Merge branch 'main' into saxon/replace-otel-spans2

.github/workflows/Create-Custom-Jar.yml

@@ -21,13 +21,13 @@ jobs:
     steps:
 
       - name: Checkout Java agent
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: ${{ inputs.agent-ref }}
 
       - name: Configure AWS Credentials
         if: ${{ env.AWS_KEY != '' }}
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # pin@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -45,7 +45,7 @@ jobs:
           echo "This jar was built from the ref (branch/tag/hash): ${{ inputs.ref }}." >> $GITHUB_STEP_SUMMARY
 
       - name: Capture custom jar
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: custom-newrelic-jar
           path: |

.github/workflows/GHA-Functional-Tests.yaml

@@ -28,16 +28,16 @@ jobs:
       ##max-parallel: 1 ## used to force sequential
       fail-fast: false
       matrix:
-        java-version: [8, 11, 17, 21, 22]
+        java-version: [ 8, 11, 17, 21, 22 ]
     steps:
       - name: Checkout Java agent
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: ${{ inputs.agent-ref || github.ref || 'main' }}
 
       - name: Configure AWS Credentials
         if: ${{ env.AWS_KEY != '' }}
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # pin@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -69,7 +69,7 @@ jobs:
 
       - name: Capture build reports
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: functional-tests-results-java-${{ matrix.java-version }}
           # The regex for the path below will capture functional test HTML reports generated by gradle for all

.github/workflows/GHA-Scala-Functional-Tests.yaml

@@ -25,16 +25,16 @@ jobs:
       ##max-parallel: 1 ## used to force sequential
       fail-fast: false
       matrix:
-        java-version: [8, 11]
+        java-version: [ 8, 11 ]
     steps:
       - name: Checkout Java agent
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: ${{ inputs.agent-ref || github.ref || 'main' }}
 
       - name: Configure AWS Credentials
         if: ${{ env.AWS_KEY != '' }}
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # pin@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -72,7 +72,7 @@ jobs:
 
       - name: Capture Jacoco reports
         if: matrix.java-version == '11'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: jacoco-reports-java-${{ matrix.java-version }}
           path: |
@@ -81,7 +81,7 @@ jobs:
       # Capture HTML build result in artifacts
       - name: Capture build reports
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: functional-tests-results-java-${{ matrix.java-version }}
           # The regex for the path below will capture functional test HTML reports generated by gradle for all

.github/workflows/GHA-Scala-Instrumentation-Tests.yaml

@@ -28,22 +28,22 @@ jobs:
       ##max-parallel: 1 ## used to force sequential
       fail-fast: false
       matrix:
-        java-version: [8, 11]
-        scala: ['2.11', '2.12', '2.13']
+        java-version: [ 8, 11 ]
+        scala: [ '2.11', '2.12', '2.13' ]
         exclude:
           - java-version: 11
             scala: 2.10
           - java-version: 11
             scala: 2.11
     steps:
       - name: Checkout Java agent
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: ${{ inputs.agent-ref || github.ref || 'main' }}
 
       - name: Configure AWS Credentials
         if: ${{ env.AWS_KEY != '' }}
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # pin@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -75,7 +75,7 @@ jobs:
 
       - name: Capture build reports
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # pin@v3
         with:
           name: instrumentation-results-java-${{ matrix.java-version }}-scala-${{ matrix.scala }}
           # The regex for the path below will capture instrumentation test HTML reports generated by gradle for all

.github/workflows/GHA-Spotbugs.yml

@@ -19,13 +19,13 @@ jobs:
     timeout-minutes: 15
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: ${{ inputs.agent-ref || github.ref || 'main' }}
 
       - name: Configure AWS Credentials
         if: ${{ env.AWS_KEY != '' }}
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # pin@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -40,37 +40,37 @@ jobs:
       - name: Execute Spotbugs
         run: ./gradlew $GRADLE_OPTIONS spotbugsMain
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: all-spotbugs-results
           path: '**/build/spotbugs/main.*'
           retention-days: 5
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: newrelic-agent-spotbugs-results
           path: 'newrelic-agent/build/spotbugs/main.*'
           retention-days: 5
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: newrelic-weaver-spotbugs-results
           path: 'newrelic-weaver/build/spotbugs/main.*'
           retention-days: 5
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: agent-bridge-spotbugs-results
           path: 'agent-bridge/build/spotbugs/main.*'
           retention-days: 5
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: agent-model-spotbugs-results
           path: 'agent-model/build/spotbugs/main.*'
           retention-days: 5
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: newrelic-api-spotbugs-results
           path: 'newrelic-api/build/spotbugs/main.*'
@@ -85,7 +85,7 @@ jobs:
     steps:
 
       - name: Checkout GhPages branch
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: 'gh-pages'
           path: 'gh-pages'
@@ -101,31 +101,31 @@ jobs:
 
