GitHub action sync (#7150)

.github/scripts/draft-change-log-entries.sh

@@ -43,5 +43,9 @@ echo
 echo "### 🧰 Tooling"
 echo
 
-git log --reverse --pretty=format:"- %s" "$range" \
+git log --reverse \
+        --perl-regexp \
+        --author='^(?!dependabot\[bot\] )' \
+        --pretty=format:"- %s" \
+        "$range" \
   | sed -E 's,\(#([0-9]+)\)$,\n  ([#\1](https://github.com/open-telemetry/opentelemetry-java-instrumentation/pull/\1)),'

.github/scripts/find-instrumentation-with-upper-version-limits.sh

@@ -1,4 +1,9 @@
 {
+  "retryOn429" : true,
+  "aliveStatusCodes" : [
+    200,
+    403
+  ],
   "ignorePatterns" : [
     {
       "pattern" : "https://github.com/open-telemetry/opentelemetry-java-instrumentation/network/updates"
@@ -6,10 +11,5 @@
     {
       "pattern" : "^https://kotlinlang\\.org/docs/coroutines-overview\\.html$"
     }
-  ],
-  "retryOn429" : true,
-  "aliveStatusCodes" : [
-    200,
-    403
   ]
 }

.github/scripts/merge-change-log-after-release.sh

@@ -0,0 +1,44 @@
+#!/bin/bash -e
+
+# this script merges release notes for $VERSION into CHANGELOG.md
+# the release date for $VERSION should be available in $RELEASE_DATE
+# and the release notes for $VERSION should be available in /tmp/changelog-section.md
+
+if [[ $VERSION == *.0 ]]; then
+  # this was not a patch release, so the version exists already in the CHANGELOG.md
+
+  # update the release date
+  sed -Ei "s/## Version $VERSION .*/## Version $VERSION ($RELEASE_DATE)/" CHANGELOG.md
+
+  # the entries are copied over from the release branch to support workflows
+  # where change log entries may be updated after preparing the release branch
+
+  {
+    # copy the portion above the release, up to and including the heading
+    sed -n "0,/^## Version $VERSION /p" CHANGELOG.md
+    # copy the release notes for $VERSION
+    cat /tmp/changelog-section.md
+    # copy the portion below the release
+    sed -n "0,/^## Version $VERSION /d;0,/^## Version /{/^## Version/!d};p" CHANGELOG.md
+  } > /tmp/CHANGELOG.md
+
+  # update the real CHANGELOG.md
+  cp /tmp/CHANGELOG.md CHANGELOG.md
+
+else
+  # this was a patch release, so the version does not exist already in the CHANGELOG.md
+
+  {
+    # copy the portion above the top-most release, not including the heading
+    sed -n "0,/^## Version /{ /^## Version /!p }" CHANGELOG.md
+    # add the heading
+    echo "## Version $VERSION ($RELEASE_DATE)"
+    # copy the release notes for $VERSION
+    cat /tmp/changelog-section.md
+    # copy the portion starting from the top-most release
+    sed -n "/^## Version /,\$p" CHANGELOG.md
+  } > /tmp/CHANGELOG.md
+
+  # update the real CHANGELOG.md
+  cp /tmp/CHANGELOG.md CHANGELOG.md
+fi

.github/workflows/backport.yml

@@ -28,16 +28,16 @@ jobs:
         env:
           NUMBER: ${{ github.event.inputs.number }}
           # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           commit=$(gh pr view $NUMBER --json mergeCommit --jq .mergeCommit.oid)
           title=$(gh pr view $NUMBER --json title --jq .title)
 
           branch="opentelemetrybot/backport-${NUMBER}-to-${GITHUB_REF_NAME//\//-}"
 
+          git checkout -b $branch
           git cherry-pick $commit
-          git push origin HEAD:$branch
+          git push --set-upstream origin $branch
           gh pr create --title "[$GITHUB_REF_NAME] $title" \
                        --body "Clean cherry-pick of #$NUMBER to the \`$GITHUB_REF_NAME\` branch." \
-                       --head $branch \
                        --base $GITHUB_REF_NAME

