open-telemetry/opentelemetry-collector
32 workflows · maturity 83% · 10 patterns · GitHub ↗
Practices
✓ Matrix✓ Permissions✓ Security scan○ AI review✓ Cache✓ Concurrency○ Reusable workflows
Detected patterns
Security dimensions
Tools: github/codeql-action/analyze, github/codeql-action/autobuild, github/codeql-action/init, github/codeql-action/upload-sarif, ossf/scorecard-action
Workflows (32)
add-labels-and-owners perms .github/workflows/add-labels-and-owners.yml
View raw YAML
name: 'Add labels and code owners to PR'
on:
pull_request_target:
types:
- opened
- synchronize
- ready_for_review
permissions: read-all
jobs:
add-labels-and-owners:
permissions:
pull-requests: write
runs-on: ubuntu-24.04
if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]' && github.repository_owner == 'open-telemetry' && github.event.pull_request.draft == false }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run add-codeowners-to-pr.sh
run: ./.github/workflows/scripts/add-labels-and-owners.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: ${{ github.repository }}
PR: ${{ github.event.number }}
add-labels-command perms .github/workflows/add-labels-command.yml
View raw YAML
name: 'Add Labels'
on:
issue_comment:
types: [created]
permissions: read-all
jobs:
add-labels-command:
if: ${{ !github.event.issue.pull_request && startsWith(github.event.comment.body, '/label') && github.repository_owner == 'open-telemetry' }}
permissions:
issues: write
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run add-labels-command.sh
run: ./.github/workflows/scripts/add-labels-command.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE: ${{ github.event.issue.number }}
COMMENT: ${{ github.event.comment.body }}
SENDER: ${{ github.event.sender.login }}
api-compatibility perms .github/workflows/api-compatibility.yml
View raw YAML
# This GitHub action is used to compare API state snapshots of Main
# to Head of the PR in order to validate releases are not breaking
# backwards compatibility.
#
# This GitHub action will fail if there are incompatible changes.
#
name: "Inform Incompatible PRs"
on:
pull_request:
branches:
- main
permissions: read-all
jobs:
Check-Compatibility:
runs-on: ubuntu-latest
env:
BASE_REF: ${{ github.base_ref }}
HEAD_REF: ${{ github.head_ref }}
steps:
- name: Checkout-Main
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ github.base_ref }}
path: ${{ github.base_ref }}
- name: Checkout-HEAD
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: ${{ github.head_ref }}
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
# Generate apidiff states of Main
- name: Generate-States
run: |
cd $BASE_REF
make apidiff-build
# Compare apidiff states of Main with PR
- name: Compare-States
env:
CI: true
COMPARE_OPTS: -d "../${{ github.base_ref }}/internal/data/apidiff"
run: |
cd $HEAD_REF
make apidiff-compare
# Fail GitHub Action if there are incompatible changes
- name: Check-States
env:
CI: true
COMPARE_OPTS: -d "../${{ github.base_ref }}/internal/data/apidiff" -c
run: |
cd $HEAD_REF
make apidiff-compare
build-and-test matrix perms .github/workflows/build-and-test.yml
View raw YAML
name: build-and-test
on:
push:
branches: [main]
tags:
- "v[0-9]+.[0-9]+.[0-9]+*"
merge_group:
types: [checks_requested]
pull_request:
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
setup-environment:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make gomoddownload
lint:
runs-on: ubuntu-latest
needs: [setup-environment]
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: golint
run: make -j2 golint
- name: goimpi
run: make goimpi
govulncheck:
runs-on: ubuntu-latest
timeout-minutes: 30
needs: [setup-environment]
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Run `govulncheck`
run: make govulncheck
checks:
runs-on: ubuntu-latest
needs: [setup-environment]
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: stable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Setup Node
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: "24"
- name: checklicense
run: make checklicense
- name: misspell
run: make misspell
- name: checkdoc
run: make checkdoc
- name: markdownlint
run: make markdownlint
- name: checkapi
run: make checkapi
- name: Check for go mod dependency changes
run: |
make gotidy
git diff --exit-code || (echo 'go.mod/go.sum deps changes detected, please run "make gotidy" and commit the changes in this PR.' && exit 1)
- name: go:porto
run: |
make goporto
git diff --exit-code || (echo 'Porto links are out of date, please run "make goporto" and commit the changes in this PR.' && exit 1)
- name: go:generate
run: |
make gogenerate
git diff --exit-code || (echo 'Generated code is out of date, please run "make gogenerate" and commit the changes in this PR.' && exit 1)
- name: Generate proto files
run: |
make genproto
git diff --exit-code || (echo 'Generated code is out of date, please run "make genproto" and commit the changes in this PR.' && exit 1)
- name: Gen Pdata
run: |
make genpdata
git diff --exit-code || (echo 'Generated code is out of date, please run "make genpdata" and commit the changes in this PR.' && exit 1)
- name: Gen otelcorecol
run: |
make genotelcorecol
git diff --exit-code || (echo 'Generated code is out of date, please run "make genotelcorecol" and commit the changes in this PR.' && exit 1)
- name: Multimod verify
run: make multimod-verify
- name: crosslink
run: |
make crosslink
git diff -s --exit-code || (echo 'Replace statements are out of date, please run "make crosslink" and commit the changes in this PR.' && exit 1)
- name: generate-chloggen-components
run: |
make generate-chloggen-components
git diff --exit-code || (echo '.chloggen/config.yaml is out of date, please run "make generate-chloggen-components" and commit the changes.' && exit 1)
unittest-matrix:
strategy:
matrix:
runner: [ubuntu-latest]
go-version: ["stable", "oldstable"]
runs-on: ${{ matrix.runner }}
needs: [setup-environment]
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: ${{ matrix.go-version }}
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Cache Build
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.cache/go-build
key: unittest-${{ runner.os }}-${{ matrix.runner }}-go-build-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
- name: Run Unit Tests
run: |
make -j4 gotest-with-junit
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: test-results-${{ runner.os }}-${{ matrix.runner }}-${{ matrix.go-version }}
path: internal/tools/testresults/
retention-days: 4
unittest:
if: always()
runs-on: ubuntu-latest
needs: [setup-environment, unittest-matrix]
steps:
- name: Print result
run: echo ${{ needs.unittest-matrix.result }}
- name: Interpret result
run: |
if [[ success == ${{ needs.unittest-matrix.result }} ]]
then
echo "All matrix jobs passed!"
