review: [DEVOPS-2394] full diff since coralogix fork-point (review-only; merge via #7)

[jmsundar]

Why this PR exists

Review-only. Shows the complete set of changes since the coralogix/opentelemetry-lambda@coralogix-nodejs-autoinstrumentation fork-point (8838714, CX-34056: Bump all dependencies to latest version, 2026-03-12), giving reviewers the full picture in one diff.

The three earliest feat commits (2ae8674, 299cdf9, 7cda4ae) landed on main before branch protection was set up and couldn't be rewound — org ruleset blocks non-fast-forward on main. So the "real" PR for merging is #7 (feat → main), which only shows 15 of the 18 commits. This PR covers the missing 3.

Do not merge this PR

Merge via #7 instead. The base branch here (review/DEVOPS-2394-full-diff) is just the fork-point SHA pushed as a branch for diff purposes. After review, delete this branch.

Summary (18 commits, +3070/−8618 across 179 files)

• Fork coralogix/opentelemetry-lambda and ship extend-nodejs-wrapper-and-exporter-{amd64,arm64} as a single Node.js Lambda layer to account 159581800400, org-visible across Extend AWS accounts.
• Bundle OTel Collector + Node.js wrapper + three dual-backend configs (cx-only, cx+arize, cx+arize+s3). Opt-in via NodeLambdaBuilder.otelTracingProps.
• Mastra AI pipeline: dedicated otlp/mastra receiver (:4319/:4320) + headers_setter extension routing spans to Arize via inbound-header auth, while the default traces pipeline stays Coralogix-only (+ S3 archival when enabled).
• Drop all non-Node upstream dirs (dotnet/, java/, ruby/, go/, python/) + their CI. python/ intentionally removed — start from origin/python-instrumentation if Python autoinstrumentation is needed later.
• Collector: package-extend Makefile target + custom build with awss3exporter and headerssetterextension pinned at v0.150.0.
• Publish pipeline (publish-extend-otel-layer.yml): matrix on {amd64,arm64} × {us-east-1, us-west-2}, uses Blacksmith 4vcpu runners, Node.js + collector zips merged, layer published with orgVisible permission to o-7ngcsohuq5.
• Sandbox flow (scripts/publish-sandbox.sh): auto-clones cx-contrib fork to .build-cache/ at pinned SHA 3a9691a6….
• Local build flow (scripts/build-nodejs.sh): same pinned SHA + shared .build-cache/ path; OPENTELEMETRY_JS_PATH / cx-js clone removed (resolve @opentelemetry/instrumentation from npm).
• UPSTREAM.md: fork-points for coralogix/opentelemetry-lambda, coralogix/opentelemetry-js-contrib, and open-telemetry/opentelemetry-lambda (latest absorbed OTel-upstream tag: layer-nodejs/0.10.0 → c9e67c4, via coralogix merge commit 436f3d0, 2024-10-28). Remote-setup block + manual sync procedure walking all three. Full rationale in the linked Confluence page.
• Consolidate ci-scripts/ + dev/ → scripts/. Delete dead upstream workflows, issue templates, CONTRIBUTING.md, RELEASE.md. Tighten CODEOWNERS to @helloextend/devops. Trim dependabot.yml to shipped ecosystems.

Test plan

Same as #7.

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added multiple OpenTelemetry Collector configuration variants supporting Coralogix-only, Coralogix+Arize OTLP/gRPC export, and Coralogix+Arize with S3 trace archival.
  • Introduced Secrets Manager value resolution using ${secretsmanager:<name-or-arn>} syntax in collector configuration.

• Chores

  • Rebranded as "Extend OpenTelemetry Lambda" fork.
  • Updated Node.js and collector dependencies to latest versions.
  • Simplified repository structure to focus on Node.js Lambda layer support.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9ffd238f-2f9a-4939-86de-21b3c7f37115

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[HeatherFlux]

Review of non-deleted files. Comments below are organized by priority. Nothing is a blocker for review-only, but flagging a few items to consider before #7 merges.

High priority

• extend/README.md contradicts the config on ARIZE_PROJECT_NAME — docs say env var, configs say per-request header
• Publish workflow leaks AWS creds to every step in every job; scope to publish job only
• @opentelemetry/instrumentation bumped to 0.214.0 while peer @opentelemetry/* exp packages stay at 0.213.0 — verify against lockfile

Medium

• Merged layer zip size not validated (only the pre-merge nodejs zip is checked)
• --compatible-runtimes drops nodejs20.x (still AWS-supported / LTS) — intentional?
• UPSTREAM.md prose says "three places" but lists four bullets
• Dependabot CodeArtifact token expires after 12h; static secret will silently break

Low / nits

• collector/lambdacomponents/exporter/logging.go now exports debugexporter — rename file
• Collector configs don't declare tls: explicitly (works by default, but explicit is clearer at a security boundary)
• publish-sandbox.sh omits --description on publish-layer-version
• CX_CONTRIB_SHA duplicated in 3 places + UPSTREAM.md; consider a single source file (non-blocking)

Fine as-is: CODEOWNERS, .gitignore, Makefile package-extend, MakeFactoryMap[T] migration in default.go, headerssetter.go registration, processor factory renames (NewTraces/NewMetrics/NewLogs), root README rewrite, deploy-nodejs.sh path update. Go dep bumps not reviewed in depth — assuming #7's CI builds them.

[jmsundar]

@HeatherFlux thanks for the thorough review. Threaded replies posted on each inline comment. On the review-body-only nit:

• CX_CONTRIB_SHA duplication (3 places + UPSTREAM.md) — folded into DEVOPS-2502 (upstream-sync skill) as a prerequisite, since the sync skill already needs a canonical pin file to diff against upstream. One source of truth will cover the scripts, workflow, and docs.

Code fixes for the remaining items land on feat/DEVOPS-2394-extend-otel-lambda (the #7 head branch) before #7 merges. Workflow cred scoping is deferred to DEVOPS-2504 (npm → pnpm migration under the DEVOPS-2503 epic).

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

.github/dependabot.yml (1)

57-62: ⚠️ Potential issue | 🟠 Major

Dependabot auth can silently break if CODEARTIFACT_AUTH_TOKEN is not rotated.

Line 61 still relies on a short-lived CodeArtifact token in Dependabot secrets. If rotation is missing, private package update PRs will stop (401s) without obvious signal.