.github/workflows/build-pull-request.yml

@@ -24,7 +24,7 @@ jobs:
     # release branch PRs are excluded
     # because any time a new library version is released to maven central it can fail
     # which requires unnecessary release branch maintenance, especially for patches
-    if: ${{ !startsWith(github.base_ref, 'release/') }}
+    if: "!startsWith(github.base_ref, 'release/')"
     uses: ./.github/workflows/reusable-muzzle.yml
     with:
       cache-read-only: true
@@ -32,7 +32,7 @@ jobs:
   # this is not a required check to avoid blocking pull requests if new shell checks are added
   shell-script-check:
     # release branches are excluded to avoid unnecessary maintenance if new shell checks are added
-    if: ${{ !startsWith(github.ref_name, 'release/') }}
+    if: "!startsWith(github.ref_name, 'release/')"
     uses: ./.github/workflows/reusable-shell-script-check.yml
 
   # this is not a required check to avoid blocking pull requests if external links break
@@ -40,14 +40,14 @@ jobs:
     # release branches are excluded to avoid unnecessary maintenance if external links break
     # (and also because the README.md javaagent download link has to be updated on release branches
     #  before the release download has been published)
-    if: ${{ !startsWith(github.ref_name, 'release/') }}
+    if: "!startsWith(github.ref_name, 'release/')"
     uses: ./.github/workflows/reusable-markdown-link-check.yml
 
   # this is not a required check to avoid blocking pull requests if new misspellings are added
   # to the misspell dictionary
   misspell-check:
     # release branches are excluded to avoid unnecessary maintenance
-    if: ${{ !startsWith(github.ref_name, 'release/') }}
+    if: "!startsWith(github.ref_name, 'release/')"
     uses: ./.github/workflows/reusable-misspell-check.yml
 
   required-status-check:
@@ -63,7 +63,7 @@ jobs:
     runs-on: ubuntu-latest
     if: always()
     steps:
-      - if: |
+      - if: >
           needs.common.result != 'success' ||
           (!startsWith(github.base_ref, 'release/') && needs.muzzle.result != 'success')
         run: exit 1

.github/workflows/build.yml

@@ -19,7 +19,7 @@ jobs:
     # release branches are excluded
     # because any time a new library version is released to maven central it can fail
     # which requires unnecessary release branch maintenance, especially for patches
-    if: ${{ !startsWith(github.ref_name, 'release/') }}
+    if: "!startsWith(github.ref_name, 'release/')"
     uses: ./.github/workflows/reusable-test-latest-deps.yml
     secrets:
       GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
@@ -30,25 +30,25 @@ jobs:
     # release branches are excluded
     # because any time a new library version is released to maven central it can fail
     # which requires unnecessary release branch maintenance, especially for patches
-    if: ${{ !startsWith(github.ref_name, 'release/') }}
+    if: "!startsWith(github.ref_name, 'release/')"
     uses: ./.github/workflows/reusable-muzzle.yml
 
   shell-script-check:
     # release branches are excluded to avoid unnecessary maintenance if new shell checks are added
-    if: ${{ !startsWith(github.ref_name, 'release/') }}
+    if: "!startsWith(github.ref_name, 'release/')"
     uses: ./.github/workflows/reusable-shell-script-check.yml
 
   markdown-link-check:
     # release branches are excluded to avoid unnecessary maintenance if external links break
     # (and also because the README.md javaagent download link has to be updated on release branches
     #  before the release download has been published)
-    if: ${{ !startsWith(github.ref_name, 'release/') }}
+    if: "!startsWith(github.ref_name, 'release/')"
     uses: ./.github/workflows/reusable-markdown-link-check.yml
 
   misspell-check:
     # release branches are excluded to avoid unnecessary maintenance if new misspellings are added
     # to the misspell dictionary
-    if: ${{ !startsWith(github.ref_name, 'release/') }}
+    if: "!startsWith(github.ref_name, 'release/')"
     uses: ./.github/workflows/reusable-misspell-check.yml
 
   publish-snapshots:
@@ -58,7 +58,7 @@ jobs:
       - common
     runs-on: ubuntu-latest
     # skipping release branches because the versions in those branches are not snapshots
-    if: ${{ github.ref_name == 'main' && github.repository == 'open-telemetry/opentelemetry-java-instrumentation' }}
+    if: github.ref_name == 'main' && github.repository == 'open-telemetry/opentelemetry-java-instrumentation'
     steps:
       - uses: actions/checkout@v3
 

