Merge remote-tracking branch 'origin/master' into bdu/from-extra-props-to-extensions

# Conflicts:
#	dd-java-agent/instrumentation/jakarta-jms/build.gradle
#	dd-java-agent/instrumentation/karate/build.gradle
#	dd-java-agent/instrumentation/selenium/build.gradle
#	dd-java-agent/instrumentation/testng/testng-7/build.gradle

Author: bric3

.github/workflows/analyze-changes.yaml

@@ -30,7 +30,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -49,7 +49,7 @@ jobs:
             --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
 
   trivy:
     name: Analyze changes with Trivy
@@ -114,7 +114,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
+        uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'

.github/workflows/run-system-tests.yaml

@@ -52,7 +52,7 @@ jobs:
             --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Upload artifact
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
         with:
           name: binaries
           path: workspace/dd-java-agent/build/libs/

.gitlab-ci.yml

@@ -3,7 +3,7 @@ include:
   - local: ".gitlab/benchmarks.yml"
   - local: ".gitlab/macrobenchmarks.yml"
   - local: ".gitlab/exploration-tests.yml"
-  #  - local: ".gitlab/ci-visibility-tests.yml"
+  - local: ".gitlab/ci-visibility-tests.yml"
 
 stages:
   - build
@@ -289,7 +289,7 @@ build_tests:
         CACHE_TYPE: "latestdep"
       - GRADLE_TARGET: ":smokeTest"
         CACHE_TYPE: "smoke"
-        MAVEN_OPTS: "-Xms64M -Xmx512M -Dorg.slf4j.simpleLogger.defaultLogLevel=debug" # FIXME: Build :smokeTest build fails unless mvn debug logging is on
+        MAVEN_OPTS: "-Xms64M -Xmx512M"
 
   script:
     - *gitlab_base_ref_params
@@ -438,6 +438,7 @@ check_smoke:
   parallel: 4
   variables:
     GRADLE_TARGET: ":smokeCheck"
+    CACHE_TYPE: "smoke"
 
 check_profiling:
   extends: .check_job
@@ -647,7 +648,7 @@ test_flaky:
   extends: .test_job_with_test_agent
   variables:
     GRADLE_PARAMS: "-PrunFlakyTests"
-    CACHE_TYPE: "base"
+    CACHE_TYPE: "smoke"
     testJvm: "8"
     CONTINUE_ON_FAILURE: "true"
   rules:

.gitlab/ci-visibility-tests.yml

@@ -1,77 +1,44 @@
-#check-ci-visibility-label:
-#  stage: publish
-#  image: registry.ddbuild.io/images/dd-octo-sts-ci-base:2025.06-1
-#  tags: [ "arch:amd64" ]
-#  needs: [ publish-artifacts-to-s3 ]
-#  id_tokens:
-#    DDOCTOSTS_ID_TOKEN:
-#      aud: dd-octo-sts
-#  rules:
-#    # - if: '$POPULATE_CACHE'
-#    #   when: never
-#    # - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH !~ /^(master|release\/)/'
-#    #   when: on_success
-#    - when: never
-#  before_script:
-#    - dd-octo-sts version
-#    - dd-octo-sts debug --scope DataDog/dd-trace-java --policy self.gitlab.github-access.read
-#    - dd-octo-sts token --scope DataDog/dd-trace-java --policy self.gitlab.github-access.read > github-token.txt
-#    - gh auth login --with-token < github-token.txt
-#  script:
-#    - |
-#      # Source utility functions
-#      source .gitlab/ci_visibility_utils.sh
-#      
-#      # Get PR number
-#      if ! PR_NUMBER=$(get_pr_number "${CI_COMMIT_BRANCH}"); then
-#        echo "No open PR found for branch ${CI_COMMIT_BRANCH}"
-#        exit 1
-#      fi
-#      
-#      echo "Found PR #${PR_NUMBER}"
-#      
-#      # Check if PR has the CI visibility label
-#      if pr_has_label "$PR_NUMBER" "comp: ci visibility"; then
-#        echo "PR_NUMBER=${PR_NUMBER}" > pr.env
-#        echo "PR #${PR_NUMBER} detected as CI Visibility PR"
-#        exit 0
-#      else
-#        echo "PR #${PR_NUMBER} not a CI Visibility PR, ignoring trigger"
-#        exit 1
-#      fi
-#  after_script:
-#    - dd-octo-sts revoke -t $(cat github-token.txt) || true
-#  artifacts:
-#    reports:
-#      dotenv: pr.env
-#  allow_failure: true
-#  retry:
-#    max: 2
-#    when: always
-#
-#run-ci-visibility-test-environment:
-#  stage: ci-visibility-tests
-#  needs:
-#    - job: check-ci-visibility-label
-#      artifacts: true
-#  rules:
-#    - if: '$POPULATE_CACHE'
-#      when: never
-#    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH !~ /^(master|release\/)/'
-#      when: on_success
-#  trigger:
-#    project: DataDog/apm-reliability/test-environment
-#    branch: main
-#    strategy: depend
-#  variables:
-#    UPSTREAM_PACKAGE_JOB: build
-#    UPSTREAM_PROJECT_ID: $CI_PROJECT_ID
-#    UPSTREAM_PROJECT_NAME: $CI_PROJECT_NAME
-#    UPSTREAM_PIPELINE_ID: $CI_PIPELINE_ID
-#    UPSTREAM_BRANCH: $CI_COMMIT_BRANCH
-#    UPSTREAM_TAG: $CI_COMMIT_TAG
-#    UPSTREAM_COMMIT_AUTHOR: $CI_COMMIT_AUTHOR
-#    UPSTREAM_COMMIT_SHORT_SHA: $CI_COMMIT_SHORT_SHA
-#    TRACER_LANG: java
-#    JAVA_TRACER_REF_TO_TEST: $CI_COMMIT_BRANCH
-#    JAVA_TRACER_PR_TO_TEST: $PR_NUMBER
+ci-visibility-tests-check:
+  stage: ci-visibility-tests
+  image: registry.ddbuild.io/images/dd-octo-sts-ci-base:2025.06-1
+  tags: [ "arch:amd64" ]
+  needs: [ publish-artifacts-to-s3 ]
+  id_tokens:
+    DDOCTOSTS_ID_TOKEN:
+      aud: dd-octo-sts
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH !~ /^(master|release\/)/'
+      when: on_success
+    - when: never
+  before_script:
+    - dd-octo-sts version
+    - dd-octo-sts debug --scope DataDog/dd-trace-java --policy self.gitlab.github-access.read
+    - dd-octo-sts token --scope DataDog/dd-trace-java --policy self.gitlab.github-access.read > github-token.txt
+    - gh auth login --with-token < github-token.txt
+  script:
+    - .gitlab/ci_visibility_generate_job.sh
+  after_script:
+    - dd-octo-sts revoke -t $(cat github-token.txt) || true
+  artifacts:
+    paths:
+    - ci-visibility-test-environment.yml
+  retry:
+    max: 2
+    when: always
+
+ci-visibility-tests-trigger:
+  stage: ci-visibility-tests
+  needs: [ci-visibility-tests-check]
+  rules:
+    - if: '$POPULATE_CACHE'
+      when: never
+    - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH !~ /^(master|release\/)/'
+      when: on_success
+    - when: never
+  trigger:
+    include:
+      - artifact: ci-visibility-test-environment.yml
+        job: ci-visibility-tests-check
+    strategy: depend