#!/bin/bash
set -euo pipefail

echo "Checking for in-repo automation that rotates Dependabot/CodeArtifact secrets..."
rg -n -C2 'CODEARTIFACT_AUTH_TOKEN|gh secret set|aws codeartifact get-authorization-token|dependabot.*secret|dependabot.*token' || true

echo
echo "Checking for runbook/docs that declare external rotation ownership..."
rg -n -C2 'CodeArtifact|Dependabot|token|rotation|runbook|401' || true

Expected verification outcome:

• If no rotation automation/runbook is found, treat this as a confirmed reliability gap.
• If rotation is external, add an inline note here with owner/runbook link so this config stays maintainable.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/dependabot.yml around lines 57 - 62, Dependabot is using a
short-lived secret token (token: ${{secrets.CODEARTIFACT_AUTH_TOKEN}} under
registries -> codeartifact) which will silently fail if not rotated; add an
automated rotation workflow named e.g. rotate-dependabot-codeartifact-token that
runs on a schedule (or on expiry), calls AWS CLI aws codeartifact
get-authorization-token to fetch a fresh token and updates the repository secret
(gh secret set or the Actions Secrets REST API) so CODEARTIFACT_AUTH_TOKEN is
always current, and add a short runbook link or maintenance comment near the
registries/codeartifact block documenting the owner and where the
workflow/runbook lives.

🧹 Nitpick comments (10)

UPSTREAM.md (1)

19-21: Add a language specifier to the fenced code block.

The URL block is flagged by markdownlint (MD040). Adding a language identifier like text silences the warning and improves accessibility.

Proposed fix

-```
+```text
 https://github.com/open-telemetry/opentelemetry-lambda/compare/c9e67c4...main
 ```

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@UPSTREAM.md` around lines 19 - 21, The fenced code block containing the URL
is missing a language specifier, triggering markdownlint MD040; update the
triple-backtick fence that surrounds the URL
"https://github.com/open-telemetry/opentelemetry-lambda/compare/c9e67c4...main"
by adding a language identifier (e.g., use "text" so the opening fence becomes
```text) to silence the warning and improve accessibility.

scripts/build_nodejs_layer.sh (1)

80-85: Consider decoupling package.json from hardcoded tarball versions.

The npm install commands use glob patterns (*-*.tgz) which handle version changes, but the package.json files in cx-wrapper and layer reference exact versioned filenames (e.g., opentelemetry-instrumentation-aws-lambda-0.65.0.tgz). When contrib package versions are bumped, both the package.json files and this script need to align.

This is a pre-existing pattern, but consider centralizing version management to reduce maintenance burden.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/build_nodejs_layer.sh` around lines 80 - 85, The package.json files
in cx-wrapper and layer hardcode exact tarball filenames (e.g.,
opentelemetry-instrumentation-aws-lambda-0.65.0.tgz) which must be updated when
contrib versions bump; instead, centralize version references and decouple from
exact filenames: update the cx-wrapper and layer package.json to reference the
tarballs using a stable identifier (for example using
"file:../path/opentelemetry-instrumentation-aws-lambda-*.tgz" or a package
version string that resolves via a root-managed mapping), or move the expected
tarball names into a single source of truth (environment variables like
OPENTELEMETRY_TARBALL_AWS_LAMBDA or a versions JSON) and change the
build_nodejs_layer.sh npm install invocation to consume those variables
(OPENTELEMETRY_JS_CONTRIB_PATH and CWD already used) so bumping contrib versions
only requires updating the central version map rather than multiple package.json
files; locate changes in package.json entries for cx-wrapper and layer and in
the npm install block that references OPENTELEMETRY_JS_CONTRIB_PATH and CWD.

extend/README.md (1)

64-67: Add language specifier to fenced code block.

The code block for upstream sync commands should specify a language (e.g., bash or shell) for proper syntax highlighting and to satisfy linting.