.github/workflows/codeql-daily.yml

@@ -33,6 +33,7 @@ jobs:
 
   open-issue-on-failure:
     # open an issue on failure because it can be easy to miss CI failure notifications
-    needs: analyze
+    needs:
+      - analyze
     if: failure()
     uses: ./.github/workflows/reusable-open-issue-on-failure.yml

.github/workflows/overhead-benchmark-daily.yml

@@ -46,6 +46,7 @@ jobs:
           committer_email: 107717825+opentelemetrybot@users.noreply.github.com
 
   open-issue-on-failure:
-    needs: run-overhead-tests
+    needs:
+      - run-overhead-tests
     if: failure()
     uses: ./.github/workflows/reusable-open-issue-on-failure.yml

.github/workflows/prepare-patch-release.yml

@@ -49,14 +49,14 @@ jobs:
       - name: Create pull request
         env:
           # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           message="Prepare release $VERSION"
           branch="opentelemetrybot/prepare-release-${VERSION}"
 
+          git checkout -b $branch
           git commit -a -m "$message"
-          git push origin HEAD:$branch
+          git push --set-upstream origin $branch
           gh pr create --title "[$GITHUB_REF_NAME] $message" \
                        --body "$message." \
-                       --head $branch \
                        --base $GITHUB_REF_NAME

.github/workflows/prepare-release-branch.yml

@@ -8,7 +8,8 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - run: |
+      - name: Verify prerequisites
+        run: |
           if [[ $GITHUB_REF_NAME != main ]]; then
             echo this workflow should only be run against main
             exit 1
@@ -21,7 +22,8 @@ jobs:
 
   create-pull-request-against-release-branch:
     runs-on: ubuntu-latest
-    needs: prereqs
+    needs:
+      - prereqs
     steps:
       - uses: actions/checkout@v3
 
@@ -59,21 +61,22 @@ jobs:
       - name: Create pull request against the release branch
         env:
           # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           message="Prepare release $VERSION"
           branch="opentelemetrybot/prepare-release-${VERSION}"
 
+          git checkout -b $branch
           git commit -a -m "$message"
-          git push origin HEAD:$branch
+          git push --set-upstream origin $branch
           gh pr create --title "[$RELEASE_BRANCH_NAME] $message" \
                        --body "$message." \
-                       --head $branch \
                        --base $RELEASE_BRANCH_NAME
 
   create-pull-request-against-main:
     runs-on: ubuntu-latest
-    needs: prereqs
+    needs:
+      - prereqs
     steps:
       - uses: actions/checkout@v3
 
@@ -107,15 +110,15 @@ jobs:
       - name: Create pull request against main
         env:
           # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           message="Update version to $NEXT_VERSION"
           body="Update version to \`$NEXT_VERSION\`."
           branch="opentelemetrybot/update-version-to-${NEXT_VERSION}"
 
+          git checkout -b $branch
           git commit -a -m "$message"
-          git push origin HEAD:$branch
+          git push --set-upstream origin $branch
           gh pr create --title "$message" \
                        --body "$body" \
-                       --head $branch \
                        --base main

.github/workflows/publish-smoke-test-grpc-images.yml

@@ -17,6 +17,7 @@ jobs:
       publish: true
 
   open-issue-on-failure:
-    needs: publish
+    needs:
+      - publish
     if: failure()
     uses: ./.github/workflows/reusable-open-issue-on-failure.yml

.github/workflows/publish-smoke-test-quarkus-images.yml

@@ -19,6 +19,7 @@ jobs:
       skip-java-8: true
 
   open-issue-on-failure:
-    needs: publish
+    needs:
+      - publish
     if: failure()
     uses: ./.github/workflows/reusable-open-issue-on-failure.yml

.github/workflows/publish-smoke-test-servlet-images.yml

@@ -70,6 +70,7 @@ jobs:
         run: ./gradlew :smoke-tests:images:servlet:buildWindowsTestImages pushMatrix -PextraTag=${{ env.TAG }} -PsmokeTestServer=${{ matrix.smoke-test-server }}
 
   open-issue-on-failure:
-    needs: publish
+    needs:
+      - publish
     if: failure()
     uses: ./.github/workflows/reusable-open-issue-on-failure.yml

