Merge branch 'main' into dropwizard-apply-label-mapper-to-snapshot-metrics

Author: zeitlinger

.editorconfig

@@ -4,5 +4,15 @@ root = true
 max_line_length = 100
 indent_size = 2
 
+[{version-rules.xml,maven-wrapper.properties,checkstyle.xml,docker-compose.yaml,docker-compose.yml,Dockerfile,example_target_info.json,mise.toml,mise.lock,mvnm,mvnw.cmd,generate-protobuf.sh,super-linter.env,.gitleaksignore}]
+max_line_length = 200
+
+[{grafana-dashboard-*.json,.editorconfig}]
+max_line_length = 300
+
 [pom.xml]
+max_line_length = 110
+
+[*.py]
+# checked by black
 indent_size = 4

.github/dependabot.yml

@@ -1,12 +1,15 @@
+---
 version: 2
 updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: weekly
   - package-ecosystem: maven
-    # excluding simpleclient_archive from the update is not possible, only includes are supported
-    # when we use includes, we run into https://github.com/dependabot/dependabot-core/issues/10415 -
+    # excluding simpleclient_archive from the update is not possible,
+    # only includes are supported
+    # when we use includes,
+    # we run into https://github.com/dependabot/dependabot-core/issues/10415
     # even if we limit to 1 PR at a time
     # therefore we just rename pom.xml in simpleclient_archive for now
     # if this becomes a problem, we can move to renovate

.github/release.yml

@@ -0,0 +1,17 @@
+# .github/release.yml
+
+changelog:
+  categories:
+    - title: 🏕 Features
+      labels:
+        - "*"
+      exclude:
+        labels:
+          - chore
+          - dependencies
+    - title: 🧹 Chore
+      labels:
+        - chore
+    - title: 👒 Dependencies
+      labels:
+        - dependencies

.github/super-linter.env

@@ -0,0 +1,34 @@
+FILTER_REGEX_EXCLUDE=mvnw|src/main/generated/.*|docs/themes/.*|keystore.pkcs12|.*.java|prometheus-metrics-exporter-opentelemetry-shaded/pom.xml|CODE_OF_CONDUCT.md
+IGNORE_GITIGNORED_FILES=true
+JAVA_FILE_NAME=google_checks.xml
+# disable kubernetes linter - complains about resource limits, etc
+VALIDATE_CHECKOV=false
+VALIDATE_CSS=false
+VALIDATE_CSS_PRETTIER=false
+VALIDATE_DOCKERFILE_HADOLINT=false
+VALIDATE_GIT_COMMITLINT=false
+# done by maven
+VALIDATE_GOOGLE_JAVA_FORMAT=false
+# times out
+VALIDATE_GO_MODULES=false
+VALIDATE_HTML=false
+# done by checkstyle
+VALIDATE_JAVA=false
+# contradicting with prettier
+VALIDATE_JAVASCRIPT_STANDARD=false
+# we have many duplicate code in our codebase for demo purposes
+VALIDATE_JSCPD=false
+VALIDATE_PYTHON_PYLINT=false
+
+FIX_ENV=true
+FIX_GO=true
+FIX_JAVASCRIPT_PRETTIER=true
+FIX_JSON=true
+FIX_JSONC=true
+FIX_JSONC_PRETTIER=true
+FIX_JSON_PRETTIER=true
+FIX_MARKDOWN=true
+FIX_MARKDOWN_PRETTIER=true
+FIX_PYTHON_BLACK=true
+FIX_SHELL_SHFMT=true
+FIX_YAML_PRETTIER=true

.github/workflows/acceptance-tests.yml

@@ -1,41 +1,18 @@
+---
 name: OpenTelemetry Acceptance Tests
 
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
+on: [pull_request]
+
+permissions: {}
 
 jobs:
   acceptance-tests:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
-      - name: Check out oats
-        uses: actions/checkout@v4
-        with:
-          repository: grafana/oats
-          ref: v0.1.0
-          path: oats
-      - name: Set up JDK
-        uses: actions/setup-java@v4
+      - name: Check out
         with:
-          java-version: 17
-          distribution: temurin
-          cache: 'maven'
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.23'
-          cache-dependency-path: oats/go.sum
-      - name: Run the Maven verify phase
-        run: |
-          ./mvnw clean install -DskipTests
+          persist-credentials: false
+        uses: actions/checkout@v4
+      - uses: jdx/mise-action@c94f0bf9e520b150e34c017db785461f7e71c5fb # v2.1.1
       - name: Run acceptance tests
-        run: ./scripts/run-acceptance-tests.sh
-      - name: upload log file
-        uses: actions/upload-artifact@v4
-        if: failure()
-        with:
-          name: OATS logs
-          path: oats/yaml/build/**/*.log
+        run: mise run acceptance-test

.github/workflows/build.yml

@@ -1,18 +1,18 @@
+---
 name: Build
 
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
+on: [pull_request]
+
+permissions: {}
 
 jobs:
   build:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
-      - name: Setup ASDF
-        uses: equisoft-actions/with-asdf-vm@v2
+        with:
+          persist-credentials: false
+      - uses: jdx/mise-action@c94f0bf9e520b150e34c017db785461f7e71c5fb # v2.1.1
       - name: Cache local Maven repository
         uses: actions/cache@v4
         with:
@@ -21,10 +21,4 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Run the Maven verify phase
-        env:
-          PROTO_GENERATION: true
-          REQUIRE_PROTO_UP_TO_DATE: true
-        run: |
-          mvn -v
-          ./mvnw clean install
-          ./mvnw javadoc:javadoc -P javadoc # just to check if javadoc is generated
+        run: mise run ci

