From 7643aaf6933ff3be6318962e8f634ed5743cdf74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20M=C3=B3zes?= <hydrapolic@gmail.com>
Date: Tue, 19 Nov 2024 13:13:24 +0100
Subject: [PATCH 1/5] Update protobuf to 3.25.5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1086961..9ae4217 100644
--- a/pom.xml
+++ b/pom.xml
@@ -82,7 +82,7 @@
     <!-- from armeria-grpc or grpc-google-cloud-trace-v1 whichever is higher -->
     <grpc.version>1.66.0</grpc.version>
     <!-- from grpc-protobuf -->
-    <protobuf.version>3.25.3</protobuf.version>
+    <protobuf.version>3.25.5</protobuf.version>
     <guava.version>32.1.3</guava.version>
 
     <!-- stackdriver deps -->

From b3bca5a68883e547534807db74167d9e1eb09c6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20M=C3=B3zes?= <hydrapolic@gmail.com>
Date: Tue, 19 Nov 2024 13:14:25 +0100
Subject: [PATCH 2/5] Update zipkin to 3.4.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
---
 docker/Dockerfile | 2 +-
 pom.xml           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index b93ba21..11c9d4a 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -4,7 +4,7 @@
 #
 
 # zipkin version should match zipkin.version in /pom.xml
-ARG zipkin_version=3.4.1
+ARG zipkin_version=3.4.2
 
 # java_version is used during the installation process to build or download the module jar.
 #
diff --git a/pom.xml b/pom.xml
index 9ae4217..e7a0aff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,7 +65,7 @@
     <!-- matching armeria/grpc/zipkin -->
     <zipkin.groupId>io.zipkin.zipkin2</zipkin.groupId>
     <!-- when updating, update docker/Dockerfile and storage/src/test/java/zipkin2/storage/kafka/IT* -->
-    <zipkin.version>3.4.1</zipkin.version>
+    <zipkin.version>3.4.2</zipkin.version>
     <zipkin-reporter.version>3.4.0</zipkin-reporter.version>
     <spring-boot.version>3.3.3</spring-boot.version>
     <!-- armeria.groupId allows you to test feature branches with jitpack -->

From 46a42668316ce6d7574931a40d2f25f3829371b6 Mon Sep 17 00:00:00 2001
From: Tommy Ludwig <8924140+shakuzen@users.noreply.github.com>
Date: Wed, 27 Nov 2024 17:54:43 +0900
Subject: [PATCH 3/5] Apply infra updates from docker-java repo

Bumps the version of the Zipkin Docker Java image and OS used by GH Action runners and applies the same conventions to Dockerfile.

Fixes the trivy intermittent issue; See https://github.com/aquasecurity/trivy/discussions/7668
---
 .github/workflows/create_release.yml | 2 +-
 .github/workflows/deploy.yml         | 2 +-
 .github/workflows/docker_push.yml    | 2 +-
 .github/workflows/lint.yml           | 2 +-
 .github/workflows/security.yml       | 5 ++++-
 .github/workflows/test.yml           | 2 +-
 docker/Dockerfile                    | 8 ++++----
 7 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/create_release.yml b/.github/workflows/create_release.yml
index 39878e4..db2c82c 100644
--- a/.github/workflows/create_release.yml
+++ b/.github/workflows/create_release.yml
@@ -10,7 +10,7 @@ on:  # yamllint disable-line rule:truthy
 
 jobs:
   create_release:
-    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    runs-on: ubuntu-24.04  # newest available distribution, aka numbat
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index ed6b77b..37532bb 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -15,7 +15,7 @@ on:  # yamllint disable-line rule:truthy
 
 jobs:
   deploy:
-    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    runs-on: ubuntu-24.04  # newest available distribution, aka numbat
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/docker_push.yml b/.github/workflows/docker_push.yml
index 0943939..41e7ee3 100644
--- a/.github/workflows/docker_push.yml
+++ b/.github/workflows/docker_push.yml
@@ -10,7 +10,7 @@ on:  # yamllint disable-line rule:truthy
 
