maint: update URLSession instrumentation semconv

.clomonitor.yml

@@ -0,0 +1,4 @@
+# see https://github.com/cncf/clomonitor/blob/main/docs/checks.md#exemptions
+exemptions:
+  - check: artifacthub_badge
+    reason: "Artifact Hub doesn't support swift packages"

.github/renovate.json5

@@ -4,6 +4,9 @@
     "config:best-practices",
     "helpers:pinGitHubActionDigestsToSemver"
   ],
+  "ignoreDeps": [
+     "open-telemetry/opentelemetry-swift-core"
+  ],
   "packageRules": [
     {
       "groupName": "all patch versions",

.github/workflows/BuildAndTest.yml

@@ -9,26 +9,44 @@ permissions:
   contents: read
 
 jobs:
+  should-run:
+    runs-on: ubuntu-latest
+    outputs:
+      should-run: ${{ steps.check.outputs.should-run }}
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          fetch-depth: 0
+      - name: Check if the workflow should run
+        id: check
+        run: |
+          git diff --name-only origin/${{ github.base_ref }} HEAD | grep -q "Sources/" && echo "should-run=true" >> "$GITHUB_OUTPUT" || echo "should-run=false" >> "$GITHUB_OUTPUT"
   FormattingLint: 
+    needs: should-run
+    if: ${{ needs.should-run.outputs.should-run == 'true' }}
     runs-on: macos-15
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: SwiftFormat
         run: echo swiftformat --lint `git diff --name-only HEAD^1 HEAD` --reporter github-actions-log
 
   SwiftLint:
+    needs: should-run
+    if: ${{ needs.should-run.outputs.should-run == 'true' }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: GitHub Action for SwiftLint (Only files changed in the PR)
         uses: norio-nomura/action-swiftlint@9f4dcd7fd46b4e75d7935cf2f4df406d5cae3684 # 3.2.1
         env:
           args: --strict
           DIFF_BASE: ${{ github.base_ref }}
   macOS:
+    needs: should-run
+    if: ${{ needs.should-run.outputs.should-run == 'true' }}
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
     - uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
       with:
         xcode-version: 16.4
@@ -41,9 +59,11 @@ jobs:
         xcrun llvm-cov export -ignore-filename-regex="pb\.swift|grpc\.swift" -format="lcov" .build/debug/opentelemetry-swiftPackageTests.xctest/Contents/MacOS/opentelemetry-swiftPackageTests -instr-profile .build/debug/codecov/default.profdata > .build/debug/codecov/coverage_report.lcov
         ./codecov -f .build/debug/codecov/coverage_report.lcov
   iOS:
+    needs: should-run
+    if: ${{ needs.should-run.outputs.should-run == 'true' }}
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
     - uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
       with:
         xcode-version: 16.4
@@ -54,9 +74,11 @@ jobs:
     - name: Test for iOS
       run: make test-without-building-ios
   tvOS:
+    needs: should-run
+    if: ${{ needs.should-run.outputs.should-run == 'true' }}
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
     - uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
       with:
         xcode-version: 16.4
@@ -67,9 +89,11 @@ jobs:
     - name: Test for tvOS
       run: make test-without-building-tvos
   watchOS:
+    needs: should-run
+    if: ${{ needs.should-run.outputs.should-run == 'true' }}
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
     - uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
       with:
         xcode-version: 16.4
@@ -80,9 +104,11 @@ jobs:
     - name: Test for watchOS
       run: make test-without-building-watchos
   visionOS:
+    needs: should-run
+    if: ${{ needs.should-run.outputs.should-run == 'true' }}
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
     - uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
       with:
         xcode-version: 16.4
@@ -93,11 +119,41 @@ jobs:
     - name: Test for visionOS
       run: make test-without-building-visionos
   linux:
+    needs: should-run
+    if: ${{ needs.should-run.outputs.should-run == 'true' }}
     runs-on: ubuntu-latest
-    container: swift:6.2@sha256:1e73c4051f095f7f1bafbece9ca7f9c67de4c870246c20bf12a06c69c52dd827
+    container: swift:6.2@sha256:0e4716bd34384d22963a63afbdbc93be3129dfd0753185aa1ded27755abdcae8
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Build tests for Linux
         run: swift build --build-tests
       - name: Run tests for Linux
         run: swift test
+  required-status-checks:
+    needs: 
+      - FormattingLint
+      - SwiftLint
+      - macOS
+      - iOS
+      - tvOS
+      - watchOS
+      - visionOS
+      - linux
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - name: Check if all required jobs passed
+        run: |
+          if [[ ${{ needs.SwiftLint.result }} == 'failure' || \
+          ${{ needs.FormattingLint.result }} == 'failure' || \
+          ${{ needs.macOS.result }} == 'failure' || \
+          ${{ needs.iOS.result }} == 'failure' || \
+          ${{ needs.tvOS.result }} == 'failure' || \
+          ${{ needs.watchOS.result }} == 'failure' || \
+          ${{ needs.visionOS.result }} == 'failure' || \
+          ${{ needs.linux.result }} == 'failure' ]]; then
+            echo "One or more required jobs failed. Failing the workflow."
+            exit 1
+          else
+            echo "All required jobs passed/skipped."
+          fi