Fix

-```
+```bash
 git fetch upstream coralogix-nodejs-autoinstrumentation
 git merge upstream/coralogix-nodejs-autoinstrumentation
 ```

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@extend/README.md` around lines 64 - 67, Update the fenced code block
containing the two git commands so it includes a language specifier (e.g., bash
or shell) after the opening backticks; locate the block showing "git fetch
upstream coralogix-nodejs-autoinstrumentation" and "git merge
upstream/coralogix-nodejs-autoinstrumentation" in extend/README.md and change
the opening ``` to ```bash (or ```shell) to enable proper syntax highlighting
and satisfy linting.

scripts/publish-sandbox.sh (2)

46-49: Consider cleaning up build-sandbox/ on success or adding .gitignore entry.

The build-sandbox/ directory is created but not cleaned up after publishing. If this is intentional (for debugging), consider adding it to .gitignore. If not, add cleanup at the end.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/publish-sandbox.sh` around lines 46 - 49, The script creates a
temporary build directory ("build-sandbox") but never removes it; either remove
it on successful publish or ensure it is intentionally preserved by adding it to
.gitignore. Update the publish flow in scripts/publish-sandbox.sh to delete
build-sandbox on success (e.g., run an rm -rf build-sandbox at the end of the
script after creating layer.zip) or, if you want to keep it for debugging, add
"build-sandbox/" to the repo .gitignore so it is not checked in.

---

21-21: Same variable-override issue as build-nodejs.sh.

This script has the same conflation of "user-provided checkout" vs. "auto-cloned cache" for OPENTELEMETRY_JS_CONTRIB_PATH. Consider applying the same fix suggested for build-nodejs.sh.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/publish-sandbox.sh` at line 21, The assignment conflates a
user-provided checkout path (OPENTELEMETRY_JS_CONTRIB_PATH) with the auto-cloned
cache; change the cache variable to a distinct name and default only from a
cache-specific env var so user checkout isn't overridden. Replace the line
setting CX_CONTRIB_CACHE to instead derive from something like
OPENTELEMETRY_JS_CONTRIB_CACHE_PATH (fallback to
.build-cache/opentelemetry-js-contrib) and leave OPENTELEMETRY_JS_CONTRIB_PATH
untouched; update any subsequent uses of CX_CONTRIB_CACHE to the new cache
variable name (or vice versa) so code clearly distinguishes user checkout
(OPENTELEMETRY_JS_CONTRIB_PATH) from the auto-cloned cache.

scripts/build-nodejs.sh (2)

21-21: Clarify variable semantics: override vs. cache path.

CX_CONTRIB_CACHE conflates two concepts: when OPENTELEMETRY_JS_CONTRIB_PATH is set, it's meant to point at an existing checkout (per the comment on line 10-11), but the script still tries to clone/fetch into that path at lines 24-29. If a user sets OPENTELEMETRY_JS_CONTRIB_PATH to a custom local checkout they're hacking on, the script will mutate it by checking out CX_CONTRIB_SHA.

Consider skipping the clone/fetch/checkout logic entirely when OPENTELEMETRY_JS_CONTRIB_PATH is pre-set, or rename the variable to clarify intent.

Suggested approach

-CX_CONTRIB_CACHE="${OPENTELEMETRY_JS_CONTRIB_PATH:-$ROOT_DIR/.build-cache/opentelemetry-js-contrib}"
+if [ -n "${OPENTELEMETRY_JS_CONTRIB_PATH:-}" ]; then
+	echo "==> using provided OPENTELEMETRY_JS_CONTRIB_PATH: $OPENTELEMETRY_JS_CONTRIB_PATH"
+	# Skip clone/fetch/checkout — user is responsible for the checkout state
+else
+	CX_CONTRIB_CACHE="$ROOT_DIR/.build-cache/opentelemetry-js-contrib"
+	echo "==> resolving cx-contrib fork at $CX_CONTRIB_SHA"
+	if [ ! -d "$CX_CONTRIB_CACHE/.git" ]; then
+		mkdir -p "$(dirname "$CX_CONTRIB_CACHE")"
+		git clone --filter=blob:none "$CX_CONTRIB_REPO" "$CX_CONTRIB_CACHE"
+	fi
+	git -C "$CX_CONTRIB_CACHE" fetch --quiet origin "$CX_CONTRIB_SHA" 2>/dev/null || git -C "$CX_CONTRIB_CACHE" fetch --quiet origin
+	git -C "$CX_CONTRIB_CACHE" checkout --quiet "$CX_CONTRIB_SHA"
+	export OPENTELEMETRY_JS_CONTRIB_PATH
+	OPENTELEMETRY_JS_CONTRIB_PATH="$(cd "$CX_CONTRIB_CACHE" && pwd)"
+fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/build-nodejs.sh` at line 21, The variable CX_CONTRIB_CACHE currently
conflates a user-provided checkout override (OPENTELEMETRY_JS_CONTRIB_PATH) with
a writable cache path and causes the script to mutate an external checkout;
update the script so OPENTELEMETRY_JS_CONTRIB_PATH is treated as a read-only
override and cloning/fetch/checkout logic is skipped when it is set, leaving
CX_CONTRIB_CACHE as the fallback cache path used only when
OPENTELEMETRY_JS_CONTRIB_PATH is empty; locate references to CX_CONTRIB_CACHE
and the clone/fetch/checkout block (the clone/fetch/checkout logic that checks
out CX_CONTRIB_SHA) and add a guard like "if OPENTELEMETRY_JS_CONTRIB_PATH is
empty then create/use CX_CONTRIB_CACHE and perform clone/fetch/checkout, else
set source_dir=OPENTELEMETRY_JS_CONTRIB_PATH and skip mutating operations" so
external checkouts are not modified.

---

31-32: Export after assignment for clarity.

The export on line 31 before the assignment on line 32 works but is non-obvious. The more common idiom is to assign then export, or combine them.

Minor style fix

-export OPENTELEMETRY_JS_CONTRIB_PATH
-OPENTELEMETRY_JS_CONTRIB_PATH="$(cd "$CX_CONTRIB_CACHE" && pwd)"
+OPENTELEMETRY_JS_CONTRIB_PATH="$(cd "$CX_CONTRIB_CACHE" && pwd)"
+export OPENTELEMETRY_JS_CONTRIB_PATH

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/build-nodejs.sh` around lines 31 - 32, Move the export to follow the
assignment for clarity by assigning OPENTELEMETRY_JS_CONTRIB_PATH first and then
exporting it (i.e. OPENTELEMETRY_JS_CONTRIB_PATH="$(cd "$CX_CONTRIB_CACHE" &&
pwd)"; export OPENTELEMETRY_JS_CONTRIB_PATH), or combine into a single line
export OPENTELEMETRY_JS_CONTRIB_PATH="$(cd "$CX_CONTRIB_CACHE" && pwd)"; modify
the existing export/assignment using the OPENTELEMETRY_JS_CONTRIB_PATH and
CX_CONTRIB_CACHE symbols accordingly.

README.md (1)

7-7: Consider if internal references should be in a public README.

The Jira ticket link and AWS account ID (line 28) are internal references. If this repository could become public or is already public, consider moving these to an internal document or gating them behind access controls.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 7, Remove or gate internal references in the public README