 jobs:
   docker_push:
-    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    runs-on: ubuntu-24.04  # newest available distribution, aka numbat
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index fe58404..1dbdbc4 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -24,7 +24,7 @@ on:  # yamllint disable-line rule:truthy
 jobs:
   lint:
     name: lint
-    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    runs-on: ubuntu-24.04  # newest available distribution, aka numbat
     # skip commits made by the release plugin
     if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
     steps:
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index a7847fc..511e35a 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -23,7 +23,7 @@ on:  # yamllint disable-line rule:truthy
 jobs:
   security:
     name: security
-    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    runs-on: ubuntu-24.04  # newest available distribution, aka numbat
     # skip commits made by the release plugin
     if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
     steps:
@@ -38,6 +38,9 @@ jobs:
       - name: Run Trivy vulnerability and secret scanner
         uses: aquasecurity/trivy-action@master
         id: trivy
+        env:  # See https://github.com/aquasecurity/trivy/discussions/7668
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
           scan-type: 'fs'
           scan-ref: '.'  # scan the entire repository
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b5155a5..4f5562a 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ on:  # yamllint disable-line rule:truthy
 jobs:
   test:
     name: test (JDK ${{ matrix.java_version }})
-    runs-on: ubuntu-22.04  # newest available distribution, aka jellyfish
+    runs-on: ubuntu-24.04  # newest available distribution, aka numbat
     if: "!contains(github.event.head_commit.message, 'maven-release-plugin')"
     strategy:
       fail-fast: false  # don't fail fast as some failures are LTS specific
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 11c9d4a..1c551d5 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -11,18 +11,18 @@ ARG zipkin_version=3.4.2
 # Use latest version here: https://github.com/orgs/openzipkin/packages/container/package/java
 # This is defined in many places because Docker has no "env" script functionality unless you use
 # docker-compose: When updating, update everywhere.
-ARG java_version=21.0.4_p7
+ARG java_version=21.0.5_p11
 
 # We copy files from the context into a scratch container first to avoid a problem where docker and
 # docker-compose don't share layer hashes https://github.com/docker/compose/issues/883 normally.
 # COPY --from= works around the issue.
-FROM scratch as scratch
+FROM scratch AS scratch
 
 COPY . /code/
 
 # This version is only used during the install process. Try to be consistent as it reduces layers,
 # which reduces downloads.
-FROM ghcr.io/openzipkin/java:${java_version} as install
+FROM ghcr.io/openzipkin/java:${java_version} AS install
 
 WORKDIR /code
 # Conditions aren't supported in Dockerfile instructions, so we copy source even if it isn't used.
@@ -41,7 +41,7 @@ ENV MAVEN_PROJECT_BASEDIR=/code
 RUN /code/build-bin/maven/maven_build_or_unjar io.zipkin.gcp zipkin-module-gcp ${VERSION} module
 
 # zipkin version should match zipkin.version in /code/pom.xml
-FROM ghcr.io/openzipkin/zipkin:$zipkin_version as zipkin-gcp
+FROM ghcr.io/openzipkin/zipkin:$zipkin_version AS zipkin-gcp
 LABEL org.opencontainers.image.description="Zipkin with Google Cloud on OpenJDK and Alpine Linux"
 LABEL org.opencontainers.image.source=https://github.com/openzipkin/zipkin-gcp
 

From 86d8487b6108ef350486b0cdab4a4d051d46957c Mon Sep 17 00:00:00 2001
From: Tommy Ludwig <8924140+shakuzen@users.noreply.github.com>
Date: Wed, 27 Nov 2024 19:03:34 +0900
Subject: [PATCH 4/5] Upgrade Google and Armeria versions to align
 protobuf/grpc