       # Download reports
       - name: Download spotbugs reports 1
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # pin@v4
         with:
           name: newrelic-agent-spotbugs-results
           path: gh-pages/spotbugs/${{ env.BRANCH_NAME }}/newrelic-agent-spotbugs-results
 
       - name: Download spotbugs reports 2
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # pin@v4
         with:
           name: newrelic-weaver-spotbugs-results
           path: gh-pages/spotbugs/${{ env.BRANCH_NAME }}/newrelic-weaver-spotbugs-results
 
       - name: Download spotbugs reports 3
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # pin@v4
         with:
           name: agent-bridge-spotbugs-results
           path: gh-pages/spotbugs/${{ env.BRANCH_NAME }}/agent-bridge-spotbugs-results
 
       - name: Download spotbugs reports 4
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # pin@v4
         with:
           name: agent-model-spotbugs-results
           path: gh-pages/spotbugs/${{ env.BRANCH_NAME }}/agent-model-spotbugs-results
 
       - name: Download spotbugs reports 5
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # pin@v4
         with:
           name: newrelic-api-spotbugs-results
           path: gh-pages/spotbugs/${{ env.BRANCH_NAME }}/newrelic-api-spotbugs-results

.github/workflows/GHA-Unit-Tests.yaml

@@ -25,16 +25,16 @@ jobs:
       # max-parallel: 1 ## used to force sequential vs. concurrent
       fail-fast: false
       matrix:
-        java-version: [8, 11, 17, 21, 22]
+        java-version: [ 8, 11, 17, 21, 22 ]
     steps:
       - name: Checkout Java agent
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: ${{ inputs.agent-ref || github.ref || 'main' }}
 
       - name: Configure AWS Credentials
         if: ${{ env.AWS_KEY != '' }}
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # pin@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -63,15 +63,15 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: matrix.java-version == '17'
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # pin@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: '**/build/reports/jacoco/test/jacocoTestReport.xml'
           fail_ci_if_error: false #default is false, but being explicit about what to expect.
 
       - name: Capture Jacoco reports
         if: matrix.java-version == '17'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: non-forked-jacoco-reports-java-${{ matrix.java-version }}
           path: |
@@ -80,7 +80,7 @@ jobs:
       - name: Capture build reports (non forked)
         # If previous step fails, run this step regardless
         if: failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: non-forked-tests-results-java-${{ matrix.java-version }}
           # The regex for the path below will capture unit test HTML reports generated by gradle for all
@@ -111,23 +111,23 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: matrix.java-version == '17'
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # pin@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: '**/build/reports/jacoco/test/jacocoTestReport.xml'
           fail_ci_if_error: false #default is false, but being explicit about what to expect.
 
       - name: Capture Jacoco reports
         if: matrix.java-version == '17'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: forked-jacoco-reports-java-${{ matrix.java-version }}
           path: |
             **/build/reports/jacoco/**
 
       - name: Capture build reports (forked)
         if: failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4
         with:
           name: forked-tests-results-java-${{ matrix.java-version }}
           # The regex for the path below will capture unit test HTML reports generated by gradle for all
@@ -139,7 +139,7 @@ jobs:
 
       - name: Checkout GhPages branch
         if: ${{ failure() }}
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: 'gh-pages'
           path: 'gh-pages'
@@ -152,14 +152,14 @@ jobs:
 
       - name: Download test reports Java ${{ matrix.java-version }}
         if: ${{ failure() }}
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # pin@v4
         with:
           name: unit-tests-results-java-${{ matrix.java-version }}
           path: gh-pages/reports/${{ inputs.agent-ref }}/${{ github.run_id }}/unit-tests-results-java-${{ matrix.java-version }}
 
       - name: Set up Python
         if: ${{ failure() }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
 
       #This step executes a Python script that reads and writes html.
       #The script requires the beautifulsoup dependency, which parses html.
@@ -187,18 +187,18 @@ jobs:
     steps:
 
       - name: Checkout GhPages branch
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
-            ref: 'gh-pages'
-            path: 'gh-pages'
+          ref: 'gh-pages'
+          path: 'gh-pages'
 
       - name: Configure Git
         run: |
           git config --global user.name "GitHub Actions Bot"
           git config --global user.email "actions@users.noreply.github.com"
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # pin@v5
 
       - name: Generate Index Pages
         run: |
@@ -221,4 +221,3 @@ jobs:
       - name: Gh Pages Summary
         run: |
           echo "[View test reports](https://newrelic.github.io/newrelic-java-agent/reports/${{ inputs.agent-ref }}/${{ github.run_id }})" >> $GITHUB_STEP_SUMMARY
-

.github/workflows/GHPages-Cleanup.yml

@@ -19,7 +19,7 @@ jobs:
       DAYS: ${{ inputs.days || '5' }}
     steps:
       - name: Checkout GH Pages
-        uses: actions/checkout@v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
         with:
           ref: 'gh-pages'
           path: 'gh-pages'