by either deleting or moving the "Ticket: [DEVOPS-2394]" Jira link and the
explicit AWS account ID string out of the README and into an internal document
or environment-gated file; update references in the README to a generic
placeholder (e.g., "internal ticket" / "internal AWS account") or add
instructions pointing to the internal doc, and ensure any CI/docs that
previously referenced these exact strings (search for "DEVOPS-2394" and the AWS
account ID) are updated to use the new internal location or a secure
configuration mechanism.

collector/receiver/telemetryapireceiver/go.mod (1)

19-19: semconv version skew with other collector modules.

go.opentelemetry.io/collector/semconv remains at v0.109.0 while other collector modules are upgraded to v0.150.0/v1.56.0. This version gap could cause compatibility issues if semconv types or constants have changed between versions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@collector/receiver/telemetryapireceiver/go.mod` at line 19, Update the
semconv module to match the other OpenTelemetry collector modules by changing
the go.mod entry for go.opentelemetry.io/collector/semconv to the same major
version used elsewhere (e.g., v0.150.0), then run dependency reconciliation (go
mod tidy / go env GOFLAGS as appropriate) and rebuild/tests to ensure no
compatibility errors; target the go.mod line containing
"go.opentelemetry.io/collector/semconv" and verify imports compile against the
updated semconv constants/types.

.github/workflows/publish-extend-otel-layer.yml (1)

76-79: Static analysis: Inline flow mapping with expressions causes YAML parser errors.

The inline syntax { name: collector-${{ matrix.architecture }}, ... } confuses YAML linters because ${{ after { appears to be a nested flow mapping. While GitHub Actions processes this correctly, it prevents standard linting tools from validating the workflow.

♻️ Proposed fix: Use block mapping syntax

       - uses: actions/download-artifact@v4
-        with: { name: collector-${{ matrix.architecture }}, path: dl/collector }
+        with:
+          name: collector-${{ matrix.architecture }}
+          path: dl/collector
       - uses: actions/download-artifact@v4
-        with: { name: nodejs-layer, path: dl/nodejs }
+        with:
+          name: nodejs-layer
+          path: dl/nodejs

Also consider updating line 51 to block mapping syntax for consistency.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/publish-extend-otel-layer.yml around lines 76 - 79, The
workflow uses inline flow mappings like the actions/download-artifact@v4 steps
with "with: { name: collector-${{ matrix.architecture }}, path: dl/collector }"
and "with: { name: nodejs-layer, path: dl/nodejs }" which break YAML linters;
change these to block mapping form so linters accept them — e.g., replace the
inline "with: { ... }" for the download-artifact steps (and the similar
occurrence near the earlier download step referenced in the comment) with block
mappings using "with:" then indented "name: <...>" and "path: <...>" entries,
preserving the same values (collector-${{ matrix.architecture }}, nodejs-layer,
dl/collector, dl/nodejs).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/publish-extend-otel-layer.yml:
- Around line 76-93: The workflow is missing a repository checkout so
./scripts/check_size.sh (and other repo files) aren't present; add an
actions/checkout@v4 step in the package-and-publish job before the step that
runs ./scripts/check_size.sh (i.e., before the step that sets FILE_PATH and
MAX_SIZE and runs ./scripts/check_size.sh) so the script and repo files are
available to the runner.

In `@extend/collector-config-cx-arize-s3.yaml`:
- Line 5: The comment flags an inconsistent property name: the YAML uses
arizeTracingProps while docs reference otelTracingProps; update all occurrences
so the property name is consistent—choose the canonical name (prefer
otelTracingProps to match README) and replace arizeTracingProps in the
NodeLambdaBuilder-related config and any examples, tests or documentation so
references to arizeTracingProps are removed and otelTracingProps is used
everywhere.

In `@extend/README.md`:
- Around line 58-60: The workflow publish-extend-otel-layer.yml currently
publishes layer ARNs but doesn't write the published layer version to SSM;
update the step that extracts the published layer version ARN (the step/variable
that captures the layer version output, e.g., LAYER_VERSION_ARN or similar) to
add a new step using aws-actions/configure-aws-credentials + either aws cli or
aws-actions/ssm to call put-parameter and store the layer version under
/extend/otel-lambda/layer-version/${{ matrix.arch }} (or the equivalent arch
variable used in the job), ensuring the parameter value is the layer version
number or ARN as expected and use --overwrite to update; then remove the first
TODO checkbox line from extend/README.md (or mark it checked) so only the SSM
publish TODO remains.

In `@UPSTREAM.md`:
- Around line 29-33: The git fetch line is incorrect because `git fetch upstream
otel-upstream` treats `otel-upstream` as a refspec on the `upstream` remote;
update the example so it actually fetches both remotes by replacing that single
fetch with two separate fetch invocations (one for the `upstream` remote and one
for the `otel-upstream` remote) or alternatively use a single `git fetch --all`
invocation; modify the block that contains the `git remote add upstream`, `git
remote add otel-upstream`, and `git fetch ...` lines accordingly so the shown
commands correctly fetch from both remotes.

---

Duplicate comments:
In @.github/dependabot.yml:
- Around line 57-62: Dependabot is using a short-lived secret token (token:
${{secrets.CODEARTIFACT_AUTH_TOKEN}} under registries -> codeartifact) which
will silently fail if not rotated; add an automated rotation workflow named e.g.
rotate-dependabot-codeartifact-token that runs on a schedule (or on expiry),
calls AWS CLI aws codeartifact get-authorization-token to fetch a fresh token
and updates the repository secret (gh secret set or the Actions Secrets REST
API) so CODEARTIFACT_AUTH_TOKEN is always current, and add a short runbook link
or maintenance comment near the registries/codeartifact block documenting the
owner and where the workflow/runbook lives.

---

Nitpick comments:
In @.github/workflows/publish-extend-otel-layer.yml:
- Around line 76-79: The workflow uses inline flow mappings like the