---
 pom.xml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index e7a0aff..209cfe7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -70,7 +70,7 @@
     <spring-boot.version>3.3.3</spring-boot.version>
     <!-- armeria.groupId allows you to test feature branches with jitpack -->
     <armeria.groupId>com.linecorp.armeria</armeria.groupId>
-    <armeria.version>1.29.4</armeria.version>
+    <armeria.version>1.31.1</armeria.version>
     <log4j.version>2.23.1</log4j.version>
 
     <!-- This allows you to test feature branches with jitpack -->
@@ -80,20 +80,20 @@
     <brave.version>6.0.3</brave.version>
 
     <!-- from armeria-grpc or grpc-google-cloud-trace-v1 whichever is higher -->
-    <grpc.version>1.66.0</grpc.version>
+    <grpc.version>1.68.1</grpc.version>
     <!-- from grpc-protobuf -->
     <protobuf.version>3.25.5</protobuf.version>
     <guava.version>32.1.3</guava.version>
 
     <!-- stackdriver deps -->
-    <google-auth-library-oauth2-http.version>1.23.0</google-auth-library-oauth2-http.version>
-    <proto-google-common-protos.version>2.43.0</proto-google-common-protos.version>
+    <google-auth-library-oauth2-http.version>1.30.0</google-auth-library-oauth2-http.version>
+    <proto-google-common-protos.version>2.49.0</proto-google-common-protos.version>
     <!-- only used for stackdriver protos, we could possibly obviate this if a problem -->
-    <grpc-google-cloud-trace.version>2.48.0</grpc-google-cloud-trace.version>
+    <grpc-google-cloud-trace.version>2.54.0</grpc-google-cloud-trace.version>
 
     <!-- pubsub deps -->
-    <google-cloud-pubsub.version>1.132.1</google-cloud-pubsub.version>
-    <grpc-google-cloud-pubsub-v1.version>1.114.1</grpc-google-cloud-pubsub-v1.version>
+    <google-cloud-pubsub.version>1.134.2</google-cloud-pubsub.version>
+    <grpc-google-cloud-pubsub-v1.version>1.116.2</grpc-google-cloud-pubsub-v1.version>
 
     <assertj.version>3.25.3</assertj.version>
     <awaitility.version>4.2.2</awaitility.version>

From 0c1969dd302bb31b5dabb8fc4e8f0051f7d29833 Mon Sep 17 00:00:00 2001
From: Tommy Ludwig <8924140+shakuzen@users.noreply.github.com>
Date: Thu, 28 Nov 2024 16:43:46 +0900
Subject: [PATCH 5/5] Fix subscription name format

A feature added in the client now validates the subscription name format when dispatching messages as a side effect, even if that feature isn't enabled. Uses a correctly formatted subscription name in the test.
---
 .../java/zipkin2/collector/pubsub/PubSubCollectorTest.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/collector-pubsub/src/test/java/zipkin2/collector/pubsub/PubSubCollectorTest.java b/collector-pubsub/src/test/java/zipkin2/collector/pubsub/PubSubCollectorTest.java
index c03fa1c..1659b9b 100644
--- a/collector-pubsub/src/test/java/zipkin2/collector/pubsub/PubSubCollectorTest.java
+++ b/collector-pubsub/src/test/java/zipkin2/collector/pubsub/PubSubCollectorTest.java
@@ -14,6 +14,7 @@
 import com.google.api.gax.rpc.FixedTransportChannelProvider;
 import com.google.api.gax.rpc.TransportChannel;
 import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.pubsub.v1.SubscriptionName;
 import io.grpc.ManagedChannel;
 import io.grpc.Server;
 import io.grpc.inprocess.InProcessChannelBuilder;
@@ -76,7 +77,7 @@ class PubSubCollectorTest {
         FlowControlSettings.newBuilder().setMaxOutstandingElementCount(1000L).build());
 
     collector = new PubSubCollector.Builder()
-        .subscription("projects/test-project/topics/test-subscription")
+        .subscription(SubscriptionName.format("test-project", "test-subscription"))
         .storage(store)
         .encoding(Encoding.JSON)
         .executorProvider(executorProvider)