.gitlab/ci_visibility_generate_job.sh

@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+
+set -e
+
+add_dummy_job() {
+  cat <<EOF >>ci-visibility-test-environment.yml
+skip-ci-visibility-tests:
+  stage: ci-visibility-tests
+  tags: [ "arch:amd64" ]
+  script:
+    - echo "PR does not have required label - CI Visibility test environment not triggered"
+EOF
+}
+
+# Generate yml
+cat <<EOF >ci-visibility-test-environment.yml
+stages:
+  - ci-visibility-tests
+
+EOF
+
+if [ -z "$CI_COMMIT_BRANCH" ]; then
+  echo "No branch detected - skipping trigger"
+  add_dummy_job
+  exit 0
+fi
+
+echo "Performing trigger checks for ci-visibility test-environment..."
+set +e
+pr_number=$(gh pr list --repo DataDog/dd-trace-java --head "$CI_COMMIT_BRANCH" --state open --json number --jq '.[0].number' 2>&1)
+pr_number_status=$?
+set -e
+
+if [ $pr_number_status -ne 0 ]; then
+  echo "Failed to query PR (gh command failed with status $pr_number_status ) - skipping trigger"
+  add_dummy_job
+  exit 0
+fi
+if [ -z "$pr_number" ]; then
+  echo "No open PR found for branch $CI_COMMIT_BRANCH - skipping trigger"
+  add_dummy_job
+  exit 0
+fi
+
+echo "PR #${pr_number} found, checking labels..."
+set +e
+labels=$(gh pr view "$pr_number" --repo DataDog/dd-trace-java --json labels --jq '.labels[].name' 2>&1)
+labels_status=$?
+set -e
+
+if [ $labels_status -ne 0 ]; then
+  echo "Failed to query PR labels (gh command failed with status $labels_status) - skipping trigger"
+  add_dummy_job
+  exit 0
+fi
+if [ -z "$labels" ] || ! echo "$labels" | grep -q "comp: ci visibility"; then
+  echo "PR #$pr_number is not a CI Visibility PR - skipping trigger"
+  add_dummy_job
+  exit 0
+fi
+
+echo "PR #$pr_number is a CI Visibility PR - triggering test environment"
+
+cat <<EOF >>ci-visibility-test-environment.yml
+ci-visibility-test-environment:
+  stage: ci-visibility-tests
+  trigger:
+    project: DataDog/apm-reliability/test-environment
+    branch: main
+    strategy: depend
+  variables:
+    UPSTREAM_PACKAGE_JOB: build
+    UPSTREAM_PROJECT_ID: "$CI_PROJECT_ID"
+    UPSTREAM_PROJECT_NAME: "$CI_PROJECT_NAME"
+    UPSTREAM_PIPELINE_ID: "$CI_PIPELINE_ID"
+    UPSTREAM_BRANCH: "$CI_COMMIT_BRANCH"
+    UPSTREAM_TAG: "$CI_COMMIT_TAG"
+    UPSTREAM_COMMIT_AUTHOR: "$CI_COMMIT_AUTHOR"
+    UPSTREAM_COMMIT_SHORT_SHA: "$CI_COMMIT_SHORT_SHA"
+    TRACER_LANG: java
+    JAVA_TRACER_REF_TO_TEST: "$CI_COMMIT_BRANCH"
+    JAVA_TRACER_PR_TO_TEST: "$pr_number"
+EOF

.gitlab/ci_visibility_utils.sh

@@ -28,7 +28,7 @@ export const options = function (variants) {
     scenarios[`load--insecure-bank--${variant}--warmup`] = {
       executor: 'constant-vus',  // https://grafana.com/docs/k6/latest/using-k6/scenarios/executors/#all-executors
       vus: 5,
-      duration: '20s',
+      duration: '165s',
       gracefulStop: '2s',
       env: {
         "APP_URL": variants[variant]["APP_URL"]
@@ -38,7 +38,7 @@ export const options = function (variants) {
     scenarios[`load--insecure-bank--${variant}--high_load`] = {
       executor: 'constant-vus',
       vus: 5,
-      startTime: '22s',
+      startTime: '167s',
       duration: '15s',
       gracefulStop: '2s',
       env: {

benchmark/load/insecure-bank/k6.js

@@ -28,7 +28,7 @@ export const options = function (variants) {
     scenarios[`load--petclinic--${variant}--warmup`] = {
       executor: 'constant-vus',  // https://grafana.com/docs/k6/latest/using-k6/scenarios/executors/#all-executors
       vus: 5,
-      duration: '20s',
+      duration: '165s',
       gracefulStop: '2s',
       env: {
         "APP_URL": variants[variant]["APP_URL"]
@@ -38,7 +38,7 @@ export const options = function (variants) {
     scenarios[`load--petclinic--${variant}--high_load`] = {
       executor: 'constant-vus',
       vus: 5,
-      startTime: '22s',
+      startTime: '167s',
       duration: '15s',
       gracefulStop: '2s',
       env: {

benchmark/load/petclinic/k6.js

@@ -43,7 +43,7 @@ for app in *; do
   # Using profiler variants for healthcheck as they are the slowest
   if [ "${app}" == "petclinic" ]; then
     HEALTHCHECK_URL=http://localhost:8082
-    REPETITIONS_COUNT=5
+    REPETITIONS_COUNT=2
   elif [ "${app}" == "insecure-bank" ]; then
     HEALTHCHECK_URL=http://localhost:8082/login
     REPETITIONS_COUNT=2