Merge branch 'master' into conti/remove-async-storage-graphql

Author: wconti27

.github/actions/install/action.yml

@@ -18,7 +18,8 @@ runs:
       shell: bash
       if: inputs.cache == 'true' && steps.yarn-cache.outputs.cache-hit == 'true'
       # Retry in case of server error from registry.
-    - run: yarn install --frozen-lockfile --ignore-engines || yarn install --frozen-lockfile --ignore-engines
+      # Wait 60 seconds to give the registry server time to heal.
+    - run: yarn install --frozen-lockfile --ignore-engines || sleep 60 && yarn install --frozen-lockfile --ignore-engines
       shell: bash
     - run: tar -cf node_modules.tar node_modules
       shell: bash

.github/actions/instrumentations/test/action.yml

@@ -10,4 +10,4 @@ runs:
     - uses: ./.github/actions/node/active-lts
     - run: yarn test:instrumentations:ci
       shell: bash
-    - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+    - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3

.github/dependabot.yml

@@ -11,8 +11,54 @@ updates:
       - "/.github/actions/*"
       - "/.github/actions/*/*"
     schedule:
-      interval: "monthly"
+      interval: "weekly"
     groups:
       gh-actions-packages:
         patterns:
           - "*"
+  - package-ecosystem: "npm"
+    directories:
+      - "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "@types/node"
+        # Update the types manually with new Node.js version support
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "eslint-plugin-mocha"
+        # ESM only from v11.0.0 onwards
+        update-types: ["version-update:semver-major"]
+      - dependency-name: "jest-docblock"
+        # 30.0.0 onwards only supports Node.js 18.14.x and above
+        update-types: ["version-update:semver-major"]
+        # The path-to-regexp version has to be the same as used in express v4.
+        # Consider vendoring it instead.
+      - dependency-name: "path-to-regexp"
+      - dependency-name: "lru-cache"
+        # 11.0.0 onwards only supports Node.js 20 and above
+        update-types: ["version-update:semver-major"]
+    groups:
+      dev-minor-and-patch-dependencies:
+        dependency-type: "development"
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+      runtime-minor-and-patch-dependencies:
+        dependency-type: "production"
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+        exclude-patterns:
+          # Add entries that we should update manually.
+          - "@datadog/libdatadog"
+          - "@datadog/native-appsec"
+          - "@datadog/native-iast-taint-tracking"
+          - "@datadog/native-metrics"
+          - "@datadog/pprof"
+          - "@datadog/sketches-js"
+          - "@datadog/wasm-js-rewriter"
+          - "@opentelemetry/api"

.github/scripts/yarn-dedupe.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -ex
+
+if git diff --exit-code yarn.lock; then
+  echo "✅ yarn.lock is already properly deduplicated"
+else
+  echo "📝 yarn.lock was modified by dedupe command"
+
+  PR_AUTHOR="${PR_AUTHOR:-}"
+  PR_USER_TYPE="${PR_USER_TYPE:-}"
+
+  if [[ "$PR_USER_TYPE" == "Bot" ]] && [[ "${GITHUB_EVENT_NAME:-}" == "pull_request" ]]; then
+    echo "🤖 Bot-created PR detected. Auto-committing yarn.lock changes..."
+
+    git config --local user.email "action@github.com"
+    git config --local user.name "GitHub Action"
+
+    git add yarn.lock
+    git commit -m "Auto-dedupe yarn.lock dependencies"
+
+    git push origin HEAD:${GITHUB_HEAD_REF}
+
+    echo "✅ Successfully committed and pushed yarn.lock deduplication"
+  else
+    echo "❌ The yarn.lock file needs deduplication!"
+    echo ""
+    echo "The yarn dedupe command has modified your yarn.lock file."
+    echo "This means there were duplicate dependencies that could be optimized."
+    echo ""
+    echo "To fix this issue:"
+    echo "1. Run 'yarn dependencies:dedupe' locally"
+    echo "2. Commit the updated yarn.lock file"
+    echo "3. Push your changes"
+    echo ""
+    echo "This helps keep the dependency tree clean."
+    exit 1
+  fi
+fi