actions/download-artifact@v4 steps with "with: { name: collector-${{
matrix.architecture }}, path: dl/collector }" and "with: { name: nodejs-layer,
path: dl/nodejs }" which break YAML linters; change these to block mapping form
so linters accept them — e.g., replace the inline "with: { ... }" for the
download-artifact steps (and the similar occurrence near the earlier download
step referenced in the comment) with block mappings using "with:" then indented
"name: <...>" and "path: <...>" entries, preserving the same values
(collector-${{ matrix.architecture }}, nodejs-layer, dl/collector, dl/nodejs).

In `@collector/receiver/telemetryapireceiver/go.mod`:
- Line 19: Update the semconv module to match the other OpenTelemetry collector
modules by changing the go.mod entry for go.opentelemetry.io/collector/semconv
to the same major version used elsewhere (e.g., v0.150.0), then run dependency
reconciliation (go mod tidy / go env GOFLAGS as appropriate) and rebuild/tests
to ensure no compatibility errors; target the go.mod line containing
"go.opentelemetry.io/collector/semconv" and verify imports compile against the
updated semconv constants/types.

In `@extend/README.md`:
- Around line 64-67: Update the fenced code block containing the two git
commands so it includes a language specifier (e.g., bash or shell) after the
opening backticks; locate the block showing "git fetch upstream
coralogix-nodejs-autoinstrumentation" and "git merge
upstream/coralogix-nodejs-autoinstrumentation" in extend/README.md and change
the opening ``` to ```bash (or ```shell) to enable proper syntax highlighting
and satisfy linting.

In `@README.md`:
- Line 7: Remove or gate internal references in the public README by either
deleting or moving the "Ticket: [DEVOPS-2394]" Jira link and the explicit AWS
account ID string out of the README and into an internal document or
environment-gated file; update references in the README to a generic placeholder
(e.g., "internal ticket" / "internal AWS account") or add instructions pointing
to the internal doc, and ensure any CI/docs that previously referenced these
exact strings (search for "DEVOPS-2394" and the AWS account ID) are updated to
use the new internal location or a secure configuration mechanism.

In `@scripts/build_nodejs_layer.sh`:
- Around line 80-85: The package.json files in cx-wrapper and layer hardcode
exact tarball filenames (e.g.,
opentelemetry-instrumentation-aws-lambda-0.65.0.tgz) which must be updated when
contrib versions bump; instead, centralize version references and decouple from
exact filenames: update the cx-wrapper and layer package.json to reference the
tarballs using a stable identifier (for example using
"file:../path/opentelemetry-instrumentation-aws-lambda-*.tgz" or a package
version string that resolves via a root-managed mapping), or move the expected
tarball names into a single source of truth (environment variables like
OPENTELEMETRY_TARBALL_AWS_LAMBDA or a versions JSON) and change the
build_nodejs_layer.sh npm install invocation to consume those variables
(OPENTELEMETRY_JS_CONTRIB_PATH and CWD already used) so bumping contrib versions
only requires updating the central version map rather than multiple package.json
files; locate changes in package.json entries for cx-wrapper and layer and in
the npm install block that references OPENTELEMETRY_JS_CONTRIB_PATH and CWD.

In `@scripts/build-nodejs.sh`:
- Line 21: The variable CX_CONTRIB_CACHE currently conflates a user-provided
checkout override (OPENTELEMETRY_JS_CONTRIB_PATH) with a writable cache path and
causes the script to mutate an external checkout; update the script so
OPENTELEMETRY_JS_CONTRIB_PATH is treated as a read-only override and
cloning/fetch/checkout logic is skipped when it is set, leaving CX_CONTRIB_CACHE
as the fallback cache path used only when OPENTELEMETRY_JS_CONTRIB_PATH is
empty; locate references to CX_CONTRIB_CACHE and the clone/fetch/checkout block
(the clone/fetch/checkout logic that checks out CX_CONTRIB_SHA) and add a guard
like "if OPENTELEMETRY_JS_CONTRIB_PATH is empty then create/use CX_CONTRIB_CACHE
and perform clone/fetch/checkout, else set
source_dir=OPENTELEMETRY_JS_CONTRIB_PATH and skip mutating operations" so
external checkouts are not modified.
- Around line 31-32: Move the export to follow the assignment for clarity by
assigning OPENTELEMETRY_JS_CONTRIB_PATH first and then exporting it (i.e.
OPENTELEMETRY_JS_CONTRIB_PATH="$(cd "$CX_CONTRIB_CACHE" && pwd)"; export
OPENTELEMETRY_JS_CONTRIB_PATH), or combine into a single line export
OPENTELEMETRY_JS_CONTRIB_PATH="$(cd "$CX_CONTRIB_CACHE" && pwd)"; modify the
existing export/assignment using the OPENTELEMETRY_JS_CONTRIB_PATH and
CX_CONTRIB_CACHE symbols accordingly.

In `@scripts/publish-sandbox.sh`:
- Around line 46-49: The script creates a temporary build directory
("build-sandbox") but never removes it; either remove it on successful publish
or ensure it is intentionally preserved by adding it to .gitignore. Update the
publish flow in scripts/publish-sandbox.sh to delete build-sandbox on success
(e.g., run an rm -rf build-sandbox at the end of the script after creating
layer.zip) or, if you want to keep it for debugging, add "build-sandbox/" to the
repo .gitignore so it is not checked in.
- Line 21: The assignment conflates a user-provided checkout path
(OPENTELEMETRY_JS_CONTRIB_PATH) with the auto-cloned cache; change the cache
variable to a distinct name and default only from a cache-specific env var so
user checkout isn't overridden. Replace the line setting CX_CONTRIB_CACHE to
instead derive from something like OPENTELEMETRY_JS_CONTRIB_CACHE_PATH (fallback
to .build-cache/opentelemetry-js-contrib) and leave
OPENTELEMETRY_JS_CONTRIB_PATH untouched; update any subsequent uses of
CX_CONTRIB_CACHE to the new cache variable name (or vice versa) so code clearly
distinguishes user checkout (OPENTELEMETRY_JS_CONTRIB_PATH) from the auto-cloned
cache.

In `@UPSTREAM.md`:
- Around line 19-21: The fenced code block containing the URL is missing a
language specifier, triggering markdownlint MD040; update the triple-backtick
fence that surrounds the URL
"https://github.com/open-telemetry/opentelemetry-lambda/compare/c9e67c4...main"
by adding a language identifier (e.g., use "text" so the opening fence becomes
```text) to silence the warning and improve accessibility.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7d9ad144-4c26-401b-a073-38df7bf2d025