else
echo "One or more matrix jobs failed."
false
fi
test-coverage:
runs-on: ubuntu-latest
needs: [setup-environment]
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Cache Build
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: ~/.cache/go-build
key: coverage-${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }}
- name: Run Unit Tests With Coverage
run: make gotest-with-cover
- name: Upload coverage report
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # 6.0.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
cross-build-collector:
needs: [setup-environment]
runs-on: ubuntu-latest
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
include:
# Go 1.15 dropped support for 32-bit binaries
# on macOS: https://go.dev/doc/go1.15
#- goos: darwin
# goarch: 386
- goos: aix
goarch: ppc64
- goos: darwin
goarch: amd64
- goos: darwin
goarch: arm64
- goos: js
goarch: wasm
- goos: linux
goarch: 386
- goos: linux
goarch: amd64
- goos: linux
goarch: arm64
- goos: linux
goarch: ppc64le
- goos: linux
goarch: riscv64
- goos: linux
goarch: arm
goarm: 7
- goos: linux
goarch: s390x
- goos: windows
goarch: 386
- goos: windows
goarch: amd64
- goos: windows
goarch: arm64
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Build
env:
GOOS: ${{matrix.goos}}
GOARCH: ${{matrix.goarch}}
GOARM: ${{matrix.goarm}}
run: |
make otelcorecol
build-and-test-arm matrix perms .github/workflows/build-and-test-arm.yml
View raw YAML
name: build-and-test-arm
on:
push:
branches: [main]
tags:
- "v[0-9]+.[0-9]+.[0-9]+*"
merge_group:
types: [checks_requested]
pull_request:
env:
TEST_RESULTS: testbed/tests/results/junit/results.xml
# Make sure to exit early if cache segment download times out after 2 minutes.
# We limit cache download as a whole to 5 minutes.
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
permissions: read-all
# Do not cancel this workflow on main. See https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/16616
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
arm-unittest-matrix:
strategy:
matrix:
os: [ubuntu-22.04-arm, macos-14]
if: ${{ github.actor != 'dependabot[bot]' && (contains(github.event.pull_request.labels.*.name, 'Run ARM') || github.event_name == 'push' || github.event_name == 'merge_group') }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
timeout-minutes: 5
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make gomoddownload
- name: Run Unit Tests
run: make -j4 gotest
arm-unittest:
if: ${{ github.actor != 'dependabot[bot]' && (contains(github.event.pull_request.labels.*.name, 'Run ARM') || github.event_name == 'push' || github.event_name == 'merge_group') }}
runs-on: ubuntu-latest
needs: [arm-unittest-matrix]
steps:
- name: Print result
run: echo ${{ needs.arm-unittest-matrix.result }}
- name: Interpret result
run: |
if [[ success == ${{ needs.arm-unittest-matrix.result }} ]]
then
echo "All matrix jobs passed!"
else
echo "One or more matrix jobs failed."