.github/workflows/apm-integrations.yml

@@ -187,8 +187,52 @@ jobs:
 
   azure-functions:
     runs-on: ubuntu-latest
+    services:
+        azureservicebusemulator:
+          image: mcr.microsoft.com/azure-messaging/servicebus-emulator:1.1.2
+          ports:
+              - "127.0.0.1:5672:5672"
+              - "127.0.0.1:5300:5300"
+          env:
+              ACCEPT_EULA: "Y"
+              MSSQL_SA_PASSWORD: "Localtestpass1!"
+              SQL_SERVER: azuresqledge
+        azuresqledge:
+          image: mcr.microsoft.com/azure-sql-edge:1.0.7
+          ports:
+              - "127.0.0.1:1433:1433"
+          env:
+              ACCEPT_EULA: "Y"
+              MSSQL_SA_PASSWORD: "Localtestpass1!"
     env:
       PLUGINS: azure-functions
+      SERVICES: azureservicebusemulator,azuresqledge
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./.github/actions/plugins/test
+
+  azure-service-bus:
+    runs-on: ubuntu-latest
+    services:
+        azureservicebusemulator:
+          image: mcr.microsoft.com/azure-messaging/servicebus-emulator:1.1.2
+          ports:
+              - "127.0.0.1:5672:5672"
+              - "127.0.0.1:5300:5300"
+          env:
+              ACCEPT_EULA: "Y"
+              MSSQL_SA_PASSWORD: "Localtestpass1!"
+              SQL_SERVER: azuresqledge
+        azuresqledge:
+          image: mcr.microsoft.com/azure-sql-edge:1.0.7
+          ports:
+              - "127.0.0.1:1433:1433"
+          env:
+              ACCEPT_EULA: "Y"
+              MSSQL_SA_PASSWORD: "Localtestpass1!"
+    env:
+      PLUGINS: azure-service-bus
+      SERVICES: azureservicebusemulator,azuresqledge
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ./.github/actions/plugins/test
@@ -438,6 +482,14 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ./.github/actions/plugins/test
 
+  hono:
+    runs-on: ubuntu-latest
+    env:
+      PLUGINS: hono
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./.github/actions/plugins/test
+
   http:
     strategy:
       matrix:
@@ -482,6 +534,9 @@ jobs:
       - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
 
   kafkajs:
+    strategy:
+      matrix:
+        node-version: ['oldest', 'latest']
     runs-on: ubuntu-latest
     services:
       kafka:
@@ -506,7 +561,17 @@ jobs:
       SERVICES: kafka
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ./.github/actions/plugins/test
+      - uses: ./.github/actions/testagent/start
+      - uses: ./.github/actions/node
+        with:
+          version: ${{ matrix.node-version }}
+      - uses: ./.github/actions/install
+      - run: yarn test:plugins:ci
+      - if: always()
+        uses: ./.github/actions/testagent/logs
+        with:
+          suffix: plugins-${{ github.job }}-${{ matrix.node-version }}
+      - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
 
   koa:
     runs-on: ubuntu-latest
@@ -771,14 +836,12 @@ jobs:
       SERVICES: oracledb
       DD_TEST_AGENT_URL: http://testagent:9126
       DD_INJECT_FORCE: 'true'
-      # Needed to fix issue with `actions/checkout@v3: https://github.com/actions/checkout/issues/1590
-      ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
     steps:
       # https://github.com/actions/runner/issues/2906#issuecomment-2109514798
       - name: Install Node for runner (with glibc 2.17 compatibility)
         run: |
-          curl -LO https://unofficial-builds.nodejs.org/download/release/v20.9.0/node-v20.9.0-linux-x64-glibc-217.tar.xz
-          tar -xf node-v20.9.0-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217
+          curl -LO https://unofficial-builds.nodejs.org/download/release/v20.19.3/node-v20.19.3-linux-x64-glibc-217.tar.xz
+          tar -xf node-v20.19.3-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ./.github/actions/node
         with:

.github/workflows/codeql-analysis.yml

@@ -38,7 +38,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+      uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
       with:
         languages: ${{ matrix.language }}
         config-file: .github/codeql_config.yml
@@ -48,7 +48,7 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+      uses: github/codeql-action/autobuild@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+      uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2

.github/workflows/eslint-rules.yml

@@ -0,0 +1,23 @@
+name: ESLint Rules
+
+on:
+  pull_request:
+    paths:
+      - 'eslint-rules/**'
+  push:
+    branches: [master]
+    paths:
+      - 'eslint-rules/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  eslint-rules:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./.github/actions/node/active-lts
+      - uses: ./.github/actions/install
+      - run: yarn test:eslint-rules

.github/workflows/platform.yml

@@ -283,6 +283,15 @@ jobs:
       - run: yarn test:integration
       - run: yarn test:integration:esbuild
 
+  unit-guardrails:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./.github/actions/node/active-lts
+      - uses: ./.github/actions/install
+      - run: yarn test:trace:guardrails:ci
+      - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+
   # We'll run these separately for earlier (i.e. unsupported) versions
   integration-guardrails:
     strategy:
@@ -296,13 +305,16 @@ jobs:
           version: ${{ matrix.version }}
       - uses: ./.github/actions/install
       - run: yarn add --ignore-scripts mocha@10 # Use older mocha to support old Node.js versions
+      - run: yarn add --ignore-scripts express@4 # Use older express to support old Node.js versions
       - run: node node_modules/.bin/mocha --colors --timeout 30000 integration-tests/init.spec.js
 
   integration-guardrails-unsupported:
     strategy:
       matrix:
         version: ['0.8', '0.10', '0.12', '4', '6', '8', '10', '12']
     runs-on: ubuntu-latest
+    env:
+      DD_TRACE_DEBUG: 'true' # This exercises more of the guardrails code
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ./.github/actions/node

.github/workflows/pr-labels.yml

@@ -8,7 +8,7 @@ jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-      - uses: mheap/github-action-required-labels@388fd6af37b34cdfe5a23b37060e763217e58b03 # v5.5.0
+      - uses: mheap/github-action-required-labels@8afbe8ae6ab7647d0c9f0cfa7c2f939650d22509 # v5.5.1
         with:
           mode: exactly
           count: 1

.github/workflows/project.yml

@@ -67,6 +67,7 @@ jobs:
   static-analysis:
     runs-on: ubuntu-latest
     name: Datadog Static Analyzer
+    if: github.actor != 'dependabot[bot]'
     steps:
     - name: Checkout
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -98,9 +99,15 @@ jobs:
 
   yarn-dedupe:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: read
     steps:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
 
       - name: Setup Node.js
         uses: ./.github/actions/node/active-lts
@@ -111,21 +118,9 @@ jobs:
       - name: Run yarn dependencies:dedupe
         run: yarn dependencies:dedupe
 
-      - name: Check if yarn.lock was modified
-        run: |
-          if git diff --exit-code yarn.lock; then
-            echo "✅ yarn.lock is already properly deduplicated"
-          else
-            echo "❌ The yarn.lock file needs deduplication!"
-            echo ""
-            echo "The yarn dedupe command has modified your yarn.lock file."
-            echo "This means there were duplicate dependencies that could be optimized."
-            echo ""
-            echo "To fix this issue:"
-            echo "1. Run 'yarn dependencies:dedupe' locally"
-            echo "2. Commit the updated yarn.lock file"
-            echo "3. Push your changes"
-            echo ""
-            echo "This helps keep the dependency tree clean."
-            exit 1
-          fi
+      - name: Run yarn dedupe check
+        run: ./.github/scripts/yarn-dedupe.sh
+        env:
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+          PR_USER_TYPE: ${{ github.event.pull_request.user.type }}
+          GITHUB_EVENT_NAME: ${{ github.event_name }}