📥 Commits

Reviewing files that changed from the base of the PR and between 8838714 and 29de79a.

⛔ Files ignored due to path filters (7)

• collector/go.sum is excluded by !**/*.sum
• collector/lambdacomponents/go.sum is excluded by !**/*.sum
• collector/processor/coldstartprocessor/go.sum is excluded by !**/*.sum
• collector/processor/decoupleprocessor/go.sum is excluded by !**/*.sum
• collector/receiver/telemetryapireceiver/go.sum is excluded by !**/*.sum
• go/sample-apps/function/go.sum is excluded by !**/*.sum
• java/gradle/wrapper/gradle-wrapper.jar is excluded by !**/*.jar

📒 Files selected for processing (172)

• .github/CODEOWNERS
• .github/ISSUE_TEMPLATE/bug_report.md
• .github/ISSUE_TEMPLATE/feature_request.md
• .github/dependabot.yml
• .github/release.yml
• .github/workflows/ci-collector.yml
• .github/workflows/ci-java.yml
• .github/workflows/ci-nodejs.yml
• .github/workflows/ci-python.yml
• .github/workflows/ci-shellcheck.yml
• .github/workflows/ci-terraform.yml
• .github/workflows/close-stale.yaml
• .github/workflows/codeql.yml
• .github/workflows/layer-publish.yml
• .github/workflows/publish-extend-otel-layer.yml
• .github/workflows/publish-nodejs.yml
• .github/workflows/release-layer-collector.yml
• .github/workflows/release-layer-java.yml
• .github/workflows/release-layer-nodejs.yml
• .github/workflows/release-layer-python.yml
• .github/workflows/release-layer-ruby.yml
• .gitignore
• CONTRIBUTING.md
• README.md
• RELEASE.md
• UPSTREAM.md
• ci-scripts/publish_layer.sh
• ci-scripts/publish_production.sh
• ci-scripts/publish_test.sh
• collector/Makefile
• collector/Makefile.Common
• collector/config.yaml
• collector/go.mod
• collector/lambdacomponents/default.go
• collector/lambdacomponents/exporter/debug.go
• collector/lambdacomponents/extension/headerssetter.go
• collector/lambdacomponents/go.mod
• collector/processor/coldstartprocessor/factory.go
• collector/processor/coldstartprocessor/go.mod
• collector/processor/decoupleprocessor/factory.go
• collector/processor/decoupleprocessor/go.mod
• collector/receiver/telemetryapireceiver/go.mod
• dev/build-nodejs.sh
• docs/design_proposal.md
• dotnet/README.md
• dotnet/sample-apps/aws-sdk/deploy/wrapper/main.tf
• dotnet/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• dotnet/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/AwsSdkSample.sln
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/AwsSdkSample/AwsSdkSample.csproj
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/AwsSdkSample/Function.cs
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/AwsSdkSample/Properties/launchSettings.json
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/build.sh
• extend/README.md
• extend/collector-config-cx-arize-s3.yaml
• extend/collector-config-cx-arize.yaml
• extend/collector-config-cx-only.yaml
• go/README.md
• go/sample-apps/aws-sdk/deploy/wrapper/main.tf
• go/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• go/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• go/sample-apps/function/build.sh
• go/sample-apps/function/function.go
• go/sample-apps/function/go.mod
• java/README.md
• java/awssdk-autoconfigure/build.gradle.kts
• java/awssdk-autoconfigure/src/main/java/io/opentelemetry/instrumentation/awssdk/v2_2/autoconfigure/AutoconfiguredTracingExecutionInterceptor.java
• java/awssdk-autoconfigure/src/main/resources/software/amazon/awssdk/global/handlers/execution.interceptors
• java/build.gradle.kts
• java/dependencyManagement/build.gradle.kts
• java/gradle.properties
• java/gradle/wrapper/gradle-wrapper.properties
• java/gradlew
• java/gradlew.bat
• java/layer-javaagent/build.gradle.kts
• java/layer-javaagent/scripts/otel-handler
• java/layer-wrapper/build.gradle.kts
• java/layer-wrapper/scripts/otel-handler
• java/layer-wrapper/scripts/otel-proxy-handler
• java/layer-wrapper/scripts/otel-sqs-handler
• java/layer-wrapper/scripts/otel-stream-handler
• java/sample-apps/aws-sdk/README.md
• java/sample-apps/aws-sdk/build.gradle.kts
• java/sample-apps/aws-sdk/deploy/agent/main.tf
• java/sample-apps/aws-sdk/deploy/agent/outputs.tf
• java/sample-apps/aws-sdk/deploy/agent/variables.tf
• java/sample-apps/aws-sdk/deploy/wrapper/main.tf
• java/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• java/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• java/sample-apps/aws-sdk/src/main/java/io/opentelemetry/lambda/sampleapps/awssdk/AwsSdkRequestHandler.java
• java/sample-apps/aws-sdk/src/main/resources/log4j2.xml
• java/sample-apps/okhttp/README.md
• java/sample-apps/okhttp/build.gradle.kts
• java/sample-apps/okhttp/deploy/wrapper/main.tf
• java/sample-apps/okhttp/deploy/wrapper/outputs.tf
• java/sample-apps/okhttp/deploy/wrapper/variables.tf
• java/sample-apps/okhttp/src/main/java/io/opentelemetry/lambda/sampleapps/okhttp/OkHttpRequestHandler.java
• java/sample-apps/okhttp/src/main/resources/log4j2.xml
• java/sample-apps/sqs/README.md
• java/sample-apps/sqs/build.gradle.kts
• java/sample-apps/sqs/deploy/agent/main.tf
• java/sample-apps/sqs/deploy/agent/outputs.tf
• java/sample-apps/sqs/deploy/agent/variables.tf
• java/sample-apps/sqs/deploy/wrapper/main.tf
• java/sample-apps/sqs/deploy/wrapper/outputs.tf
• java/sample-apps/sqs/deploy/wrapper/variables.tf
• java/sample-apps/sqs/src/main/java/io/opentelemetry/lambda/sampleapps/sqs/SqsRequestHandler.java
• java/sample-apps/sqs/src/main/resources/log4j2.xml
• java/settings.gradle.kts
• nodejs/.commitlintrc.yml
• nodejs/.editorconfig
• nodejs/.gitattributes
• nodejs/.npmignore
• nodejs/README.md
• nodejs/eslint.config.js
• nodejs/lerna.json
• nodejs/packages/cx-wrapper/package.json
• nodejs/packages/layer/package.json
• nodejs/sample-apps/aws-sdk/.eslintignore
• nodejs/sample-apps/aws-sdk/.eslintrc.js
• nodejs/sample-apps/aws-sdk/README.md
• nodejs/sample-apps/aws-sdk/config.yaml
• nodejs/sample-apps/aws-sdk/deploy/wrapper/main.tf
• nodejs/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• nodejs/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• nodejs/sample-apps/aws-sdk/package.json
• nodejs/sample-apps/aws-sdk/src/index.ts
• nodejs/sample-apps/aws-sdk/tsconfig.json
• python/README.md
• python/sample-apps/aws-sdk/deploy/wrapper/main.tf
• python/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• python/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• python/sample-apps/build.sh
• python/sample-apps/function/lambda_function.py
• python/sample-apps/function/requirements.txt
• python/sample-apps/run.sh
• python/sample-apps/template.yml
• python/src/build.sh
• python/src/otel/Dockerfile
• python/src/otel/Makefile
• python/src/otel/otel_sdk/nodeps-requirements.txt
• python/src/otel/otel_sdk/otel-instrument
• python/src/otel/otel_sdk/otel_wrapper.py
• python/src/otel/otel_sdk/requirements.txt
• python/src/otel/tests/mocks/lambda_function.py
• python/src/otel/tests/nodeps-requirements.txt
• python/src/otel/tests/requirements.txt
• python/src/otel/tests/test_otel.py
• python/src/run.sh
• python/src/template.yml
• python/src/tox.ini
• ruby/README.md
• ruby/sample-apps/function/Gemfile
• ruby/sample-apps/function/lambda_function.rb
• ruby/sample-apps/template.yml
• ruby/src/build.sh
• ruby/src/otel/Dockerfile
• ruby/src/otel/layer/Gemfile
• ruby/src/otel/layer/Makefile
• ruby/src/otel/layer/otel-handler
• ruby/src/otel/layer/wrapper.rb
• ruby/src/template.yml
• ruby/src/zip_ruby_layer.sh
• scripts/build-nodejs.sh
• scripts/build_nodejs_layer.sh
• scripts/check_size.sh
• scripts/deploy-nodejs.sh
• scripts/publish-sandbox.sh
• utils/sam/run.sh
• utils/terraform/api-gateway-proxy/main.tf
• utils/terraform/api-gateway-proxy/outputs.tf
• utils/terraform/api-gateway-proxy/variables.tf

💤 Files with no reviewable changes (142)