.github/workflows/publish-smoke-test-spring-boot-images.yml

@@ -17,6 +17,7 @@ jobs:
       publish: true
 
   open-issue-on-failure:
-    needs: publish
+    needs:
+      - publish
     if: failure()
     uses: ./.github/workflows/reusable-open-issue-on-failure.yml

.github/workflows/release.yml

@@ -4,7 +4,7 @@ on:
 
 jobs:
   required-jobs:
-    uses: ./.github/workflows/reusable-spotless.yml
+    uses: ./.github/workflows/build-common.yml
 
   # test-latest-deps is intentionally not included in the release workflows
   # because any time a new library version is released to maven central
@@ -16,11 +16,11 @@ jobs:
   # and this is not a reason to hold up the release
 
   release:
+    runs-on: ubuntu-latest
     needs:
       - required-jobs
     outputs:
       version: ${{ steps.create-github-release.outputs.version }}
-    runs-on: ubuntu-latest
     steps:
       - run: |
           if [[ $GITHUB_REF_NAME != release/* ]]; then
@@ -61,7 +61,8 @@ jobs:
         with:
           ref: main
 
-      - run: |
+      - name: Check that change log update was merged to main
+        run: |
           if [[ $VERSION == *.0 ]]; then
             # not making a patch release
             if ! grep --quiet "^## Version $VERSION " CHANGELOG.md; then
@@ -107,14 +108,14 @@ jobs:
 
       - name: Generate release notes
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           # conditional blocks not indented because of the heredoc
           if [[ $VERSION == *.0 ]]; then
           cat > /tmp/release-notes.txt << EOF
           This release targets the OpenTelemetry SDK $VERSION.
 
-          Note that all artifacts other than \`io.opentelemetry.javaagent:opentelemetry-javaagent\` have the \`-alpha\` suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the [VERSIONING.md](https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/VERSIONING.md#opentelemetry-java-instrumentation-versioning) for more details.
+          Note that many artifacts have the \`-alpha\` suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the [VERSIONING.md](https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/VERSIONING.md#opentelemetry-java-instrumentation-versioning) for more details.
 
           EOF
           else
@@ -149,7 +150,7 @@ jobs:
       - id: create-github-release
         name: Create GitHub release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           cp javaagent/build/libs/opentelemetry-javaagent-${VERSION}.jar opentelemetry-javaagent.jar
           gh release create --target $GITHUB_REF_NAME \
@@ -161,81 +162,60 @@ jobs:
 
           echo "::set-output name=version::$VERSION"
 
+  merge-change-log-to-main:
+    runs-on: ubuntu-latest
+    needs:
+      - release
+    steps:
       - uses: actions/checkout@v3
-        with:
-          # the step below is creating a pull request against main
-          ref: main
 
-      - name: Copy change log updates to main
+      - name: Copy change log section from release branch
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ needs.release.outputs.version }}
         run: |
-          if [[ $VERSION == *.0 ]]; then
-            # this was not a patch release, so the version exists already in the CHANGELOG.md
-
-            # update the release date
-            date=$(gh release view v$VERSION --json publishedAt --jq .publishedAt | sed 's/T.*//')
-            sed -Ei "s/## Version $VERSION .*/## Version $VERSION ($date)/" CHANGELOG.md
-
-            # the entries are copied over from the release branch to support workflows
-            # where change log entries may be updated after preparing the release branch
-
-            # copy the portion above the release, up to and including the heading
-            sed -n "0,/^## Version $VERSION ($date)/p" CHANGELOG.md > /tmp/CHANGELOG.md
-
-            # copy the release notes
-            cat /tmp/CHANGELOG_SECTION.md >> /tmp/CHANGELOG.md
-
-            # copy the portion below the release
-            sed -n "0,/^## Version $VERSION /d;0,/^## Version /{/^## Version/!d};p" CHANGELOG.md \
-              >> /tmp/CHANGELOG.md
-
-            # update the real CHANGELOG.md
-            cp /tmp/CHANGELOG.md CHANGELOG.md
-          else
-            # this was a patch release, so the version does not exist already in the CHANGELOG.md
-
-            # copy the portion above the top-most release, not including the heading
-            sed -n "0,/^## Version /{ /^## Version /!p }" CHANGELOG.md > /tmp/CHANGELOG.md
-
-            # add the heading
-            date=$(gh release view v$VERSION --json publishedAt --jq .publishedAt | sed 's/T.*//')
-            echo "## Version $VERSION ($date)" >> /tmp/CHANGELOG.md
-
-            # copy the release notes
-            cat /tmp/CHANGELOG_SECTION.md >> /tmp/CHANGELOG.md
+          sed -n "0,/^## Version $VERSION /d;/^## Version /q;p" CHANGELOG.md \
+            > /tmp/changelog-section.md
 
