DataDog
diff --git a/‎.github/workflows/README.md‎
Lines changed: 5 additions & 2 deletions b/‎.github/workflows/README.md‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎.github/workflows/analyze-changes.yaml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/analyze-changes.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/check-pull-request-labels.yaml‎
Lines changed: 120 additions & 2 deletions b/‎.github/workflows/check-pull-request-labels.yaml‎
Lines changed: 120 additions & 2 deletions
diff --git a/‎.gitlab/collect_results.sh‎
Lines changed: 8 additions & 7 deletions b/‎.gitlab/collect_results.sh‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎.gitlab/upload_ciapp.sh‎
Lines changed: 17 additions & 2 deletions b/‎.gitlab/upload_ciapp.sh‎
Lines changed: 17 additions & 2 deletions
diff --git a/‎buildSrc/build.gradle.kts‎
Lines changed: 1 addition & 3 deletions b/‎buildSrc/build.gradle.kts‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎buildSrc/src/main/groovy/datadog/gradle/plugin/instrument/BuildTimeInstrumentationExtension.groovy‎
Lines changed: 0 additions & 11 deletions b/‎buildSrc/src/main/groovy/datadog/gradle/plugin/instrument/BuildTimeInstrumentationExtension.groovy‎
Lines changed: 0 additions & 11 deletions
@@ -30,9 +30,12 @@ _Recovery:_ Manually verify the guideline compliance.
 
 ### check-pull-request-labels [🔗](check-pull-request-labels.yaml)
 
-_Trigger:_ When creating or updating a pull request.
+_Trigger:_ When creating or updating a pull request, or when new commits are pushed to it.
+
+_Actions:_
 
-_Action:_ Check the pull request did not introduce unexpected label.
+* Detect AI-generated pull requests then apply the `tag: ai generated` label.
+* Check the pull request did not introduce unexpected labels.
 
 _Recovery:_ Update the pull request or add a comment to trigger the action again.
 
 
@@ -30,7 +30,7 @@ jobs:
             ${{ runner.os }}-gradle-
         
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
+        uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
         with:
           languages: 'java'
           build-mode: 'manual'
@@ -43,7 +43,7 @@ jobs:
           ./gradlew clean :dd-java-agent:shadowJar --build-cache --parallel --stacktrace --no-daemon --max-workers=4
 
       - name: Perform CodeQL Analysis and upload results to GitHub Security tab
-        uses: github/codeql-action/analyze@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
+        uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
 
   trivy:
     name: Analyze changes with Trivy
@@ -89,7 +89,7 @@ jobs:
           ls -laR "./workspace/.trivy"
 
       - name: Run Trivy security scanner
-        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: rootfs
           scan-ref: './workspace/.trivy/'
@@ -102,7 +102,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4.32.5
+        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'
 
