Skip to content

fix(instrumentation): instrument command execution#39654

Merged
jamietanna merged 1 commit intomainfrom
feat/trace-exec
Dec 23, 2025
Merged

fix(instrumentation): instrument command execution#39654
jamietanna merged 1 commit intomainfrom
feat/trace-exec

Conversation

@jamietanna
Copy link
Copy Markdown
Contributor

@jamietanna jamietanna commented Dec 1, 2025
edited
Loading

Changes

As part of ongoing work to improve OpenTelemetry instrumentation of
Renovate in #38609, we can introduce an instrumented call for each
external command execution.

This makes sure we cover the key functions used for command
execution - rawExec - across the codebase, which is used
under-the-hood by exec.

Because commands could include sensitive arguments (such as repo or
global secrets) we need to make sure we sanitize the span name.

Note that we don't add instrumentation to tools/utils/exec.ts as it's
only used for i.e. building the docs site, and isn't used as part of the
core Renovate CLI.

Context

Please select one of the below:

  • This closes an existing Issue: #
  • This doesn't close an Issue, but I accept the risk that this PR may be closed if maintainers disagree with its opening or implementation

AI assistance disclosure

Did you use AI tools to create any part of this pull request?

Please select one option and, if yes, briefly describe how AI was used (e.g., code, tests, docs) and which tool(s) you used.

  • No — I did not use AI for this contribution.
  • Yes — minimal assistance (e.g., IDE autocomplete, small code completions, grammar fixes).
  • Yes — substantive assistance (AI generated non‑trivial portions of code, tests, or documentation).
  • Yes — other (please describe):

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

The public repository: https://github.com/JamieTanna-Mend-testing/backstage

When using:

module.exports = {
  secrets: {
    FAKE: "renovate/",
    FAKE_2: "yarn",
  }
}
Screenshot 2025-12-17 at 10 02 07

@jamietanna jamietanna marked this pull request as draft December 1, 2025 12:07
@jamietanna

This comment was marked as outdated.

Sign in to view
@jamietanna jamietanna marked this pull request as ready for review December 1, 2025 15:48
@jamietanna
Copy link
Copy Markdown
Contributor Author

jamietanna commented Dec 12, 2025

Thoughts on how to get that coverage up?

viceice
viceice reviewed Dec 12, 2025
View reviewed changes
Comment thread lib/util/exec/common.ts Outdated
Comment thread tools/utils/exec.ts Outdated
@jamietanna jamietanna requested a review from viceice December 17, 2025 10:05
RahulGautamSingh
RahulGautamSingh reviewed Dec 17, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@RahulGautamSingh RahulGautamSingh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Not sure how to go about the tests :)

viceice
viceice previously approved these changes Dec 17, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can mock the instrument function to simply call the callback in tests

@jamietanna jamietanna mentioned this pull request Dec 23, 2025
Merged
12 tasks
@jamietanna
Copy link
Copy Markdown
Contributor Author

jamietanna commented Dec 23, 2025

I've confirmed that after the updates, this still redacts as expected in OTel traces:

Screenshot 2025-12-23 at 15 20 48

viceice
viceice reviewed Dec 23, 2025
View reviewed changes
Comment thread lib/util/exec/common.spec.ts Outdated
@jamietanna
fix(instrumentation): instrument command execution
22adcee 
As part of ongoing work to improve OpenTelemetry instrumentation of
Renovate in #38609, we can introduce an instrumented call for each
external command execution.

This makes sure we cover the key functions used for command
execution -  `rawExec` - across the codebase, which is used
under-the-hood by `exec`.

Because commands could include sensitive arguments (such as repo or
global secrets) we need to make sure we sanitize the span name.

Note that we don't add instrumentation to `tools/utils/exec.ts` as it's
only used for i.e. building the docs site, and isn't used as part of the
core Renovate CLI.
@jamietanna jamietanna requested a review from viceice December 23, 2025 16:30
@jamietanna jamietanna enabled auto-merge December 23, 2025 16:30
@jamietanna jamietanna added this pull request to the merge queue Dec 23, 2025
Merged via the queue into main with commit 5c1cec3 Dec 23, 2025
41 checks passed
@jamietanna jamietanna deleted the feat/trace-exec branch December 23, 2025 17:26
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 23, 2025

🎉 This PR is included in version 42.66.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

secustor
secustor reviewed Dec 23, 2025
View reviewed changes
Comment thread lib/util/exec/common.ts
opts: RawExecOptions,
) => Promise<ExecResult> = exec;
) => Promise<ExecResult> = (cmd: string, opts: RawExecOptions) =>
instrument(`rawExec: ${sanitize(cmd)}`, () => exec(cmd, opts));
Copy link
Copy Markdown
Member

@secustor secustor Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a specification for it https://opentelemetry.io/docs/specs/semconv/cli/cli-spans/

Copy link
Copy Markdown
Contributor Author

@jamietanna jamietanna Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course, I should've guessed! Raised #40129 for this :)

@jamietanna jamietanna mentioned this pull request Dec 23, 2025
Open
@github-actions github-actions Bot locked as resolved and limited conversation to collaborators Jan 23, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@secustor secustor secustor left review comments

@viceice viceice viceice approved these changes

+1 more reviewer

@RahulGautamSingh RahulGautamSingh RahulGautamSingh left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jamietanna @viceice @secustor @RahulGautamSingh