-            # copy the portion starting from the top-most release
-            sed -n "/^## Version /,\$p" CHANGELOG.md >> /tmp/CHANGELOG.md
+      - uses: actions/checkout@v3
+        with:
+          ref: main
 
-            # update the real CHANGELOG.md
-            cp /tmp/CHANGELOG.md CHANGELOG.md
-          fi
+      - name: Merge change log to main
+        env:
+          VERSION: ${{ needs.release.outputs.version }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          release_date=$(gh release view v$VERSION --json publishedAt --jq .publishedAt | sed 's/T.*//')
+          RELEASE_DATE=$release_date .github/scripts/merge-change-log-after-release.sh
 
       - name: Use CLA approved github bot
         run: .github/scripts/use-cla-approved-github-bot.sh
 
       - name: Create pull request against main
         env:
+          VERSION: ${{ needs.release.outputs.version }}
           # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
-          message="Copy change log updates from $GITHUB_REF_NAME"
-          body="Copy log updates from \`$GITHUB_REF_NAME\`."
-          branch="opentelemetrybot/copy-change-log-updates-from-${GITHUB_REF_NAME//\//-}"
-
-          if [[ $VERSION == *.0 ]]; then
-            if git diff --quiet; then
-              echo there are no updates needed to the change log on main, not creating pull request
+          if git diff --quiet; then
+            if [[ $VERSION == *.0 ]]; then
+              echo there are no updates to merge, not creating pull request
               exit 0 # success
+            else
+              echo patch release notes did not get applied for some reason
+              exit 1 # failure
             fi
           fi
 
+          message="Merge change log updates from $GITHUB_REF_NAME"
+          body="Merge log updates from \`$GITHUB_REF_NAME\`."
+          branch="opentelemetrybot/merge-change-log-updates-from-${GITHUB_REF_NAME//\//-}"
+
+          git checkout -b $branch
           git commit -a -m "$message"
-          git push origin HEAD:$branch
+          git push --set-upstream origin $branch
           gh pr create --title "$message" \
                        --body "$body" \
-                       --head $branch \
                        --base main
 
   create-operator-pull-request:

.github/workflows/reusable-create-operator-pull-request.yml

@@ -20,20 +20,24 @@ jobs:
   create-operator-pull-request:
     runs-on: ubuntu-latest
     steps:
+      - name: Sync opentelemetry-operator fork
+        env:
+          # this is the personal access token used for "gh repo sync" below
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
+        run: |
+          # synchronizing the fork is fast, and avoids the need to fetch the full upstream repo
+          # (fetching the upstream repo with "--depth 1" would lead to "shallow update not allowed"
+          #  error when pushing back to the origin repo)
+          gh repo sync opentelemetrybot/opentelemetry-operator \
+              --source open-telemetry/opentelemetry-operator \
+              --force
+
       - uses: actions/checkout@v3
         with:
           repository: opentelemetrybot/opentelemetry-operator
           # this is the personal access token used for "git push" below
           token: ${{ secrets.BOT_TOKEN }}
 
-      - name: Initialize pull request branch
-        env:
-          VERSION: ${{ inputs.version }}
-        run: |
-          git remote add upstream https://github.com/open-telemetry/opentelemetry-operator.git
-          git fetch upstream
-          git checkout -b update-opentelemetry-javaagent-to-${VERSION} upstream/main
-
       - name: Update version
         env:
           VERSION: ${{ inputs.version }}
@@ -48,9 +52,9 @@ jobs:
 
