Skip to content

Activate _dd.p.ksr tests for all languages#6466

Merged
bm1549 merged 16 commits intomainfrom
brian.marks/activate-ksr-generation-test
Apr 2, 2026
Merged

Activate _dd.p.ksr tests for all languages#6466
bm1549 merged 16 commits intomainfrom
brian.marks/activate-ksr-generation-test

Conversation

@bm1549
Copy link
Copy Markdown
Contributor

@bm1549 bm1549 commented Mar 11, 2026
edited
Loading

Motivation

Activate the Test_Knuth_Sample_Rate (_dd.p.ksr) parametric tests across all tracer languages. Previously, most languages had these tests partially activated via the "easy win" script with individual sub-test exclusions. This PR cleans up those manifest entries and updates the tests themselves to be more thorough and correct.

Changes

Manifest updates (all 9 languages)

  • C++: Removed per-sub-test missing_feature exclusion, bumped version gate from >=2.0.0 to >=2.1.0. Cleaned up "easy win activation script" comments.
  • .NET: Removed per-sub-test missing_feature exclusion, bumped version gate from >=3.36.0 to >=3.41.0. Cleaned up "easy win activation script" comments.
  • Go: Removed per-sub-test missing_feature exclusion, bumped version gate from >=2.5.0 to >=2.8.0. Cleaned up "easy win activation script" comments.
  • Java: Removed per-sub-test missing_feature exclusion, bumped version gate from >=1.58.2+... to >=1.61.0. Cleaned up "easy win activation script" comments.
  • Node.js: Changed from missing_feature to version-gated (>=5.93.0).
  • PHP: Changed from missing_feature to version-gated (>=1.18.0).
  • Python: Bumped version gate from v3.14.0.dev to v4.7.0.
  • Ruby: Removed per-sub-test missing_feature exclusion, bumped version gate from >=2.27.0 to >=2.31.0. Cleaned up "easy win activation script" comments.
  • Rust: Replaced per-sub-test missing_feature exclusion with a class-level version gate (>=0.4.0).

Test changes (test_sampling_span_tags.py)

  • test_sampling_knuth_sample_rate_trace_sampling_rule: Simplified from a 3-trace/3-flush pattern to a single span, using find_only_span. Added precision boundary test cases (6-digit precision cutoff, rounding to zero, rounding up with 0.00000051). Renamed parameter from sample_rate to expected_ksr for clarity. Added DD_TRACE_STATS_COMPUTATION_ENABLED=false to all cases — required for Go, which defaults this to true and will otherwise drop p0 traces client-side before they reach the test agent (see below).
  • test_sampling_extract_knuth_sample_rate_distributed_tracing_datadog: Added a second parametrized case that verifies upstream _dd.p.ksr is propagated unchanged even when local sampling rules are configured.
  • test_sampling_knuth_sample_rate_not_set_for_default (new): Verifies that when no sampling rules or agent rates are configured, _dd.p.ksr is either absent or "1".

Why DD_TRACE_STATS_COMPUTATION_ENABLED=false is needed for Go

dd-trace-go defaults DD_TRACE_STATS_COMPUTATION_ENABLED=true. The test agent advertises client_drop_p0s:true and /v0.6/stats, so Go's canDropP0s() returns true. When a sampling rule sets UserReject priority (which happens ~100% of the time at rates like 0.000001), Go drops the trace client-side before transport — the test agent receives 0 traces.

Other tracers are unaffected by this env var:

  • Python: _compute_stats_enabled defaults to False
  • Node.js: no client-side p0 dropping mechanism
  • Java: dropping disabled because test agent's "version":"test" fails AgentVersion.isVersionBelow(), so supportsClientSideStats=false

Workflow

  1. ⚠️ Create your PR as draft ⚠️
  2. Work on you PR until the CI passes
  3. Mark it as ready for review
    • Test logic is modified? -> Get a review from RFC owner.
    • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed and the CI green, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

  • Anything but tests/ or manifests/ is modified ? I have the approval from R&P team
  • A docker base image is modified?
    • the relevant build-XXX-image label is present
  • A scenario is added, removed or renamed?

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 11, 2026
edited
Loading

CODEOWNERS have been resolved as:

manifests/cpp.yml                                                       @DataDog/dd-trace-cpp
manifests/dotnet.yml                                                    @DataDog/apm-dotnet @DataDog/asm-dotnet
manifests/golang.yml                                                    @DataDog/dd-trace-go-guild
manifests/java.yml                                                      @DataDog/asm-java @DataDog/apm-java
manifests/nodejs.yml                                                    @DataDog/dd-trace-js
manifests/php.yml                                                       @DataDog/apm-php @DataDog/asm-php
manifests/python.yml                                                    @DataDog/apm-python @DataDog/asm-python
manifests/ruby.yml                                                      @DataDog/ruby-guild @DataDog/asm-ruby
manifests/rust.yml                                                      @DataDog/apm-rust
tests/parametric/test_sampling_span_tags.py                             @DataDog/system-tests-core @DataDog/apm-sdk-capabilities

@datadog-prod-us1-6
Copy link
Copy Markdown

datadog-prod-us1-6 bot commented Mar 11, 2026
edited by datadog-datadog-prod-us1 bot
Loading

✅ Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 9e490fe | Docs | Datadog PR Page | Was this helpful? React with 👍/👎 or give us feedback!

This was referenced Mar 11, 2026
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@bm1549 bm1549 changed the title Activate _dd.p.ksr generation test for all languages Activate _dd.p.ksr generation test for all languages [java@brian.marks/add-ksr-tag][dotnet@brian.marks/add-ksr-tag][ruby@brian.marks/add-ksr-tag][nodejs@brian.marks/add-ksr-tag][cpp@brian.marks/fix-ksr-formatting][rust@brian.marks/add-ksr-tag] Mar 11, 2026
@bm1549 bm1549 mentioned this pull request Mar 11, 2026
Merged
9 tasks
@bm1549 bm1549 changed the title Activate _dd.p.ksr generation test for all languages [java@brian.marks/add-ksr-tag][dotnet@brian.marks/add-ksr-tag][ruby@brian.marks/add-ksr-tag][nodejs@brian.marks/add-ksr-tag][cpp@brian.marks/fix-ksr-formatting][rust@brian.marks/add-ksr-tag] Activate _dd.p.ksr tests for all languages [java@brian.marks/add-ksr-tag][dotnet@brian.marks/add-ksr-tag][ruby@brian.marks/add-ksr-tag][nodejs@brian.marks/add-ksr-tag][cpp@brian.marks/fix-ksr-formatting][rust@brian.marks/add-ksr-tag][golang@brian.marks/fix-ksr-default] Mar 11, 2026
@bm1549 bm1549 force-pushed the brian.marks/activate-ksr-generation-test branch from edd74ed to e0c7ff5 Compare March 11, 2026 03:04
@bm1549 bm1549 changed the base branch from main to brian.marks/multi-branch-override March 11, 2026 03:04
@bm1549 bm1549 force-pushed the brian.marks/activate-ksr-generation-test branch from e0c7ff5 to 87b1d29 Compare March 11, 2026 03:25
mabdinur
mabdinur reviewed Mar 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mabdinur mabdinur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to address the dotnet and cpp failures but aside from that the changes look good to me

Comment thread tests/parametric/test_sampling_span_tags.py Outdated
bm1549 added a commit to DataDog/dd-trace-rs that referenced this pull request Mar 19, 2026
@bm1549 @claude
feat: add _dd.p.ksr propagated tag for Knuth sampling rate (#180)
dbd805b 
# What does this PR do?

Adds `_dd.p.ksr` (Knuth Sampling Rate) as a propagated tag set when
agent-based or rule-based sampling decisions are made. The tag is stored
in span `meta` (string type) with up to 6 significant digits and no
trailing zeros.

`format_sampling_rate` now returns `Option<String>` and guards against
invalid inputs (negative, >1.0, NaN, infinity), returning `None` instead
of producing garbage output.

# Motivation

To enable consistent sampling across tracers and backend retention
filters, the backend needs to know the sampling rate applied by the
tracer. Without transmitting the tracer's rate via `_dd.p.ksr`, backend
resampling cannot correctly compute effective rates in multi-stage
sampling scenarios.

See RFC: "Transmit Knuth sampling rate to backend"

# Additional Notes

Key files changed:
- `datadog-opentelemetry/src/core/constants.rs` — Added
`SAMPLING_KNUTH_RATE_TAG_KEY` constant
- `datadog-opentelemetry/src/sampling/datadog_sampler.rs` — Added
`format_sampling_rate()` helper (returns `Option<String>`, defensive
against invalid rates) and set ksr in agent/rule sampling paths
- Updated 2 snapshot JSON files

Related PRs across tracers:
- Java: DataDog/dd-trace-java#10802
- .NET: DataDog/dd-trace-dotnet#8287
- Ruby: DataDog/dd-trace-rb#5436
- Node.js: DataDog/dd-trace-js#7741
- PHP: DataDog/dd-trace-php#3701
- C++: DataDog/dd-trace-cpp#288
- System tests: DataDog/system-tests#6466

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
bm1549 added a commit to DataDog/dd-trace-go that referenced this pull request Mar 19, 2026
@bm1549 @claude
@darccio @mtoffl01
fix(tracer): only set _dd.p.ksr after agent rates are received (#4523)
6f4b819 
### What does this PR do?

Fixes `_dd.p.ksr` (Knuth Sampling Rate) to only be set on spans when the
agent has provided sampling rates via `readRatesJSON()`. Previously, ksr
was unconditionally set in `prioritySampler.apply()`, including when the
rate was the initial client-side default (1.0) before any agent response
arrived.

Also refactors `prioritySampler` to consolidate lock acquisitions:
extracts `getRateLocked()` so `apply()` acquires `ps.mu.RLock` only once
to read both the rate and `agentRatesLoaded`.