false
fi
build-and-test-windows matrix perms .github/workflows/build-and-test-windows.yaml
View raw YAML
name: build-and-test-windows
on:
push:
branches: [main]
tags:
- "v[0-9]+.[0-9]+.[0-9]+*"
merge_group:
types: [checks_requested]
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions: read-all
jobs:
windows-unittest:
strategy:
fail-fast: false
matrix:
os: [windows-2022, windows-2025, windows-11-arm]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
env:
cache-name: cache-go-modules
with:
path: |
~\go\pkg\mod
~\AppData\Local\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Ensure required ports in the dynamic range are available
run: |
& ${{ github.workspace }}\.github\workflows\scripts\win-required-ports.ps1
- name: Run Unit Tests
run: make gotest
windows-service-test:
strategy:
fail-fast: false
matrix:
os: [windows-2022, windows-2025, windows-11-arm]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
env:
cache-name: cache-go-modules
with:
path: |
~\go\pkg\mod
~\AppData\Local\go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Ensure required ports in the dynamic range are available
run: |
& ${{ github.workspace }}\.github\workflows\scripts\win-required-ports.ps1
- name: Make otelcorecol
run: make otelcorecol
- name: Install otelcorecol as a service
run: |
New-Service -Name "otelcorecol" -StartupType "Manual" -BinaryPathName "${PWD}\bin\otelcorecol_windows_$(go env GOARCH) --config ${PWD}\examples\local\otel-config.yaml"
eventcreate.exe /t information /id 1 /l application /d "Creating event provider for 'otelcorecol'" /so otelcorecol
- name: Test otelcorecol service
working-directory: ${{ github.workspace }}/otelcol
run: |
go test -timeout 90s -run ^TestCollectorAsService$ -v -tags=win32service
- name: Remove otelcorecol service
if: always()
run: |
Remove-Service otelcorecol
Remove-Item HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\Application\otelcorecol
builder-integration-test perms .github/workflows/builder-integration-test.yaml
View raw YAML
name: Builder - Integration tests
on:
# on changes to the main branch touching the builder
push:
branches: [main]
# on PRs touching the builder
pull_request:
branches: [main]
# once a day at 6:17 AM UTC
schedule:
- cron: "17 6 * * *"
# manual execution
workflow_dispatch:
merge_group:
types: [checks_requested]
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions: read-all
jobs:
integration-test:
name: Integration test
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Test
run: make builder-integration-test
builder-snapshot perms .github/workflows/builder-snapshot.yaml
View raw YAML
name: Builder - Snapshot build
on:
push:
branches: [main]
# on PRs touching the builder
pull_request:
branches: [main]
paths:
- "cmd/builder/**"
permissions:
contents: read
env:
# renovate: datasource=github-tags depName=goreleaser-pro packageName=goreleaser/goreleaser-pro
GORELEASER_PRO_VERSION: v2.11.1
jobs:
snapshot:
runs-on: ubuntu-24.04
if: ${{ github.repository_owner == 'open-telemetry' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: .core
- name: Pull the latest releases repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: opentelemetry-collector-releases
repository: open-telemetry/opentelemetry-collector-releases
- name: Copy release files
run: cp -R ./opentelemetry-collector-releases/cmd/builder/. ./.core/cmd/builder/
- uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
- uses: anchore/sbom-action/download-syft@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0
- uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
with:
platforms: amd64,arm64,ppc64le,s390x,riscv64
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: stable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Check GoReleaser
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
with:
distribution: goreleaser-pro
version: ${{ env.GORELEASER_PRO_VERSION }}
args: check --verbose -f .core/cmd/builder/.goreleaser.yaml
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
with:
distribution: goreleaser-pro
version: ${{ env.GORELEASER_PRO_VERSION }}
args: --snapshot --clean -f .core/cmd/builder/.goreleaser.yaml --skip sign
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_YES: false
# Only create an issue if the workflows fails on push to main branch
- name: File an issue if the workflow failed
if: failure() && github.ref == 'refs/heads/main'
run: |
template=$(cat <<'END'
[Link to job log](%s)
END
)
job_url="$(gh run view ${{ github.run_id }} -R ${{ github.repository }} --json jobs -q '.jobs[] | select(.name == "snapshot") | .url')"
body="$(printf "$template" "$job_url")"
gh issue create -R ${{ github.repository }} -t 'OCB snapshot workflow failed' -b "$body" -l 'ci-cd' -l 'area:builder'
env:
GH_TOKEN: ${{ github.token }}
changelog perms .github/workflows/changelog.yml
View raw YAML
# This action requires that any PR targeting the main branch should touch at
# least one CHANGELOG file. If a CHANGELOG entry is not required, add the "Skip
# Changelog" label to disable this action.
name: changelog
on:
pull_request:
types: [opened, ready_for_review, synchronize, reopened, labeled, unlabeled, edited]
branches:
- main
merge_group:
types: [checks_requested]
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions: read-all
jobs:
changelog:
runs-on: ubuntu-latest
if: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'dependencies') && !contains(github.event.pull_request.labels.*.name, 'Skip Changelog') && !contains(github.event.pull_request.title, '[chore]') }}
env:
PR_HEAD: ${{ github.event.pull_request.head.sha }}
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Ensure no changes to the CHANGELOG.md or CHANGELOG-API.md
run: |
if [[ $(git diff --name-only $(git merge-base origin/main $PR_HEAD) $PR_HEAD ./CHANGELOG*.md) ]]
then
echo "CHANGELOG.md and CHANGELOG-API.md should not be directly modified."
echo "Please add a .yaml file to the ./.chloggen/ directory."
echo "See CONTRIBUTING.md for more details."
echo "Alternately, add either \"[chore]\" to the title of the pull request or add the \"Skip Changelog\" label if this job should be skipped."
false
else
echo "CHANGELOG.md and CHANGELOG-API.md were not modified."
fi
- name: Ensure ./.chloggen/*.yaml addition(s)
run: |
if [[ 1 -gt $(git diff --diff-filter=A --name-only $(git merge-base origin/main $PR_HEAD) $PR_HEAD ./.chloggen | grep -c \\.yaml) ]]
then
echo "No changelog entry was added to the ./.chloggen/ directory."
echo "Please add a .yaml file to the ./.chloggen/ directory."
echo "See CONTRIBUTING.md for more details."
echo "Alternately, add either \"[chore]\" to the title of the pull request or add the \"Skip Changelog\" label if this job should be skipped."
false
else
echo "A changelog entry was added to the ./.chloggen/ directory."