       - name: Create pull request against opentelemetry-operator
         env:
-          # this is the personal access token used for "gh pr create" below
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
           VERSION: ${{ inputs.version }}
+          # this is the personal access token used for "gh pr create" below
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           message="Update the javaagent version to $VERSION"
           # note that @open-telemetry/java-instrumentation-approvers cannot be used below
@@ -60,13 +64,15 @@ jobs:
 
           cc @laurit @mateuszrzeszutek @trask
           "
+          branch="update-opentelemetry-javaagent-to-${VERSION}"
 
           # gh pr create doesn't have a way to explicitly specify different head and base
           # repositories currently, but it will implicitly pick up the head from a different
           # repository if you set up a tracking branch
 
+          git checkout -b $branch
           git commit -a -m "$message"
-          git push --set-upstream origin HEAD:update-opentelemetry-javaagent-to-${VERSION}
+          git push --set-upstream origin $branch
           gh pr create --title "$message" \
                        --body "$body" \
                        --repo open-telemetry/opentelemetry-operator \

.github/workflows/reusable-create-website-pull-request.yml

@@ -20,21 +20,24 @@ jobs:
   create-java-website-pull-request:
     runs-on: ubuntu-latest
     steps:
+      - name: Sync opentelemetry.io fork
+        env:
+          # this is the personal access token used for "gh repo sync" below
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
+        run: |
+          # synchronizing the fork is fast, and avoids the need to fetch the full upstream repo
+          # (fetching the upstream repo with "--depth 1" would lead to "shallow update not allowed"
+          #  error when pushing back to the origin repo)
+          gh repo sync opentelemetrybot/opentelemetry.io \
+              --source open-telemetry/opentelemetry.io \
+              --force
+
       - uses: actions/checkout@v3
         with:
           repository: opentelemetrybot/opentelemetry.io
           # this is the personal access token used for "git push" below
           token: ${{ secrets.BOT_TOKEN }}
 
-      - name: Initialize pull request branch
-        env:
-          VERSION: ${{ inputs.version }}
-        run: |
-          git remote add upstream https://github.com/open-telemetry/opentelemetry.io.git
-          git fetch upstream
-          git checkout -b update-opentelemetry-java-instrumentation-to-${VERSION} upstream/main
-          git submodule update
-
       - name: Update version
         env:
           VERSION: ${{ inputs.version }}
@@ -50,19 +53,21 @@ jobs:
 
       - name: Create pull request against opentelemetry.io
         env:
-          # this is the personal access token used for "gh pr create" below
-          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
           VERSION: ${{ inputs.version }}
+          # this is the personal access token used for "gh pr create" below
+          GH_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           message="Update the Java instrumentation versions to $VERSION"
           body="Update the Java instrumentation version to \`$VERSION\`."
+          branch="update-opentelemetry-java-instrumentation-to-${VERSION}"
 
           # gh pr create doesn't have a way to explicitly specify different head and base
           # repositories currently, but it will implicitly pick up the head from a different
           # repository if you set up a tracking branch
 
+          git checkout -b $branch
           git commit -a -m "$message"
-          git push --set-upstream origin HEAD:update-opentelemetry-java-instrumentation-to-${VERSION}
+          git push --set-upstream origin $branch
           gh pr create --title "$message" \
                        --body "$body" \
                        --repo open-telemetry/opentelemetry.io \

.github/workflows/reusable-misspell-check.yml

@@ -11,7 +11,7 @@ jobs:
 
       - name: Install misspell
         run: |
-          curl -L -o ./install-misspell.sh https://git.io/misspell
+          curl -L -o install-misspell.sh https://git.io/misspell
           sh ./install-misspell.sh
 
       - name: Run misspell

.github/workflows/reusable-open-issue-on-failure.yml

@@ -11,7 +11,7 @@ jobs:
 
       - name: Open issue
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           gh issue create --title "$GITHUB_WORKFLOW #$GITHUB_RUN_NUMBER failed" \
                           --label bug \

.github/workflows/reusable-smoke-test-images.yml

@@ -35,7 +35,7 @@ jobs:
           java-version: 17
 
       - name: Login to GitHub package registry
-        if: ${{ inputs.publish }}
+        if: inputs.publish
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
@@ -51,16 +51,16 @@ jobs:
           cache-read-only: ${{ inputs.cache-read-only }}
 
