Merge remote-tracking branch 'origin' into dependabot/cargo/rdkafka-0…

….37.0

.github/ISSUE_TEMPLATE/minor-release.md

@@ -48,13 +48,17 @@ On the day of release:
   - [ ] `git push origin v0.<minor>.0`
 - [ ] Wait for release workflow to complete
   - Discoverable via [https://github.com/timberio/vector/actions/workflows/release.yml](https://github.com/timberio/vector/actions/workflows/release.yml)
+- [ ] Reset the `website` branch to the `HEAD` of the release branch to update https://vector.dev
+  - [ ] `git checkout website && git reset --hard origin/v0.<new version number> && git push`
+  - [ ] Confirm that the release changelog was published to https://vector.dev/releases/
+    - The deployment is done by Amplify. You can see
+      the [deployment logs here](https://dd-corpsite.datadoghq.com/logs?query=service%3Awebsites-vector%20branch%3Awebsite&agg_m=count&agg_m_source=base&agg_t=count&cols=host%2Cservice&fromUser=true&messageDisplay=inline&refresh_mode=sliding&storage=hot&stream_sort=time%2Casc&viz=stream).
 - [ ] Release Linux packages. See [`vector-release` usage](https://github.com/DataDog/vector-release#usage).
+  - [ ] Manually trigger the `trigger-package-release-pipeline-prod-stable` job.
 - [ ] Release updated Helm chart. See [releasing Helm chart](https://github.com/vectordotdev/helm-charts#releasing).
 - [ ] Once Helm chart is released, updated Vector manifests
     - Run `cargo vdev build manifests` and open a PR with changes
 - [ ] Add docker images to [https://github.com/DataDog/images](https://github.com/DataDog/images/tree/master/vector) to have them available internally.
 - [ ] Cherry-pick any release commits from the release branch that are not on `master`, to `master`
 - [ ] Bump the release number in the `Cargo.toml` on master to the next major release
-- [ ] Reset the `website` branch to the `HEAD` of the release branch to update https://vector.dev
-  - [ ] `git checkout website && git reset --hard origin/v0.<new version number> && git push`
 - [ ] Kick-off post-mortems for any regressions resolved by the release

.github/ISSUE_TEMPLATE/patch-release.md

@@ -39,6 +39,7 @@ On the day of release:
 - [ ] Wait for release workflow to complete
   - Discoverable via [https://github.com/timberio/vector/actions/workflows/release.yml](https://github.com/timberio/vector/actions/workflows/release.yml)
 - [ ] Release Linux packages. See [`vector-release` usage](https://github.com/DataDog/vector-release#usage).
+  - [ ] Manually trigger the `trigger-package-release-pipeline-prod-stable` job.
 - [ ] Push the release branch to update the remote (This should close the preparation branch PR).
   - `git checkout v0.<current minor version> && git push`
 - [ ] Release updated Helm chart. See [releasing Helm chart](https://github.com/vectordotdev/helm-charts#releasing).

.github/actions/spelling/allow.txt

@@ -474,3 +474,5 @@ zst
 zstandard
 otel
 otelcol
+siv
+onig

.github/dependabot.yml

@@ -3,8 +3,10 @@ updates:
   - package-ecosystem: "cargo"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
       time: "04:00" # UTC
+    allow:
+      - dependency-type: "all"
     labels:
       - "domain: deps"
       - "no-changelog"
@@ -84,7 +86,7 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     labels:
       - "domain: ci"
       - "no-changelog"

.github/workflows/custom_builds.yml

@@ -1,7 +1,7 @@
 name: Custom Builds
 
 permissions:
-  contents: read
+  contents: write
   packages: write
 
 on:

.github/workflows/install-sh.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       - name: (PR comment) Get PR branch
         if: ${{ github.event_name == 'issue_comment' }}
-        uses: xt0rted/pull-request-comment-branch@v2
+        uses: xt0rted/pull-request-comment-branch@v3
         id: comment-branch
 
       - name: (PR comment) Set latest commit status as pending

.github/workflows/integration-test.yml

@@ -36,7 +36,7 @@ jobs:
     steps:
       - name: (PR comment) Get PR branch
         if: ${{ github.event_name == 'issue_comment' }}
-        uses: xt0rted/pull-request-comment-branch@v2
+        uses: xt0rted/pull-request-comment-branch@v3
         id: comment-branch
 
       - name: (PR comment) Checkout PR branch

.github/workflows/integration.yml

@@ -71,7 +71,6 @@ jobs:
             || needs.changes.outputs.fluent == 'true'
             || needs.changes.outputs.gcp == 'true'
             || needs.changes.outputs.greptimedb == 'true'
-            || needs.changes.outputs.humio == 'true'
             || needs.changes.outputs.http-client == 'true'
             || needs.changes.outputs.influxdb == 'true'
             || needs.changes.outputs.kafka == 'true'
@@ -298,15 +297,17 @@ jobs:
           max_attempts: 3
           command: bash scripts/ci-int-e2e-test.sh int  greptimedb
 
-      - run: docker image prune -af --filter=label!=vector-test-runner=true ; docker container prune -f
-
-      - if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.humio == 'true' }}
-        name: humio
-        uses: nick-fields/retry@v3
-        with:
-          timeout_minutes: 30
-          max_attempts: 3
-          command: bash scripts/ci-int-e2e-test.sh int  humio
+      # temporarily disabled because the image was archived and the new image
+      # (humio/humio-single-node-demo) wants a license key
+      #- run: docker image prune -af --filter=label!=vector-test-runner=true ; docker container prune -f
+      #
+      #- if: ${{ github.event_name == 'merge_group' || needs.changes.outputs.all-int == 'true' || needs.changes.outputs.humio == 'true' }}
+        #name: humio
+        #uses: nick-fields/retry@v3
+        #with:
+          #timeout_minutes: 30
+          #max_attempts: 3
+          #command: bash scripts/ci-int-e2e-test.sh int  humio
 