### Motivation

Cross-language consistency: Python, Java, PHP, and other tracers only
set ksr when actual agent rates or sampling rules are applied, not for
the default fallback. This aligns Go with that behavior.

See RFC: "Transmit Knuth sampling rate to backend"

### Additional Notes

- Added `agentRatesLoaded` bool field to `prioritySampler`, set to
`true` in `readRatesJSON()`
- `apply()` now gates ksr behind `agentRatesLoaded` check
- Extracted `getRateLocked()` to avoid double lock acquisition in
`apply()`
- Rule-based sampling path (`applyTraceRuleSampling` in span.go)
unchanged — correctly always sets ksr
- Tests added: `ksr-not-set-without-agent-rates` and
`ksr-set-after-agent-rates-received`

Related PRs across tracers:
- Java: DataDog/dd-trace-java#10802
- .NET: DataDog/dd-trace-dotnet#8287
- Ruby: DataDog/dd-trace-rb#5436
- Node.js: DataDog/dd-trace-js#7741
- PHP: DataDog/dd-trace-php#3701
- Rust: DataDog/dd-trace-rs#180
- C++: DataDog/dd-trace-cpp#288
- System tests: DataDog/system-tests#6466

### Reviewer's Checklist

- [x] Changed code has unit tests for its functionality at or near 100%
coverage.
- [x] [System-Tests](https://github.com/DataDog/system-tests/) covering
this feature have been added and enabled with the va.b.c-dev version
tag.
- [ ] There is a benchmark for any new code, or changes to existing
code.
- [x] If this interacts with the agent in a new way, a system test has
been added.
- [x] New code is free of linting errors. You can check this by running
`make lint` locally.
- [x] New code doesn't break existing tests. You can check this by
running `make test` locally.
- [ ] Add an appropriate team label so this PR gets put in the right
place for the release notes.
- [ ] All generated files are up to date. You can check this by running
`make generate` locally.
- [ ] Non-trivial go.mod changes, e.g. adding new modules, are reviewed
by @DataDog/dd-trace-go-guild. Make sure all nested modules are up to
date by running `make fix-modules` locally.

Unsure? Have a question? Request a review!

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Dario Castañé <dario.castane@datadoghq.com>
Co-authored-by: Mikayla Toffler <46911781+mtoffl01@users.noreply.github.com>
@bm1549 bm1549 mentioned this pull request Mar 19, 2026
Merged
5 tasks
@bm1549 bm1549 force-pushed the brian.marks/activate-ksr-generation-test branch from b2e25c1 to 8822171 Compare March 19, 2026 21:28
@bm1549 bm1549 changed the title Activate _dd.p.ksr tests for all languages [java@brian.marks/add-ksr-tag][dotnet@brian.marks/add-ksr-tag][ruby@brian.marks/add-ksr-tag][nodejs@brian.marks/add-ksr-tag][cpp@brian.marks/fix-ksr-formatting][rust@brian.marks/add-ksr-tag][golang@brian.marks/fix-ksr-default] Activate _dd.p.ksr tests for all languages Mar 20, 2026
@bm1549 bm1549 changed the base branch from brian.marks/multi-branch-override to main March 20, 2026 18:05
@bm1549 bm1549 force-pushed the brian.marks/activate-ksr-generation-test branch from 8822171 to 612252e Compare March 20, 2026 18:21
bm1549 and others added 2 commits March 23, 2026 19:42
@bm1549 @claude
Activate _dd.p.ksr generation tests for all languages
2b70c3e 
Add tests for the _dd.p.ksr (Knuth sample rate) tag:
- test_sampling_knuth_sample_rate_trace_sampling_rule: verifies ksr is
  set to "1" when a sampling rule with rate 1.0 is configured
- test_sampling_extract_knuth_sample_rate_distributed_tracing_datadog:
  verifies upstream ksr is extracted from Datadog headers and propagated
  unchanged, including when local sampling rules are also configured
- test_sampling_extract_knuth_sample_rate_distributed_tracing_tracecontext:
  same for tracecontext (W3C) propagation style
- test_sampling_knuth_sample_rate_not_set_for_default: verifies ksr is
  absent or "1" under default (no explicit rules) sampling

Manifests updated with version gates for all languages (feature not yet
released): Java >=1.61.0, Python v3.14.0.dev, Node.js >=5.90.0,
Go >=2.9.0, Ruby >=2.30.0, C++ >=2.1.0, .NET >=3.40.0, Rust >=0.1.0.
PHP manifest uses per-test entries since branch overrides are unsupported.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@bm1549 @claude
fix: remove trailing blank line (ruff lint)
e75c182 
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
@bm1549 bm1549 force-pushed the brian.marks/activate-ksr-generation-test branch from 64b5952 to e75c182 Compare March 23, 2026 23:43
bm1549 and others added 3 commits March 23, 2026 19:49
@bm1549 @claude
Add _dd.p.ksr precision boundary test cases
ebf8931 
Test KSR tag formatting at precision boundaries:
- 0.000001 -> "0.000001" (exactly at 6-digit precision)
- 0.0000001 -> "0" (below precision, rounds to zero)
- 0.0000005 -> "0.000001" (rounds up to nearest representable value)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bm1549 @claude
Mark test_sampling_knuth_sample_rate_trace_sampling_rule as bug for n…
b6aca8e 
…odejs, python, ruby

Bug: APMAPI-1869

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bm1549 @claude
PHP: activate all _dd.p.ksr tests, version-gate to >=1.17.0
ea36904 
Remove per-sub-test missing_feature exclusions for PHP and add a
class-level version gate since branch override support ships in 1.17.0.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@bm1549 bm1549 mentioned this pull request Mar 24, 2026
Merged
@bm1549 bm1549 requested review from a team as code owners March 27, 2026 19:40
@bm1549 bm1549 requested review from P403n1x87, cataphract, claponcet, daniel-romano-DD, dougqh and rachelyangdog and removed request for a team March 27, 2026 19:40
@bm1549
Copy link
Copy Markdown
Contributor Author

bm1549 commented Mar 27, 2026

The golang dev test is currently failing, but the changes have been merged to main in DataDog/dd-trace-go#4603

I expect that test will start passing when the dev artifact updates

bm1549 and others added 2 commits April 2, 2026 09:27
@bm1549
Merge branch 'main' into brian.marks/activate-ksr-generation-test
4de674d
@bm1549 @claude
golang(parametric): fix ksr tests with low sampling rates
9e490fe 
Add DD_TRACE_STATS_COMPUTATION_ENABLED=false to the library_env for
test_sampling_knuth_sample_rate_trace_sampling_rule.

Go defaults DD_TRACE_STATS_COMPUTATION_ENABLED to true. Combined with
the test agent advertising client_drop_p0s:true and /v0.6/stats, Go's
canDropP0s() returns true and traces with UserReject priority are
dropped client-side before reaching the test agent.

Other tracers are unaffected: Python defaults stats computation to
false, Node.js has no client-side p0 dropping, and Java's dropping
policy is disabled because the test agent's "version":"test" fails
its minimum version check (supportsClientSideStats=false).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@bm1549 bm1549 merged commit 7d79f7a into main Apr 2, 2026
889 of 891 checks passed
@bm1549 bm1549 deleted the brian.marks/activate-ksr-generation-test branch April 2, 2026 15:06
korniltsev-grafanista added a commit to grafana/pyroscope-dotnet that referenced this pull request Apr 21, 2026
@korniltsev-grafanista @dd-octo-sts
@zacharycmontoya @chojomok @lucaspimentel @andrewlock @claude @NachoEchevarria @datadog-prod-us1-6 @moezein0 @bouwkast @bm1549 @vandonr @daniel-romano-DD @datadog-prod-us1-3 @gh-worker-campaigns-3e9aa4 @dependabot @khanayan123 @gleocadie
merge datadog v3.41.0 (#288)
4093ab9 
* [Version Bump] 3.41.0 (#8355)

The following files were found to be modified (as expected)

- [x] docs/CHANGELOG.md
- [x] .azure-pipelines/ultimate-pipeline.yml
- [x]
profiler/src/ProfilerEngine/Datadog.Profiler.Native.Linux/CMakeLists.txt
- [x]
profiler/src/ProfilerEngine/Datadog.Profiler.Native.Windows/Resource.rc
- [x]
profiler/src/ProfilerEngine/Datadog.Profiler.Native/dd_profiler_version.h
- [x]
profiler/src/ProfilerEngine/Datadog.Linux.ApiWrapper/CMakeLists.txt
- [x] profiler/src/ProfilerEngine/ProductVersion.props
- [x] shared/src/Datadog.Trace.ClrProfiler.Native/CMakeLists.txt
- [x] shared/src/Datadog.Trace.ClrProfiler.Native/Resource.rc
- [x] shared/src/msi-installer/WindowsInstaller.wixproj
- [x] shared/src/native-src/version.h
- [x] tracer/build/artifacts/dd-dotnet.sh
- [x] tracer/build/_build/Build.cs
- [x]
tracer/samples/AutomaticTraceIdInjection/MicrosoftExtensionsExample/MicrosoftExtensionsExample.csproj
- [x]
tracer/samples/AutomaticTraceIdInjection/Log4NetExample/Log4NetExample.csproj
- [x]
tracer/samples/AutomaticTraceIdInjection/NLog40Example/NLog40Example.csproj
- [x]
tracer/samples/AutomaticTraceIdInjection/NLog45Example/NLog45Example.csproj
- [x]
tracer/samples/AutomaticTraceIdInjection/NLog46Example/NLog46Example.csproj
- [x]
tracer/samples/AutomaticTraceIdInjection/SerilogExample/SerilogExample.csproj
- [x] tracer/samples/ConsoleApp/Alpine3.10.dockerfile
- [x] tracer/samples/ConsoleApp/Alpine3.9.dockerfile
- [x] tracer/samples/ConsoleApp/Debian.dockerfile
- [x] tracer/samples/OpenTelemetry/Debian.dockerfile
- [x] tracer/samples/WindowsContainer/Dockerfile
- [x] tracer/src/Datadog.Trace.ClrProfiler.Managed.Loader/Startup.cs
- [x] tracer/src/Datadog.Tracer.Native/CMakeLists.txt
- [x] tracer/src/Datadog.Tracer.Native/dd_profiler_constants.h
- [x] tracer/src/Datadog.Tracer.Native/Resource.rc
- [x] tracer/src/Directory.Build.props
- [x] tracer/src/Datadog.Trace/TracerConstants.cs