fi
- name: Validate ./.chloggen/*.yaml changes
run: |
make chlog-validate \
|| { echo "New ./.chloggen/*.yaml file failed validation."; exit 1; }
# In order to validate any links in the yaml file, render the config to markdown
- name: Render .chloggen changelog entries
run: make chlog-preview > changelog_preview.md
- name: Link Checker
id: lychee
uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0
with:
args: "--verbose --no-progress ./changelog_preview.md --config .github/lychee.toml"
failIfEmpty: false
check-codeowners perms .github/workflows/check-codeowners.yaml
View raw YAML
name: codeowners
on:
push:
branches: [main]
paths:
- ".github/CODEOWNERS"
- "**/metadata.yaml"
tags:
- "v[0-9]+.[0-9]+.[0-9]+*"
pull_request_target:
paths:
- ".github/CODEOWNERS"
- "**/metadata.yaml"
types:
- opened
- synchronize
- edited
- reopened
env:
# Make sure to exit early if cache segment download times out after 2 minutes.
# We limit cache download as a whole to 5 minutes.
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
# Do not cancel this workflow on main. See https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/16616
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions: read-all
jobs:
check-codeowners:
timeout-minutes: 30
runs-on: ubuntu-24.04
if: ${{ github.actor != 'dependabot[bot]' && github.repository == 'open-telemetry/opentelemetry-collector' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
id: go-setup
with:
go-version: oldstable
cache-dependency-path: "**/*.sum"
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
path: pr
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
id: otelbot-token
with:
app-id: ${{ vars.OTELBOT_APP_ID }}
private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
# NOTE: the make command below intentionally uses the Makefile from the
# target branch, and not the PR checkout, since it runs with the
# pull_request_target event and has elevated permissions.
- name: Gen CODEOWNERS
run: |
GITHUB_TOKEN=${{ steps.otelbot-token.outputs.token }} GITHUBGEN_ARGS="-folder=./pr" make generate-codeowners
git diff -s --exit-code || (echo 'Generated code is out of date, please run "make generate-codeowners" or apply this diff and commit the changes in this PR.' && git diff && exit 1)
check-links perms .github/workflows/check-links.yaml
View raw YAML
name: check-links
on:
push:
branches: [main]
pull_request:
merge_group:
types: [checks_requested]
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions: read-all
jobs:
changedfiles:
name: changed files
runs-on: ubuntu-latest
env:
PR_HEAD: ${{ github.event.pull_request.head.sha }}
outputs:
files: ${{ steps.changes.outputs.files }}
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Get changed files
id: changes
run: |
files=$(git diff --name-only --diff-filter=ACMRTUXB $(git merge-base origin/main $PR_HEAD) $PR_HEAD | grep .md$ | xargs)
if [ -z "$files" ] && git diff --name-only $(git merge-base origin/main $PR_HEAD) $PR_HEAD | grep -q "package.json"; then
files="**/*.md"
fi
echo "files=$files" >> $GITHUB_OUTPUT
check-links:
runs-on: ubuntu-latest
needs: changedfiles
if: ${{needs.changedfiles.outputs.files}}
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Link Checker
id: lychee
uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0
with:
args: "--verbose --no-progress ${{needs.changedfiles.outputs.files}} --config .github/lychee.toml"
failIfEmpty: false
check-merge-freeze perms .github/workflows/check-merge-freeze.yml
View raw YAML
name: Merge freeze
on:
pull_request:
types:
[
opened,
ready_for_review,
synchronize,
reopened,
labeled,
unlabeled,
enqueued,
]
branches: [main]
merge_group:
types: [checks_requested]
permissions: read-all
jobs:
check-merge-freeze:
name: Check
# This condition is to avoid blocking the PR causing the freeze in the first place.
if: |
(!startsWith(github.event.pull_request.title || github.event.merge_group.head_commit.message, '[chore] Prepare release')) ||
((github.event.pull_request.user.login || github.event.merge_group.head_commit.author.name) != 'otelbot[bot]')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
sparse-checkout: .github/workflows/scripts
- run: ./.github/workflows/scripts/check-merge-freeze.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: open-telemetry/opentelemetry-collector
codeql-analysis perms security .github/workflows/codeql-analysis.yml
View raw YAML
name: "CodeQL Analysis"
on:
push:
branches: [main]
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions: read-all
jobs:
CodeQL-Build:
permissions:
actions: read # for github/codeql-action/init to get workflow details
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/autobuild to send a status report
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
contrib-tests matrix perms .github/workflows/contrib-tests.yml
View raw YAML
name: contrib-tests
on:
push:
branches: [main]
tags:
- v[0-9]+.[0-9]+.[0-9]+.*
pull_request:
types: [opened, ready_for_review, synchronize, reopened, labeled, unlabeled]
branches: [main]
merge_group:
types: [checks_requested]
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions: read-all
jobs:
contrib-tests-prepare:
runs-on: ubuntu-latest
if: ${{ !contains(github.event.pull_request.labels.*.name, 'Skip Contrib Tests') }}
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Prepare Contrib Tests
run: |
contrib_path=/tmp/opentelemetry-collector-contrib
git clone --depth=1 https://github.com/open-telemetry/opentelemetry-collector-contrib.git $contrib_path
make CONTRIB_PATH=$contrib_path prepare-contrib
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: contrib
path: /tmp/opentelemetry-collector-contrib/
include-hidden-files: true
contrib-tests-matrix:
runs-on: ubuntu-latest
needs: [contrib-tests-prepare]
if: ${{ !contains(github.event.pull_request.labels.*.name, 'Skip Contrib Tests') }}
strategy:
fail-fast: false
matrix:
group:
- receiver-0
- receiver-1
- receiver-2
- receiver-3
- processor
- exporter-0
- exporter-1
- extension
- connector
- internal
- pkg
- cmd-0
- other
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Download contrib
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: contrib
path: /tmp/contrib
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Run tests
run: |
make CONTRIB_PATH=/tmp/contrib SKIP_RESTORE_CONTRIB=true GROUP=${{ matrix.group }} check-contrib
contrib_tests:
runs-on: ubuntu-latest
if: ${{ !contains(github.event.pull_request.labels.*.name, 'Skip Contrib Tests') }}
needs: [contrib-tests-matrix]
steps:
- name: Print result
run: echo ${{ needs.contrib-tests-matrix.result }}
- name: Interpret result
run: |
if [[ success == ${{ needs.contrib-tests-matrix.result }} ]]
then
echo "All matrix jobs passed!"
