/docker/library/amazoncorretto:23-alpine - name: Build snapshot with Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + uses: gradle/gradle-build-action@v3 with: arguments: contractTests -PlocalDocker=true application-signals-lambda-layer-build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' @@ -241,12 +241,12 @@ jobs: run: | ./build-layer.sh - name: Upload layer zip to GitHub Actions - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 + uses: actions/upload-artifact@v4 with: name: aws-opentelemetry-java-layer.zip path: lambda-layer/build/distributions/aws-opentelemetry-java-layer.zip - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }} aws-region: us-east-1 @@ -270,7 +270,7 @@ jobs: if: always() steps: - name: Configure AWS Credentials for emitting metrics - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.METRICS_ROLE_ARN }} aws-region: us-east-1 From fb1dc051dc79ba442f6ee692bf370579a9d6609d Mon Sep 17 00:00:00 2001 From: Miqueas Herrera Date: Thu, 18 Sep 2025 12:32:09 -0700 Subject: [PATCH 16/25] Reverting previous revert for 3p actions update (#1198) This pr reverts the previous revert for 3p action updates for non release files. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .../application-signals-e2e-test.yml | 4 +- .github/workflows/codeql-analysis.yml | 15 ++--- .github/workflows/daily-scan.yml | 19 +++--- .../workflows/docker-build-corretto-slim.yml | 12 ++-- .../docker-build-smoke-tests-fake-backend.yml | 15 ++--- .../e2e-tests-app-with-java-agent.yml | 41 ++++++------- .github/workflows/e2e-tests-with-operator.yml | 31 +++++----- .github/workflows/main-build.yml | 60 ++++++++++--------- 8 files changed, 102 insertions(+), 95 deletions(-) diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index 83e814df49..1f369b8316 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -26,12 +26,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }} aws-region: us-east-1 - - uses: actions/download-artifact@v5 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #5.0.0 with: name: aws-opentelemetry-agent.jar diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 893264a19e..6d9fb548bb 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,11 +23,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3 with: languages: java @@ -37,7 +37,7 @@ jobs: distribution: temurin - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -52,10 +52,11 @@ jobs: - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + - name: Setup Gradle + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + - name: Manually build to avoid autobuild failures - uses: gradle/gradle-build-action@v3 - with: - arguments: build + run: ./gradlew build - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3 diff --git a/.github/workflows/daily-scan.yml b/.github/workflows/daily-scan.yml index cd245e572c..df3e809d87 100644 --- a/.github/workflows/daily-scan.yml +++ b/.github/workflows/daily-scan.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo for dependency scan - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 with: fetch-depth: 0 @@ -35,13 +35,13 @@ jobs: distribution: 'temurin' - name: Configure AWS credentials for dependency scan - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.SECRET_MANAGER_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Get NVD API key for dependency scan - uses: aws-actions/aws-secretsmanager-get-secrets@v2 + uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10 id: nvd_api_key with: secret-ids: ${{ secrets.NVD_API_KEY_SECRET_ARN }} @@ -50,10 +50,11 @@ jobs: - name: Publish patched dependencies to maven local uses: ./.github/actions/patch-dependencies + - name: Setup Gradle + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + - name: Build JAR - uses: gradle/gradle-build-action@v3 - with: - arguments: assemble -PlocalDocker=true + run: ./gradlew assemble -PlocalDocker=true # See http://jeremylong.github.io/DependencyCheck/dependency-check-cli/ for installation explanation - name: Install and run dependency scan @@ -77,13 +78,13 @@ jobs: run: less dependency-check-report.html - name: Configure AWS credentials for image scan - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Login to Public ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws @@ -121,7 +122,7 @@ jobs: - name: Configure AWS Credentials for emitting metrics if: always() - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.METRICS_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} diff --git a/.github/workflows/docker-build-corretto-slim.yml b/.github/workflows/docker-build-corretto-slim.yml index d883c4a9de..6c61ffdd3a 100644 --- a/.github/workflows/docker-build-corretto-slim.yml +++ b/.github/workflows/docker-build-corretto-slim.yml @@ -19,24 +19,24 @@ jobs: build-corretto: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 - name: Build docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #6.18.0 with: push: true context: scripts/docker/corretto-slim diff --git a/.github/workflows/docker-build-smoke-tests-fake-backend.yml b/.github/workflows/docker-build-smoke-tests-fake-backend.yml index d398c21be7..67b95d6299 100644 --- a/.github/workflows/docker-build-smoke-tests-fake-backend.yml +++ b/.github/workflows/docker-build-smoke-tests-fake-backend.yml @@ -20,14 +20,14 @@ jobs: build-docker: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' # cache local patch outputs - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -40,16 +40,17 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws + - name: Setup Gradle + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + - name: Build and push docker image - uses: gradle/gradle-build-action@v3 - with: - arguments: :smoke-tests:fakebackend:jib + run: ./gradlew :smoke-tests:fakebackend:jib diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml index 9ac83bc9a7..1328d5408f 100644 --- a/.github/workflows/e2e-tests-app-with-java-agent.yml +++ b/.github/workflows/e2e-tests-app-with-java-agent.yml @@ -25,11 +25,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Java Instrumentation repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: temurin @@ -37,7 +37,7 @@ jobs: # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -51,27 +51,28 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - name: Validate the checksums of Gradle Wrapper - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws + - name: Setup Gradle + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + - name: Build and push agent and testing docker images with Gradle - uses: gradle/gradle-build-action@v3 - with: - arguments: jib + run: ./gradlew jib env: COMMIT_HASH: ${{ inputs.image_tag }} - - uses: codecov/codecov-action@v5 + - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 #v5.5.1 test_Spring_App_With_Java_Agent: name: Test Spring App with AWS OTel Java agent @@ -79,19 +80,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws @@ -110,19 +111,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws @@ -141,19 +142,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws diff --git a/.github/workflows/e2e-tests-with-operator.yml b/.github/workflows/e2e-tests-with-operator.yml index 62e9c7438b..f17168d659 100644 --- a/.github/workflows/e2e-tests-with-operator.yml +++ b/.github/workflows/e2e-tests-with-operator.yml @@ -34,7 +34,7 @@ jobs: build-sample-app: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 @@ -46,7 +46,7 @@ jobs: # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -60,20 +60,21 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Build and push Sample-Apps without Auto-Instrumentation Agent - uses: gradle/gradle-build-action@v3 - with: - arguments: jibBuildWithoutAgent + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + + - name: Build and push Sample-Apps with Auto-Instrumentation Agent + run: jibBuildWithoutAgent env: COMMIT_HASH: ${{ inputs.image_tag }} @@ -84,20 +85,20 @@ jobs: test-case-batch-value: ${{ steps.set-batches.outputs.batch-values }} steps: - name: Checkout Testing Framework repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: repository: ${{ env.TESTING_FRAMEWORK_REPO }} path: testing-framework ref: ${{ inputs.test_ref }} - name: Checkout Java Instrumentation repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 path: aws-otel-java-instrumentation - name: Set up Go 1.x - uses: actions/setup-go@v6 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 #v6.0.0 with: go-version: '~1.18.9' @@ -126,24 +127,24 @@ jobs: steps: # required for versioning - name: Checkout Java Instrumentation repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 path: aws-otel-java-instrumentation - name: Set up JDK 11 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: distribution: 'zulu' java-version: '11' - name: Set up terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd #v3.1.2 with: terraform_version: "~1.5" - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.JAVA_INSTRUMENTATION_INTEG_TEST_ARN}} aws-region: us-west-2 @@ -151,7 +152,7 @@ jobs: role-duration-seconds: 14400 - name: Checkout Testing Framework repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: repository: ${{ env.TESTING_FRAMEWORK_REPO }} path: testing-framework diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 7beae23b2c..0660dbd6ec 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -22,24 +22,24 @@ jobs: name: Test patches applied to dependencies runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core steps: - - uses: actions/checkout@v5 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: temurin # vaadin 14 tests fail with node 18 - name: Set up Node - uses: actions/setup-node@v4 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 #v5.0.0 with: node-version: 16 # vaadin tests use pnpm - name: Cache pnpm modules - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: ~/.pnpm-store key: ${{ runner.os }}-test-cache-pnpm-modules - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - uses: ./.github/actions/patch-dependencies with: run_tests: "true" @@ -54,17 +54,17 @@ jobs: staging_registry: ${{ steps.imageOutput.outputs.stagingRegistry }} staging_repository: ${{ steps.imageOutput.outputs.stagingRepository }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: temurin # cache local patch outputs - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -76,23 +76,24 @@ jobs: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} gpg_password: ${{ secrets.GPG_PASSPHRASE }} - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws + - name: Setup Gradle + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 + - name: Build snapshot with Gradle - uses: gradle/gradle-build-action@v3 - with: - arguments: build integrationTests snapshot --stacktrace -PenableCoverage=true -PlocalDocker=true + run: ./gradlew build integrationTests snapshot --stacktrace -PenableCoverage=true -PlocalDocker=true env: PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }} PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }} @@ -128,7 +129,7 @@ jobs: snapshot-ecr-role: ${{ secrets.JAVA_INSTRUMENTATION_SNAPSHOT_ECR }} - name: Upload to GitHub Actions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: aws-opentelemetry-agent.jar path: otelagent/build/libs/aws-opentelemetry-agent-*.jar @@ -189,30 +190,30 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 23 distribution: 'temurin' - - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 + - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws # cache local patch outputs - name: Cache local Maven repository id: cache-local-maven-repo - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -221,18 +222,19 @@ jobs: - name: Pull base image of Contract Tests Sample Apps run: docker pull public.ecr.aws/docker/library/amazoncorretto:23-alpine + - name: Setup Gradle + uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + - name: Build snapshot with Gradle - uses: gradle/gradle-build-action@v3 - with: - arguments: contractTests -PlocalDocker=true + run: contractTests -PlocalDocker=true application-signals-lambda-layer-build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 - - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 + - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 with: java-version: 17 distribution: 'temurin' @@ -241,12 +243,12 @@ jobs: run: | ./build-layer.sh - name: Upload layer zip to GitHub Actions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: aws-opentelemetry-java-layer.zip path: lambda-layer/build/distributions/aws-opentelemetry-java-layer.zip - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }} aws-region: us-east-1 @@ -270,7 +272,7 @@ jobs: if: always() steps: - name: Configure AWS Credentials for emitting metrics - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.METRICS_ROLE_ARN }} aws-region: us-east-1 From 210771317d9d6f567217843545ed72673be999df Mon Sep 17 00:00:00 2001 From: Miqueas Herrera Date: Fri, 19 Sep 2025 09:06:59 -0700 Subject: [PATCH 17/25] Update main-build.yml (#1200) Missed ./gradlew command. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .github/workflows/main-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index 0660dbd6ec..f4ef644a8a 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -226,7 +226,7 @@ jobs: uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - name: Build snapshot with Gradle - run: contractTests -PlocalDocker=true + run: ./gradlew contractTests -PlocalDocker=true application-signals-lambda-layer-build: runs-on: ubuntu-latest From c3aec083dcbb737298897f9dd401d2deb4440c62 Mon Sep 17 00:00:00 2001 From: Thomas Pierce Date: Mon, 22 Sep 2025 19:02:44 -0700 Subject: [PATCH 18/25] feat: add self-validating workflow gate jobs (#1213) Add gate jobs that fail if any workflow job fails OR if any job is missing from the gate's needs array. Prevents both job failures and configuration drift when adding new workflow jobs. Callout: I don't think it's possible to have one gate for both workflows, but it should not be the case that we add more over time. ### Testing: See: https://github.com/aws-observability/aws-otel-python-instrumentation/pull/477 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .github/workflows/codeql-analysis.yml | 35 +++++++++++++++++++++++++++ .github/workflows/pr-build.yml | 34 ++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6d9fb548bb..6698702e09 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -60,3 +60,38 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3 + + all-codeql-checks-pass: + runs-on: ubuntu-latest + needs: [analyze] + if: always() + steps: + - name: Checkout to get workflow file + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 + + - name: Check all jobs succeeded and none missing + run: | + # Check if all needed jobs succeeded + results='${{ toJSON(needs) }}' + if echo "$results" | jq -r '.[] | .result' | grep -v success; then + echo "Some jobs failed" + exit 1 + fi + + # Extract all job names from workflow (excluding this gate job) + all_jobs=$(yq eval '.jobs | keys | .[]' .github/workflows/codeql.yml | grep -v "all-codeql-checks-pass" | sort) + + # Extract job names from needs array + needed_jobs='${{ toJSON(needs) }}' + needs_list=$(echo "$needed_jobs" | jq -r 'keys[]' | sort) + + # Check if any jobs are missing from needs + missing_jobs=$(comm -23 <(echo "$all_jobs") <(echo "$needs_list")) + if [ -n "$missing_jobs" ]; then + echo "ERROR: Jobs missing from needs array in all-codeql-checks-pass:" + echo "$missing_jobs" + echo "Please add these jobs to the needs array of all-codeql-checks-pass" + exit 1 + fi + + echo "All CodeQL checks passed and no jobs missing from gate!" diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index b8e0050ebb..b073c3938a 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -218,3 +218,37 @@ jobs: working-directory: lambda-layer run: ./build-layer.sh + all-pr-checks-pass: + runs-on: ubuntu-latest + needs: [changelog-check, testpatch, build, build-lambda] + if: always() + steps: + - name: Checkout to get workflow file + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 + + - name: Check all jobs succeeded and none missing + run: | + # Check if all needed jobs succeeded + results='${{ toJSON(needs) }}' + if echo "$results" | jq -r '.[] | .result' | grep -v success; then + echo "Some jobs failed" + exit 1 + fi + + # Extract all job names from workflow (excluding this gate job) + all_jobs=$(yq eval '.jobs | keys | .[]' .github/workflows/pr-build.yml | grep -v "all-pr-checks-pass" | sort) + + # Extract job names from needs array + needed_jobs='${{ toJSON(needs) }}' + needs_list=$(echo "$needed_jobs" | jq -r 'keys[]' | sort) + + # Check if any jobs are missing from needs + missing_jobs=$(comm -23 <(echo "$all_jobs") <(echo "$needs_list")) + if [ -n "$missing_jobs" ]; then + echo "ERROR: Jobs missing from needs array in all-pr-checks-pass:" + echo "$missing_jobs" + echo "Please add these jobs to the needs array of all-pr-checks-pass" + exit 1 + fi + + echo "All checks passed and no jobs missing from gate!" From 47152b45a1d1da852985d255505797cc3ab405fe Mon Sep 17 00:00:00 2001 From: Miqueas Herrera Date: Tue, 23 Sep 2025 14:41:08 -0700 Subject: [PATCH 19/25] Update 3p actions from VID to CSHA (#1205) This pr updates 3p actions from VID to CSHA for remaining files. References: https://github.com/actions/checkout https://github.com/actions/setup-python https://github.com/actions/setup-java https://github.com/actions/setup-node https://github.com/actions/cache https://github.com/actions/upload-artifact https://github.com/actions/setup-node https://github.com/aws-actions/configure-aws-credentials https://github.com/actions/download-artifact https://github.com/aws-actions/aws-secretsmanager-get-secrets https://github.com/docker/login-action https://github.com/docker/setup-buildx-action https://github.com/docker/build-push-action https://github.com/docker/setup-qemu-action https://github.com/gradle/actions/blob/f8140229023a7015c7ce4df6f7c390a3cace8f83/docs/deprecation-upgrade-guide.md#using-the-action-to-execute-gradle-via-the-arguments-parameter-is-deprecated https://github.com/github/codeql-action https://github.com/hashicorp/setup-terraform https://github.com/codecov/codecov-action https://github.com/burrunan/gradle-cache-action https://github.com/JasonEtco/create-an-issue https://github.com/benchmark-action/github-action-benchmark By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Thomas Pierce --- .github/actions/cpUtility-testing/action.yml | 12 ++++---- .github/actions/image_scan/action.yml | 2 +- .github/actions/patch-dependencies/action.yml | 8 +++--- .github/workflows/codeql-analysis.yml | 7 ++--- .github/workflows/daily-scan.yml | 7 ++--- .../docker-build-smoke-tests-fake-backend.yml | 7 ++--- .../e2e-tests-app-with-java-agent.yml | 7 ++--- .github/workflows/e2e-tests-with-operator.yml | 2 +- .github/workflows/main-build.yml | 14 ++++------ .../nightly-upstream-snapshot-build.yml | 20 ++++++------- .github/workflows/patch-release-build.yml | 27 +++++++++--------- .../workflows/post-release-version-bump.yml | 8 +++--- .github/workflows/pr-build.yml | 28 +++++++++---------- .github/workflows/pre-release-prepare.yml | 6 ++-- .github/workflows/publish-status.yml | 2 +- .github/workflows/release-build.yml | 26 ++++++++--------- .github/workflows/release-lambda.yml | 19 ++++++------- .github/workflows/release-udp-exporter.yml | 2 +- .github/workflows/soak-testing.yml | 12 ++++---- .github/workflows/stale-bot.yml | 2 +- .github/workflows/udp-exporter-e2e-test.yml | 4 +-- 21 files changed, 107 insertions(+), 115 deletions(-) diff --git a/.github/actions/cpUtility-testing/action.yml b/.github/actions/cpUtility-testing/action.yml index 883763ccdc..a59ad5ac05 100644 --- a/.github/actions/cpUtility-testing/action.yml +++ b/.github/actions/cpUtility-testing/action.yml @@ -25,28 +25,28 @@ runs: using: "composite" steps: - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 with: driver-opts: image=moby/buildkit:v0.15.1 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ inputs.snapshot-ecr-role }} aws-region: ${{ inputs.aws-region }} - name: Login to private staging ecr - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: ${{ inputs.image_registry }} env: AWS_REGION: ${{ inputs.aws-region }} - name: Build image for testing - uses: docker/build-push-action@v5 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: push: false build-args: "ADOT_JAVA_VERSION=${{ inputs.adot-java-version }}" @@ -60,7 +60,7 @@ runs: run: .github/scripts/test-adot-javaagent-image.sh "${{ inputs.image_uri_with_tag }}" "${{ inputs.adot-java-version }}" - name: Build and push image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: push: true build-args: "ADOT_JAVA_VERSION=${{ inputs.adot-java-version }}" diff --git a/.github/actions/image_scan/action.yml b/.github/actions/image_scan/action.yml index eb19f78609..9469dd7021 100644 --- a/.github/actions/image_scan/action.yml +++ b/.github/actions/image_scan/action.yml @@ -26,7 +26,7 @@ runs: run: docker logout public.ecr.aws - name: Run Trivy vulnerability scanner on image - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 #v0.33.1 with: image-ref: ${{ inputs.image-ref }} severity: ${{ inputs.severity }} diff --git a/.github/actions/patch-dependencies/action.yml b/.github/actions/patch-dependencies/action.yml index 55399a6a02..d2bbdaafad 100644 --- a/.github/actions/patch-dependencies/action.yml +++ b/.github/actions/patch-dependencies/action.yml @@ -64,14 +64,14 @@ runs: shell: bash - name: Build opentelemetry-java with tests - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2 if: ${{ env.patch_otel_java == 'true' && inputs.run_tests != 'false' }} with: arguments: build publishToMavenLocal build-root-directory: opentelemetry-java - name: Build opentelemetry-java - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2 if: ${{ env.patch_otel_java == 'true' && inputs.run_tests == 'false' }} with: arguments: publishToMavenLocal @@ -83,14 +83,14 @@ runs: shell: bash - name: Build opentelemetry-java-contrib with tests - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2 if: ${{ env.patch_otel_java_contrib == 'true' && inputs.run_tests != 'false' }} with: arguments: build publishToMavenLocal build-root-directory: opentelemetry-java-contrib - name: Build opentelemetry-java-contrib - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2 if: ${{ env.patch_otel_java_contrib == 'true' && inputs.run_tests == 'false' }} with: arguments: publishToMavenLocal diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6698702e09..a7f246cc84 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,11 +52,10 @@ jobs: - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - - name: Setup Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 - - name: Manually build to avoid autobuild failures - run: ./gradlew build + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 + with: + arguments: build - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@16df4fbc19aea13d921737861d6c622bf3cefe23 #v3.30.3 diff --git a/.github/workflows/daily-scan.yml b/.github/workflows/daily-scan.yml index df3e809d87..e3a5e1b57d 100644 --- a/.github/workflows/daily-scan.yml +++ b/.github/workflows/daily-scan.yml @@ -50,11 +50,10 @@ jobs: - name: Publish patched dependencies to maven local uses: ./.github/actions/patch-dependencies - - name: Setup Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 - - name: Build JAR - run: ./gradlew assemble -PlocalDocker=true + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 + with: + arguments: assemble -PlocalDocker=true # See http://jeremylong.github.io/DependencyCheck/dependency-check-cli/ for installation explanation - name: Install and run dependency scan diff --git a/.github/workflows/docker-build-smoke-tests-fake-backend.yml b/.github/workflows/docker-build-smoke-tests-fake-backend.yml index 67b95d6299..3f69d1be43 100644 --- a/.github/workflows/docker-build-smoke-tests-fake-backend.yml +++ b/.github/workflows/docker-build-smoke-tests-fake-backend.yml @@ -49,8 +49,7 @@ jobs: with: registry: public.ecr.aws - - name: Setup Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 - - name: Build and push docker image - run: ./gradlew :smoke-tests:fakebackend:jib + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 + with: + arguments: :smoke-tests:fakebackend:jib diff --git a/.github/workflows/e2e-tests-app-with-java-agent.yml b/.github/workflows/e2e-tests-app-with-java-agent.yml index 1328d5408f..3c61ae4069 100644 --- a/.github/workflows/e2e-tests-app-with-java-agent.yml +++ b/.github/workflows/e2e-tests-app-with-java-agent.yml @@ -64,11 +64,10 @@ jobs: with: registry: public.ecr.aws - - name: Setup Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 - - name: Build and push agent and testing docker images with Gradle - run: ./gradlew jib + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 + with: + arguments: jib env: COMMIT_HASH: ${{ inputs.image_tag }} diff --git a/.github/workflows/e2e-tests-with-operator.yml b/.github/workflows/e2e-tests-with-operator.yml index f17168d659..ba5a136b2f 100644 --- a/.github/workflows/e2e-tests-with-operator.yml +++ b/.github/workflows/e2e-tests-with-operator.yml @@ -71,7 +71,7 @@ jobs: registry: public.ecr.aws - name: Build and push Sample-Apps without Auto-Instrumentation Agent - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 - name: Build and push Sample-Apps with Auto-Instrumentation Agent run: jibBuildWithoutAgent diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index f4ef644a8a..58748ce379 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -89,11 +89,10 @@ jobs: with: registry: public.ecr.aws - - name: Setup Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 - - name: Build snapshot with Gradle - run: ./gradlew build integrationTests snapshot --stacktrace -PenableCoverage=true -PlocalDocker=true + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 + with: + arguments: build integrationTests snapshot --stacktrace -PenableCoverage=true -PlocalDocker=true env: PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }} PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }} @@ -222,11 +221,10 @@ jobs: - name: Pull base image of Contract Tests Sample Apps run: docker pull public.ecr.aws/docker/library/amazoncorretto:23-alpine - - name: Setup Gradle - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #v4.4.3 - - name: Build snapshot with Gradle - run: ./gradlew contractTests -PlocalDocker=true + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 + with: + arguments: contractTests -PlocalDocker=true application-signals-lambda-layer-build: runs-on: ubuntu-latest diff --git a/.github/workflows/nightly-upstream-snapshot-build.yml b/.github/workflows/nightly-upstream-snapshot-build.yml index abd99d145c..df2f4251dd 100644 --- a/.github/workflows/nightly-upstream-snapshot-build.yml +++ b/.github/workflows/nightly-upstream-snapshot-build.yml @@ -23,7 +23,7 @@ jobs: image_name: ${{ steps.imageOutput.outputs.imageName }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 @@ -34,7 +34,7 @@ jobs: # cache local patch outputs - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -49,18 +49,18 @@ jobs: - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Build snapshot with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 with: arguments: build --stacktrace -PenableCoverage=true -PtestUpstreamSnapshots=true env: @@ -95,7 +95,7 @@ jobs: snapshot-ecr-role: ${{ secrets.JAVA_INSTRUMENTATION_SNAPSHOT_ECR }} - name: Upload to GitHub Actions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: aws-opentelemetry-agent.jar path: otelagent/build/libs/aws-opentelemetry-agent-*.jar @@ -129,7 +129,7 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 @@ -139,13 +139,13 @@ jobs: - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws @@ -153,7 +153,7 @@ jobs: run: docker pull public.ecr.aws/docker/library/amazoncorretto:23-alpine - name: Build snapshot with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 with: arguments: contractTests -PtestUpstreamSnapshots=true -PlocalDocker=true diff --git a/.github/workflows/patch-release-build.yml b/.github/workflows/patch-release-build.yml index a956d37c23..064bbf90b9 100644 --- a/.github/workflows/patch-release-build.yml +++ b/.github/workflows/patch-release-build.yml @@ -37,14 +37,14 @@ jobs: name: Check out release branch # Will fail if there is no release branch yet or succeed otherwise continue-on-error: true - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: ref: ${{ steps.parse-release-branch.outputs.release-branch-name }} - id: checkout-release-tag name: Check out release tag # If there is already a release branch, the previous step succeeds and we don't run this or the next one. if: ${{ steps.checkout-release-branch.outcome == 'failure' }} - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: ref: ${{ steps.parse-release-branch.outputs.release-tag-name }} - name: Create release branch @@ -57,7 +57,7 @@ jobs: needs: prepare-release-branch steps: - name: Checkout release branch - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: ref: ${{ needs.prepare-release-branch.outputs.release-branch-name }} @@ -66,12 +66,12 @@ jobs: java-version: 17 distribution: 'temurin' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws @@ -88,33 +88,32 @@ jobs: # Trim whitespaces and cherrypick echo $word | sed 's/ *$//g' | sed 's/^ *//g' | git cherry-pick --stdin done - - name: Build release with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 with: arguments: build integrationTests -PlocalDocker=true -Prelease.version=${{ github.event.inputs.version }} --stacktrace - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 with: driver-opts: image=moby/buildkit:v0.15.1 - name: Build image for testing - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: push: false build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" @@ -128,7 +127,7 @@ jobs: run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}" - name: Build and push image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: push: true build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" @@ -138,7 +137,7 @@ jobs: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:v${{ github.event.inputs.version }} - name: Build and Publish release with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 with: arguments: build final closeAndReleaseSonatypeStagingRepository -Prelease.version=${{ github.event.inputs.version }} --stacktrace env: diff --git a/.github/workflows/post-release-version-bump.yml b/.github/workflows/post-release-version-bump.yml index 6413b86d14..646c85d2d8 100644 --- a/.github/workflows/post-release-version-bump.yml +++ b/.github/workflows/post-release-version-bump.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout main - uses: actions/checkout@v2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: ref: main fetch-depth: 0 @@ -63,13 +63,13 @@ jobs: needs: check-version steps: - name: Configure AWS credentials for BOT secrets - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRETS_MANAGER }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Get Bot secrets - uses: aws-actions/aws-secretsmanager-get-secrets@v1 + uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10 id: bot_secrets with: secret-ids: | @@ -77,7 +77,7 @@ jobs: parse-json-secrets: true - name: Setup Git - uses: actions/checkout@v2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: fetch-depth: 0 token: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }} diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index b073c3938a..7419993d48 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -17,7 +17,7 @@ jobs: changelog-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 @@ -54,7 +54,7 @@ jobs: name: Test patches applied to dependencies runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: @@ -62,13 +62,13 @@ jobs: distribution: temurin # vaadin 14 tests fail with node 18 - name: Set up Node - uses: actions/setup-node@v4 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: 16 # vaadin tests use pnpm - name: Cache pnpm modules - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/.pnpm-store key: ${{ runner.os }}-test-cache-pnpm-modules @@ -96,7 +96,7 @@ jobs: # https://github.com/open-telemetry/opentelemetry-java/issues/4560 - os: ${{ startsWith(github.event.pull_request.base.ref, 'release/v') && 'windows-latest' || '' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: @@ -114,7 +114,7 @@ jobs: # cache local patch outputs - name: Cache local Maven repository - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 with: path: | ~/.m2/repository/io/opentelemetry/ @@ -125,7 +125,7 @@ jobs: if: ${{ matrix.os != 'windows-latest' }} # Skip patch on windows as it is not possible to build opentelemetry-java on windows - name: Build with Gradle with Integration tests - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 if: ${{ matrix.os == 'ubuntu-latest' }} with: arguments: build integrationTests --stacktrace -PenableCoverage=true -PlocalDocker=true @@ -145,7 +145,7 @@ jobs: run: docker pull public.ecr.aws/docker/library/amazoncorretto:23-alpine - name: Run contract tests - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 if: ${{ matrix.os == 'ubuntu-latest' }} with: arguments: contractTests -PlocalDocker=true -i @@ -163,17 +163,17 @@ jobs: echo "ADOT_JAVA_VERSION=$(./gradlew printVersion -q )" >> $GITHUB_ENV - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 if: ${{ matrix.os == 'ubuntu-latest' }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 with: driver-opts: image=moby/buildkit:v0.15.1 if: ${{ matrix.os == 'ubuntu-latest' }} - name: Build image for testing - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 if: ${{ matrix.os == 'ubuntu-latest' }} with: push: false @@ -196,17 +196,17 @@ jobs: run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ env.ADOT_JAVA_VERSION }}" - name: Build with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 if: ${{ matrix.os != 'ubuntu-latest' && (hashFiles('.github/patches/opentelemetry-java*.patch') == '' || matrix.os != 'windows-latest' ) }} # build on windows as well unless a patch exists with: arguments: build --stacktrace -PenableCoverage=true - - uses: codecov/codecov-action@v5 + - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 #v5.5.1 build-lambda: runs-on: ubuntu-latest steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - name: Setup Java uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 diff --git a/.github/workflows/pre-release-prepare.yml b/.github/workflows/pre-release-prepare.yml index 3459ef288d..4ef8a0ed0a 100644 --- a/.github/workflows/pre-release-prepare.yml +++ b/.github/workflows/pre-release-prepare.yml @@ -25,13 +25,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Configure AWS credentials for BOT secrets - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRETS_MANAGER }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Get Bot secrets - uses: aws-actions/aws-secretsmanager-get-secrets@v1 + uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10 id: bot_secrets with: secret-ids: | @@ -39,7 +39,7 @@ jobs: parse-json-secrets: true - name: Checkout main branch - uses: actions/checkout@v3 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 with: ref: 'main' token: ${{ env.BOT_TOKEN_GITHUB_RW_PATOKEN }} diff --git a/.github/workflows/publish-status.yml b/.github/workflows/publish-status.yml index 1efeb9c04d..5159e2bddf 100644 --- a/.github/workflows/publish-status.yml +++ b/.github/workflows/publish-status.