@DataDog/apm-dotnet

Co-authored-by: zacharycmontoya <13769665+zacharycmontoya@users.noreply.github.com>

* [tracing] add support for `DiagnosticSource` (and Quartz) in .NET Framework (#7687)

## Summary of changes
Adds `.NET Framework` support for the `DiagnosticManager` /
`DiagnosticObserver` infrastructure and uses it to enhance Quartz span
metadata on both Framework and non-Framework
targets.
## Reason for change
The `DiagnosticObserver` class was previously gated behind `#if
!NETFRAMEWORK`, limiting tracing integrations that depend on it to
modern .NET only. Quartz is the first
   
## Implementation details
                                                                       
  ### DiagnosticManager — Framework support
On `!NETFRAMEWORK`, the existing path is unchanged:
`DiagnosticListener.AllListeners.Subscribe(new
DiagnosticListenerObserver(this))`.
On `NETFRAMEWORK`, `DiagnosticListener` isn't available at compile time
(it ships as a NuGet package, not part of the BCL). Two problems had to
be solved:
1. **Accessing the static `AllListeners` property** — solved with
reflection to locate the `DiagnosticListener` type and read its static
property at runtime.
2. **Generic invariance** — `AllListeners.Subscribe` expects
`IObserver<DiagnosticListener>` (the real type). A new
`FrameworkDiagnosticListenerObserver` reverse duck type
(`[DuckReverseMethod]` + `.DuckImplement()`) generates a proxy at
runtime that satisfies the exact generic interface, forwarding each
`OnNext` call back to `DiagnosticManager`.
                                                                       
### DiagnosticObserver — duck typed DiagnosticListener
`SubscribeIfMatch` was updated to accept `IDiagnosticListener` (a new
duck type interface) instead of the concrete `DiagnosticListener`,
removing the compile-time dependency on
the type across the whole observer hierarchy.
   
### Quartz
- `QuartzDiagnosticObserver` is registered in `StartDiagnosticManager`
unconditionally (both platforms).
- `QuartzCommon` was enhanced to set the `component: quartz` tag and
activity kind on the pre-`IActivity5` fallback path (< .NET 5), bringing
its span metadata in line with
newer runtimes.
   
### Cleanup
- Consolidated the duplicate `#if !NETFRAMEWORK` / `#else` split of
`StartDiagnosticManager` in `Instrumentation.cs` into a single method
with an inline directive.
- Removed an unnecessary `#if NETFRAMEWORK` block in
`ActivityListener.cs` that duplicated
`CreateDiagnosticSourceListenerInstance` — the IL emit approach works on
Framework
too.
## Test coverage
- New snapshot `QuartzTestsV3NETFRAMEWORK.verified.txt` covering Quartz
on .NET Framework.
- Updated `QuartzTestsV3NETCOREAPP3X.verified.txt` to include the
`component: quartz` tag now set on the pre-`IActivity5` path.
  
## Other details
<!-- Fixes #{issue} -->
<!-- ⚠️ Note:
Where possible, please obtain 2 approvals prior to merging. Unless
CODEOWNERS specifies otherwise, for external teams it is typically best
to have one review from a team member,
and one review from apm-dotnet. Trivial changes do not require 2
reviews.
MergeQueue is NOT enabled in this repository. If you have write access
to the repo, the PR has 1-2 approvals (see above), and all of the
required checks have passed, you can use
the Squash and Merge button to merge the PR. If you don't have write
access, or you need help, reach out in the #apm-dotnet channel in Slack.
-->

---------

Co-authored-by: Lucas Pimentel <lucas.pimentel@datadoghq.com>

* Fix `dd-octo-sts` trust policy for create-draft-release workflow (#8356)

## Summary of changes

Fix the `dd-octo-sts` trust policy that blocked the release

## Reason for change

The `create_normal_draft_release` workflow was failing at the "Get
GitHub Token via dd-octo-sts" step with:

```
subject_pattern "repo:DataDog/dd-trace-dotnet:environment:publish-debug-symbols-env"
did not match "repo:DataDog/dd-trace-dotnet:ref:refs/heads/(master|hotfix/.+)"
```

See failed run:
https://github.com/DataDog/dd-trace-dotnet/actions/runs/23446312090/job/68210958105

## Implementation details

The root cause is that the `_create_draft_release.yml` reusable workflow
specifies `environment: publish-debug-symbols-env` on the job, which is
required to access environment-scoped secrets for publishing debug
symbols. When a GitHub Actions job uses an environment, the OIDC token's
`sub` claim uses the format:

- `repo:{owner}/{repo}:environment:{env}` 
- instead of `repo:{owner}/{repo}:ref:{ref}`.
 
The trust policy's `subject_pattern` was matching against the ref-based
format, so it never matched.

This fix:
- Changes `subject_pattern` to an exact `subject` match on the
environment-based subject (more secure than a pattern)
- Adds `environment: publish-debug-symbols-env` to `claim_pattern` for
defense in depth
- Retains `ref` and `job_workflow_ref` claim patterns to continue
enforcing the branch restriction `(master|hotfix/*)` via claims

Additionally, make sure the AAS trigger job if the `curl` fails (by
adding `-f`)

## Test coverage

I wish... we'll see how it goes next time

## Other details

Need to make a fix on the AAS side too... incoming

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Fix InvalidCastException in DefaultModelBindingContext (#8334)

## Summary of changes

Fix
[`InvalidCastException`](https://app.datadoghq.com/error-tracking?query=service%3Ainstrumentation-telemetry-data%20%40lib_language%3Adotnet%20version%3A3.3%2A&et-issue__tab=investigate&et-side=activity&fromUser=false&issue_states=open&order=total_count&refresh_mode=sliding&source=all&sp=%5B%7B%22p%22%3A%7B%22issueId%22%3A%22404d80aa-3ade-11f0-814f-da7ad0900002%22%7D%2C%22i%22%3A%22error-tracking-issue%22%7D%5D&from_ts=1773333586601&to_ts=1773938386601&live=true)
in `DefaultModelBindingContext_SetResult_Integration.OnMethodEnd` by
changing the `ValueProvider` field in the `DefaultModelBindingContext`
DuckCopy struct from `IList` to `object`, and safe-casting to `IList` at
the usage site.

## Reason for change

Customers using custom `IModelBinder` implementations that set
`bindingContext.ValueProvider` to a non-`CompositeValueProvider` (i.e.,
an `IValueProvider` that does not implement `IList`) trigger an
`InvalidCastException` during DuckCopy:

```
Error : Exception occurred when calling the CallTarget integration continuation.
System.InvalidCastException
   at Datadog.Trace.ClrProfiler.AutoInstrumentation.AspNetCore.DefaultModelBindingContext_SetResult_Integration.OnMethodEnd[TTarget](TTarget instance, Exception exception, CallTargetState& state)
   at Microsoft.AspNetCore.Mvc.ModelBinding.DefaultModelBindingContext.set_Result(ModelBindingResult value)
```

In standard MVC usage, `ValueProvider` is always a
`CompositeValueProvider` (which inherits from
`Collection<IValueProvider>` and implements `IList`), so the DuckCopy
`Castclass` IL instruction succeeds. However, when a custom model binder
assigns a plain `IValueProvider` that does not implement `IList`, the
cast fails. Additionally, `TryDuckCast` does not wrap `CreateInstance`
in a try/catch, so the exception propagates uncaught.

## Implementation details

## Test coverage

## Other details

* Increase endpoint telemetry wait timeout (#8294)

<!-- dd-meta
{"pullId":"806bee5a-6a7b-4844-99f8-37e6f6b3faa2","source":"chat","resourceId":"45756181-5088-42df-acf5-46cd00319c58","workflowId":"7279f062-bde8-4f32-93cc-ab9ed8025441","codeChangeId":"7279f062-bde8-4f32-93cc-ab9ed8025441","sourceType":"action_platform_custom_agent"}
-->
## Summary of changes
- Increased the AppEndpoints telemetry wait timeout in API Security
endpoint collection tests to reduce flakiness on slower CI environments.

## Reason for change
- `WaitForLatestTelemetryAsync` defaults to a 5-second timeout in
`MockTracerAgent`.
- Endpoint telemetry collection can take longer than 5 seconds under CI
load (cold start + endpoint discovery + heartbeat + delivery), causing
intermittent null telemetry and test failures.

## Implementation details
- Updated
`tracer/test/Datadog.Trace.Security.IntegrationTests/ApiSecurity/AspNetCoreEndpoints.cs`:
- Changed the `WaitForLatestTelemetryAsync` call in
`TestEndpointsCollection()` to pass `timeoutInMilliseconds: 30000`.
- This base test method is used by the API Security endpoint collection
test variants (including `AspNetCore5EndpointsApmTracingDisabled`), so
all relevant endpoint collection tests now use the increased timeout.

## Test coverage
- Attempted to run:
- `dotnet test
tracer/test/Datadog.Trace.Security.IntegrationTests/Datadog.Trace.Security.IntegrationTests.csproj
--filter
"FullyQualifiedName~ApiSecurity.AspNetCore5EndpointsApmTracingDisabled.TestEndpointsCollection"`
- Could not execute in this environment because the repository requires
.NET SDK `10.0.100` from `global.json`, but only SDK `8.0.412` is
installed.
- Formatting check attempted via `Format` tool, but `dotnet format`
failed for the same SDK reason.
- Lint tool could not determine a linter for the changed C# file.