.github/workflows/CodeQL-Analysis.yml

@@ -20,10 +20,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+        uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
         with:
           languages: swift
           queries: security-and-quality
@@ -33,6 +33,6 @@ jobs:
         run: swift build
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+        uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
         with:
           category: "/language:swift"

.github/workflows/Create-Release-PR.yml

@@ -13,7 +13,7 @@ jobs:
     permissions:
       contents: write
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       with: 
         ref: ${{ github.head_ref }}
     - name: update Podspec
@@ -26,14 +26,14 @@ jobs:
         sed -i -e  's/spec.version = ".*"/spec.version = "${{ inputs.new_version }}"/' OpenTelemetry-Swift-SdkResourceExtension.podspec
         sed -i -e  's/spec.version = ".*"/spec.version = "${{ inputs.new_version }}"/' OpenTelemetry-Swift-PersistenceExporter.podspec
 
-    - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+    - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
       id: otelbot-token
       with:
         app-id: ${{ vars.OTELBOT_APP_ID }}
         private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
       with:
         # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
         token: ${{ steps.otelbot-token.outputs.token }}

.github/workflows/Tag-And-Release.yml

@@ -29,7 +29,7 @@ jobs:
         run: |
           version=$(echo "${{ github.event.pull_request.head.ref }}" | sed 's/^release\///')
           echo "version=$version" >> $GITHUB_OUTPUT
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           ref: ${{ github.event.pull_request.merge_commit_sha }}
           fetch-depth: '0'
@@ -60,7 +60,7 @@ jobs:
     needs: tag
     runs-on: macos-15
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Publish to CocoaPods trunk
         env: 
           COCOAPODS_TRUNK_TOKEN: ${{ secrets.COCOAPODS_TRUNK_TOKEN }}

.github/workflows/fossa.yml

@@ -12,7 +12,7 @@ jobs:
   fossa:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
         with:

.github/workflows/ossf-scorecard.yml

@@ -19,7 +19,7 @@ jobs:
       # Needed for GitHub OIDC token if publish_results is true
       id-token: write
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
 
@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+        uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
         with:
           sarif_file: results.sarif

.github/workflows/update-core-dependencies.yml

@@ -23,7 +23,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Validate version format
         run: |
@@ -45,15 +45,15 @@ jobs:
             echo "has_changes=false" >> $GITHUB_OUTPUT
           fi
 
-      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+      - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
           private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
 
       - name: Create Pull Request
         if: steps.changes.outputs.has_changes == 'true' && github.event.inputs.create_pr == 'true'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
         with:
           # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
           token: ${{ steps.otelbot-token.outputs.token }}

.gitignore

@@ -44,7 +44,7 @@ playground.xcworkspace
 # Add this line if you want to avoid checking in source code from Swift Package Manager dependencies.
 Packages/
 Package.pins
-#Package.resolved
+Package.resolved
 *.xcodeproj
 #
 # Xcode automatically generates this directory with a .xcworkspacedata file and xcuserdata
@@ -94,4 +94,4 @@ fastlane/test_output
 
 iOSInjectionProject/
 
-.DS_Store
+.DS_Store

Examples/OTLP Exporter/docker-compose.yaml

@@ -2,7 +2,7 @@ version: "3"
 services:
   # Collector
   collector:
-    image: otel/opentelemetry-collector:0.138.0@sha256:56951db9579bf00d3f32a4e934e19548183a86c14640798502bcd4c225976ea6
+    image: otel/opentelemetry-collector:0.140.1@sha256:e448b3c73de52e379d85875c3441faf499e470ef91e775439e7937bca67e9c4f
 #    The latest image of the otel-collector may not work, so specifying the version that works with this release
 #    image: otel/opentelemetry-collector:latest
     command: ["--config=/conf/collector-config.yaml"]

Examples/OTLP HTTP Exporter/docker-compose.yaml

@@ -2,7 +2,7 @@ version: "3"
 services:
   # Collector
   collector:
-    image: otel/opentelemetry-collector:latest@sha256:8ac5df2a931e9264667b236d65bf7591fa4ba633a7a634e6caa2f0a4fc549c07
+    image: otel/opentelemetry-collector:latest@sha256:6852803128c97a37fd2bafb989a04a10e3af920737d8eee998eefdfcebc698be
 #    The latest image of the otel-collector may not work, so specifying the version that works with this release
 #    image: otel/opentelemetry-collector:latest
     command: ["--config=/conf/collector-config.yaml"]