else
echo "One or more matrix jobs failed."
false
fi
fossa perms .github/workflows/fossa.yml
View raw YAML
name: FOSSA scanning
on:
push:
branches:
- main
permissions:
contents: read
jobs:
fossa:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: fossas/fossa-action@c414b9ad82eaad041e47a7cf62a4f02411f427a0 # v1.8.0
with:
api-key: ${{secrets.FOSSA_API_KEY}}
team: OpenTelemetry
go-benchmarks matrix .github/workflows/go-benchmarks.yml
View raw YAML
name: CodSpeed Benchmarks
on:
push:
branches:
- "main"
pull_request:
workflow_dispatch:
jobs:
benchmarks:
name: Run benchmarks
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
group:
- receiver
- processor
- exporter
- pkg
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- run: ./.github/workflows/scripts/free-disk-space.sh
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: stable
cache: true
- name: Calculate Modules
id: calc
run: |
if [ "${{ matrix.group }}" == "root" ]; then
echo "TARGET_MODULES=$(pwd)" >> $GITHUB_ENV
else
MODULES=$(find ./${{ matrix.group }} -mindepth 1 -maxdepth 2 -type f -name "go.mod" -exec dirname {} \; 2>/dev/null | sort | xargs echo -n || true)
if [ -z "$MODULES" ]; then
echo "SKIP_BENCH=true" >> $GITHUB_ENV
echo "No Go modules found in ${{ matrix.group }}, skipping this job."
else
echo "TARGET_MODULES=$MODULES" >> $GITHUB_ENV
fi
fi
- name: Run the benchmarks
if: env.SKIP_BENCH != 'true'
uses: CodSpeedHQ/action@1c8ae4843586d3ba879736b7f6b7b0c990757fab # v4.12.1
with:
mode: walltime
run: make for-all-target TARGET="timebenchmark" GOMODULES="${{ env.TARGET_MODULES }}"
cache-instruments: true
lint-workflow-files perms .github/workflows/lint-workflow-files.yml
View raw YAML
name: Lint GitHub Workflow YAML Files
on:
push:
branches:
- main
pull_request:
paths:
- '.github/workflows/*.yml'
- '.github/workflows/*.yaml'
- '.github/actionlint.yaml'
permissions:
contents: read
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6
with:
go-version: stable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Run Actionlint
run: |
make actionlint
- name: Reminder to Address Linting Errors
if: failure()
run: echo "⚠️ Please address all linting errors before merging this pull request."
- name: All linting checks passed
if: success()
run: echo "✅ All linting checks passed."