@@ -1,7 +1,7 @@
 name: Validate PR Label Format
 on:
   pull_request:
-    types: [opened, edited, ready_for_review, labeled]
+    types: [opened, edited, ready_for_review, labeled, synchronize]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -15,8 +15,114 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
+      - name: Flag AI-generated pull requests
+        id: flag_ai_generated
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            // Skip draft pull requests
+            if (context.payload.pull_request.draft) {
+              return
+            }
+            const prNumber = context.payload.pull_request.number
+            const owner = context.repo.owner
+            const repo = context.repo.repo
+            const aiGeneratedLabel = 'tag: ai generated'
+            let isAiGenerated = false
+            let labelsStale = false
+
+            /*
+             * Check for 'Bits AI' label and remove it.
+             */
+            const bitsAiLabel = 'Bits AI'
+            const prLabels = context.payload.pull_request.labels.map(l => l.name)
+            if (prLabels.includes(bitsAiLabel)) {
+              isAiGenerated = true
+              // Remove label from the PR
+              try {
+                await github.rest.issues.removeLabel({
+                  owner, repo,
+                  issue_number: prNumber,
+                  name: bitsAiLabel
+                })
+              } catch (e) {
+                core.warning(`Could not remove '${bitsAiLabel}' label from PR: ${e.message}`)
+              }
+              labelsStale = true
+              // Delete label from the repository
+              try {
+                await github.rest.issues.deleteLabel({ owner, repo, name: bitsAiLabel })
+              } catch (e) {
+                core.warning(`Could not delete '${bitsAiLabel}' label from repo: ${e.message}`)
+              }
+            }
+
+            /*
+             * Inspect commits for AI authorship signals.
+             */
+            if (context.payload.pull_request.labels.some(l => l.name === aiGeneratedLabel)) {
+              core.info(`PR #${prNumber} is already labeled as AI-generated, skipping commit scan.`)
+              core.setOutput('labels_stale', String(labelsStale))
+              return
+            }
+            const aiRegex = /\b(anthropic|chatgpt|codex|copilot|cursor|openai)\b/i
+            const commits = await github.paginate(github.rest.pulls.listCommits, {
+              owner, repo,
+              pull_number: prNumber,
+              per_page: 100
+            })
+            for (const { commit } of commits) {
+              const authorName = commit.author?.name ?? ''
+              const authorEmail = commit.author?.email ?? ''
+              const committerName = commit.committer?.name ?? ''
+              const committerEmail = commit.committer?.email ?? ''
+              // Extract Co-authored-by trailer lines from commit message
+              const coAuthors = (commit.message ?? '').split('\n')
+                .filter(line => /^co-authored-by:/i.test(line.trim()))
+              const fieldsToCheck = [authorName, authorEmail]
+              // Skip GitHub's generic noreply for committer
+              if (committerEmail !== 'noreply@github.com') {
+                fieldsToCheck.push(committerName, committerEmail)
+              }
+              fieldsToCheck.push(...coAuthors)
+              if (fieldsToCheck.some(field => aiRegex.test(field))) {
+                isAiGenerated = true
+                break
+              }
+            }
+
+            /*
+             * Add 'tag: ai generated' label if AI-generated.
+             */
+            if (isAiGenerated) {
+              // Re-fetch labels only if they were modified above (Bits AI removal)
+              let currentLabels
+              if (labelsStale) {
+                const { data: currentPr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber })
+                currentLabels = currentPr.labels.map(l => l.name)
+              } else {
+                currentLabels = context.payload.pull_request.labels.map(l => l.name)
+              }
+              if (!currentLabels.includes(aiGeneratedLabel)) {
+                try {
+                  await github.rest.issues.addLabels({
+                    owner, repo,
+                    issue_number: prNumber,
+                    labels: [aiGeneratedLabel]
+                  })
+                  core.info(`Added '${aiGeneratedLabel}' label to PR #${prNumber}`)
+                } catch (e) {
+                  core.setFailed(`Could not add '${aiGeneratedLabel}' label to PR #${prNumber}: ${e.message}`)
+                }
+              }
+            }
+            core.setOutput('labels_stale', String(labelsStale))
+
       - name: Check pull request labels
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0
+        env:
+          LABELS_STALE: ${{ steps.flag_ai_generated.outputs.labels_stale }}
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
@@ -35,8 +141,20 @@ jobs:
               'performance:',  // To refactor to 'ci: ' in the future
               'run-tests:'     // Unused since GitLab migration
             ]
+            // Re-fetch labels only if the previous step modified them (ex: "Bits AI" removal)
+            let prLabels
+            if (process.env.LABELS_STALE === 'true') {
+              const { data: currentPr } = await github.rest.pulls.get({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.payload.pull_request.number
+              })
+              prLabels = currentPr.labels
+            } else {
+              prLabels = context.payload.pull_request.labels
+            }
             // Look for invalid labels
-            const invalidLabels = context.payload.pull_request.labels
+            const invalidLabels = prLabels
               .map(label => label.name)
               .filter(label => validCategories.every(prefix => !label.startsWith(prefix)))
             const hasInvalidLabels = invalidLabels.length > 0
 
@@ -78,15 +78,16 @@ do
   # Replace random port numbers by marker in testcase XML nodes to get stable test names
   sed -i '/<testcase/ s/localhost:[0-9]\{2,5\}/localhost:PORT/g' "$TARGET_DIR/$AGGREGATED_FILE_NAME"
 