       - name: Build Java 8 Docker image
-        if: ${{ !inputs.skip-java-8 }}
+        if: "!inputs.skip-java-8"
         run: ./gradlew ${{ inputs.project }}:${{ inputs.publish && 'jib' || 'jibDockerBuild' }} -Ptag=${{ env.TAG }} -PtargetJDK=8 -Djib.httpTimeout=120000 -Djib.console=plain
 
       - name: Build Java 11 Docker image
         run: ./gradlew ${{ inputs.project }}:${{ inputs.publish && 'jib' || 'jibDockerBuild' }} -Ptag=${{ env.TAG }} -PtargetJDK=11 -Djib.httpTimeout=120000 -Djib.console=plain
 
       - name: Build Java 17 Docker image
-        if: ${{ !inputs.skip-java-17 }}
+        if: "!inputs.skip-java-17"
         run: ./gradlew ${{ inputs.project }}:${{ inputs.publish && 'jib' || 'jibDockerBuild' }} -Ptag=${{ env.TAG }} -PtargetJDK=17 -Djib.httpTimeout=120000 -Djib.console=plain
 
       - name: Build Java 19 Docker image
-        if: ${{ !inputs.skip-java-19 }}
+        if: "!inputs.skip-java-19"
         run: ./gradlew ${{ inputs.project }}:${{ inputs.publish && 'jib' || 'jibDockerBuild' }} -Ptag=${{ env.TAG }} -PtargetJDK=19 -Djib.httpTimeout=120000 -Djib.console=plain

docs/contributing/repository-settings.md

@@ -1,7 +1,7 @@
 # Repository settings
 
-(In addition
-to https://github.com/open-telemetry/community/blob/main/docs/how-to-configure-new-repository.md)
+Repository settings in addition to what's documented already at
+https://github.com/open-telemetry/community/blob/main/docs/how-to-configure-new-repository.md.
 
 ## General > Pull Requests
 
@@ -11,26 +11,23 @@ to https://github.com/open-telemetry/community/blob/main/docs/how-to-configure-n
 
 * Automatically delete head branches: CHECKED
 
-  So automation PR branches will be deleted.
+  (So that bot PR branches will be deleted)
 
 ## Actions > General
 
 * Fork pull request workflows from outside collaborators:
   "Require approval for first-time contributors who are new to GitHub"
 
-  To reduce friction for new contributors
-  (the default is "Require approval for first-time contributors").
+  (To reduce friction for new contributors,
+  as the default is "Require approval for first-time contributors")
 
 ## Branch protections
 
-(In addition
-to https://github.com/open-telemetry/community/blob/main/docs/how-to-configure-new-repository.md)
-
 ### `main`
 
 * Require branches to be up to date before merging: UNCHECKED
 
-  PR jobs take too long, and leaving this unchecked has not been a significant problem.
+  (PR jobs take too long, and leaving this unchecked has not been a significant problem)
 
 * Status checks that are required:
 
@@ -43,33 +40,33 @@ Same settings as above for `main`, except:
 
 * Restrict pushes that create matching branches: UNCHECKED
 
-  So release automation can create release branches.
+  (So that opentelemetrybot can create release branches)
 
 ### `gh-pages`
 
 * Everything UNCHECKED.
 
-  This branch is currently only used for directly pushing benchmarking results from the
+  (This branch is currently only used for directly pushing benchmarking results from the
   [Nightly overhead benchmark](https://github.com/open-telemetry/opentelemetry-java-instrumentation/actions/workflows/nightly-benchmark-overhead.yml)
-  job.
+  job)
 
 ### `dependabot/**/**` and `opentelemetrybot/*`
 
 * Require status checks to pass before merging: UNCHECKED
 
-  So bots can rebase their PR branches
+  (So that dependabot PRs can be rebased)
 
 * Restrict who can push to matching branches: UNCHECKED
 
-  So bots can create PR branches in the first place
+  (So that bots can create PR branches in this repository)
 
 * Allow force pushes > Everyone
 
-  So bots can rebase their PR branches
+  (So that dependabot PRs can be rebased)
 
 * Allow deletions: CHECKED
 
-  So bot PR branches can be deleted after merging
+  (So that bot PR branches can be deleted)
 
 ### `**/**`