diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 927a0ae123e..5eab8d039ba 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -6,7 +6,7 @@ on: workflow_dispatch: env: - DEFAULT_GO_VERSION: "1.21" + DEFAULT_GO_VERSION: "~1.21.3" jobs: benchmark: name: Benchmarks diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b74158d4be0..eb8c715f642 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ env: # backwards compatibility with the previous two minor releases and we # explicitly test our code for these versions so keeping this at prior # versions does not add value. - DEFAULT_GO_VERSION: "1.21" + DEFAULT_GO_VERSION: "~1.21.3" jobs: lint: runs-on: ubuntu-latest @@ -106,7 +106,7 @@ jobs: compatibility-test: strategy: matrix: - go-version: ["1.21", "1.20"] + go-version: ["~1.21.3", "~1.20.10"] os: [ubuntu-latest, macos-latest, windows-latest] # GitHub Actions does not support arm* architectures on default # runners. It is possible to accomplish this with a self-hosted runner diff --git a/.github/workflows/create-dependabot-pr.yml b/.github/workflows/create-dependabot-pr.yml index 12af146fa52..3d47df56ab1 100644 --- a/.github/workflows/create-dependabot-pr.yml +++ b/.github/workflows/create-dependabot-pr.yml @@ -10,7 +10,7 @@ jobs: - name: Install Go uses: actions/setup-go@v4 with: - go-version: "1.21" + go-version: "~1.21.3" check-latest: true cache-dependency-path: "**/go.sum" diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index d5a92565362..c74d60f1638 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -13,7 +13,7 @@ jobs: ref: ${{ github.head_ref }} - uses: actions/setup-go@v4 with: - go-version: "1.21" + go-version: "~1.21.3" check-latest: true cache-dependency-path: "**/go.sum" - uses: evantorrie/mott-the-tidier@v1-beta diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml deleted file mode 100644 index 2747e0afa59..00000000000 --- a/.github/workflows/gosec.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Run Gosec -on: - workflow_dispatch: - schedule: - # ┌───────────── minute (0 - 59) - # │ ┌───────────── hour (0 - 23) - # │ │ ┌───────────── day of the month (1 - 31) - # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC) - # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT) - # │ │ │ │ │ - # │ │ │ │ │ - # │ │ │ │ │ - # * * * * * - - cron: '30 2 * * *' -jobs: - tests: - runs-on: ubuntu-latest - env: - GO111MODULE: on - steps: - - name: Checkout Source - uses: actions/checkout@v4 - - name: Run Gosec Security Scanner - uses: securego/gosec@master - with: - args: ./... - diff --git a/.golangci.yml b/.golangci.yml index 7121593d5d2..a62511f382e 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -14,6 +14,7 @@ linters: - godot - gofumpt - goimports + - gosec - gosimple - govet - ineffassign @@ -53,6 +54,20 @@ issues: text: "calls to (.+) only in main[(][)] or init[(][)] functions" linters: - revive + # It's okay to not run gosec in a test. + - path: _test\.go + linters: + - gosec + # Igonoring gosec G404: Use of weak random number generator (math/rand instead of crypto/rand) + # as we commonly use it in tests and examples. + - text: "G404:" + linters: + - gosec + # Igonoring gosec G402: TLS MinVersion too low + # as the https://pkg.go.dev/crypto/tls#Config handles MinVersion default well. + - text: "G402: TLS MinVersion too low." + linters: + - gosec include: # revive exported should have comment or be unexported. - EXC0012 diff --git a/CHANGELOG.md b/CHANGELOG.md index 1acc260e3d5..2bb7a96733e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm - Add scope version to trace and metric bridges in `go.opentelemetry.io/otel/bridge/opencensus`. (#4584) - Add the `go.opentelemetry.io/otel/trace/embedded` package to be embedded in the exported trace API interfaces. (#4620) - Add the `go.opentelemetry.io/otel/trace/noop` package as a default no-op implementation of the trace API. (#4620) +- Add context propagation in `go.opentelemetry.io/otel/example/dice`. (#4644) ### Deprecated diff --git a/example/dice/otel.go b/example/dice/otel.go index 8612352d959..9c4f9fe8c42 100644 --- a/example/dice/otel.go +++ b/example/dice/otel.go @@ -22,6 +22,7 @@ import ( "go.opentelemetry.io/otel" "go.opentelemetry.io/otel/exporters/stdout/stdoutmetric" "go.opentelemetry.io/otel/exporters/stdout/stdouttrace" + "go.opentelemetry.io/otel/propagation" "go.opentelemetry.io/otel/sdk/metric" "go.opentelemetry.io/otel/sdk/resource" "go.opentelemetry.io/otel/sdk/trace" @@ -50,14 +51,18 @@ func setupOTelSDK(ctx context.Context, serviceName, serviceVersion string) (shut err = errors.Join(inErr, shutdown(ctx)) } - // Setup resource. + // Set up resource. res, err := newResource(serviceName, serviceVersion) if err != nil { handleErr(err) return } - // Setup trace provider. + // Set up propagator. + prop := newPropagator() + otel.SetTextMapPropagator(prop) + + // Set up trace provider. tracerProvider, err := newTraceProvider(res) if err != nil { handleErr(err) @@ -66,7 +71,7 @@ func setupOTelSDK(ctx context.Context, serviceName, serviceVersion string) (shut shutdownFuncs = append(shutdownFuncs, tracerProvider.Shutdown) otel.SetTracerProvider(tracerProvider) - // Setup meter provider. + // Set up meter provider. meterProvider, err := newMeterProvider(res) if err != nil { handleErr(err) @@ -86,6 +91,13 @@ func newResource(serviceName, serviceVersion string) (*resource.Resource, error) )) } +func newPropagator() propagation.TextMapPropagator { + return propagation.NewCompositeTextMapPropagator( + propagation.TraceContext{}, + propagation.Baggage{}, + ) +} + func newTraceProvider(res *resource.Resource) (*trace.TracerProvider, error) { traceExporter, err := stdouttrace.New( stdouttrace.WithPrettyPrint()) diff --git a/example/prometheus/main.go b/example/prometheus/main.go index 3c7e4db7976..fee550de6d0 100644 --- a/example/prometheus/main.go +++ b/example/prometheus/main.go @@ -91,7 +91,7 @@ func main() { func serveMetrics() { log.Printf("serving metrics at localhost:2223/metrics") http.Handle("/metrics", promhttp.Handler()) - err := http.ListenAndServe(":2223", nil) + err := http.ListenAndServe(":2223", nil) //nolint:gosec // Ignoring G114: Use of net/http serve function that has no support for setting timeouts. if err != nil { fmt.Printf("error serving http: %v", err) return diff --git a/example/view/main.go b/example/view/main.go index 712e325301e..876457052b9 100644 --- a/example/view/main.go +++ b/example/view/main.go @@ -90,7 +90,7 @@ func main() { func serveMetrics() { log.Printf("serving metrics at localhost:2222/metrics") http.Handle("/metrics", promhttp.Handler()) - err := http.ListenAndServe(":2222", nil) + err := http.ListenAndServe(":2222", nil) //nolint:gosec // Ignoring G114: Use of net/http serve function that has no support for setting timeouts. if err != nil { fmt.Printf("error serving http: %v", err) return diff --git a/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/otest/collector.go b/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/otest/collector.go index f5eb0a4af9c..c96ca1fda6e 100644 --- a/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/otest/collector.go +++ b/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/otest/collector.go @@ -242,7 +242,11 @@ func NewHTTPCollector(endpoint string, resultCh <-chan ExportResult) (*HTTPColle mux := http.NewServeMux() mux.Handle(u.Path, http.HandlerFunc(c.handler)) - c.srv = &http.Server{Handler: mux} + c.srv = &http.Server{ + Handler: mux, + ReadTimeout: 10 * time.Second, + WriteTimeout: 10 * time.Second, + } if u.Scheme == "https" { cert, err := weakCertificate() if err != nil { diff --git a/exporters/otlp/otlpmetric/otlpmetrichttp/internal/otest/collector.go b/exporters/otlp/otlpmetric/otlpmetrichttp/internal/otest/collector.go index 0b6b9387167..503eba65bea 100644 --- a/exporters/otlp/otlpmetric/otlpmetrichttp/internal/otest/collector.go +++ b/exporters/otlp/otlpmetric/otlpmetrichttp/internal/otest/collector.go @@ -242,7 +242,11 @@ func NewHTTPCollector(endpoint string, resultCh <-chan ExportResult) (*HTTPColle mux := http.NewServeMux() mux.Handle(u.Path, http.HandlerFunc(c.handler)) - c.srv = &http.Server{Handler: mux} + c.srv = &http.Server{ + Handler: mux, + ReadTimeout: 10 * time.Second, + WriteTimeout: 10 * time.Second, + } if u.Scheme == "https" { cert, err := weakCertificate() if err != nil { diff --git a/exporters/otlp/otlptrace/otlptracehttp/mock_collector_test.go b/exporters/otlp/otlptrace/otlptracehttp/mock_collector_test.go index 919a15fa4df..2b87215d183 100644 --- a/exporters/otlp/otlptrace/otlptracehttp/mock_collector_test.go +++ b/exporters/otlp/otlptrace/otlptracehttp/mock_collector_test.go @@ -25,6 +25,7 @@ import ( "net/http" "sync" "testing" + "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -241,7 +242,9 @@ func runMockCollector(t *testing.T, cfg mockCollectorConfig) *mockCollector { mux := http.NewServeMux() mux.Handle(cfg.TracesURLPath, http.HandlerFunc(m.serveTraces)) server := &http.Server{ - Handler: mux, + Handler: mux, + ReadTimeout: 10 * time.Second, + WriteTimeout: 10 * time.Second, } if cfg.WithTLS { pem, err := generateWeakCertificate() diff --git a/exporters/zipkin/zipkin_test.go b/exporters/zipkin/zipkin_test.go index cc90b5f789d..ad720a042b2 100644 --- a/exporters/zipkin/zipkin_test.go +++ b/exporters/zipkin/zipkin_test.go @@ -120,7 +120,9 @@ func startMockZipkinCollector(t *testing.T) *mockZipkinCollector { require.NoError(t, err) collector.url = fmt.Sprintf("http://%s", listener.Addr().String()) server := &http.Server{ - Handler: http.HandlerFunc(collector.handler), + Handler: http.HandlerFunc(collector.handler), + ReadTimeout: 10 * time.Second, + WriteTimeout: 10 * time.Second, } collector.server = server wg := &sync.WaitGroup{} diff --git a/internal/shared/otlp/otlpmetric/otest/collector.go.tmpl b/internal/shared/otlp/otlpmetric/otest/collector.go.tmpl index 31fc32224b9..1adf55807a5 100644 --- a/internal/shared/otlp/otlpmetric/otest/collector.go.tmpl +++ b/internal/shared/otlp/otlpmetric/otest/collector.go.tmpl @@ -242,7 +242,11 @@ func NewHTTPCollector(endpoint string, resultCh <-chan ExportResult) (*HTTPColle mux := http.NewServeMux() mux.Handle(u.Path, http.HandlerFunc(c.handler)) - c.srv = &http.Server{Handler: mux} + c.srv = &http.Server{ + Handler: mux, + ReadTimeout: 10 * time.Second, + WriteTimeout: 10 * time.Second, + } if u.Scheme == "https" { cert, err := weakCertificate() if err != nil { diff --git a/sdk/resource/env.go b/sdk/resource/env.go index 606d5500f26..7e49ed58116 100644 --- a/sdk/resource/env.go +++ b/sdk/resource/env.go @@ -28,7 +28,7 @@ import ( const ( // resourceAttrKey is the environment variable name OpenTelemetry Resource information will be read from. - resourceAttrKey = "OTEL_RESOURCE_ATTRIBUTES" + resourceAttrKey = "OTEL_RESOURCE_ATTRIBUTES" //nolint:gosec // False positive G101: Potential hardcoded credentials // svcNameKey is the environment variable name that Service Name information will be read from. svcNameKey = "OTEL_SERVICE_NAME"