* chore: Drop org.gradle.java.installations.fromEnv toolchain restriction

* chore: Drop org.gradle.java.installations toolchain restriction for local env, but keep them in CI

* chore: Drop org.gradle.java.installations toolchain restriction for local env, but keep them in CI

…raint (#9968)

* chore: Drop org.gradle.java.installations.fromEnv toolchain restriction

* chore: Drop org.gradle.java.installations toolchain restriction for local env, but keep them in CI

* chore: Drop org.gradle.java.installations toolchain restriction for local env, but keep them in CI

* feat: Allow discovery of testJvm without environment variables

* feat: Only rely on Gradle's toolchain to run tests

* fix: Auto discover JAVA_xx_HOME variables from the build image

* typo: Use `-P`

Co-authored-by: Sarah Chen <sarah.chen@datadoghq.com>

---------

Co-authored-by: Sarah Chen <sarah.chen@datadoghq.com>

* Attempting to reduce contention for virtual threads

* spotless

* chore: Move CSI plugin to it's own package

* chore: Tweak some API to use kotlin friendly functions

* fix: Restrict default CSI classpath to main and test, compile and runtime configurations.

* chore: arg name rename

* fix: Include the main source set output

* fix: Always make sure java plugin is applied

* chore: Make csi plugin not running in project.afterEvaluate

* fix: Incorrect URLClassLoader initialization when url is a directory

* fix: Make depends on instrument task

The 'instrument' plugin changes destination around for now, it needs to be depended
on for the time being.

* chore: Refactor additional configurations to a `ConfigurableFileCollection`

* fix: extension property should not be queried at configuration time

* style: Reformat

* fix: call site plugin still has to add entries to classpath after jvm test suite ran

* chore: code tweaks

* fix: generateCallSite was missing a few input properties for up-date checks

* fix: csi plugin was patching test compile and test task classpath

This forced to apply patching in afterEvaluate, instead, it's
easier and cleaner to add the csi output as dependency in the
appropriate configuration.

* fix: unnecessary targetFolder directory creation and unnecessary transformation to string

* chore: Readability of CallSiteUtils::toURL

* typo: inout property type

* fix: Exclude Kotlin compiler daemon files

…ager is present (#10009)

* Safely handle Files.exist on discovery adn config

* Add filesystem-utils only to shared

* Extracting static helper

* Extract static version of buildSpanContext

* Switch to singleSpanBuilder

* Extracting static version of startSpan

* spotless

* Reorganizing link & parent resolution

Previous static extraction caused a test to fail because links logic relied on having a side effect on the builder instance's List<AgentSpanLink>

* spotless

* Apply suggestion from @mcculls

Co-authored-by: Stuart McCulloch <stuart.mcculloch@datadoghq.com>

* Addressing review feedback - Change CoreSpanBuilder constants to be more intelligible

* Addressing review feedback - using constants throughout

---------

Co-authored-by: Stuart McCulloch <stuart.mcculloch@datadoghq.com>

* Replace IsPublicFilter with ClassNameFilter
* Replace NoMatchFilter with ClassNameFilter
* Remove now unused ClassCodeFilter
* Document that NoMatchFilter is now a utility class
* Catch potential security exception when checking file / installing shutdown hook

need to wait for having added the fingerprint into the Concurrent Map
otherwise it will try to reinstrument the exception on the second call
Generalize the usage of NonRetryable annotation because all debugger
smoke tests rely on the fact that they are run only once (log file
naming)

it seems to lead to crashes on JDK8

…9907)

* Fix

* New approach

* remove tests

* sef review

* sef review

* review

* move to syscall

* update after review

* update after review

* Fixed CallSiteInstrumentationPluginTest by fixing test `build.gradle` and copy jar file to test build path.
* Fixed InstrumentPluginTest by addin missing `instrumentPluginClasspath` config to the test `build.gradle`
* Introduced `check_build_src` job to run test in `buildSrc` folder on CI.

Co-authored-by: Matthew Li <matthew.li@datadoghq.com>

… 2 updates (#10023)

Bumps the gh-actions-packages group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...1af3b93)

Updates `github/codeql-action` from 4.31.0 to 4.31.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4e94bd1...fdbfb4d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions-packages
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Crashtracker: dual ship to error tracking

* Fix error tracking payload

* Handle OOM and clean exit

* leftover

* adjust smoke test

* Make error intake upload optin

… as flaky. (#10035)

* Fix pattern matching in dd-octo-sts policy

#10078)

* migrating to v2 format

* adding tests

* updating versions

What Does This Do
Fix the API security sampling in standalone mode (APM tracing disabled).
Since we decided that, at the end of the request, if the pre-sample chooses to retain the trace we will add the asm.keep and propagation tags for ASM in standalone mode, we also need to keep that same decision in the sample method. This avoids inconsistencies in concurrent threads under high load scenarios where the post-processor might be delayed.

Added a bit of extra complexity to get more detailed logs through logSamplingDecision. This should make it easier to troubleshoot future sampling issues

Motivation
API Security standalone system tests were failing intermittently in CI with _sampling_priority_v1 set to 2, in traces that should be not retained due to API Security sampling

Related with APPSEC-57815

Additional Notes
tested in https://github.com/DataDog/system-tests/actions/runs/20127087811/job/57783265656

This reverts commit 2a2a8ea.

)

* Add workflow permission back
* Add refs/heads/ to job workflow ref

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>