milestone-add-to-pr perms .github/workflows/milestone-add-to-pr.yml
View raw YAML
# This action adds the "next release" milestone to a pull request
# when it is merged
name: "Project: Add PR to Milestone"
on:
pull_request_target:
types:
- closed
permissions: read-all
jobs:
update-pr:
if: github.event.pull_request.merged
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const milestones = await github.rest.issues.listMilestones({
owner: context.repo.owner,
repo: context.repo.repo,
state: "open"
})
for (const milestone of milestones.data) {
if (milestone.title == "next release") {
await github.rest.issues.update({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
milestone: milestone.number
});
return
}
}
perf perms .github/workflows/perf.yml
View raw YAML
name: Automation - Performance
on:
push:
branches: [main]
permissions: read-all
jobs:
runperf:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Run benchmark
run: make gobenchmark
# Disabling until fine-grained permissions token enabled for the
# repository
#- name: Store benchmark result
# uses: benchmark-action/github-action-benchmark@v1
# with:
# tool: 'go'
# output-file-path: benchmarks.txt
# gh-pages-branch: gh-pages
# auto-push: true
# github-token: ${{ secrets.GITHUB_TOKEN }}
# benchmark-data-dir-path: "docs/dev/bench"
ping-codeowners-issues perms .github/workflows/ping-codeowners-issues.yml
View raw YAML
name: 'Ping code owners on issues'
on:
issues:
types: [labeled]
permissions: read-all
jobs:
ping-owners:
permissions:
issues: write
runs-on: ubuntu-24.04
if: ${{ github.repository_owner == 'open-telemetry' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run ping-codeowners-issues.sh
run: ./.github/workflows/scripts/ping-codeowners-issues.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE: ${{ github.event.issue.number }}
COMPONENT: ${{ github.event.label.name }}
ping-codeowners-on-new-issue perms .github/workflows/ping-codeowners-on-new-issue.yml
View raw YAML
name: 'Ping code owners on a new issue'
on:
issues:
types: [opened]
permissions: read-all
jobs:
ping-owners-on-new-issue:
permissions:
issues: write
runs-on: ubuntu-24.04
if: ${{ github.repository_owner == 'open-telemetry' }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run ping-codeowners-on-new-issue.sh
run: ./.github/workflows/scripts/ping-codeowners-on-new-issue.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ISSUE: ${{ github.event.issue.number }}
TITLE: ${{ github.event.issue.title }}
BODY: ${{ github.event.issue.body }}
OPENER: ${{ github.event.issue.user.login }}
ping-codeowners-prs perms .github/workflows/ping-codeowners-prs.yml
View raw YAML
name: 'Ping code owners on PRs'
on:
pull_request_target:
types:
- labeled
- ready_for_review
permissions: read-all
jobs:
ping-owners:
permissions:
pull-requests: write
runs-on: ubuntu-24.04
if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]' && github.repository_owner == 'open-telemetry' && github.event.pull_request.draft == false }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run ping-codeowners-prs.sh
run: ./.github/workflows/scripts/ping-codeowners-prs.sh
env:
REPO: ${{ github.repository }}
AUTHOR: ${{ github.event.pull_request.user.login }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR: ${{ github.event.number }}
COMPONENT: ${{ github.event.label.name }}
prepare-release perms .github/workflows/prepare-release.yml
View raw YAML
name: Automation - Prepare Release
on:
workflow_dispatch:
# Determine the version number that will be assigned to the release. During the beta phase, we increment
# the minor version number and set the patch number to 0.
inputs:
candidate-stable:
description: Release candidate version (stable, like 1.3.0). Don't include a leading `v`.
current-stable:
required: true
description: Current version (stable, like 1.2.0). Don't include a leading `v`.
candidate-beta:
description: Release candidate version (beta, like 0.96.0). Don't include `v`.
current-beta:
required: true
description: Current version (beta, like 0.95.1). Don't include `v`.
permissions: read-all
jobs:
validate-versions-format:
runs-on: ubuntu-latest
steps:
- name: Validate version format
shell: bash
run: |
validate_beta_version() {
local regex_pattern_beta='^[0-9]+\.[0-9]+\.[0-9]+$'
if [[ ! "$1" =~ $regex_pattern_beta ]]; then
echo "Invalid $2 version format. For beta, it can be 0.1.0 or higher"
exit 1
fi
}
validate_stable_version() {
local regex_pattern_stable='^[1-9][0-9]*\.[0-9]+\.[0-9]+$'
if [[ ! "$1" =~ $regex_pattern_stable ]]; then
echo "Invalid stable version format for $2. Major version must be greater than 1."
exit 1
fi
}
if [[ ! -z "${{ inputs.candidate-beta }}" ]]; then
validate_beta_version "${{ inputs.candidate-beta }}" "candidate-beta"
fi
validate_beta_version "${{ inputs.current-beta }}" "current-beta"
if [[ ! -z "${{ inputs.candidate-stable }}" ]]; then
validate_stable_version "${{ inputs.candidate-stable }}" "candidate-stable"
fi
validate_stable_version "${{ inputs.current-stable }}" "current-stable"
if [[ -z "${{ inputs.candidate-beta }}" && -z "${{ inputs.candidate-stable }}" ]]; then
echo "Candidate version is not set for beta or stable. Please set a version to proceed."
exit 1
fi
check-blockers:
needs:
- validate-versions-format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
# Make sure that there are no open issues with release:blocker label in Core. The release has to be delayed until they are resolved.
- name: Check blockers in core
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: open-telemetry/opentelemetry-collector
run: ./.github/workflows/scripts/release-check-blockers.sh
# Make sure that there are no open issues with release:blocker label in Contrib. The release has to be delayed until they are resolved.
- name: Check blockers in contrib
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: open-telemetry/opentelemetry-collector-contrib
run: ./.github/workflows/scripts/release-check-blockers.sh
# Make sure the current main branch build successfully passes (Core).
- name: Check build status in core
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: open-telemetry/opentelemetry-collector
run: ./.github/workflows/scripts/release-check-build-status.sh
# Make sure the current main branch build successfully passes (Contrib).
- name: Check build status in contrib
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: open-telemetry/opentelemetry-collector-contrib
run: ./.github/workflows/scripts/release-check-build-status.sh
create-release-issue:
needs:
- check-blockers
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
# To keep track of the progress, it might be helpful to create a tracking issue similar to #6067. You are responsible
# for all of the steps under the "Performed by collector release manager" heading. Once the issue is created, you can
# create the individual ones by hovering them and clicking the "Convert to issue" button on the right hand side.
- name: Create issue for tracking release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CANDIDATE_BETA: ${{ inputs.candidate-beta }}
CANDIDATE_STABLE: ${{ inputs.candidate-stable }}
CURRENT_BETA: ${{ inputs.current-beta }}
CURRENT_STABLE: ${{ inputs.current-stable }}
REPO: open-telemetry/opentelemetry-collector
run: ./.github/workflows/scripts/release-create-tracking-issue.sh
# Releasing opentelemetry-collector
prepare-release:
needs:
- check-blockers
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: stable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
id: otelbot-token
with:
app-id: ${{ vars.OTELBOT_APP_ID }}
private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
# Prepare Core for release.
# - Update CHANGELOG.md file, this is done via chloggen
# - Run make prepare-release PREVIOUS_VERSION=1.0.0 RELEASE_CANDIDATE=1.1.0 MODSET=stable
# - Run make prepare-release PREVIOUS_VERSION=0.52.0 RELEASE_CANDIDATE=0.53.0 MODSET=beta
- name: Prepare release for core
env:
GITHUB_TOKEN: ${{ steps.otelbot-token.outputs.token }}
REPO: open-telemetry/opentelemetry-collector
CANDIDATE_BETA: ${{ inputs.candidate-beta }}
CANDIDATE_STABLE: ${{ inputs.candidate-stable }}
CURRENT_BETA: ${{ inputs.current-beta }}
CURRENT_STABLE: ${{ inputs.current-stable }}
run: ./.github/workflows/scripts/release-prepare-release.sh
release-branch perms .github/workflows/release-branch.yml
View raw YAML
name: Automation - Release Branch
on:
push:
tags:
# Trigger on beta version tags (0.x.x series) to create release branch
# This pattern matches: v0.{minor}.{patch} for new releases and bugfix releases
- 'v0.[0-9]+.[0-9]+'
- 'v0.[0-9]+.[0-9]+-*' # Also support release candidates if needed
permissions:
contents: read
jobs:
release-branch:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Setup Git config
run: |
git config --global user.name "otelbot"
git config --global user.email "197425009+otelbot@users.noreply.github.com"
- name: Run release-branch.sh
run: |
./.github/workflows/scripts/release-branch.sh
env:
UPSTREAM_REMOTE_NAME: "origin"
MAIN_BRANCH_NAME: "main"
GITHUB_REF: ${{ github.ref }}
rerun-workflows perms .github/workflows/rerun-workflows.yml
View raw YAML
name: "Rerun Failed Workflows"
on:
issue_comment:
types:
- created
permissions: read-all
jobs:
rerun-failed:
if: ${{ github.event.issue.pull_request && startsWith(github.event.comment.body, '/rerun') && github.repository_owner == 'open-telemetry' }}
permissions:
actions: write
checks: read
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Run rerun-failed-workflows.sh
run: ./.github/workflows/scripts/rerun-failed-workflows.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.issue.number }}
COMMENT: ${{ github.event.comment.body }}
SENDER: ${{ github.event.comment.user.login }}
scorecard perms security .github/workflows/scorecard.yml
View raw YAML
name: Scorecard supply-chain security
on:
# For Branch-Protection check. Only the default branch is supported. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
branch_protection_rule:
# To guarantee Maintained check is occasionally updated. See
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
schedule:
- cron: '39 1 * * 3'
push:
branches: [ "main" ]
# Declare default permissions as read only.
permissions: read-all
jobs:
analysis:
name: Scorecard analysis
runs-on: ubuntu-latest
permissions:
# Needed to upload the results to code-scanning dashboard.
security-events: write
# Needed to publish results and get a badge (see publish_results below).
id-token: write
# Uncomment the permissions below if installing in a private repository.
# contents: read
# actions: read
steps:
- name: "Checkout code"
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
with:
results_file: results.sarif
results_format: sarif
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
# - you want to enable the Branch-Protection check on a *public* repository, or
# - you are installing Scorecard on a *private* repository
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
# Public repositories:
# - Publish results to OpenSSF REST API for easy access by consumers
# - Allows the repository to include the Scorecard badge.
# - See https://github.com/ossf/scorecard-action#publishing-results.
# For private repositories:
# - `publish_results` will always be set to `false`, regardless
# of the value entered here.
publish_results: true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: SARIF file
path: results.sarif
retention-days: 5
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
with:
sarif_file: results.sarif
shellcheck perms .github/workflows/shellcheck.yml
View raw YAML
name: Shellcheck lint
on:
push:
branches: [main]
pull_request:
branches: [main]
merge_group:
types: [checks_requested]
permissions: read-all
jobs:
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
sourcecode-release perms .github/workflows/sourcecode-release.yaml
View raw YAML
name: Source Code - Release
on:
push:
tags:
- "v*"
permissions:
contents: read
jobs:
goreleaser:
runs-on: ubuntu-latest
permissions:
contents: write # Grant write permissions to repository contents
issues: write # Grant write permissions to PR milestones
steps:
- name: Checkout Repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
# Extract title from latest version title in CHANGELOG.md
- name: Prepare release title
id: release-title
run: |
echo "title=$(grep -A 2 '<!-- next version -->' CHANGELOG.md | awk '/##/{print $2}')" >> $GITHUB_OUTPUT
- name: Prepare release notes
run: |
touch release-notes.md
echo "### Images and binaries here: https://github.com/open-telemetry/opentelemetry-collector-releases/releases/tag/${{ github.ref_name }}" >> release-notes.md
echo "" >> release-notes.md
echo "## End User Changelog" >> release-notes.md
awk '/<!-- next version -->/,/<!-- previous-version -->/' CHANGELOG.md > tmp-chlog.md # select changelog of latest version only
sed '1,3d' tmp-chlog.md >> release-notes.md # delete first 3 lines of file
echo "" >> release-notes.md
echo "## API Changelog" >> release-notes.md
awk '/<!-- next version -->/,/<!-- previous-version -->/' CHANGELOG-API.md > tmp-chlog-api.md # select changelog of latest version only
sed '1,3d' tmp-chlog-api.md >> release-notes.md # delete first 3 lines of file
- name: Create Github Release
run: |
gh release create ${{ github.ref_name }} -t ${{ steps.release-title.outputs.title }} -F release-notes.md
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const milestones = await github.rest.issues.listMilestones({
owner: context.repo.owner,
repo: context.repo.repo,
state: "open"
})
for (const milestone of milestones.data) {
if (milestone.title == "next release") {
await github.rest.issues.updateMilestone({
owner: context.repo.owner,
repo: context.repo.repo,
milestone_number: milestone.number,
title: "${{ github.ref_name }}"
});
await github.rest.issues.createMilestone({
owner: context.repo.owner,
repo: context.repo.repo,
title: "next release"
});
return
}
}
spell-check perms .github/workflows/spell-check.yaml
View raw YAML
name: Spell Check
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
jobs:
spell-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Run cSpell
uses: streetsidesoftware/cspell-action@9cd41bb518a24fefdafd9880cbab8f0ceba04d28 # v8.3.0
with:
incremental_files_only: false
use_cspell_files: true
config: '.github/workflows/utils/cspell.json'
stale-pr perms .github/workflows/stale-pr.yaml
View raw YAML
name: "Close stale pull requests"
on:
schedule:
- cron: "12 3 * * *" # arbitrary time not to DDOS GitHub
permissions: read-all
jobs:
stale:
permissions:
issues: write # for actions/stale to close stale issues
pull-requests: write # for actions/stale to close stale PRs
runs-on: ubuntu-latest
steps:
- uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-pr-message: "This PR was marked stale due to lack of activity. It will be closed in 14 days."
close-pr-message: "Closed as inactive. Feel free to reopen if this PR is still being worked on."
days-before-pr-stale: 14
days-before-issue-stale: 730
days-before-pr-close: 14
days-before-issue-close: 30
survey-on-merged-pr perms .github/workflows/survey-on-merged-pr.yml
View raw YAML
name: Survey on Merged PR by Non-Member
on:
pull_request_target:
types: [closed]
permissions:
contents: read
env:
PR_NUM: ${{ github.event.pull_request.number }}
SURVEY_URL: https://docs.google.com/forms/d/e/1FAIpQLSf2FfCsW-DimeWzdQgfl0KDzT2UEAqu69_f7F2BVPSxVae1cQ/viewform?entry.1540511742=open-telemetry/opentelemetry-collector
jobs:
comment-on-pr:
name: Add survey to PR if author is not a member
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
steps:
- uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
id: otelbot-token
with:
app-id: ${{ vars.OTELBOT_APP_ID }}
private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
- name: Add survey comment if author is not a member or bot
run: |
USERNAME="${{ github.event.pull_request.user.login }}"
USER_TYPE="${{ github.event.pull_request.user.type }}"
ORG="${{ github.repository_owner }}"
# Skip if user is a bot
if [[ "$USER_TYPE" == "Bot" ]]; then
echo "Skipping survey for bot user: $USERNAME"
exit 0
fi
# Skip if user is an org member
if gh api "orgs/$ORG/members/$USERNAME" --silent; then
echo "Skipping survey for org member: $USERNAME"
exit 0
fi
# Add survey comment for external contributor
echo "Adding survey comment for external contributor: $USERNAME"
gh pr comment ${PR_NUM} --repo ${{ github.repository }} --body "Thank you for your contribution @${USERNAME}! 🎉 We would like to hear from you about your experience contributing to OpenTelemetry by taking a few minutes to fill out this [survey](${SURVEY_URL})."
env:
GH_TOKEN: ${{ steps.otelbot-token.outputs.token }}tidy-dependencies perms .github/workflows/tidy-dependencies.yml
View raw YAML
name: "Project: Tidy"
on:
pull_request_target:
types: [opened, ready_for_review, synchronize, reopened, labeled, unlabeled]
branches:
- main
permissions: read-all
jobs:
setup-environment:
permissions:
contents: write # for Git to git push
timeout-minutes: 30
runs-on: ubuntu-latest
if: ${{ !contains(github.event.pull_request.labels.*.name, 'dependency-major-update') && (github.actor == 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'renovatebot')) && github.event.pull_request.head.repo.fork == false }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ github.head_ref }}
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: oldstable
cache: false
- name: Cache Go
id: go-cache
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
with:
path: |
~/go/bin
~/go/pkg/mod
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
if: steps.go-cache.outputs.cache-hit != 'true'
run: make -j2 gomoddownload
- name: go mod tidy
run: |
make gotidy
git config user.name otelbot
git config user.email 197425009+otelbot@users.noreply.github.com
echo "git diff --exit-code || (git add . && git commit -m \"go mod tidy\" && git push)"
git diff --exit-code || (git add . && git commit -m "go mod tidy" && git push)
- uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
with:
labels: renovatebot