Package.swift

@@ -30,7 +30,7 @@ let package = Package(
   ],
   dependencies: [
     .package(url: "https://github.com/open-telemetry/opentelemetry-swift-core.git", from: "2.2.0"),
-    .package(url: "https://github.com/apple/swift-nio.git", from: "2.87.0"),
+    .package(url: "https://github.com/apple/swift-nio.git", from: "2.90.1"),
     .package(url: "https://github.com/grpc/grpc-swift.git", exact: "1.27.0"),
     .package(url: "https://github.com/apple/swift-protobuf.git", from: "1.33.3"),
     .package(url: "https://github.com/apple/swift-log.git", from: "1.6.4"),

Sources/Instrumentation/URLSession/URLSessionInstrumentation.swift

@@ -31,7 +31,7 @@ public class URLSessionInstrumentation {
 
   private var _configuration: URLSessionInstrumentationConfiguration
   public var configuration: URLSessionInstrumentationConfiguration {
-      get{
+      get {
           configurationQueue.sync { _configuration }
       }
       set {
@@ -452,17 +452,6 @@ public class URLSessionInstrumentation {
       methodsToSwizzle.append(method)
     }
 
-    if NSClassFromString("AFURLSessionManager") != nil {
-      let classes = InstrumentationUtils.objc_getSafeClassList(
-        ignoredPrefixes: configuration.ignoredClassPrefixes
-      )
-      classes.forEach {
-        if let method = class_getInstanceMethod($0, NSSelectorFromString("af_resume")) {
-          methodsToSwizzle.append(method)
-        }
-      }
-    }
-
     methodsToSwizzle.forEach {
       let theMethod = $0
 

Sources/Instrumentation/URLSession/URLSessionInstrumentationConfiguration.swift

@@ -14,6 +14,15 @@ public typealias DataOrFile = Any
 public typealias SessionTaskId = String
 public typealias HTTPStatus = Int
 
+/// Controls which HTTP semantic conventions to emit.
+///
+/// See migration guide: https://opentelemetry.io/docs/specs/semconv/non-normative/http-migration/
+public enum HTTPSemanticConvention {
+  case old      // Old HTTP and networking conventions
+  case stable   // Stable HTTP and networking conventions (v1.23.1+)
+  case httpDup  // Emit both old and stable (migration period)
+}
+
 public struct URLSessionInstrumentationConfiguration {
   public init(shouldRecordPayload: ((URLSession) -> (Bool)?)? = nil,
               shouldInstrument: ((URLRequest) -> (Bool)?)? = nil,
@@ -27,7 +36,8 @@ public struct URLSessionInstrumentationConfiguration {
               delegateClassesToInstrument: [AnyClass]? = nil,
               baggageProvider: ((inout URLRequest, Span?) -> (Baggage)?)? = nil,
               tracer: Tracer? = nil,
-              ignoredClassPrefixes: [String]? = nil) {
+              ignoredClassPrefixes: [String]? = nil,
+              semanticConvention: HTTPSemanticConvention = .old) {
     self.shouldRecordPayload = shouldRecordPayload
     self.shouldInstrument = shouldInstrument
     self.shouldInjectTracingHeaders = shouldInjectTracingHeaders
@@ -40,8 +50,9 @@ public struct URLSessionInstrumentationConfiguration {
     self.delegateClassesToInstrument = delegateClassesToInstrument
     self.baggageProvider = baggageProvider
     self.tracer = tracer ??
-      OpenTelemetry.instance.tracerProvider.get(instrumentationName: "NSURLSession", instrumentationVersion: "0.0.1")
+      OpenTelemetry.instance.tracerProvider.get(instrumentationName: "NSURLSession", instrumentationVersion: "1.0.0")
     self.ignoredClassPrefixes = ignoredClassPrefixes
+    self.semanticConvention = semanticConvention
   }
 
   public var tracer: Tracer
@@ -92,7 +103,10 @@ public struct URLSessionInstrumentationConfiguration {
   /// Note: The injected baggage depends on the propagator in use (e.g., W3C or custom).
   /// Returns: A `Baggage` instance or `nil` if no baggage is needed.
   public let baggageProvider: ((inout URLRequest, Span?) -> (Baggage)?)?
-    
+
   /// The Array of Prefixes you can avoid in swizzle process
   public let ignoredClassPrefixes: [String]?
+
+  /// Which HTTP semantic conventions to emit
+  public var semanticConvention: HTTPSemanticConvention
 }