## Other details
<!-- Fixes #{issue} -->

---

PR by Bits - [View session in
Datadog](https://app.datadoghq.com/code/45756181-5088-42df-acf5-46cd00319c58)

Comment @datadog to request changes

Co-authored-by: datadog-prod-us1-6[bot] <266788760+datadog-prod-us1-6[bot]@users.noreply.github.com>

* Fix dd_dotnet.ArtifactTests.CreatedumpTests.DisableTelemetry flakiness (#8354)

## Summary of changes

Fixes intermittent `CreatedumpTests` failures on arm64 Linux by relaxing
the createdump output assertion when the .NET runtime's `createdump`
tool fails due to a known ptrace race condition.

## Reason for change

On arm64 Linux, `createdump` intermittently fails with `ptrace(ATTACH,
<tid>) FAILED No such process` — a race condition where threads exit
before createdump can attach to them. When this happens, createdump
aborts without writing `"Writing minidump with heap to file /dev/null"`,
causing the test assertion to fail even though our crash tracking code
correctly invoked createdump.

This is a known .NET runtime limitation tracked in multiple issues:
-
[dotnet/runtime#119700](https://github.com/dotnet/runtime/issues/119700)
-
[dotnet/runtime#112620](https://github.com/dotnet/runtime/issues/112620)
- [dotnet/runtime#77466](https://github.com/dotnet/runtime/issues/77466)

Flaky test identified via [CI Test
Management](https://app.datadoghq.com/ci/test/flaky?sort=-pipelines_failed&sp=%5B%7B%22p%22%3A%7B%22fingerprintFqn%22%3A%22eb3fae1eba7c4b0b%22%7D%2C%22i%22%3A%22test-optimization-flaky-management-history%22%7D%5D&viewMode=flaky).

## Implementation details

- Added `AssertCreatedumpWasInvoked()` helper that, **only on arm64
Linux**, also accepts `"[createdump] Gathering state for process"` as
evidence that createdump was invoked (even if it failed due to the
ptrace race). On all other platforms, the strict assertion is preserved.
- Updated all 4 assertion sites: `Passthrough`, `BashScript`,
`DoNothingIfNotEnabled`, and `DisableTelemetry`.
- Tightened negative assertions (the "should NOT call createdump"
branches) to check for both strings.

## Test coverage

## Other details

The test's purpose is to verify that *our crash tracking code correctly
invokes createdump*, not that createdump itself succeeds. The relaxed
assertion still validates that createdump was started by our code.

* Add smoke tests for Datadog.AzureFunctions NuGet package (#8336)

## Summary of changes

Adds new Windows and Linux smoke tests for the Datadog.AzureFunctions
NuGet package

## Reason for change

We recently had an issue where the Datadog.AzureFunctions package was
broken, but as we don't currently test the package itself, we didn't
catch it. This adds tests to make sure we can actually install the
package that we build, similar to how we test the Datadog.Trace.Bundle
package today.

## Implementation details

This was harder than I had hoped, and required a bit of refactoring to
the Nuke smoke tests that we added in
https://github.com/DataDog/dd-trace-dotnet/pull/8271, as well as
enabling the new smoke tests.

For the refactoring, this PR:
- Updates the "nuget" smoke test dockerfiles to allow providing a
`NUGET_PACKAGE` variable, so we can reuse the dockerfiles for multiple
nuget packages
- Add `IncludeDdDotnetScenario` to the windows nuget scenario - today we
always try the `dd-dotnet` case after the "env vars" case, but there's
no `dd-dotnet` in Datadog.AzureFunctions.
- Ensure we delete the logs from previous runs before starting the
tests, this bit when I was testing locally as I was failing on errors
from _previous_ runs
- Make the specifying of runtime environment variables to pass in
scenario-specific. We bake a lot of env vars into the dockerfiles, but
it means that if you need different env vars for different scenarios
that use the _same_ dockerfile, you can.

In terms of enabling the Azure Functions smoke tests:
- Add two new stages, Windows and Linux, running tests with the
Datadog.AzureFunctions NuGet package. Made them "extended" tests so they
only run on main/hotfix branches, seeing as the package will rarely
change.
- Add a couple of exceptions to warnings caused by missing libdatadog
and profiler. These are always logged today, and can't be avoided
AFAICT. They may be candidates for looking into further, but they're
benign, so this is the easiest approach.
- Update the env vars we pass in:
  - Don't set `LD_PRELOAD` (because the file doesn't exist)
  - Disable ASM and profiling (the native libraries aren't included)
  - "Pretend" to be in AAS, to try to stop using libdatadog config
- Set `AWS_LAMBDA_FUNCTION_NAME` to avoid sending config to the profiler
(we can't pretend to be in Azure functions, because otherwise we disable
the aspnetcore integration which we need😅)
- Set a fake `DD_API_KEY` otherwise we're marked as "unsafe to trace"
and disable tracing
- Add a new "Azure Functions snapshot", seeing as we have a bunch of AAS
tags added now, and are missing the ASM ones etc.

## Test coverage

More now! 🎉 

[I did a test
run](https://dev.azure.com/datadoghq/dd-trace-dotnet/_build/results?buildId=197781&view=results)
in which I restore the previous "broken" NuGet, and it causes the smoke
tests to fail (which is good):

```
 error: NU1102: Unable to find package Datadog.Trace.Annotations with version (>= 3.40.0)

```

I've done multiple runs showing it passes otherwise, but I'll do a final
run before merging to make sure

## Other details

Context:
- #8285 
- #8289

---------

Co-authored-by: Lucas Pimentel <lucas.pimentel@datadoghq.com>

* [Test Package Versions Bump] Updating package versions (#8342)

Updates the package versions for integration tests.

Co-authored-by: andrewlock <18755388+andrewlock@users.noreply.github.com>

* Fix `CA1861` - Avoid constant arrays as arguments (#8332)

## Summary of changes

Enables the `CA1861` analyzer, and fixes all the violations

## Reason for change

The analyzer flags cases where we're creating small arrays and throwing
them away, which is generally not great for perf.

The violations we have are actually very minor, because most of the time
they're "one off" usages. However, given that there are a _bunch_ of
"one off" usages in various places, it seemed like it would make sense
to just define these statically.

Obviously as these are static readonly cases they will add a tiny bump
to long term memory pressure, so I'm not _entirely_ sure that we
shouldn't just be ignoring the violations - open to opinions there 🤔

I mostly went with this approach because the sourcelink parses
potentially run multiple times, and therefore probably _do_ need to
cache the arrays, and that's basically _all_ of the arrays we would need
everywhere so this seemed to make sense 🤷‍♂️

## Implementation details

- Enable CA1861
- Introduce `Datadog.Trace.Util.Separators` type with `static readonly
char[]`
- Use them where we can

## Test coverage

Covered by existing tests

## Other details

https://datadoghq.atlassian.net/browse/LANGPLAT-813

Looked at using `InlineArray` instead but that's only in .NET 8+ and the
APIs we're calling often don't take `Span<char>` anyway

* [Tracing] Add experimental support for exporting traces as OTLP (.NET 6+) (#8211)

## Summary of changes
Adds experimental support for exporting traces using
[OTLP](https://github.com/open-telemetry/opentelemetry-proto/blob/v1.9.0/opentelemetry/proto/trace/v1/trace.proto)
rather than the Datadog MessagePack protocols. This allows the DD SDK to
send traces to an OTel collector rather than a Datadog Trace Agent, with
limited support for non-APM products.

This feature is enabled by setting `OTEL_TRACES_EXPORTER=otlp`.

Note: This feature is currently only supported for .NET 6+, and only the
`http/json` OTLP protocol is supported at this time. Setting any other
protocol value falls back to Datadog encoding with a startup warning.

### Configuration

| Configuration | Details |
|---------------|---------|
| `OTEL_TRACES_EXPORTER=otlp` | Enables the OTLP traces export |
| `OTEL_EXPORTER_OTLP_TRACES_ENDPOINT` | See the [OTLP Exporter
Configuration
docs](https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/)
|
| `OTEL_EXPORTER_OTLP_TRACES_HEADERS` | See the [OTLP Exporter
Configuration
docs](https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/)
|
| `OTEL_EXPORTER_OTLP_TRACES_PROTOCOL` | See the [OTLP Exporter
Configuration
docs](https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/)
|
| `OTEL_EXPORTER_OTLP_TRACES_TIMEOUT` | See the [OTLP Exporter
Configuration
docs](https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/)
|


## Reason for change
We are seeing an increasing number of scenarios where users have
applications instrumented with the OTel SDK sending data to OTel
collectors, and they would like to get additional features offered by
the DD SDK without needing to update their OTel collector deployments.
Although there will be follow-up work, this provides the ability for
users to write vendor-neutral API instrumentation *and* emit
vendor-neutral telemetry data so DD SDK users don't have to feel locked
in when setting up Datadog APM.

## Implementation details

### Configuration
All OTLP exporter configuration (Traces and Metrics) is read in
`ExporterSettings` and exposed as properties (`OtlpTracesEndpoint`,
`OtlpTracesProtocol`, `OtlpTracesHeaders`, `OtlpTracesTimeoutMs`, and
the corresponding `OtlpMetrics*` properties). The `TracesEncoding`
property (of type `Datadog.Trace.Agent.TracesEncoding`) determines the
serialization format: `DatadogV0_4`, `OtlpProtobuf`, or `OtlpJson`. Only
`OtlpJson` is currently functional; `OtlpProtobuf` is defined but not
yet implemented.

OTLP endpoint resolution is handled separately from Datadog trace
transport settings to avoid comingling the two URL calculation paths.
The OTLP endpoint logic considers `DD_AGENT_HOST` before falling back to
the OTLP default host of `localhost`.