       - run: docker image prune -af --filter=label!=vector-test-runner=true ; docker container prune -f
 

.github/workflows/k8s_e2e.yml

@@ -193,7 +193,7 @@ jobs:
     steps:
       - name: (PR review) Get PR branch
         if: ${{ github.event_name == 'pull_request_review' }}
-        uses: xt0rted/pull-request-comment-branch@v2
+        uses: xt0rted/pull-request-comment-branch@v3
         id: comment-branch
 
       - name: (PR review) Checkout PR branch
@@ -247,7 +247,7 @@ jobs:
     steps:
       - name: (PR review) Get PR branch
         if: github.event_name == 'pull_request_review' && env.FAILED != 'true'
-        uses: xt0rted/pull-request-comment-branch@v2
+        uses: xt0rted/pull-request-comment-branch@v3
         id: comment-branch
 
       - name: (PR review) Submit PR result as success

.github/workflows/nightly.yml

@@ -1,13 +1,13 @@
 name: Nightly
 
 permissions:
-  contents: read
+  contents: write
   packages: write
 
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 5 * * *"  # Runs at 5:00 AM UTC
+    - cron: "0 5 * * 2-6"  # Runs at 5:00 AM UTC, Tuesday through Saturday
 
 jobs:
   Nightly:

.github/workflows/publish.yml

@@ -1,7 +1,7 @@
 name: Publish
 
 permissions:
-  contents: read
+  contents: write
   packages: write
 
 on:

.github/workflows/regression.yml

@@ -6,7 +6,7 @@
 #
 # The workflow accepts two optional inputs:
 #   - The baseline SHA:
-#     - If not specified, the SHA from 24 hours ago on origin/master is used.
+#     - If not specified, the SHA from 7 days ago on origin/master is used.
 #   - The comparison SHA:
 #     - If not specified, the current HEAD of origin/master is used.
 #
@@ -26,17 +26,18 @@ on:
   workflow_dispatch:
     inputs:
       baseline-sha:
-        description: "The SHA to use as the baseline (optional). If not provided, it defaults to the SHA from 24 hours ago."
+        description: "The SHA to use as the baseline (optional). If not provided, it defaults to the SHA from 7 days ago."
         required: false
       comparison-sha:
         description: "The SHA to use for comparison (optional). If not provided, it defaults to the current HEAD of the origin/master branch."
         required: false
   schedule:
-    - cron: '0 6 * * 1-5' # Runs at 6 AM UTC on weekdays (Monday to Friday)
+    - cron: '0 7 * * 1' # Runs at 7 AM UTC on Mondays
 
 env:
   SINGLE_MACHINE_PERFORMANCE_API: ${{ secrets.SINGLE_MACHINE_PERFORMANCE_API }}
   SMP_WARMUP_SECONDS: 70 # default is 45 seconds
+  SMP_REPLICAS: 100 # default is 10
 
 jobs:
 
@@ -59,8 +60,8 @@ jobs:
         run: |
           # Set baseline SHA
           if [ -z "${{ github.event.inputs.baseline-sha }}" ]; then
-            BASELINE_SHA=$(git rev-list -n 1 --before="24 hours ago" origin/master)
-            echo "Using baseline SHA from 24 hours ago: ${BASELINE_SHA}"
+            BASELINE_SHA=$(git rev-list -n 1 --before="7 days ago" origin/master)
+            echo "Using baseline SHA from 7 days ago: ${BASELINE_SHA}"
           else
             BASELINE_SHA="${{ github.event.inputs.baseline-sha }}"
             echo "Using provided baseline SHA: ${BASELINE_SHA}"
@@ -104,7 +105,7 @@ jobs:
       - name: Set SMP version
         id: experimental-meta
         run: |
-          export SMP_CRATE_VERSION="0.16.1"
+          export SMP_CRATE_VERSION="0.19.3"
           echo "smp crate version: ${SMP_CRATE_VERSION}"
           echo "SMP_CRATE_VERSION=${SMP_CRATE_VERSION}" >> $GITHUB_OUTPUT
 
@@ -405,7 +406,8 @@ jobs:
             --comparison-sha ${{ needs.resolve-inputs.outputs.comparison-sha }} \
             --target-config-dir ${{ github.workspace }}/regression/ \
             --warmup-seconds ${{ env.SMP_WARMUP_SECONDS }} \
-            --submission-metadata ${{ runner.temp }}/submission-metadata
+            --submission-metadata ${{ runner.temp }}/submission-metadata \
+            --replicas ${{ env.SMP_REPLICAS }}
 
       - uses: actions/upload-artifact@v4
         with:

.github/workflows/release.yml

@@ -1,7 +1,7 @@
 name: Release Suite
 
 permissions:
-  contents: read
+  contents: write
   packages: write
 
 on:

.github/workflows/scorecard.yml

@@ -0,0 +1,73 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '0 6 * * 1' # 6 AM UTC every Monday
+  push:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/[email protected]
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@v4
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard (optional).
+      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.github/workflows/semantic.yml

@@ -207,6 +207,8 @@ jobs:
             gcp_pubsub sink
             gcp_stackdriver_logs sink
             gcp_stackdriver_metrics sink
+            greptimedb_metrics sink
+            greptimedb_logs sink
             honeycomb sink
             http sink
             humio_logs sink