• java/gradle.properties
• java/awssdk-autoconfigure/src/main/resources/software/amazon/awssdk/global/handlers/execution.interceptors
• go/README.md
• nodejs/sample-apps/aws-sdk/.eslintignore
• java/gradle/wrapper/gradle-wrapper.properties
• java/sample-apps/sqs/deploy/agent/outputs.tf
• nodejs/.npmignore
• ci-scripts/publish_production.sh
• python/sample-apps/function/requirements.txt
• go/sample-apps/function/go.mod
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/AwsSdkSample/Properties/launchSettings.json
• java/sample-apps/aws-sdk/src/main/resources/log4j2.xml
• java/sample-apps/okhttp/src/main/resources/log4j2.xml
• java/awssdk-autoconfigure/build.gradle.kts
• go/sample-apps/function/build.sh
• nodejs/.editorconfig
• collector/config.yaml
• dotnet/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• python/src/otel/tests/mocks/lambda_function.py
• java/sample-apps/aws-sdk/README.md
• nodejs/sample-apps/aws-sdk/README.md
• python/README.md
• ci-scripts/publish_test.sh
• nodejs/lerna.json
• java/sample-apps/okhttp/deploy/wrapper/outputs.tf
• nodejs/.commitlintrc.yml
• python/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• java/sample-apps/okhttp/build.gradle.kts
• dotnet/README.md
• ruby/src/otel/layer/wrapper.rb
• python/sample-apps/run.sh
• java/layer-wrapper/build.gradle.kts
• java/sample-apps/sqs/build.gradle.kts
• python/src/run.sh
• ruby/src/otel/layer/Gemfile
• python/src/otel/tests/nodeps-requirements.txt
• java/gradlew
• go/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• ruby/sample-apps/function/Gemfile
• python/sample-apps/build.sh
• nodejs/.gitattributes
• ruby/src/build.sh
• java/layer-javaagent/scripts/otel-handler
• .github/release.yml
• docs/design_proposal.md
• python/src/build.sh
• go/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/build.sh
• nodejs/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• nodejs/eslint.config.js
• .github/workflows/close-stale.yaml
• .github/workflows/ci-nodejs.yml
• java/build.gradle.kts
• java/layer-wrapper/scripts/otel-stream-handler
• java/README.md
• java/sample-apps/okhttp/README.md
• nodejs/sample-apps/aws-sdk/tsconfig.json
• nodejs/sample-apps/aws-sdk/package.json
• java/sample-apps/aws-sdk/build.gradle.kts
• java/awssdk-autoconfigure/src/main/java/io/opentelemetry/instrumentation/awssdk/v2_2/autoconfigure/AutoconfiguredTracingExecutionInterceptor.java
• java/sample-apps/sqs/src/main/java/io/opentelemetry/lambda/sampleapps/sqs/SqsRequestHandler.java
• python/src/otel/Makefile
• java/sample-apps/aws-sdk/deploy/wrapper/outputs.tf
• java/sample-apps/aws-sdk/deploy/wrapper/main.tf
• python/src/otel/otel_sdk/requirements.txt
• python/src/otel/otel_sdk/otel-instrument
• CONTRIBUTING.md
• python/sample-apps/aws-sdk/deploy/wrapper/main.tf
• nodejs/sample-apps/aws-sdk/deploy/wrapper/main.tf
• python/src/otel/Dockerfile
• java/sample-apps/okhttp/src/main/java/io/opentelemetry/lambda/sampleapps/okhttp/OkHttpRequestHandler.java
• .github/workflows/ci-terraform.yml
• ruby/sample-apps/template.yml
• python/src/template.yml
• .github/workflows/release-layer-python.yml
• java/settings.gradle.kts
• java/sample-apps/aws-sdk/src/main/java/io/opentelemetry/lambda/sampleapps/awssdk/AwsSdkRequestHandler.java
• java/layer-wrapper/scripts/otel-handler
• ruby/src/otel/Dockerfile
• nodejs/sample-apps/aws-sdk/src/index.ts
• ruby/src/template.yml
• RELEASE.md
• ruby/src/otel/layer/Makefile
• python/src/otel/tests/requirements.txt
• ruby/README.md
• java/sample-apps/sqs/README.md
• java/layer-javaagent/build.gradle.kts
• java/sample-apps/aws-sdk/deploy/agent/main.tf
• .github/workflows/ci-shellcheck.yml
• .github/workflows/release-layer-collector.yml
• java/dependencyManagement/build.gradle.kts
• .github/workflows/release-layer-nodejs.yml
• java/sample-apps/sqs/deploy/wrapper/outputs.tf
• .github/workflows/ci-collector.yml
• java/layer-wrapper/scripts/otel-sqs-handler
• java/sample-apps/okhttp/deploy/wrapper/main.tf
• ruby/src/otel/layer/otel-handler
• .github/workflows/ci-java.yml
• .github/workflows/release-layer-java.yml
• java/layer-wrapper/scripts/otel-proxy-handler
• python/sample-apps/function/lambda_function.py
• utils/terraform/api-gateway-proxy/variables.tf
• dotnet/sample-apps/aws-sdk/deploy/wrapper/main.tf
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/AwsSdkSample/Function.cs
• python/src/otel/otel_sdk/nodeps-requirements.txt
• .github/workflows/codeql.yml
• ruby/src/zip_ruby_layer.sh
• ci-scripts/publish_layer.sh
• nodejs/sample-apps/aws-sdk/.eslintrc.js
• ruby/sample-apps/function/lambda_function.rb
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/AwsSdkSample/AwsSdkSample.csproj
• .github/workflows/release-layer-ruby.yml
• nodejs/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• java/sample-apps/sqs/deploy/wrapper/variables.tf
• python/sample-apps/template.yml
• java/sample-apps/sqs/src/main/resources/log4j2.xml
• dev/build-nodejs.sh
• go/sample-apps/function/function.go
• .github/workflows/ci-python.yml
• java/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• python/src/tox.ini
• java/gradlew.bat
• utils/sam/run.sh
• dotnet/sample-apps/aws-sdk/wrapper/SampleApps/AwsSdkSample.sln
• dotnet/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• java/sample-apps/okhttp/deploy/wrapper/variables.tf
• java/sample-apps/aws-sdk/deploy/agent/variables.tf
• java/sample-apps/sqs/deploy/wrapper/main.tf
• nodejs/sample-apps/aws-sdk/config.yaml
• .github/ISSUE_TEMPLATE/bug_report.md
• python/src/otel/tests/test_otel.py
• python/sample-apps/aws-sdk/deploy/wrapper/variables.tf
• .github/workflows/publish-nodejs.yml
• .github/ISSUE_TEMPLATE/feature_request.md
• utils/terraform/api-gateway-proxy/outputs.tf
• java/sample-apps/sqs/deploy/agent/main.tf
• utils/terraform/api-gateway-proxy/main.tf
• go/sample-apps/aws-sdk/deploy/wrapper/main.tf
• java/sample-apps/sqs/deploy/agent/variables.tf
• python/src/otel/otel_sdk/otel_wrapper.py
• java/sample-apps/aws-sdk/deploy/agent/outputs.tf
• .github/workflows/layer-publish.yml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Missing repository checkout causes check_size.sh to fail.