-  # Add dd_tags[test.final_status] property to each testcase
-  xsl_file="$(dirname "$0")/add_final_status.xsl"
-  tmp_file="$(mktemp)"
-  xsltproc --output "$tmp_file" "$xsl_file" "$TARGET_DIR/$AGGREGATED_FILE_NAME"
-  mv "$tmp_file" "$TARGET_DIR/$AGGREGATED_FILE_NAME"
-
   if cmp -s "$RESULT_XML_FILE" "$TARGET_DIR/$AGGREGATED_FILE_NAME"; then
     echo ""
   else
-    echo -n " (non-stable test names detected)"
+    echo " (non-stable test names detected)"
   fi
+
+  echo "Add dd_tags[test.final_status] property to each testcase on $TARGET_DIR/$AGGREGATED_FILE_NAME"
+  xsl_file="$(dirname "$0")/add_final_status.xsl"
+  tmp_file="$(mktemp)"
+  xsltproc --huge --output "$tmp_file" "$xsl_file" "$TARGET_DIR/$AGGREGATED_FILE_NAME"
+  mv "$tmp_file" "$TARGET_DIR/$AGGREGATED_FILE_NAME"
+
 done <   <(find "${TEST_RESULT_DIRS[@]}" -name \*.xml -print0)
@@ -9,8 +9,23 @@ TEST_JVM=${2:-}
 JAVA_PROPS=""
 if [ -n "$TEST_JVM" ]; then
     JAVA_BIN=""
-    if [[ "$TEST_JVM" =~ ^[A-Za-z0-9_]+$ ]]; then
-        JAVA_HOME_VAR="JAVA_${TEST_JVM}_HOME"
+    RESOLVED_JVM="$TEST_JVM"
+    if [ "$TEST_JVM" = "tip" ]; then
+        # Resolve "tip" to the highest available JAVA_*_HOME version
+        MAX_VER=0
+        for var in $(compgen -v JAVA_ | grep -E '^JAVA_[0-9]+_HOME$'); do
+            ver="${var#JAVA_}"
+            ver="${ver%_HOME}"
+            if [ "$ver" -gt "$MAX_VER" ] 2>/dev/null; then
+                MAX_VER="$ver"
+            fi
+        done
+        if [ "$MAX_VER" -gt 0 ] 2>/dev/null; then
+            RESOLVED_JVM="$MAX_VER"
+        fi
+    fi
+    if [[ "$RESOLVED_JVM" =~ ^[A-Za-z0-9_]+$ ]]; then
+        JAVA_HOME_VAR="JAVA_${RESOLVED_JVM}_HOME"
         JAVA_HOME_VALUE="${!JAVA_HOME_VAR}"
         if [ -n "$JAVA_HOME_VALUE" ] && [ -x "$JAVA_HOME_VALUE/bin/java" ]; then
             JAVA_BIN="$JAVA_HOME_VALUE/bin/java"
 
@@ -1,5 +1,4 @@
 plugins {
-  groovy
   `java-gradle-plugin`
   `kotlin-dsl`
   `jvm-test-suite`
@@ -72,7 +71,6 @@ repositories {
 
 dependencies {
   implementation(gradleApi())
-  implementation(localGroovy())
 
   implementation("net.bytebuddy", "byte-buddy-gradle-plugin", "1.18.3")
 
@@ -109,7 +107,7 @@ testing {
       }
       targets.configureEach {
         testTask.configure {
-          enabled = providers.systemProperty("runBuildSrcTests").isPresent or providers.systemProperty("idea.active").isPresent
+          enabled = providers.gradleProperty("runBuildSrcTests").isPresent or providers.systemProperty("idea.active").isPresent
         }
       }
     }
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,4 @@`
`1`	`1`	`plugins {`
`2`		`- groovy`
`3`	`2`	`java-gradle-plugin`
`4`	`3`	`kotlin-dsl`
`5`	`4`	`jvm-test-suite`
`@@ -72,7 +71,6 @@ repositories {`
`72`	`71`
`73`	`72`	`dependencies {`
`74`	`73`	`implementation(gradleApi())`
`75`		`- implementation(localGroovy())`
`76`	`74`
`77`	`75`	`implementation("net.bytebuddy", "byte-buddy-gradle-plugin", "1.18.3")`
`78`	`76`
`@@ -109,7 +107,7 @@ testing {`
`109`	`107`	`}`
`110`	`108`	`targets.configureEach {`
`111`	`109`	`testTask.configure {`
`112`		`- enabled = providers.systemProperty("runBuildSrcTests").isPresent or providers.systemProperty("idea.active").isPresent`
	`110`	`+ enabled = providers.gradleProperty("runBuildSrcTests").isPresent or providers.systemProperty("idea.active").isPresent`
`113`	`111`	`}`
`114`	`112`	`}`
`115`	`113`	`}`