### Serialization
The `SpanBuffer` class was refactored to use a pluggable
`ISpanBufferSerializer` interface (methods: `HeaderSize`,
`SerializeSpans`, `WriteHeader`, `FinishBody`). Two implementations
exist:
- **`SpanBufferMessagePackSerializer`**: The existing Datadog
MessagePack serialization, extracted into its own class.
- **`OtlpTracesJsonSerializer`**: Serializes `TraceChunkModel` and
`Span` objects into the OTLP `ExportTraceServiceRequest` JSON structure.
Key behaviors:
- Resource attributes (service.name, service.version,
deployment.environment.name, telemetry SDK info, git metadata, runtime
ID) are emitted via `OtlpMapper.EmitResourceAttributesFromTraceChunk()`
  - Span attributes are capped at 128 per span
- Span events (128 limit), span links (128 limit), span status, and span
kind are all mapped
- Field names use lowerCamelCase and enums use integer values per the
OTLP http/json encoding spec

### Datadog-to-OTLP Mapping
The `OtlpMapper` static class (under `OpenTelemetry/`) handles the
translation between Datadog span semantics and OTLP attributes. It
determines which tags are resource-level vs. span-level, manages
attribute limits, and processes string/double/byte[] tag types via an
inner `TagWriter` struct.

### Sampling & Stats Aggregation
When OTLP export is enabled:
- **Sampling**: Only the `PrioritySampler` is used in
`ShouldKeepTrace()`, aligning with the OpenTelemetry SDK behavior of
exporting based solely on the sampling decision.
- **Default sampling rate**: A global sampling rate of 1.0 is set by
default (can be overridden by user configuration), and the
`AgentSamplingRule` is omitted since there is no Datadog Agent to
communicate sampling rules.
- **`StatsAggregationKey`**: Extended with `IsError` and `IsTopLevel`
fields for OTLP mode, allowing distinct histogram timeseries. The
Datadog mode constructor continues to set these to false for backwards
compatibility.

### Export
- **`ApiOtlp`** (NET6_0_OR_GREATER only): Implements `IApi` for OTLP
endpoints with retry logic (up to 5 attempts with exponential backoff
starting at 100ms).
- **`ManagedApiOtlp`**: Thread-safe wrapper that enables atomic swapping
of `ApiOtlp` instances (for configuration refresh).
- **Traces**: Serialized by `OtlpTracesJsonSerializer` into
`SpanBuffer`, then sent by `ApiOtlp.SendTracesAsync()` to the OTLP
traces endpoint with custom headers.
- **Metrics (trace stats)**: `SendStatsAsync` is defined but currently
returns success immediately — DDSketch-to-OTLP histogram conversion was
removed from this PR and will be introduced in a follow-up PR alongside
new unit tests.

### Wiring
In `TracerManagerFactory.GetAgentWriter()`, when `TracesEncoding` is
`OtlpProtobuf` or `OtlpJson`, the method creates a `ManagedApiOtlp` and
a `StatsAggregator` with `isOtlp: true`, then passes both to
`AgentWriter`.

## Test coverage
- **Integration test**: `OpenTelemetrySdkTests.SubmitsOtlpTraces` — A
parameterized test exercising different package versions, protocols, and
configurations. Sends OTLP traces to the dd-apm-test-agent, retrieves
payloads, validates trace/span ID formats (32-char/16-char hex), checks
resource attribute consistency across requests, normalizes dynamic
values, and performs snapshot testing.
- **Unit tests**: Tests for OTLP-specific behaviors including: stats
aggregator enablement when exporting OTLP, exporting only sampled spans,
and omission of the AgentSamplingRule.
- **Docker**: The docker-compose configuration was updated to wait for
test-agent ports 4317 (gRPC) and 4318 (HTTP) for OTLP traffic.

## Follow-up work
- Export trace metrics (APM stats) via OTLP metrics with
DDSketch-to-OTLP histogram conversion (removed from this PR —
`SendStatsAsync` currently no-ops)
- Assert against trace metrics in the `SubmitsOtlpTraces` integration
test
- Stop reading OTLP metrics settings in `TracerSettings` now that they
are being read in `ExporterSettings`
- Implement `http/protobuf` OTLP protocol support (enum value exists but
not yet functional)

* chore: disable automated dependency updater config [incident-51602] (#8364)

As part of #incident-51602, we are temporarily disabling all automated
dependency updaters to reduce exposure to potential zero-day
vulnerabilities in recent releases.

This PR disables the Dependabot/Renovate configuration not managed by
ADMS by commenting out (YAML) or renaming (JSON) the config file. Please
do not re-enable until further notice.

---------

Co-authored-by: Steven Bouwkamp <steven.bouwkamp@datadoghq.com>

* Use `SpanCharSplitter` for parsing source link URLs (#8349)

## Summary of changes

- Add unit tests for `SourceLinkUrlParser` implementations
- Refactor implementations to reduce allocations (by using
`SpanCharSplitter` instead of `String.Split()`

## Reason for change

@lucaspimentel flagged this as an option in
https://github.com/DataDog/dd-trace-dotnet/pull/8332, as it will reduce
allocations. As this is something we do for every app, it makes sense to
optimize.

## Implementation details

- Had 🤖 write some unit tests for the current behaviour
- Had 🤖 replace existing `Split` usages with `SpanCharSplitter`
- Review and tweak

There's still some allocations we could _potentially_ remove, by doing
some dangerous stuff (like we do in `UriHelpers`, to avoid hitting
`AbsolutePath` etc) but I don't know that the payoff is worth it here.
Fewer allocations is better, but it's not worth going overboard IMO.

## Test coverage

- The unit tests pass before and after the changes
- Benchmarked just one of the implementations before and after, but you
get the idea I think


| Method | Runtime | Mean | Allocated |
| ------------------------------ | ------------------ | ---------: |
--------: |
| TryParseSourceLinkUrl_Original | .NET 10.0 | 2,929.4 ns | 2552 B |
| TryParseSourceLinkUrl_Updated | .NET 10.0 | 400.4 ns | 240 B |
| TryParseSourceLinkUrl_Original | .NET 6.0 | 2,540.5 ns | 2584 B |
| TryParseSourceLinkUrl_Updated | .NET 6.0 | 376.1 ns | 240 B |
| TryParseSourceLinkUrl_Original | .NET Core 3.1 | 3,550.8 ns | 2672 B |
| TryParseSourceLinkUrl_Updated | .NET Core 3.1 | 450.3 ns | 456 B |
| TryParseSourceLinkUrl_Original | .NET Framework 4.8 | 3,875.2 ns |
4036 B |
| TryParseSourceLinkUrl_Updated | .NET Framework 4.8 | 708.1 ns | 578 B
|

<details><summary>Benchmark code</summary>
<p>

```csharp
[MemoryDiagnoser, GroupBenchmarksBy(BenchmarkLogicalGroupRule.ByCategory), CategoriesColumn]
public class UriHelperBenchmarks
{
    private string _sha;
    private string _repoUrl;
    private Uri _uri;
    private AzureDevOpsSourceLinkUrlParser _parser;
    private AzureDevOpsSourceLinkUrlParserOriginal _parser2;

    [GlobalSetup]
    public void GlobalSetup()
    {
        _parser = new AzureDevOpsSourceLinkUrlParser();
        _parser2 = new AzureDevOpsSourceLinkUrlParserOriginal();
        _uri = new Uri("https://dev.azure.com/org/proj/_apis/git/repositories/example.shopping.api/items?api-version=1.0&versionType=commit&version=0e4d29442102e6cef1c271025d513c8b2187bcd6&path=/*");
    }

    [GlobalCleanup]
    public void GlobalCleanup()
    {
        _sha = null;
        _repoUrl = null;
    }

    [Benchmark(Baseline = true)]
    public bool TryParseSourceLinkUrl_Original()
    {
        return _parser2.TryParseSourceLinkUrl(_uri, out _sha, out _repoUrl);
    }

    [Benchmark]
    public bool TryParseSourceLinkUrl_Updated()
    {
        return _parser.TryParseSourceLinkUrl(_uri, out _sha, out _repoUrl);
    }
}
```

</p>
</details> 

## Other details

Stacked on https://github.com/DataDog/dd-trace-dotnet/pull/8332 for
simplicity

* Add _dd.p.ksr propagated tag for Knuth sampling rate (#8287)

## Summary of changes

Add `_dd.p.ksr` (Knuth Sampling Rate) propagated tag to spans when
sampling is applied via agent rates or trace sampling rules, per the
[Transmit Knuth Sampling Rate to Backend
RFC](https://docs.google.com/document/d/1Po3qtJb6PGheFeKFSUMv2pVY_y-HFAxTzNLuacCbCXY/edit).

## Reason for change

The backend needs to know the exact sampling rate applied by the tracer
to correctly compute effective rates during resampling (e.g., tracer 0.5
× backend 0.5 = effective 0.25). This tag enables that by propagating
the rate via `x-datadog-tags` and W3C `tracestate`.