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.roleArn }} aws-region: ${{ inputs.region }} diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 196678b15d..fb60d124e7 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -24,7 +24,7 @@ jobs: environment: Release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - name: Check main build status env: @@ -56,53 +56,53 @@ jobs: gpg_password: ${{ secrets.GPG_PASSPHRASE }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Build release with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 with: arguments: build integrationTests -PlocalDocker=true -Prelease.version=${{ github.event.inputs.version }} --stacktrace - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} - name: Log in to AWS ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws - name: Configure AWS Credentials for Private ECR - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} - name: Log in to AWS private ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: ${{ env.PRIVATE_REGISTRY }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 with: driver-opts: image=moby/buildkit:v0.15.1 - name: Build image for testing - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: push: false build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" @@ -116,7 +116,7 @@ jobs: run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}" - name: Build and push image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 with: push: true build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" @@ -127,7 +127,7 @@ jobs: ${{ env.PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }} - name: Build and Publish release with Gradle - uses: gradle/gradle-build-action@v3 + uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 with: arguments: build final closeAndReleaseSonatypeStagingRepository -Prelease.version=${{ github.event.inputs.version }} --stacktrace env: diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml index 7feeb5b14d..37b100d7ce 100644 --- a/.github/workflows/release-lambda.yml +++ b/.github/workflows/release-lambda.yml @@ -41,7 +41,7 @@ jobs: echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: @@ -54,7 +54,7 @@ jobs: ./build-layer.sh - name: Upload layer - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: aws-opentelemetry-java-layer.zip path: lambda-layer/build/distributions/aws-opentelemetry-java-layer.zip @@ -88,7 +88,7 @@ jobs: SECRET_KEY=${SECRET_KEY//-/_} echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV - - uses: aws-actions/configure-aws-credentials@v4.0.2 + - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 with: role-to-assume: ${{ secrets[env.SECRET_KEY] }} role-duration-seconds: 1200 @@ -99,7 +99,7 @@ jobs: echo BUCKET_NAME=java-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV - name: download layer.zip - uses: actions/download-artifact@v5 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 with: name: aws-opentelemetry-java-layer.zip @@ -140,7 +140,7 @@ jobs: - name: upload layer arn artifact if: ${{ success() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }} path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} @@ -155,11 +155,10 @@ jobs: needs: publish-prod steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v5 - - uses: hashicorp/setup-terraform@v2 - + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd #v3.1.2 - name: download layerARNs - uses: actions/download-artifact@v5 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 with: pattern: ${{ env.LAYER_NAME }}-* path: ${{ env.LAYER_NAME }} @@ -210,7 +209,7 @@ jobs: echo "}" >> ../layer_cdk cat ../layer_cdk - name: download aws-opentelemetry-java-layer.zip - uses: actions/download-artifact@v5 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 with: name: aws-opentelemetry-java-layer.zip - name: rename to layer.zip diff --git a/.github/workflows/release-udp-exporter.yml b/.github/workflows/release-udp-exporter.yml index 0ef7995b9b..30d1a2e4dc 100644 --- a/.github/workflows/release-udp-exporter.yml +++ b/.github/workflows/release-udp-exporter.yml @@ -26,7 +26,7 @@ jobs: needs: validate-udp-exporter-e2e-test steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 - name: Set up Java uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 diff --git a/.github/workflows/soak-testing.yml b/.github/workflows/soak-testing.yml index 3fd1173c85..2dcd07d709 100644 --- a/.github/workflows/soak-testing.yml +++ b/.github/workflows/soak-testing.yml @@ -63,7 +63,7 @@ jobs: run: | echo "TEST_DURATION_MINUTES=${{ github.event.inputs.test_duration_minutes || env.DEFAULT_TEST_DURATION_MINUTES }}" | tee --append $GITHUB_ENV; - name: Clone This Repo @ ${{ env.TARGET_SHA }} - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ env.TARGET_SHA }} @@ -98,7 +98,7 @@ jobs: # MARK: - Run Performance Tests - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} role-duration-seconds: 21600 # 6 Hours @@ -110,7 +110,7 @@ jobs: aws ecr-public get-login-password | docker login --username AWS --password-stdin public.ecr.aws - name: Build Sample App locally directly to the Docker daemon - uses: burrunan/gradle-cache-action@v3 + uses: burrunan/gradle-cache-action@4a07779efc8120348ea6dfd35314bc30a586eb0f #v3.0.1 with: arguments: jibDockerBuild env: @@ -210,7 +210,7 @@ jobs: git checkout main; [[ $HAS_RESULTS_ALREADY == true ]] - name: Graph and Report Performance Test Averages result - uses: benchmark-action/github-action-benchmark@v1 + uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b #v1.20.7 continue-on-error: true id: check-failure-after-performance-tests with: @@ -230,7 +230,7 @@ jobs: gh-pages-branch: gh-pages benchmark-data-dir-path: soak-tests/per-commit-overall-results - name: Publish Issue if failed DURING Performance Tests - uses: JasonEtco/create-an-issue@v2 + uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 if: ${{ github.event_name == 'schedule' && steps.check-failure-during-performance-tests.outcome == 'failure' }} env: @@ -241,7 +241,7 @@ jobs: filename: .github/auto-issue-templates/failure-during-soak_tests.md update_existing: true - name: Publish Issue if failed AFTER Performance Tests - uses: JasonEtco/create-an-issue@v2 + uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 #v2.9.2 if: ${{ github.event_name == 'schedule' && steps.check-failure-after-performance-tests.outcome == 'failure' }} env: diff --git a/.github/workflows/stale-bot.yml b/.github/workflows/stale-bot.yml index 2104ad0b4f..49ddc47c00 100644 --- a/.github/workflows/stale-bot.yml +++ b/.github/workflows/stale-bot.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Mark the issues/pr - uses: actions/stale@v9 + uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f #10.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} #Github workflow will add a temporary token when executing the workflow with: diff --git a/.github/workflows/udp-exporter-e2e-test.yml b/.github/workflows/udp-exporter-e2e-test.yml index 4983306491..79a9af8a85 100644 --- a/.github/workflows/udp-exporter-e2e-test.yml +++ b/.github/workflows/udp-exporter-e2e-test.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Java uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 @@ -23,7 +23,7 @@ jobs: cache: 'gradle' - name: Configure AWS credentials for Testing Tracing - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 with: role-to-assume: ${{ secrets.XRAY_UDP_EXPORTER_TEST_ROLE }} aws-region: 'us-east-1' From 298b414cbb730657a0e7321ff7dd469683b12649 Mon Sep 17 00:00:00 2001 From: Thomas Pierce Date: Tue, 23 Sep 2025 16:32:33 -0700 Subject: [PATCH 20/25] feat: prevent versioned 3P GitHub actions in PR builds (#1212) Add validation step to require commit SHAs instead of version tags for third-party GitHub actions in workflow files. Repo config `Require actions to be pinned to a full-length commit SHA` will protect against this if we missed any others. ### Testing done * See: https://github.com/aws-observability/aws-otel-python-instrumentation/pull/475 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .github/workflows/pr-build.yml | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 7419993d48..08a7ded962 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -14,7 +14,7 @@ env: TEST_TAG: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:test-v2 jobs: - changelog-check: + static-code-checks: runs-on: ubuntu-latest steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -22,6 +22,7 @@ jobs: fetch-depth: 0 - name: Check CHANGELOG + if: always() run: | # Check if PR is from workflows bot or dependabot if [[ "${{ github.event.pull_request.user.login }}" == "aws-application-signals-bot" ]]; then @@ -50,6 +51,24 @@ jobs: echo "It looks like you didn't add an entry to CHANGELOG.md. If this change affects the SDK behavior, please update CHANGELOG.md and link this PR in your entry. If this PR does not need a CHANGELOG entry, you can add the 'Skip Changelog' label to this PR." exit 1 + - name: Check for versioned GitHub actions + if: always() + run: | + # Get changed GitHub workflow/action files + CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -E "^\.github/(workflows|actions)/.*\.ya?ml$" || true) + + if [ -n "$CHANGED_FILES" ]; then + # Check for any versioned actions, excluding comments and this validation script + VIOLATIONS=$(grep -Hn "uses:.*@v" $CHANGED_FILES | grep -v "grep.*uses:.*@v" | grep -v "#.*@v" || true) + if [ -n "$VIOLATIONS" ]; then + echo "Found versioned GitHub actions. Use commit SHAs instead:" + echo "$VIOLATIONS" + exit 1 + fi + fi + + echo "No versioned actions found in changed files" + testpatch: name: Test patches applied to dependencies runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core @@ -220,7 +239,7 @@ jobs: all-pr-checks-pass: runs-on: ubuntu-latest - needs: [changelog-check, testpatch, build, build-lambda] + needs: [static-code-checks, testpatch, build, build-lambda] if: always() steps: - name: Checkout to get workflow file From 8b922b6fd21d5dc2300be1858aeafe2dde67ed81 Mon Sep 17 00:00:00 2001 From: Miqueas Herrera Date: Wed, 24 Sep 2025 10:06:21 -0700 Subject: [PATCH 21/25] Update action.yml (#1220) Updating missed gradle build updates from 3p actions VID to CSHA. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- .github/actions/patch-dependencies/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/patch-dependencies/action.yml b/.github/actions/patch-dependencies/action.yml index d2bbdaafad..5591d8b1ea 100644 --- a/.github/actions/patch-dependencies/action.yml +++ b/.github/actions/patch-dependencies/action.yml @@ -102,14 +102,14 @@ runs: shell: bash - name: Build opentelemetry-java-instrumentation with tests - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2 if: ${{ env.patch_otel_java_instrumentation == 'true' && inputs.run_tests != 'false' }} with: arguments: check -x spotlessCheck publishToMavenLocal build-root-directory: opentelemetry-java-instrumentation - name: Build opentelemetry java instrumentation - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2 if: ${{ env.patch_otel_java_instrumentation == 'true' && inputs.run_tests == 'false' }} with: arguments: publishToMavenLocal @@ -118,4 +118,4 @@ runs: - name: cleanup opentelmetry-java-instrumentation run: rm -rf opentelemetry-java-instrumentation if: ${{ env.patch_otel_java_instrumentation == 'true' }} - shell: bash \ No newline at end of file + shell: bash From af94b7768423bffc22ffe4012add1c8eecd175bf Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Fri, 24 Oct 2025 09:48:30 -0700 Subject: [PATCH 22/25] fix cargo-audit version (#1245) *Issue #, if available:* *Description of changes:* see https://github.com/aws-observability/aws-otel-js-instrumentation/pull/285 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1390f9d2c5..6f05e46a31 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ ARG TARGETARCH RUN if [ $TARGETARCH = "amd64" ]; then rustup component add rustfmt && cargo fmt --check ; fi ## Audit dependencies -RUN if [ $TARGETARCH = "amd64" ]; then cargo install cargo-audit && cargo audit ; fi +RUN if [ $TARGETARCH = "amd64" ]; then cargo install cargo-audit --locked && cargo audit ; fi # Cross-compile based on the target platform. From d1e4a118cec403d7e871a502fef86f46560ab28d Mon Sep 17 00:00:00 2001 From: Jonathan Lee <107072447+jj22ee@users.noreply.github.com> Date: Fri, 19 Sep 2025 17:09:51 -0700 Subject: [PATCH 23/25] Support Trace Context extraction from Lambda Context object, and respect user-configured OTEL_PROPAGATORS (#1191) *Issue #, if available:* - In latest `com.amazonaws:aws-lambda-java-core:1.4.0`, Lambda Context has a new `lambdaContext.getXrayTraceId()` method. We need to use this over SystemProperty/EnvVar to support multi-concurrency in Lambda. *Description of changes:* - respect OTEL_PROPAGATORS Env Var priority - Priority logic BEFORE: - Create `carrierA` to contain headers from Lambda request http headers and the custom client context - get X-Ray Trace ID from (in order or priority) SystemProperty or EnvVar, add it to new `carrierB` - Use Global Propagator to extract trace context from `carrierB` (trace extraction only works if xray propagator is configured) - If above trace extraction results in a context that is not valid&sampled, try again with Global Propagator using `carrierA` - Priority logic AFTER: - Create `carrierA` to contain headers from Lambda request http headers and the custom client context - get X-Ray Trace ID from (in order or priority) Lambda Context, SystemProperty, or EnvVar, add it to `carrierA` (will overwrite x-ray header value if present from Lambda request http headers). - Use Global Propagator to extract trace context from `carrierA` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- CHANGELOG.md | 5 + lambda-layer/otel-instrument | 2 +- .../opentelemetry-java-instrumentation.patch | 412 +++++++++++++++--- 3 files changed, 366 insertions(+), 53 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4732100a6e..a7495ab06c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,3 +12,8 @@ For any change that affects end users of this package, please add an entry under If your change does not need a CHANGELOG entry, add the "skip changelog" label to your PR. ## Unreleased + +### Enhancements + +- Support X-Ray Trace Id extraction from Lambda Context object, and respect user-configured OTEL_PROPAGATORS in AWS Lamdba instrumentation + ([#1191](https://github.com/aws-observability/aws-otel-java-instrumentation/pull/1191)) diff --git a/lambda-layer/otel-instrument b/lambda-layer/otel-instrument index 662520d8b4..06dd6f1ec6 100644 --- a/lambda-layer/otel-instrument +++ b/lambda-layer/otel-instrument @@ -2,7 +2,7 @@ export OTEL_INSTRUMENTATION_AWS_SDK_EXPERIMENTAL_SPAN_ATTRIBUTES=true -export OTEL_PROPAGATORS="${OTEL_PROPAGATORS:-baggage,xray,tracecontext}" +export OTEL_PROPAGATORS="${OTEL_PROPAGATORS:-baggage,tracecontext,xray}" export OTEL_SERVICE_NAME=${OTEL_SERVICE_NAME:-${AWS_LAMBDA_FUNCTION_NAME}} diff --git a/lambda-layer/patches/opentelemetry-java-instrumentation.patch b/lambda-layer/patches/opentelemetry-java-instrumentation.patch index cca35f0ed0..56b8824689 100644 --- a/lambda-layer/patches/opentelemetry-java-instrumentation.patch +++ b/lambda-layer/patches/opentelemetry-java-instrumentation.patch @@ -1,5 +1,78 @@ +diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java +index 93071e04d2..add9f64276 100644 +--- a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java ++++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java +@@ -68,7 +68,7 @@ public class AwsLambdaRequestHandlerInstrumentation implements TypeInstrumentati + @Advice.Local("otelContext") io.opentelemetry.context.Context otelContext, + @Advice.Local("otelScope") Scope otelScope) { + input = AwsLambdaRequest.create(context, arg, Collections.emptyMap()); +- io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(input); ++ io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(input, context); + + if (!functionInstrumenter().shouldStart(parentContext, input)) { + return; +diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java +index a6b89d253d..e62d30eddb 100644 +--- a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java ++++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java +@@ -69,7 +69,7 @@ public class AwsLambdaRequestStreamHandlerInstrumentation implements TypeInstrum + @Advice.Local("otelScope") Scope otelScope) { + + otelInput = AwsLambdaRequest.create(context, input, Collections.emptyMap()); +- io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(otelInput); ++ io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(otelInput, context); + + if (!functionInstrumenter().shouldStart(parentContext, otelInput)) { + return; +diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts +index df605add2f..b2f01d9d4d 100644 +--- a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts ++++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts +@@ -9,7 +9,7 @@ dependencies { + compileOnly("com.google.auto.value:auto-value-annotations") + annotationProcessor("com.google.auto.value:auto-value") + +- library("com.amazonaws:aws-lambda-java-core:1.0.0") ++ library("com.amazonaws:aws-lambda-java-core:1.4.0") + + // We do lightweight parsing of JSON to extract HTTP headers from requests for propagation. + // This will be commonly needed even for users that don't use events, but luckily it's not too big. +@@ -26,6 +26,7 @@ dependencies { + + testImplementation(project(":instrumentation:aws-lambda:aws-lambda-core-1.0:testing")) + testImplementation("uk.org.webcompere:system-stubs-jupiter") ++ testImplementation("com.google.guava:guava") + } + + tasks.withType().configureEach { +diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/TracingRequestHandler.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/TracingRequestHandler.java +index 873040f66e..b38648e8cf 100644 +--- a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/TracingRequestHandler.java ++++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/TracingRequestHandler.java +@@ -66,7 +66,7 @@ public abstract class TracingRequestHandler implements RequestHandler headers = input.getHeaders(); if (input.getAwsContext() != null && input.getAwsContext().getClientContext() != null) { -@@ -59,23 +57,15 @@ public class AwsLambdaFunctionInstrumenter { +@@ -59,23 +58,15 @@ public class AwsLambdaFunctionInstrumenter { } } - + - return openTelemetry - .getPropagators() - .getTextMapPropagator() - .extract(Context.root(), headers, MapGetter.INSTANCE); -+ return ParentContextExtractor.extract(headers, this); ++ return ParentContextExtractor.extract(headers, this, lambdaContext); } - + - private enum MapGetter implements TextMapGetter> { - INSTANCE; - @@ -58,7 +134,7 @@ index 9341bf6f79..2208c3c482 100644 - } + public Context extract(Map headers, TextMapGetter> getter) { + ContextPropagationDebug.debugContextLeakIfEnabled(); - + - @Override - public String get(Map map, String s) { - return map.get(s.toLowerCase(Locale.ROOT)); @@ -71,10 +147,10 @@ index 9341bf6f79..2208c3c482 100644 } diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractor.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractor.java new file mode 100644 -index 0000000000..439ed0de07 +index 0000000000..e711558e05 --- /dev/null +++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractor.java -@@ -0,0 +1,77 @@ +@@ -0,0 +1,68 @@ +/* + * Copyright The OpenTelemetry Authors + * SPDX-License-Identifier: Apache-2.0 @@ -84,11 +160,8 @@ index 0000000000..439ed0de07 + +import static io.opentelemetry.instrumentation.awslambdacore.v1_0.internal.MapUtils.lowercaseMap; + -+import io.opentelemetry.api.trace.Span; -+import io.opentelemetry.api.trace.SpanContext; +import io.opentelemetry.context.Context; +import io.opentelemetry.context.propagation.TextMapGetter; -+import java.util.Collections; +import java.util.Locale; +import java.util.Map; + @@ -103,39 +176,33 @@ index 0000000000..439ed0de07 + // lower-case map getter used for extraction + static final String AWS_TRACE_HEADER_PROPAGATOR_KEY = "x-amzn-trace-id"; + -+ static Context extract(Map headers, AwsLambdaFunctionInstrumenter instrumenter) { -+ Context parentContext = null; -+ String parentTraceHeader = getTraceHeader(); ++ static Context extract( ++ Map headers, ++ AwsLambdaFunctionInstrumenter instrumenter, ++ com.amazonaws.services.lambda.runtime.Context lambdaContext) { ++ Map mergedHeaders = lowercaseMap(headers); ++ String parentTraceHeader = getTraceHeader(lambdaContext); + if (parentTraceHeader != null) { -+ parentContext = instrumenter.extract( -+ Collections.singletonMap(AWS_TRACE_HEADER_PROPAGATOR_KEY, parentTraceHeader), -+ MapGetter.INSTANCE); ++ mergedHeaders.put(AWS_TRACE_HEADER_PROPAGATOR_KEY, parentTraceHeader); + } -+ if (!isValidAndSampled(parentContext)) { -+ // try http -+ parentContext = instrumenter.extract(lowercaseMap(headers), MapGetter.INSTANCE); -+ } -+ return parentContext; ++ return instrumenter.extract(mergedHeaders, MapGetter.INSTANCE); + } + -+ private static String getTraceHeader() { ++ private static String getTraceHeader( ++ com.amazonaws.services.lambda.runtime.Context lambdaContext) { ++ String traceHeader = lambdaContext.getXrayTraceId(); ++ if (traceHeader != null && !traceHeader.isEmpty()) { ++ return traceHeader; ++ } ++ + // Lambda propagates trace header by system property instead of environment variable from java17 -+ String traceHeader = System.getProperty(AWS_TRACE_HEADER_PROP); ++ traceHeader = System.getProperty(AWS_TRACE_HEADER_PROP); + if (traceHeader == null || traceHeader.isEmpty()) { + return System.getenv(AWS_TRACE_HEADER_ENV_KEY); + } + return traceHeader; + } + -+ private static boolean isValidAndSampled(Context context) { -+ if (context == null) { -+ return false; -+ } -+ Span parentSpan = Span.fromContext(context); -+ SpanContext parentSpanContext = parentSpan.getSpanContext(); -+ return (parentSpanContext.isValid() && parentSpanContext.isSampled()); -+ } -+ + private enum MapGetter implements TextMapGetter> { + INSTANCE; + @@ -152,12 +219,25 @@ index 0000000000..439ed0de07 + + private ParentContextExtractor() {} +} +diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/InstrumenterExtractionTest.