.github/workflows/github-pages.yaml

@@ -11,14 +11,12 @@ on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  contents: read
-  pages: write
-  id-token: write
+permissions: {}
 
-# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
-# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+# Allow only one concurrent deployment, skipping runs queued between
+# the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow
+# these production deployments to complete.
 concurrency:
   group: "pages"
   cancel-in-progress: false
@@ -32,55 +30,34 @@ jobs:
   # Build job
   build:
     runs-on: ubuntu-24.04
-    env:
-      HUGO_VERSION: 0.115.4
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-tags: 'true'
+          persist-credentials: false
+          fetch-tags: "true"
           fetch-depth: 0
-      - name: Set up JDK
-        uses: actions/setup-java@v4
+      - uses: jdx/mise-action@c94f0bf9e520b150e34c017db785461f7e71c5fb # v2.1.1
         with:
-          java-version: 17
-          distribution: temurin
-          cache: 'maven'
-      - name: Set release version
-        run: ./scripts/set-release-version-github-pages.sh
-      - name: Install Hugo CLI
-        run: |
-          wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb \
-          && sudo dpkg -i ${{ runner.temp }}/hugo.deb
-      - name: Make Javadoc
-        run: ./mvnw -B clean compile javadoc:javadoc javadoc:aggregate -P javadoc
-      - name: Move the Javadoc to docs/static/api/
-        run: mv ./target/reports/apidocs ./docs/static/api && echo && echo 'ls ./docs/static/api' && ls ./docs/static/api
+          cache: "false"
       - name: Setup Pages
         id: pages
         uses: actions/configure-pages@v5
-      - name: Install Node.js dependencies
-        run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true"
-        working-directory: ./docs
-      - name: Build with Hugo
+      - name: Build GitHub Pages
+        run: mise run build-gh-pages
         env:
-          # For maximum backward compatibility with Hugo modules
-          HUGO_ENVIRONMENT: production
-          HUGO_ENV: production
-        run: |
-          hugo \
-            --gc \
-            --minify \
-            --baseURL "${{ steps.pages.outputs.base_url }}/"
-        working-directory: ./docs
-      - name: ls ./docs/public/api
-        run: echo 'ls ./docs/public/api' && ls ./docs/public/api
+          BASE_URL: "${{ steps.pages.outputs.base_url }}/"
       - name: Upload artifact
         uses: actions/upload-pages-artifact@v3
         with:
           path: ./docs/public
+          # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
 
   # Deployment job
   deploy:
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}

.github/workflows/lint-rest.yml

@@ -0,0 +1,18 @@
+---
+name: Lint What Super Linter Can't
+
+on: [pull_request]
+
+permissions: {}
+
+jobs:
+  lint:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Check out
+        with:
+          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: jdx/mise-action@c94f0bf9e520b150e34c017db785461f7e71c5fb # v2.1.1
+      - name: Lint
+        run: mise run lint-rest

.github/workflows/native-tests.yml

@@ -1,21 +1,18 @@
+---
 name: GraalVM Native Tests
 
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
+on: [pull_request]
+
+permissions: {}
 
 jobs:
   native-tests:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK
-        uses: actions/setup-java@v4
+      - name: Check out
         with:
-          java-version: '21'
-          distribution: graalvm
-          cache: 'maven'
-      - name: Run the Maven verify phase
-        run: ./scripts/run-native-tests.sh
+          persist-credentials: false
+        uses: actions/checkout@v4
+      - uses: jdx/mise-action@c94f0bf9e520b150e34c017db785461f7e71c5fb # v2.1.1
+      - name: Run native tests
+        run: mise run native-test

.github/workflows/release.yml

@@ -1,3 +1,4 @@
+---
 name: Deploy to Maven Central
 
 on:
@@ -9,32 +10,36 @@ jobs:
   deploy:
     if: ${{ github.repository == 'prometheus/client_java' }}
     runs-on: ubuntu-24.04
+    permissions: {}
 
     steps:
-      - name: Debug gpg key - remove after debugging
+      - name: Debug gpg key
         env:
-            GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
+          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
         run: |
-          echo "$GPG_SIGNING_KEY" | wc -c
-          echo "$GPG_SIGNING_KEY" | gpg --batch --import-options import-show --import
+          echo "${#GPG_SIGNING_KEY}"
+          echo "${GPG_SIGNING_KEY}" | gpg --batch --import-options import-show --import
       - name: Checkout Plugin Repository
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Set Up JDK
         uses: actions/setup-java@v4
         with:
           java-version: 17
           distribution: temurin
-          cache: 'maven'
 
       - name: Build with Maven
-        run: ./scripts/build-release.sh ${{ github.ref_name }}
+        run: ./scripts/build-release.sh
+        env:
+          TAG: ${{ github.ref_name }}
 
       - name: Set up Apache Maven Central
         uses: actions/setup-java@v4
         with:
-          distribution: 'temurin'
-          java-version: '17'
+          distribution: "temurin"
+          java-version: "17"
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_CENTRAL_TOKEN

.github/workflows/super-linter.yml

@@ -0,0 +1,30 @@
+---
+name: Lint
+
+on: [pull_request]
+
+jobs:
+  lint:
+    runs-on: ubuntu-24.04
+
+    permissions:
+      contents: read
+      packages: read
+      # To report GitHub Actions status checks
+      statuses: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: Load super-linter configuration
+        run: grep -v '^#' .github/super-linter.env | grep -v 'FIX_' >> "$GITHUB_ENV"
+
+      - name: Super-linter
+        uses: super-linter/super-linter@12150456a73e248bdc94d0794898f94e23127c88 # v7.4.0
+        env:
+          # To report GitHub Actions status checks
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}