The package-and-publish job references ./scripts/check_size.sh at line 93, but the job doesn't include an actions/checkout@v4 step. Without checking out the repository, the script won't exist in the runner's workspace and the workflow will fail.

🐛 Proposed fix: Add checkout step before size check

   package-and-publish:
     needs: [build-collector, build-nodejs]
     runs-on: blacksmith-4vcpu-ubuntu-2404
     strategy:
       fail-fast: false
       matrix:
         architecture: [amd64, arm64]
         region: [us-east-1, us-west-2]
     steps:
+      - uses: actions/checkout@v4
+        with:
+          sparse-checkout: scripts
       - uses: actions/download-artifact@v4
         with: { name: collector-${{ matrix.architecture }}, path: dl/collector }

🧰 Tools

🪛 actionlint (1.7.12)

[error] 76-76: could not parse as YAML: did not find expected ',' or '}'

(syntax-check)

🪛 YAMLlint (1.38.0)

[error] 77-77: syntax error: expected ',' or '}', but got '{'

(syntax)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/publish-extend-otel-layer.yml around lines 76 - 93, The
workflow is missing a repository checkout so ./scripts/check_size.sh (and other
repo files) aren't present; add an actions/checkout@v4 step in the
package-and-publish job before the step that runs ./scripts/check_size.sh (i.e.,
before the step that sets FILE_PATH and MAX_SIZE and runs
./scripts/check_size.sh) so the script and repo files are available to the
runner.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Inconsistent prop name: arizeTracingProps vs otelTracingProps.

Line 5 references arizeTracingProps, but README.md (line 40) and the root README document the prop as otelTracingProps. This inconsistency could confuse consumers.

Suggested fix

-# NodeLambdaBuilder when `arizeTracingProps` is provided.
+# NodeLambdaBuilder when `otelTracingProps` is provided.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# NodeLambdaBuilder when `arizeTracingProps` is provided.
	# NodeLambdaBuilder when `otelTracingProps` is provided.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@extend/collector-config-cx-arize-s3.yaml` at line 5, The comment flags an
inconsistent property name: the YAML uses arizeTracingProps while docs reference
otelTracingProps; update all occurrences so the property name is
consistent—choose the canonical name (prefer otelTracingProps to match README)
and replace arizeTracingProps in the NodeLambdaBuilder-related config and any
examples, tests or documentation so references to arizeTracingProps are removed
and otelTracingProps is used everywhere.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check if the GitHub Actions workflow already exists
fd -t f 'publish-extend-otel-layer.yml' .github/workflows/

# Check if there's any SSM-related code in the workflow
rg -n 'SSM|ssm|layer-version' .github/workflows/ || echo "No SSM references found in workflows"

Repository: helloextend/opentelemetry-lambda

Length of output: 336

---

🏁 Script executed:

cat -n .github/workflows/publish-extend-otel-layer.yml

Repository: helloextend/opentelemetry-lambda

Length of output: 5264

---

🏁 Script executed:

wc -l .github/workflows/publish-extend-otel-layer.yml && tail -20 .github/workflows/publish-extend-otel-layer.yml

Repository: helloextend/opentelemetry-lambda

Length of output: 1042

---

First TODO item can be checked off; second item still pending.

The workflow publish-extend-otel-layer.yml successfully publishes Lambda layers to Extend AWS accounts in us-east-1 and us-west-2 regions. However, it does not publish the layer version ARN to SSM Parameter Store at /extend/otel-lambda/layer-version/{arch} for CDK lookup. Update the workflow to store the published layer version (extracted at line 108) in SSM Parameter Store, then check off the first item and remove it from the TODO list.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@extend/README.md` around lines 58 - 60, The workflow
publish-extend-otel-layer.yml currently publishes layer ARNs but doesn't write
the published layer version to SSM; update the step that extracts the published
layer version ARN (the step/variable that captures the layer version output,
e.g., LAYER_VERSION_ARN or similar) to add a new step using
aws-actions/configure-aws-credentials + either aws cli or aws-actions/ssm to
call put-parameter and store the layer version under
/extend/otel-lambda/layer-version/${{ matrix.arch }} (or the equivalent arch
variable used in the job), ensuring the parameter value is the layer version
number or ARN as expected and use --overwrite to update; then remove the first
TODO checkbox line from extend/README.md (or mark it checked) so only the SSM
publish TODO remains.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix the git fetch command — it won't fetch both remotes.

The command git fetch upstream otel-upstream attempts to fetch a refspec named otel-upstream from the upstream remote, not from two separate remotes.

Proposed fix

 git remote add upstream       https://github.com/coralogix/opentelemetry-lambda.git
 git remote add otel-upstream  https://github.com/open-telemetry/opentelemetry-lambda.git
-git fetch upstream otel-upstream
+git fetch upstream
+git fetch otel-upstream

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	```bash
	git remote add upstream https://github.com/coralogix/opentelemetry-lambda.git
	git remote add otel-upstream https://github.com/open-telemetry/opentelemetry-lambda.git
	git fetch upstream otel-upstream
	```
	git remote add upstream https://github.com/coralogix/opentelemetry-lambda.git
	git remote add otel-upstream https://github.com/open-telemetry/opentelemetry-lambda.git
	git fetch upstream
	git fetch otel-upstream

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@UPSTREAM.md` around lines 29 - 33, The git fetch line is incorrect because
`git fetch upstream otel-upstream` treats `otel-upstream` as a refspec on the
`upstream` remote; update the example so it actually fetches both remotes by
replacing that single fetch with two separate fetch invocations (one for the
`upstream` remote and one for the `otel-upstream` remote) or alternatively use a
single `git fetch --all` invocation; modify the block that contains the `git
remote add upstream`, `git remote add otel-upstream`, and `git fetch ...` lines
accordingly so the shown commands correctly fetch from both remotes.