## Implementation details

- Set `_dd.p.ksr` in `TraceContext.SetSamplingPriority()` for
`AgentRate`, `LocalTraceSamplingRule`, `RemoteAdaptiveSamplingRule`, and
`RemoteUserSamplingRule` mechanisms
- Use `TryAddTag` to preserve the original rate (consistent with
`AppliedSamplingRate ??= rate` semantics)
- Format with `"0.######"` (up to 6 decimal digits, no trailing zeros,
no scientific notation) per RFC spec
- Added `.IsOptional("_dd.p.ksr")` to `SpanTagAssertion.cs` so
integration test tag validators accept the new tag

## Test coverage

- Unit tests in `TraceContextTests_KnuthSamplingRate.cs`:
  - KSR set for agent rate sampling
- KSR set for trace sampling rules (local, remote adaptive, remote user)
- KSR NOT set for manual, AppSec, rate limiter, or single span
mechanisms
  - KSR preserved on subsequent sampling calls (TryAddTag semantics)
- Formatting with up to 6 decimal digits (boundary values including
small rates like 0.00001)
- System tests in [system-tests
#6466](https://github.com/DataDog/system-tests/pull/6466)

## Other details

Related PRs across tracers:
- Java: https://github.com/DataDog/dd-trace-java/pull/10802
- Ruby: https://github.com/DataDog/dd-trace-rb/pull/5436
- Node.js: https://github.com/DataDog/dd-trace-js/pull/7741
- PHP: https://github.com/DataDog/dd-trace-php/pull/3701
- Rust: https://github.com/DataDog/dd-trace-rs/pull/180
- C++: https://github.com/DataDog/dd-trace-cpp/pull/288

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* [DBM] Add container tags hash to queries (if enabled) (#8061)

## Summary of changes

Add the ability to write the container tags hash to DBM queries + to the
related span.
The goal is that DBM would then query the spans bearing that hash, and
then use the container tags on this (those) spans(s) to enrich the
queries with it.
This is controlled by a setting that is disabled by default, and would
be enabled if propagation mode is "service" or greater

see RFC:
https://docs.google.com/document/d/15GtNOKGBCt6Dc-HsDNnMmCdZwhewFQx8yUlI9in5n3M
related PR in python: https://github.com/DataDog/dd-trace-py/pull/15293

## Reason for change

DBM and DSM propagate service context in outbound communications (SQL
comments, message headers), but neither product has awareness of the
container environment (e.g., `kube_cluster`, `namespace`, `pod_name`).
Propagating full container tags is not feasible due to cardinality
constraints (query cache invalidation in OracleDB/SQLServer, exponential
pathway growth in DSM) and size limitations (64–128 bytes for DBM
non-comment methods).

This is needed for the **service renaming initiative** (defining
services based on container names) and **APM primary tags**
(container-based dimensions like Kubernetes cluster).

The solution: the agent computes a hash of low-cardinality container
tags and back-propagates it to the tracer, which includes it in outbound
DBM/DSM communications. DBM then resolves the hash by correlating with
APM spans that carry the same hash as a span tag.

## Implementation details

- Add `BaseHash` static class that computes an FNV-64 hash of
`ProcessTags.SerializedTags` combined with the container tags hash from
the agent, encoded as base64
- Read the container tags hash from the Datadog Agent via
`DiscoveryService`, stored in `ContainerMetadata.ContainerTagsHash`
- `ContainerMetadata` converted from static to instance class (singleton
via `ContainerMetadata.Instance`) to improve testability
- `DatabaseMonitoringPropagator` injects the base hash into SQL comments
(as `ddsh`) when `DD_DBM_INJECT_SQL_BASEHASH` is true
- Add `_dd.dbm_container_tags_hash` span tag on `SqlTags` so DBM can
correlate the hash back to the span's container tags
- New config key `DD_DBM_INJECT_SQL_BASEHASH` (disabled by default),
intended to be enabled when DBM propagation mode is `service` or higher
- Add container ID header to `MinimalAgentHeaderHelper` for agent
communication

## Test coverage

Adding a test in DbScopeFactoryTests.cs forced me to inject the value
from pretty high, which I find a bit "dirty", but at least we don't have
to rely on global static instance in tests.

## Other details
<!-- Fixes #{issue} -->


<!--  ⚠️ Note:

Where possible, please obtain 2 approvals prior to merging. Unless
CODEOWNERS specifies otherwise, for external teams it is typically best
to have one review from a team member, and one review from apm-dotnet.
Trivial changes do not require 2 reviews.

MergeQueue is NOT enabled in this repository. If you have write access
to the repo, the PR has 1-2 approvals (see above), and all of the
required checks have passed, you can use the Squash and Merge button to
merge the PR. If you don't have write access, or you need help, reach
out in the #apm-dotnet channel in Slack.
-->

---------

Co-authored-by: Daniel Romano <108014683+daniel-romano-DD@users.noreply.github.com>
Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>

* Stabilize test-agent readiness in smoke tests (#8368)

## Summary of changes
Increased test-agent readiness timeout from 30s to 60s and added
retry-attempt logging.

```
20:49:49 [ERR] Target RunArtifactSmokeTests has thrown an exception
System.TimeoutException: Test agent did not become ready within 30 seconds
   at SmokeTests.SmokeTestRunner.WaitForTestAgentAsync(HttpClient httpClient) in /build/SmokeTests/SmokeTestRunner.cs:line 311

```

## Reason for change
Smoke tests were intermittently [failing
](https://dev.azure.com/datadoghq/dd-trace-dotnet/_build/results?buildId=198100&view=logs&j=407dddad-44b6-5ebb-3a0f-ff0eff8ee16f&t=c183c8c0-4c19-505d-2688-c00b1688124f)in
CI when the test-agent container startup was delayed on busy runners.

## Implementation details
- Updated `WaitForTestAgentAsync` in `SmokeTestRunner.cs`
- Bumped timeout from 30s to 60s
- Added warning log on each failed readiness check (attempt number +
error message)

---------

Co-authored-by: datadog-prod-us1-3[bot] <266080212+datadog-prod-us1-3[bot]@users.noreply.github.com>

* Fix `CA1872` - Prefer `Convert.ToHexString` over `BitConverter.ToString` (#8333)

## Summary of changes

Stop using `BitConverter.ToString` to convert a `byte[]` into a `string`

## Reason for change

The `CA1872` analyzer suggests to use `Convert.ToHexString` instead.
That's not available in <.NET 6, but ultimately it just calls
`HexConverter.ToString(bytes, HexConverter.Casing.Upper)` which we have
vendored, so we can just use that instead in that case.

## Implementation details

- Enable the analyzer
- Fix the one violation

## Test coverage

Covered by existing

## Other details

https://datadoghq.atlassian.net/browse/LANGPLAT-813

We could argue whether it's worth having the `#if`, but it feels like we
should generally use the built-in types where they're available. But
_maybe_ that means we should make `HexConverter.ToString()` delegate to
the built-in `Convert.ToHexString()` method? i.e. move the `#if` to be
an implementation detail of our vendored `HexConverter`? I'm undecided.

* Enable `CA1859` - Use concrete types when possible (#8335)

## Summary of changes

Enables the `CA1859` analyzer, and fixes the violations

## Reason for change

We want to enable these perf analyzers. The reasoning in this one is
that if you return concrete types, the compiler is more able to make
optimizations e.g. using struct-based enumerators and/or avoiding
virtual method dispatch.

That said, this one is potentially _kind_ of annoying, and I think
there's a question of whether it's worth enabling or not. All in all,
it's likely to be much more beneficial for .NET Framework for example,
vs .NET 10.

The analyzer also only applies to `private` members too, which means
there's likely a lot more low-hanging fruit that we could switch to
using `List<T>` etc for gains.

## Implementation details

- Enable the analyzer
- Fix the violations by using the suggested concrete types
- In a couple of cases where the results differ per TFM, use either
`#if` (to fix it) or `#pragma` (to ignore it)

## Test coverage

Covered by existing

## Other details

https://datadoghq.atlassian.net/browse/LANGPLAT-813

Stacked on 
- https://github.com/DataDog/dd-trace-dotnet/pull/8332
- https://github.com/DataDog/dd-trace-dotnet/pull/8333

* Enable `CA1851` - Avoid multiple enumeration of collections (#8341)

## Summary of changes

Enables `CA1851`, fixes one violations, and ignores an existing

## Reason for change

We want to enable this analayzer. Although, interestingly, there are
cases where this _won't_ touch, which we should potentially also have
analyzers for. For example:

- We instrument a method that takes an `IEnumerable` (could be call
target, could be callsite aspects)
- We enumerate the collection
- The instrumented method runs, enumerating it again

If this isn't a materialized collection, this could be very expensive.
Potentially, we should instead do:

- Call `ToList()` on the parameter
- Do our thing
- Pass the list into the method

But that _also_ has risks 😅 So ideally... we just don't touch
`IEnumerable`s 😅 🤷‍♂️

## Implementation details

- Enable the analyzer
- For the `StringModuleImpl`, The `Count()` call was to ensure we pass
`addDelimiterRanges: false` on the _final_ iteration. Converting to a
"manually implemented" `foreach` using a "peek ahead" approach avoids
the multiple enumerations
- For the `Encoder`, it's all recursive and really hard to follow what
the inputs are actually going to be here, so I just declared bankruptcy
and put the `#pragma` in. If ASM want to fix it "properly" later, that's
good, but don't want to block enabling the analyzer because of it

## Test coverage

Covered by existing

## Other details

https://datadoghq.atlassian.net/browse/LANGPLAT-813

Stacked on 
- https://github.com/DataDog/dd-trace-dotnet/pull/8332
- https://github.com/DataDog/dd-trace-dotnet/pull/8333
- https://github.com/DataDog/dd-trace-dotnet/pull/8335

* Fix swapped SpanKinds and missing tags in IbmMqHelper (#8369)

## Summary of changes

Fix three pre-existing bugs in `IbmMqHelper`:

- **Swapped SpanKinds**: `CreateProducerScope` passed
`SpanKinds.Consumer` and `CreateConsumerScope` passed
`SpanKinds.Producer` to `CreateIbmMqTags` — now corrected.
- **Missing tags in producer scope**: `CreateProducerScope` created and
populated `IbmMqTags` but never passed them to `StartActiveInternal`, so
tags (including `TopicName`) were silently discarded.

## Reason for change

Producer spans were tagged as consumers and vice versa, and producer
spans were missing messaging-specific tags entirely.

## Implementation details

- Swap `SpanKinds.Consumer` → `SpanKinds.Producer` in
`CreateProducerScope` (line 71)
- Swap `SpanKinds.Producer` → `SpanKinds.Consumer` in
`CreateConsumerScope` (line 138)
- Add `tags: tags` parameter to `StartActiveInternal` in
`CreateProducerScope`

## Test coverage

Existing integration tests cover IBM MQ span creation. No new tests
required — this is a straightforward value correction.

## Other details

Pre-existing bugs, not introduced by any recent PR.