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/InstrumenterExtractionTest.java +index cb19d1e568..12ed174bb2 100644 +--- a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/InstrumenterExtractionTest.java ++++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/InstrumenterExtractionTest.java +@@ -37,7 +37,7 @@ class InstrumenterExtractionTest { + + AwsLambdaRequest input = AwsLambdaRequest.create(awsContext, new HashMap<>(), new HashMap<>()); + +- Context extracted = instr.extract(input); ++ Context extracted = instr.extract(input, awsContext); + SpanContext spanContext = Span.fromContext(extracted).getSpanContext(); + assertThat(spanContext.getTraceId()).isEqualTo("4bf92f3577b34da6a3ce929d0e0e4736"); + assertThat(spanContext.getSpanId()).isEqualTo("00f067aa0ba902b7"); diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractorTest.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractorTest.java new file mode 100644 -index 0000000000..1fa0b6e536 +index 0000000000..76fc823a65 --- /dev/null +++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractorTest.java -@@ -0,0 +1,135 @@ +@@ -0,0 +1,337 @@ +/* + * Copyright The OpenTelemetry Authors + * SPDX-License-Identifier: Apache-2.0 @@ -166,13 +246,17 @@ index 0000000000..1fa0b6e536 +package io.opentelemetry.instrumentation.awslambdacore.v1_0.internal; + +import static org.assertj.core.api.Assertions.assertThat; ++import static org.mockito.Mockito.mock; ++import static org.mockito.Mockito.when; + ++import com.amazonaws.services.lambda.runtime.Context; +import com.google.common.collect.ImmutableMap; +import io.opentelemetry.api.OpenTelemetry; +import io.opentelemetry.api.trace.Span; +import io.opentelemetry.api.trace.SpanContext; -+import io.opentelemetry.context.Context; +import io.opentelemetry.context.propagation.ContextPropagators; ++import io.opentelemetry.context.propagation.TextMapPropagator; ++import io.opentelemetry.contrib.awsxray.propagator.AwsXrayPropagator; +import io.opentelemetry.extension.trace.propagation.B3Propagator; +import java.util.Map; +import org.junit.jupiter.api.Test; @@ -190,12 +274,33 @@ index 0000000000..1fa0b6e536 +class ParentContextExtractorTest { + + @SystemStub final EnvironmentVariables environmentVariables = new EnvironmentVariables(); ++ @SystemStub final SystemProperties systemProperties = new SystemProperties(); + -+ private static final OpenTelemetry OTEL = ++ private static final OpenTelemetry OTEL_WITH_B3_PROPAGATOR = + OpenTelemetry.propagating(ContextPropagators.create(B3Propagator.injectingSingleHeader())); + -+ private static final AwsLambdaFunctionInstrumenter INSTRUMENTER = -+ AwsLambdaFunctionInstrumenterFactory.createInstrumenter(OTEL); ++ private static final AwsLambdaFunctionInstrumenter INSTRUMENTER_WITH_B3_PROPAGATOR = ++ AwsLambdaFunctionInstrumenterFactory.createInstrumenter(OTEL_WITH_B3_PROPAGATOR); ++ ++ // Only for new lambda context tests ++ private static final OpenTelemetry OTEL_WITH_B3_XRAY_PROPAGATORS = ++ OpenTelemetry.propagating( ++ ContextPropagators.create( ++ TextMapPropagator.composite( ++ B3Propagator.injectingSingleHeader(), AwsXrayPropagator.getInstance()))); ++ private static final OpenTelemetry OTEL_WITH_XRAY_B3_PROPAGATORS = ++ OpenTelemetry.propagating( ++ ContextPropagators.create( ++ TextMapPropagator.composite( ++ AwsXrayPropagator.getInstance(), B3Propagator.injectingSingleHeader()))); ++ ++ private static final AwsLambdaFunctionInstrumenter INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS = ++ AwsLambdaFunctionInstrumenterFactory.createInstrumenter(OTEL_WITH_B3_XRAY_PROPAGATORS); ++ ++ private static final AwsLambdaFunctionInstrumenter INSTRUMENTER_WITH_XRAY_B3_PROPAGATORS = ++ AwsLambdaFunctionInstrumenterFactory.createInstrumenter(OTEL_WITH_XRAY_B3_PROPAGATORS); ++ ++ private static final Context mockLambdaContext = mock(Context.class); + + @Test + void shouldUseHttpIfAwsParentNotSampled() { @@ -213,7 +318,8 @@ index 0000000000..1fa0b6e536 + "Root=1-8a3c60f7-d188f8fa79d48a391a778fa6;Parent=0000000000000456;Sampled=0"); + + // when -+ Context context = ParentContextExtractor.extract(headers, INSTRUMENTER); ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract(headers, INSTRUMENTER_WITH_B3_PROPAGATOR, mockLambdaContext); + // then + Span span = Span.fromContext(context); + SpanContext spanContext = span.getSpanContext(); @@ -239,7 +345,9 @@ index 0000000000..1fa0b6e536 + "Root=1-8a3c60f7-d188f8fa79d48a391a778fa6;Parent=0000000000000456;Sampled=1"); + + // when -+ Context context = ParentContextExtractor.extract(headers, INSTRUMENTER); ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContext); + // then + Span span = Span.fromContext(context); + SpanContext spanContext = span.getSpanContext(); @@ -262,7 +370,8 @@ index 0000000000..1fa0b6e536 + "true"); + + // when -+ Context context = ParentContextExtractor.extract(headers, INSTRUMENTER); ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract(headers, INSTRUMENTER_WITH_B3_PROPAGATOR, mockLambdaContext); + // then + Span span = Span.fromContext(context); + SpanContext spanContext = span.getSpanContext(); @@ -277,22 +386,221 @@ index 0000000000..1fa0b6e536 + // given + systemProperties.set( + "com.amazonaws.xray.traceHeader", -+ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa7;Parent=0000000000000789;Sampled=0"); ++ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa7;Parent=0000000000000789;Sampled=1"); ++ environmentVariables.set( ++ "_X_AMZN_TRACE_ID", ++ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa6;Parent=0000000000000456;Sampled=1"); ++ ++ // when ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ ImmutableMap.of(), INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContext); ++ // then ++ Span span = Span.fromContext(context); ++ SpanContext spanContext = span.getSpanContext(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.getSpanId()).isEqualTo("0000000000000789"); ++ assertThat(spanContext.getTraceId()).isEqualTo("8a3c60f7d188f8fa79d48a391a778fa7"); ++ } ++ ++ @Test ++ void shouldUseLambdaContextToExtractXrayTraceId() { ++ // given ++ Map headers = ImmutableMap.of(); ++ Context mockLambdaContextWithXrayTraceId = mock(Context.class); ++ when(mockLambdaContextWithXrayTraceId.getXrayTraceId()) ++ .thenReturn("Root=1-4fd0b613-1f19f39af59518d127b0cafe;Parent=0000000000000123;Sampled=1"); ++ ++ // when ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContextWithXrayTraceId); ++ // then ++ Span span = Span.fromContext(context); ++ SpanContext spanContext = span.getSpanContext(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.getSpanId()).isEqualTo("0000000000000123"); ++ assertThat(spanContext.getTraceId()).isEqualTo("4fd0b6131f19f39af59518d127b0cafe"); ++ } ++ ++ @Test ++ void shouldPreferLambdaContextOverSystemProperty() { ++ // given ++ Map headers = ImmutableMap.of(); ++ Context mockLambdaContextWithXrayTraceId = mock(Context.class); ++ when(mockLambdaContextWithXrayTraceId.getXrayTraceId()) ++ .thenReturn("Root=1-4fd0b613-1f19f39af59518d127b0cafe;Parent=0000000000000123;Sampled=1"); ++ systemProperties.set( ++ "com.amazonaws.xray.traceHeader", ++ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa7;Parent=0000000000000789;Sampled=1"); ++ ++ // when ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContextWithXrayTraceId); ++ // then ++ Span span = Span.fromContext(context); ++ SpanContext spanContext = span.getSpanContext(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.getSpanId()).isEqualTo("0000000000000123"); ++ assertThat(spanContext.getTraceId()).isEqualTo("4fd0b6131f19f39af59518d127b0cafe"); ++ } ++ ++ @Test ++ void shouldPreferLambdaContextOverEnvVariable() { ++ // given ++ Map headers = ImmutableMap.of(); ++ Context mockLambdaContextWithXrayTraceId = mock(Context.class); ++ when(mockLambdaContextWithXrayTraceId.getXrayTraceId()) ++ .thenReturn("Root=1-4fd0b613-1f19f39af59518d127b0cafe;Parent=0000000000000123;Sampled=1"); ++ environmentVariables.set( ++ "_X_AMZN_TRACE_ID", ++ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa6;Parent=0000000000000456;Sampled=1"); ++ ++ // when ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContextWithXrayTraceId); ++ // then ++ Span span = Span.fromContext(context); ++ SpanContext spanContext = span.getSpanContext(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.getSpanId()).isEqualTo("0000000000000123"); ++ assertThat(spanContext.getTraceId()).isEqualTo("4fd0b6131f19f39af59518d127b0cafe"); ++ } ++ ++ @Test ++ void shouldPreferLambdaContextOverHttp() { ++ // given ++ Map headers = ++ ImmutableMap.of( ++ "X-b3-traceId", ++ "4fd0b6131f19f39af59518d127b0cafe", ++ "x-b3-spanid", ++ "0000000000000123", ++ "X-B3-Sampled", ++ "true"); ++ Context mockLambdaContextWithXrayTraceId = mock(Context.class); ++ when(mockLambdaContextWithXrayTraceId.getXrayTraceId()) ++ .thenReturn("Root=1-8a3c60f7-d188f8fa79d48a391a778fa6;Parent=0000000000000456;Sampled=1"); ++ ++ // when ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContextWithXrayTraceId); ++ // then ++ Span span = Span.fromContext(context); ++ SpanContext spanContext = span.getSpanContext(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.getSpanId()).isEqualTo("0000000000000456"); ++ assertThat(spanContext.getTraceId()).isEqualTo("8a3c60f7d188f8fa79d48a391a778fa6"); ++ } ++ ++ @Test ++ void shouldPreferHttpOverXrayIdSetByLambdaContext() { ++ // given ++ Map headers = ++ ImmutableMap.of( ++ "X-b3-traceId", ++ "4fd0b6131f19f39af59518d127b0cafe", ++ "x-b3-spanid", ++ "0000000000000123", ++ "X-B3-Sampled", ++ "true"); + environmentVariables.set( + "_X_AMZN_TRACE_ID", + "Root=1-8a3c60f7-d188f8fa79d48a391a778fa6;Parent=0000000000000456;Sampled=1"); ++ systemProperties.set( ++ "com.amazonaws.xray.traceHeader", ++ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa6;Parent=0000000000000456;Sampled=1"); ++ Context mockLambdaContextWithXrayTraceId = mock(Context.class); ++ when(mockLambdaContextWithXrayTraceId.getXrayTraceId()) ++ .thenReturn("Root=1-8a3c60f7-d188f8fa79d48a391a778fa6;Parent=0000000000000456;Sampled=1"); ++ ++ // when ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_XRAY_B3_PROPAGATORS, mockLambdaContextWithXrayTraceId); ++ // then ++ Span span = Span.fromContext(context); ++ SpanContext spanContext = span.getSpanContext(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.getSpanId()).isEqualTo("0000000000000123"); ++ assertThat(spanContext.getTraceId()).isEqualTo("4fd0b6131f19f39af59518d127b0cafe"); ++ } ++ ++ @Test ++ void shouldFallbackToSystemPropertyIfContextTraceIdIsNull() { ++ // given ++ Map headers = ImmutableMap.of(); ++ Context mockLambdaContextWithXrayTraceId = mock(Context.class); ++ when(mockLambdaContextWithXrayTraceId.getXrayTraceId()).thenReturn(null); ++ systemProperties.set( ++ "com.amazonaws.xray.traceHeader", ++ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa7;Parent=0000000000000789;Sampled=1"); + + // when -+ Context context = ParentContextExtractor.extract(headers, INSTRUMENTER); ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContextWithXrayTraceId); + // then + Span span = Span.fromContext(context); + SpanContext spanContext = span.getSpanContext(); + assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.getSpanId()).isEqualTo("0000000000000789"); ++ assertThat(spanContext.getTraceId()).isEqualTo("8a3c60f7d188f8fa79d48a391a778fa7"); ++ } ++ ++ @Test ++ void shouldFallbackToSystemPropertyIfContextTraceIdIsEmptyString() { ++ // given ++ Map headers = ImmutableMap.of(); ++ Context mockLambdaContextWithXrayTraceId = mock(Context.class); ++ when(mockLambdaContextWithXrayTraceId.getXrayTraceId()).thenReturn(""); ++ systemProperties.set( ++ "com.amazonaws.xray.traceHeader", ++ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa7;Parent=0000000000000789;Sampled=1"); ++ ++ // when ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContextWithXrayTraceId); ++ // then ++ Span span = Span.fromContext(context); ++ SpanContext spanContext = span.getSpanContext(); + assertThat(spanContext.isValid()).isTrue(); + assertThat(spanContext.getSpanId()).isEqualTo("0000000000000789"); -+ assertThat(spanContext.getTraceId()).isEqualTo("d188f8fa79d48a391a778fa7"); ++ assertThat(spanContext.getTraceId()).isEqualTo("8a3c60f7d188f8fa79d48a391a778fa7"); + } +} +diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java +index e059250807..1fa80c3735 100644 +--- a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java ++++ b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java +@@ -70,7 +70,7 @@ public class AwsLambdaRequestHandlerInstrumentation implements TypeInstrumentati + } + input = AwsLambdaRequest.create(context, arg, headers); + io.opentelemetry.context.Context parentContext = +- AwsLambdaInstrumentationHelper.functionInstrumenter().extract(input); ++ AwsLambdaInstrumentationHelper.functionInstrumenter().extract(input, context); + + if (!AwsLambdaInstrumentationHelper.functionInstrumenter() + .shouldStart(parentContext, input)) { +diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java +index fb5971016a..d31389e1c4 100644 +--- a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java ++++ b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java +@@ -62,7 +62,7 @@ public class AwsLambdaRequestStreamHandlerInstrumentation implements TypeInstrum + Map headers = Collections.emptyMap(); + otelInput = AwsLambdaRequest.create(context, input, headers); + io.opentelemetry.context.Context parentContext = +- AwsLambdaInstrumentationHelper.functionInstrumenter().extract(otelInput); ++ AwsLambdaInstrumentationHelper.functionInstrumenter().extract(otelInput, context); + + if (!AwsLambdaInstrumentationHelper.functionInstrumenter() + .shouldStart(parentContext, otelInput)) { diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/library/src/main/java/io/opentelemetry/instrumentation/awslambdaevents/v2_2/internal/AwsLambdaSqsInstrumenterFactory.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/library/src/main/java/io/opentelemetry/instrumentation/awslambdaevents/v2_2/internal/AwsLambdaSqsInstrumenterFactory.java index 4cd11fc0c4..7b7d62755c 100644 --- a/instrumentation/aws-lambda/aws-lambda-events-2.2/library/src/main/java/io/opentelemetry/instrumentation/awslambdaevents/v2_2/internal/AwsLambdaSqsInstrumenterFactory.java @@ -304,7 +612,7 @@ index 4cd11fc0c4..7b7d62755c 100644 - .addSpanLinksExtractor(new SqsMessageSpanLinksExtractor()) .buildInstrumenter(SpanKindExtractor.alwaysConsumer()); } - + diff --git a/version.gradle.kts b/version.gradle.kts index 7900c9a4d9..80383d7c22 100644 --- a/version.gradle.kts From aba62f3dc4963dca503ab249e69de9895c42954d Mon Sep 17 00:00:00 2001 From: Jonathan Lee <107072447+jj22ee@users.noreply.github.com> Date: Wed, 24 Sep 2025 11:57:25 -0700 Subject: [PATCH 24/25] Fix Trace Context extraction from Lambda Context object by bypassing Muzzle Check (#1218) *Issue #, if available:* - https://github.com/aws-observability/aws-otel-java-instrumentation/actions/runs/17954879038/job/51066448865 AWS Lambda Environment may or may not have the `getXrayTraceId` method in Lambda Context (from Lambda Core dependency). This will cause OTel's Muzzle Check to disable the AWS Lambda Instrumentation in the event that it isn't present, causing no Lambda Function Handler Span to appear Fix of previous PR: https://github.com/aws-observability/aws-otel-java-instrumentation/pull/1191 *Description of changes:* - Use `@NoMuzzle` annotation when accessing `getXrayTraceId` in Lambda Context Object, which avoids OTel's muzzle check. If `NoSuchMethodError` is caught, we do not try this logic again. - Add unit test for when `getXrayTraceId` throws `NoSuchMethodError`. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --- CHANGELOG.md | 2 +- .../opentelemetry-java-instrumentation.patch | 78 ++++++++++++++++--- 2 files changed, 70 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a7495ab06c..95b00f9d78 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,4 +16,4 @@ If your change does not need a CHANGELOG entry, add the "skip changelog" label t ### Enhancements - Support X-Ray Trace Id extraction from Lambda Context object, and respect user-configured OTEL_PROPAGATORS in AWS Lamdba instrumentation - ([#1191](https://github.com/aws-observability/aws-otel-java-instrumentation/pull/1191)) + ([#1191](https://github.com/aws-observability/aws-otel-java-instrumentation/pull/1191)) ([#1218](https://github.com/aws-observability/aws-otel-java-instrumentation/pull/1218)) diff --git a/lambda-layer/patches/opentelemetry-java-instrumentation.patch b/lambda-layer/patches/opentelemetry-java-instrumentation.patch index 56b8824689..288b3e5dba 100644 --- a/lambda-layer/patches/opentelemetry-java-instrumentation.patch +++ b/lambda-layer/patches/opentelemetry-java-instrumentation.patch @@ -25,10 +25,15 @@ index a6b89d253d..e62d30eddb 100644 if (!functionInstrumenter().shouldStart(parentContext, otelInput)) { return; diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts -index df605add2f..b2f01d9d4d 100644 +index df605add2f..e16c736990 100644 --- a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts +++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts -@@ -9,7 +9,7 @@ dependencies { +@@ -5,11 +5,12 @@ plugins { + dependencies { + compileOnly("io.opentelemetry:opentelemetry-sdk") + compileOnly("io.opentelemetry:opentelemetry-sdk-extension-autoconfigure") ++ compileOnly(project(":muzzle")) + compileOnly("com.google.auto.value:auto-value-annotations") annotationProcessor("com.google.auto.value:auto-value") @@ -37,7 +42,7 @@ index df605add2f..b2f01d9d4d 100644 // We do lightweight parsing of JSON to extract HTTP headers from requests for propagation. // This will be commonly needed even for users that don't use events, but luckily it's not too big. -@@ -26,6 +26,7 @@ dependencies { +@@ -26,6 +27,7 @@ dependencies { testImplementation(project(":instrumentation:aws-lambda:aws-lambda-core-1.0:testing")) testImplementation("uk.org.webcompere:system-stubs-jupiter") @@ -147,10 +152,10 @@ index 9341bf6f79..f719c1ea93 100644 } diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractor.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractor.java new file mode 100644 -index 0000000000..e711558e05 +index 0000000000..6349d1bb29 --- /dev/null +++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractor.java -@@ -0,0 +1,68 @@ +@@ -0,0 +1,85 @@ +/* + * Copyright The OpenTelemetry Authors + * SPDX-License-Identifier: Apache-2.0 @@ -162,8 +167,10 @@ index 0000000000..e711558e05 + +import io.opentelemetry.context.Context; +import io.opentelemetry.context.propagation.TextMapGetter; ++import io.opentelemetry.javaagent.tooling.muzzle.NoMuzzle; +import java.util.Locale; +import java.util.Map; ++import java.util.logging.Logger; + +/** + * This class is internal and is hence not for public use. Its APIs are unstable and can change at @@ -171,10 +178,12 @@ index 0000000000..e711558e05 + */ +public final class ParentContextExtractor { + ++ private static final Logger logger = Logger.getLogger(ParentContextExtractor.class.getName()); + private static final String AWS_TRACE_HEADER_ENV_KEY = "_X_AMZN_TRACE_ID"; + private static final String AWS_TRACE_HEADER_PROP = "com.amazonaws.xray.traceHeader"; + // lower-case map getter used for extraction + static final String AWS_TRACE_HEADER_PROPAGATOR_KEY = "x-amzn-trace-id"; ++ static boolean getXrayTraceIdMethodExists = true; + + static Context extract( + Map headers, @@ -188,9 +197,22 @@ index 0000000000..e711558e05 + return instrumenter.extract(mergedHeaders, MapGetter.INSTANCE); + } + ++ @NoMuzzle + private static String getTraceHeader( + com.amazonaws.services.lambda.runtime.Context lambdaContext) { -+ String traceHeader = lambdaContext.getXrayTraceId(); ++ String traceHeader = null; ++ ++ // Lambda Core dependency that is actually used by Lambda Runtime may be on an older version ++ // that does not have the `getXrayTraceId` method. If `NoSuchMethodError` occurs, we do not ++ // attempt invoking `getXrayTraceId` again. ++ if (getXrayTraceIdMethodExists) { ++ try { ++ traceHeader = lambdaContext.getXrayTraceId(); ++ } catch (NoSuchMethodError e) { ++ logger.fine("Failed to get X-Ray trace ID from lambdaContext: " + e); ++ getXrayTraceIdMethodExists = false; ++ } ++ } + if (traceHeader != null && !traceHeader.isEmpty()) { + return traceHeader; + } @@ -234,10 +256,10 @@ index cb19d1e568..12ed174bb2 100644 assertThat(spanContext.getSpanId()).isEqualTo("00f067aa0ba902b7"); diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractorTest.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractorTest.java new file mode 100644 -index 0000000000..76fc823a65 +index 0000000000..4b0f354769 --- /dev/null +++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/test/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/internal/ParentContextExtractorTest.java -@@ -0,0 +1,337 @@ +@@ -0,0 +1,375 @@ +/* + * Copyright The OpenTelemetry Authors + * SPDX-License-Identifier: Apache-2.0 @@ -247,6 +269,8 @@ index 0000000000..76fc823a65 + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; ++import static org.mockito.Mockito.times; ++import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import com.amazonaws.services.lambda.runtime.Context; @@ -574,6 +598,42 @@ index 0000000000..76fc823a65 + assertThat(spanContext.getSpanId()).isEqualTo("0000000000000789"); + assertThat(spanContext.getTraceId()).isEqualTo("8a3c60f7d188f8fa79d48a391a778fa7"); + } ++ ++ @Test ++ void shouldFallbackToSystemPropertyWhenNoSuchMethodErrorThrown() { ++ // given ++ Map headers = ImmutableMap.of(); ++ Context mockLambdaContextWithNoSuchMethodError = mock(Context.class); ++ when(mockLambdaContextWithNoSuchMethodError.getXrayTraceId()) ++ .thenThrow(new NoSuchMethodError("getXrayTraceId method not found")); ++ systemProperties.set( ++ "com.amazonaws.xray.traceHeader", ++ "Root=1-8a3c60f7-d188f8fa79d48a391a778fa7;Parent=0000000000000789;Sampled=1"); ++ ++ // Reset the static flag to ensure the method is attempted ++ ParentContextExtractor.getXrayTraceIdMethodExists = true; ++ ++ // when - call extract ++ io.opentelemetry.context.Context context = ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContextWithNoSuchMethodError); ++ ++ // then ++ Span span = Span.fromContext(context); ++ SpanContext spanContext = span.getSpanContext(); ++ assertThat(spanContext.isValid()).isTrue(); ++ assertThat(spanContext.getSpanId()).isEqualTo("0000000000000789"); ++ assertThat(spanContext.getTraceId()).isEqualTo("8a3c60f7d188f8fa79d48a391a778fa7"); ++ // Verify getXrayTraceId was called only once ++ assertThat(ParentContextExtractor.getXrayTraceIdMethodExists).isFalse(); ++ verify(mockLambdaContextWithNoSuchMethodError, times(1)).getXrayTraceId(); ++ ++ // when - call extract again ++ ParentContextExtractor.extract( ++ headers, INSTRUMENTER_WITH_B3_XRAY_PROPAGATORS, mockLambdaContextWithNoSuchMethodError); ++ // Verify the call count of getXrayTraceId is still 1 ++ verify(mockLambdaContextWithNoSuchMethodError, times(1)).getXrayTraceId(); ++ } +} diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java index e059250807..1fa80c3735 100644 @@ -614,7 +674,7 @@ index 4cd11fc0c4..7b7d62755c 100644 } diff --git a/version.gradle.kts b/version.gradle.kts -index 7900c9a4d9..80383d7c22 100644 +index ec9690086c..b267166804 100644 --- a/version.gradle.kts +++ b/version.gradle.kts @@ -1,5 +1,5 @@ From aaec1ded77639ecfdfd1729e8a30fc40dbfaba8a Mon Sep 17 00:00:00 2001 From: Jonathan Lee Date: Mon, 27 Oct 2025 01:10:53 -0700 Subject: [PATCH 25/25] adapt patches (#1191) (#1218) into release/v2.11.x branch --- .../StreamHandlerInstrumentation.patch | 50 ++++++++++---- .../opentelemetry-java-instrumentation.patch | 66 +------------------ 2 files changed, 41 insertions(+), 75 deletions(-) diff --git a/lambda-layer/patches/StreamHandlerInstrumentation.patch b/lambda-layer/patches/StreamHandlerInstrumentation.patch index c4d4751c89..58acda91cd 100644 --- a/lambda-layer/patches/StreamHandlerInstrumentation.patch +++ b/lambda-layer/patches/StreamHandlerInstrumentation.patch @@ -4,18 +4,18 @@ index 35d6b70ed6..b6a305178e 100644 +++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaInstrumentationModule.java @@ -6,17 +6,18 @@ package io.opentelemetry.javaagent.instrumentation.awslambdacore.v1_0; - + import static io.opentelemetry.javaagent.extension.matcher.AgentElementMatchers.hasClassesNamed; -import static java.util.Collections.singletonList; import static net.bytebuddy.matcher.ElementMatchers.not; - + import com.google.auto.service.AutoService; import io.opentelemetry.javaagent.extension.instrumentation.InstrumentationModule; import io.opentelemetry.javaagent.extension.instrumentation.TypeInstrumentation; +import java.util.Arrays; import java.util.List; import net.bytebuddy.matcher.ElementMatcher; - + @AutoService(InstrumentationModule.class) public class AwsLambdaInstrumentationModule extends InstrumentationModule { + @@ -23,7 +23,7 @@ index 35d6b70ed6..b6a305178e 100644 super("aws-lambda-core", "aws-lambda-core-1.0", "aws-lambda"); } @@ -34,6 +35,8 @@ public class AwsLambdaInstrumentationModule extends InstrumentationModule { - + @Override public List typeInstrumentations() { - return singletonList(new AwsLambdaRequestHandlerInstrumentation()); @@ -32,9 +32,22 @@ index 35d6b70ed6..b6a305178e 100644 + new AwsLambdaRequestStreamHandlerInstrumentation()); } } +diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java +index 93071e04d2..add9f64276 100644 +--- a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java ++++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java +@@ -68,7 +68,7 @@ public class AwsLambdaRequestHandlerInstrumentation implements TypeInstrumentati + @Advice.Local("otelContext") io.opentelemetry.context.Context otelContext, + @Advice.Local("otelScope") Scope otelScope) { + input = AwsLambdaRequest.create(context, arg, Collections.emptyMap()); +- io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(input); ++ io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(input, context); + + if (!functionInstrumenter().shouldStart(parentContext, input)) { + return; diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java new file mode 100644 -index 0000000000..1c4ef1ac07 +index 0000000000..1a8fd8f986 --- /dev/null +++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java @@ -0,0 +1,98 @@ @@ -109,7 +122,7 @@ index 0000000000..1c4ef1ac07 + @Advice.Local("otelScope") Scope otelScope) { + + otelInput = AwsLambdaRequest.create(context, input, Collections.emptyMap()); -+ io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(otelInput); ++ io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(otelInput, context); + + if (!functionInstrumenter().shouldStart(parentContext, otelInput)) { + return; @@ -261,19 +274,19 @@ index 9e0e372241..2dd6051c23 100644 +++ b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaInstrumentationModule.java @@ -6,11 +6,11 @@ package io.opentelemetry.javaagent.instrumentation.awslambdaevents.v2_2; - + import static io.opentelemetry.javaagent.extension.matcher.AgentElementMatchers.hasClassesNamed; -import static java.util.Collections.singletonList; - + import com.google.auto.service.AutoService; import io.opentelemetry.javaagent.extension.instrumentation.InstrumentationModule; import io.opentelemetry.javaagent.extension.instrumentation.TypeInstrumentation; +import java.util.Arrays; import java.util.List; import net.bytebuddy.matcher.ElementMatcher; - + @@ -32,6 +32,8 @@ public class AwsLambdaInstrumentationModule extends InstrumentationModule { - + @Override public List typeInstrumentations() { - return singletonList(new AwsLambdaRequestHandlerInstrumentation()); @@ -282,9 +295,22 @@ index 9e0e372241..2dd6051c23 100644 + new AwsLambdaRequestStreamHandlerInstrumentation()); } } +diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java +index e059250807..1fa80c3735 100644 +--- a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java ++++ b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java +@@ -70,7 +70,7 @@ public class AwsLambdaRequestHandlerInstrumentation implements TypeInstrumentati + } + input = AwsLambdaRequest.create(context, arg, headers); + io.opentelemetry.context.Context parentContext = +- AwsLambdaInstrumentationHelper.functionInstrumenter().extract(input); ++ AwsLambdaInstrumentationHelper.functionInstrumenter().extract(input, context); + + if (!AwsLambdaInstrumentationHelper.functionInstrumenter() + .shouldStart(parentContext, input)) { diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java new file mode 100644 -index 0000000000..f21a4a5526 +index 0000000000..ab6d9aa5ba --- /dev/null +++ b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java @@ -0,0 +1,104 @@ @@ -353,7 +379,7 @@ index 0000000000..f21a4a5526 + @Advice.Local("otelMessageScope") Scope messageScope) { + otelInput = AwsLambdaRequest.create(context, input, Collections.emptyMap()); + io.opentelemetry.context.Context parentContext = -+ AwsLambdaInstrumentationHelper.functionInstrumenter().extract(otelInput); ++ AwsLambdaInstrumentationHelper.functionInstrumenter().extract(otelInput, context); + + if (!AwsLambdaInstrumentationHelper.functionInstrumenter() + .shouldStart(parentContext, otelInput)) { diff --git a/lambda-layer/patches/opentelemetry-java-instrumentation.patch b/lambda-layer/patches/opentelemetry-java-instrumentation.patch index 288b3e5dba..f0f7e0afe6 100644 --- a/lambda-layer/patches/opentelemetry-java-instrumentation.patch +++ b/lambda-layer/patches/opentelemetry-java-instrumentation.patch @@ -1,31 +1,5 @@ -diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java -index 93071e04d2..add9f64276 100644 ---- a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java -+++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestHandlerInstrumentation.java -@@ -68,7 +68,7 @@ public class AwsLambdaRequestHandlerInstrumentation implements TypeInstrumentati - @Advice.Local("otelContext") io.opentelemetry.context.Context otelContext, - @Advice.Local("otelScope") Scope otelScope) { - input = AwsLambdaRequest.create(context, arg, Collections.emptyMap()); -- io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(input); -+ io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(input, context); - - if (!functionInstrumenter().shouldStart(parentContext, input)) { - return; -diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java -index a6b89d253d..e62d30eddb 100644 ---- a/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java -+++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdacore/v1_0/AwsLambdaRequestStreamHandlerInstrumentation.java -@@ -69,7 +69,7 @@ public class AwsLambdaRequestStreamHandlerInstrumentation implements TypeInstrum - @Advice.Local("otelScope") Scope otelScope) { - - otelInput = AwsLambdaRequest.create(context, input, Collections.emptyMap()); -- io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(otelInput); -+ io.opentelemetry.context.Context parentContext = functionInstrumenter().extract(otelInput, context); - - if (!functionInstrumenter().shouldStart(parentContext, otelInput)) { - return; diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts -index df605add2f..e16c736990 100644 +index 4fcb6700fd..e1a12093df 100644 --- a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts +++ b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/build.gradle.kts @@ -5,11 +5,12 @@ plugins { @@ -42,14 +16,6 @@ index df605add2f..e16c736990 100644 // We do lightweight parsing of JSON to extract HTTP headers from requests for propagation. // This will be commonly needed even for users that don't use events, but luckily it's not too big. -@@ -26,6 +27,7 @@ dependencies { - - testImplementation(project(":instrumentation:aws-lambda:aws-lambda-core-1.0:testing")) - testImplementation("uk.org.webcompere:system-stubs-jupiter") -+ testImplementation("com.google.guava:guava") - } - - tasks.withType().configureEach { diff --git a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/TracingRequestHandler.java b/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/TracingRequestHandler.java index 873040f66e..b38648e8cf 100644 --- a/instrumentation/aws-lambda/aws-lambda-core-1.0/library/src/main/java/io/opentelemetry/instrumentation/awslambdacore/v1_0/TracingRequestHandler.java @@ -635,32 +601,6 @@ index 0000000000..4b0f354769 + verify(mockLambdaContextWithNoSuchMethodError, times(1)).getXrayTraceId(); + } +} -diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java -index e059250807..1fa80c3735 100644 ---- a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java -+++ b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestHandlerInstrumentation.java -@@ -70,7 +70,7 @@ public class AwsLambdaRequestHandlerInstrumentation implements TypeInstrumentati - } - input = AwsLambdaRequest.create(context, arg, headers); - io.opentelemetry.context.Context parentContext = -- AwsLambdaInstrumentationHelper.functionInstrumenter().extract(input); -+ AwsLambdaInstrumentationHelper.functionInstrumenter().extract(input, context); - - if (!AwsLambdaInstrumentationHelper.functionInstrumenter() - .shouldStart(parentContext, input)) { -diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java -index fb5971016a..d31389e1c4 100644 ---- a/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java -+++ b/instrumentation/aws-lambda/aws-lambda-events-2.2/javaagent/src/main/java/io/opentelemetry/javaagent/instrumentation/awslambdaevents/v2_2/AwsLambdaRequestStreamHandlerInstrumentation.java -@@ -62,7 +62,7 @@ public class AwsLambdaRequestStreamHandlerInstrumentation implements TypeInstrum - Map headers = Collections.emptyMap(); - otelInput = AwsLambdaRequest.create(context, input, headers); - io.opentelemetry.context.Context parentContext = -- AwsLambdaInstrumentationHelper.functionInstrumenter().extract(otelInput); -+ AwsLambdaInstrumentationHelper.functionInstrumenter().extract(otelInput, context); - - if (!AwsLambdaInstrumentationHelper.functionInstrumenter() - .shouldStart(parentContext, otelInput)) { diff --git a/instrumentation/aws-lambda/aws-lambda-events-2.2/library/src/main/java/io/opentelemetry/instrumentation/awslambdaevents/v2_2/internal/AwsLambdaSqsInstrumenterFactory.java b/instrumentation/aws-lambda/aws-lambda-events-2.2/library/src/main/java/io/opentelemetry/instrumentation/awslambdaevents/v2_2/internal/AwsLambdaSqsInstrumenterFactory.java index 4cd11fc0c4..7b7d62755c 100644 --- a/instrumentation/aws-lambda/aws-lambda-events-2.2/library/src/main/java/io/opentelemetry/instrumentation/awslambdaevents/v2_2/internal/AwsLambdaSqsInstrumenterFactory.java @@ -672,9 +612,9 @@ index 4cd11fc0c4..7b7d62755c 100644 - .addSpanLinksExtractor(new SqsMessageSpanLinksExtractor()) .buildInstrumenter(SpanKindExtractor.alwaysConsumer()); } - + diff --git a/version.gradle.kts b/version.gradle.kts -index ec9690086c..b267166804 100644 +index 7900c9a4d9..80383d7c22 100644 --- a/version.gradle.kts +++ b/version.gradle.kts @@ -1,5 +1,5 @@