---------

Co-authored-by: Andrew Lock <andrew.lock@datadoghq.com>
Co-authored-by: Steven Bouwkamp <stevenbouwkamp@gmail.com>

* Add OTEL_RESOURCE_ATTRIBUTES to claude settings (#8378)

## Summary of changes

This adds `"OTEL_RESOURCE_ATTRIBUTES":
"repo.owner=DataDog,repo.name=dd-trace-dotnet"` to our claude settings

## Reason for change

This will make it so that our telemetry marks that if we are working on
the repo with Claude that it will report our repository.

I don't think there is any functional change here besides the fact that
I want to make my telemetry go from `N/A` to `dd-trace-dotnet`

## Implementation details

Followed
https://datadoghq.atlassian.net/wiki/spaces/AIDEVX/pages/5689508824/Repo+Config#Repo-Tags-in-Telemetry

## Test coverage

## Other details
<!-- Fixes #{issue} -->


<!--  ⚠️ Note:

Where possible, please obtain 2 approvals prior to merging. Unless
CODEOWNERS specifies otherwise, for external teams it is typically best
to have one review from a team member, and one review from apm-dotnet.
Trivial changes do not require 2 reviews.

MergeQueue is NOT enabled in this repository. If you have write access
to the repo, the PR has 1-2 approvals (see above), and all of the
required checks have passed, you can use the Squash and Merge button to
merge the PR. If you don't have write access, or you need help, reach
out in the #apm-dotnet channel in Slack.
-->

* chore: re-enable dependabot with 2-day cooldown (#8377)

> [!NOTE]
> **Merge only if this is still needed and your repo is not managed by
ADMS.**
> If your repository is already managed by ADMS, feel free to close or
ignore this PR.

---

We are adding a 2-day cooldown on dependencies to reduce the risk of
zero-day vulnerabilities.

This PR re-enables your Dependabot configuration and introduces the
cooldown setting. If you notice any other Dependabot configurations in
your repo that are missing the cooldown, please ensure it is added.

If your repository is already managed by ADMS and no longer requires
these configurations, feel free to close or ignore the PR.

Signed-off-by: Moe Zein <moe.zein@datadoghq.com>

* chore(ci) update one-pipeline (#8351)

This pull request updates one-pipeline to a newer version.

Recent changes:
* Use artifact-gateway to authenticate promote-oci jobs
* Allow bigger lib injection and oci package sizes
* Config registry validation improvements and fixes


Some of these changes may have already applied depending on your
previous version of one-pipeline. See the libdatadog-build repository
for all changes

Co-authored-by: gh-worker-campaigns-3e9aa4[bot] <244854796+gh-worker-campaigns-3e9aa4[bot]@users.noreply.github.com>

* Fix multiple termination signals on .NET 10+ (#8374)

## Summary of changes

- Un-skip `TerminationSignalTests`
- Run `TerminationSignalTests` on more TFMs
- Fix bug with multiple-termination signals on .NET 10
- Wait for dogstatsd to finish flushing on exit

## Reason for change

As part of the recent runtime metrics work (#8265), we skipped the
`TerminationSignalTests`, as we found they were flaky with the new
changes on .NET 10 (and failed outright if we properly `await`-ed for
dogstatsd to flush on exit). Ultimately, this comes down to essentially
a race condition in the new termination behaviour on .NET 10.

Previously, we had this for .NET 10:
- On startup, register for POSIX signals
- When a posix signal fires, unregister the signals, and start
shutdown/flush etc
- After a small delay (100ms) in the test, send another posix signal
- As we have already unregistered our handler, the app goes straight to
shutdown, and we don't finish flushing.

This doesn't affect <.NET 10, because POSIX is handled by the runtime,
and they queue handling of the subsequent signals while the first one is
ongoing.

## Implementation details

The fix is essentially two changes:
- Don't un-register the POSIX handlers
- On subsequent POSIX signals wait for the first handler to complete
before exiting

This only affects the .NET 10 path, as the POSIX handlers only fire
explicitly on those paths.

As an aside, this allows enabling the statsd flush on shutdown.

## Test coverage

I unskipped the currently-skipped test, and expanded the
`TerminationSignalTests` to cover .NET 8+, instead of just .NET 10, so
that we know we're _actually_ getting the same behaviour in both cases.
(.NET 8 was a somewhat arbitrary choice, we could expand it further if
we wanted to, but doesn't necessarily seem worth it to me).

I then tested that in CI and saw it fail, before making the fix.

## Other details

There's one "interesting" change of behaviour in terms of `Cancel`. 🤖 is
adamant we _Shouldn't_ cancel the default signal handling on the first
handler, because we _want_ the "default signal handling" to kick in
_after_ we've run our shutdown hooks. I'm not entirely sure if that's
true or not tbh, but it doesn't seem to affect the tests one way or
another so I'm guessing, meh? 🤷‍♂️

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Move `TracerSettings` helper methods to `TestHelpers` project (#8375)

## Summary of changes

Move the `TracerSettings.Create()` methods which are only there for
testing convenience into the `TestHelpers` project

## Reason for change

They don't need to be in the main binary

## Implementation details

- Moved the settings to the TestHelpers project
- Created them as static extension members, so the call-site doesn't
change at all (partially as an experiment)
- Fixed a culture bug @vandonr was running into

## Test coverage

Covered by existing

---------

Co-authored-by: Raphaël Vandon <raphael.vandon@datadog.com>

* Bump the gh-actions-packages group across 3 directories with 10 updates (#8381)

Bumps the gh-actions-packages group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-dotnet](https://github.com/actions/setup-dotnet) |
`5.1.0` | `5.2.0` |
|
[DataDog/dd-octo-sts-action](https://github.com/datadog/dd-octo-sts-action)
| `1.0.3` | `1.0.4` |
|
[softprops/action-gh-release](https://github.com/softprops/action-gh-release)
| `2.5.0` | `2.6.1` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`4.32.4` | `4.34.1` |
|
[advanced-security/filter-sarif](https://github.com/advanced-security/filter-sarif)
| `1.0.1` | `1.1` |
|
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
| `2.2.1` | `3.0.0` |

Bumps the gh-actions-packages group with 3 updates in the
/.github/actions/create-system-test-docker-base-images directory:
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action),
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
and
[docker/build-push-action](https://github.com/docker/build-push-action).
Bumps the gh-actions-packages group with 1 update in the
/.github/actions/publish-debug-symbols directory:
[actions/setup-node](https://github.com/actions/setup-node).

Updates `actions/setup-dotnet` from 5.1.0 to 5.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-dotnet/releases">actions/setup-dotnet's
releases</a>.</em></p>
<blockquote>
<h2>v5.2.0</h2>
<h2>What's changed</h2>
<h3>Enhancements</h3>
<ul>
<li>Add support for workloads input by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-dotnet/pull/693">actions/setup-dotnet#693</a></li>
<li>Add support for optional architecture input for cross-architecture
.NET installs by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-dotnet/pull/700">actions/setup-dotnet#700</a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Upgrade fast-xml-parser from 4.4.1 to 5.3.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-dotnet/pull/671">actions/setup-dotnet#671</a></li>
<li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-dotnet/pull/705">actions/setup-dotnet#705</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-dotnet/compare/v5...v5.2.0">https://github.com/actions/setup-dotnet/compare/v5...v5.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-dotnet/commit/c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7"><code>c2fa09f</code></a>
Bump minimatch from 3.1.2 to 3.1.5 (<a
href="https://redirect.github.com/actions/setup-dotnet/issues/705">#705</a>)</li>
<li><a
href="https://github.com/actions/setup-dotnet/commit/02574b18e2dc57a218ee4e11ba1e1603c67236e8"><code>02574b1</code></a>
Add support for optional architecture input for cross-architecture .NET
insta...</li>
<li><a
href="https://github.com/actions/setup-dotnet/commit/16c7b3c2fa55a0e394467d22512b84fda46adf63"><code>16c7b3c</code></a>
Bump fast-xml-parser from 4.4.1 to 5.3.6 (<a
href="https://redirect.github.com/actions/setup-dotnet/issues/671">#671</a>)</li>
<li><a
href="https://github.com/actions/setup-dotnet/commit/131b410979e0b49e2162c0718030257b22d6dc2c"><code>131b410</code></a>
Add support for workloads input (<a
href="https://redirect.github.com/actions/setup-dotnet/issues/693">#693</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-dotnet/compare/baa11fbfe1d6520db94683bd5c7a3818018e4309...c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7">compare
view</a></li>
</ul>
</details>
<br />

Updates `DataDog/dd-octo-sts-action` from 1.0.3 to 1.0.4
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a"><code>96a2546</code></a>
Fix typo in Readme (<a
href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/18">#18</a>)</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/9691c26e1de0f1f26e1e8708c5c34b4f64e43f5f"><code>9691c26</code></a>
Merge pull request <a
href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/14">#14</a>
from DataDog/improve/parse-jwt-claims</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/b98b59d08d3575cbda7001bddfe86633787536e8"><code>b98b59d</code></a>
Merge pull request <a
href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/13">#13</a>
from DataDog/improve/fetch-error-url-logging</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/e7953d4e870e933635e6afa9172b3957b568c417"><code>e7953d4</code></a>
Merge pull request <a
href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/15">#15</a>
from DataDog/improve/ci-workflow-hardening</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/e47344e9570a80d3a7d333a339ace4a5e88b7646"><code>e47344e</code></a>
Merge pull request <a
href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/16">#16</a>
from DataDog/improve/bump-node24</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/5a7a632cb3be2334cd1515df9c74eb3103942b50"><code>5a7a632</code></a>
Bump Node.js runtime from node20 to node24</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/260fcf964ad38660b2abc359216586af9d31a05d"><code>260fcf9</code></a>
Add parseJwtClaims() function with tests, replace fragile inline
parsing</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/371c4d81ebd5ed74dfcc7bb2ab234d9f1e30fe65"><code>371c4d8</code></a>
Harden CI workflows with least-privilege permissions and credential
controls</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/1fc658893bed0edd73a7e284f6266e3fc4bdc93e"><code>1fc6588</code></a>
Include URL in fetchWithRetry error messages</li>
<li><a
href="https://github.com/DataDog/dd-octo-sts-action/commit/0b31f95da950c7562ef40f6447086e75515897ce"><code>0b31f95</code></a>
Harden CI workflows with least-privilege permissions and credential
controls</li>
<li>Additional commits viewable in <a
href="https://github.com/datadog/dd-octo-sts-action/compare/acaa02eee7e3bb0839e4272dacb37b8f3b58ba80...96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a">compare
view</a></li>
</ul>
</details>
<br />

Updates `softprops/action-gh-release` from 2.5.0 to 2.6.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's
releases</a>.</em></p>
<blockquote>
<h2>v2.6.1</h2>
<p><code>2.6.1</code> is a patch release focused on restoring linked
discussion thread creation when
<code>discussion_category_name</code> is set. It fixes
<code>[#764](https://github.com/softprops/action-gh-release/issues/764)</code>,
where the draft-first publish flow
stopped carrying the discussion category through the final publish
step.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<h2>What's Changed</h2>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix: preserve discussion category on publish by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/765">softprops/action-gh-release#765</a></li>
</ul>
<h2>v2.6.0</h2>
<p><code>2.6.0</code> is a minor release centered on
<code>previous_tag</code> support for
<code>generate_release_notes</code>,
which lets workflows pin GitHub's comparison base explicitly instead of
relying on the default range.
It also includes the recent concurrent asset upload recovery fix, a
<code>working_directory</code> docs sync,
a checked-bundle freshness guard for maintainers, and clearer
immutable-prerelease guidance where
GitHub platform behavior imposes constraints on how prerelease asset
uploads can be published.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<h2>What's Changed</h2>
<h3>Exciting New Features 🎉</h3>
<ul>
<li>feat: support previous_tag for generate_release_notes by <a
href="https://github.com/pocesar"><code>@​pocesar</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/372">softprops/action-gh-release#372</a></li>
</ul>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix: recover concurrent asset metadata 404s by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/760">softprops/action-gh-release#760</a></li>
</ul>
<h3>Other Changes 🔄</h3>
<ul>
<li>docs: clarify reused draft release behavior by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/759">softprops/action-gh-release#759</a></li>
<li>docs: clarify working_directory input by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/761">softprops/action-gh-release#761</a></li>
<li>ci: verify dist bundle freshness by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/762">softprops/action-gh-release#762</a></li>
<li>fix: clarify immutable prerelease uploads by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/763">softprops/action-gh-release#763</a></li>
</ul>
<h2>v2.5.3</h2>
<!-- raw HTML omitted -->
<p><code>2.5.3</code> is a patch release focused on the remaining
path-handling and release-selection bugs uncovered after
<code>2.5.2</code>.
It fixes
<code>[#639](https://github.com/softprops/action-gh-release/issues/639)</code>,
<code>[#571](https://github.com/softprops/action-gh-release/issues/571)</code>,
<code>[#280](https://github.com/softprops/action-gh-release/issues/280)</code>,
<code>[#614](https://github.com/softprops/action-gh-release/issues/614)</code>,
<code>[#311](https://github.com/softprops/action-gh-release/issues/311)</code>,
<code>[#403](https://github.com/softprops/action-gh-release/issues/403)</code>,
and
<code>[#368](https://github.com/softprops/action-gh-release/issues/368)</code>.
It also adds documentation clarifications for
<code>[#541](https://github.com/softprops/action-gh-release/issues/541)</code>,
<code>[#645](https://github.com/softprops/action-gh-release/issues/645)</code>,
<code>[#542](https://github.com/softprops/action-gh-release/issues/542)</code>,
<code>[#393](https://github.com/softprops/action-gh-release/issues/393)</code>,
and
<code>[#411](https://github.com/softprops/action-gh-release/issues/411)</code>,
where the current behavior is either usage-sensitive or constrained by
GitHub platform limits rather than an action-side runtime bug.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's
changelog</a>.</em></p>
<blockquote>
<h2>2.6.1</h2>
<p><code>2.6.1</code> is a patch release focused on restoring linked
discussion thread creation when
<code>discussion_category_name</code> is set. It fixes
<code>[#764](https://github.com/softprops/action-gh-release/issues/764)</code>,
where the draft-first publish flow
stopped carrying the discussion category through the final publish
step.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<h2>What's Changed</h2>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix: preserve discussion category on publish by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/765">softprops/action-gh-release#765</a></li>
</ul>
<h2>2.6.0</h2>
<p><code>2.6.0</code> is a minor release centered on
<code>previous_tag</code> support for
<code>generate_release_notes</code>,
which lets workflows pin GitHub's comparison base explicitly instead of
relying on the default range.
It also includes the recent concurrent asset upload recovery fix, a
<code>working_directory</code> docs sync,
a checked-bundle freshness guard for maintainers, and clearer
immutable-prerelease guidance where
GitHub platform behavior imposes constraints on how prerelease asset
uploads can be published.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<h2>What's Changed</h2>
<h3>Exciting New Features 🎉</h3>
<ul>
<li>feat: support previous_tag for generate_release_notes by <a
href="https://github.com/pocesar"><code>@​pocesar</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/372">softprops/action-gh-release#372</a></li>
</ul>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix: recover concurrent asset metadata 404s by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/760">softprops/action-gh-release#760</a></li>
</ul>
<h3>Other Changes 🔄</h3>
<ul>
<li>docs: clarify reused draft release behavior by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/759">softprops/action-gh-release#759</a></li>
<li>docs: clarify working_directory input by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/761">softprops/action-gh-release#761</a></li>
<li>ci: verify dist bundle freshness by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/762">softprops/action-gh-release#762</a></li>
<li>fix: clarify immutable prerelease uploads by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/763">softprops/action-gh-release#763</a></li>
</ul>
<h2>2.5.3</h2>
<p><code>2.5.3</code> is a patch release focused on the remaining
path-handling and release-selection bugs uncovered after
<code>2.5.2</code>.
It fixes
<code>[#639](https://github.com/softprops/action-gh-release/issues/639)</code>,
<code>[#571](https://github.com/softprops/action-gh-release/issues/571)</code>,
<code>[#280](https://github.com/softprops/action-gh-release/issues/280)</code>,
<code>[#614](https://github.com/softprops/action-gh-release/issues/614)</code>,
<code>[#311](https://github.com/softprops/action-gh-release/issues/311)</code>,
<code>[#403](https://github.com/softprops/action-gh-release/issues/403)</code>,
and
<code>[#368](https://github.com/softprops/action-gh-release/issues/368)</code>.
It also adds documentation clarifications for
<code>[#541](https://github.com/softprops/action-gh-release/issues/541)</code>,
<code>[#645](https://github.com/softprops/action-gh-release/issues/645)</code>,
<code>[#542](https://github.com/softprops/action-gh-release/issues/542)</code>,
<code>[#393](https://github.com/softprops/action-gh-release/issues/393)</code>,
and
<code>[#411](https://github.com/softprops/action-gh-release/issues/411)</code>,
where the current behavior is either usage-sensitive or constrained by
GitHub platform limits rather than an action-side runtime bug.</p>
<p>If you still hit an issue after upgrading, please open a report with
the bug template and include a minimal repro or sanitized workflow
snippet where possible.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/softprops/action-gh-release/commit/153bb8e04406b158c6c84fc1615b65b24149a1fe"><code>153bb8e</code></a>
release 2.6.1</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/569deb874d08cd8cc0aa24af7c0b21160fe4b0e4"><code>569deb8</code></a>
fix: preserve discussion category when publishing releases (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/765">#765</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/26e8ad27a09a225049a7075d7ec1caa2df6ff332"><code>26e8ad2</code></a>
release 2.6.0</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/b959f31e968fb47fb7bb823087fc092d5613e0a4"><code>b959f31</code></a>
fix: clarify immutable prerelease uploads (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/763">#763</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/8a8510e3a0d8dfc9296171fd405ca8c8ea6206a4"><code>8a8510e</code></a>
ci: verify dist bundle freshness (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/762">#762</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/438c15ddf5b01e992ef98dc29cea3f9992ab54ac"><code>438c15d</code></a>
docs: clarify working_directory input (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/761">#761</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/6ca3b5d96e3a0fac11dc53f0809c2cb029e64902"><code>6ca3b5d</code></a>
fix: recover concurrent asset metadata 404s (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/760">#760</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/11f917660b31d6d56980ea3261f210556a812bd0"><code>11f9176</code></a>
chore: add RELEASE.md</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/1f3f350167714515d2bcf8a18afcc5e8e0a362a8"><code>1f3f350</code></a>
feat: add AGENTS.md</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/37819cb191890d306d21cfb5ac4e7a358f0a6e4f"><code>37819cb</code></a>
docs: clarify reused draft release behavior (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/759">#759</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...153bb8e04406b158c6c84fc1615b65b24149a1fe">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 4.32.4 to 4.34.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.34.1</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mabdinur mabdinur mabdinur left review comments

@dougqh dougqh dougqh approved these changes

@rachelyangdog rachelyangdog rachelyangdog approved these changes

@nccatoni nccatoni nccatoni approved these changes

@P403n1x87 P403n1x87 Awaiting requested review from P403n1x87 P403n1x87 is a code owner automatically assigned from DataDog/apm-python

@claponcet claponcet Awaiting requested review from claponcet claponcet is a code owner automatically assigned from DataDog/asm-java

@daniel-romano-DD daniel-romano-DD Awaiting requested review from daniel-romano-DD daniel-romano-DD is a code owner automatically assigned from DataDog/asm-java

@cataphract cataphract Awaiting requested review from cataphract cataphract is a code owner automatically assigned from DataDog/dd-trace-cpp

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bm1549 @dougqh @mabdinur @rachelyangdog @nccatoni