build(deps): Upgrade otelcollector to v0.131.0

.pipelines/azure-pipeline-build.yml

@@ -27,8 +27,8 @@ variables:
   IS_OTEL_UPGRADE_BRANCH: $[startsWith(variables['Build.SourceBranchName'], 'otelcollector-upgrade-')]
   BUILD_WINDOWS: true
   Codeql.Enabled: true
-  GOLANG_VERSION: '1.23.12'
-  FLUENTBIT_GOLANG_VERSION: '1.24.4'
+  GOLANG_VERSION: '1.24.6'
+  FLUENTBIT_GOLANG_VERSION: '1.24.6'
   TESTKUBE_GOLANG_VERSION: '1.23.10'
   FLUENT_BIT_VERSION: '3.2.2'
   PROMETHEUS_VERSION: '3.2.1'
@@ -2173,7 +2173,7 @@ extends:
                       echo "Images are not published to mcr within the timeout"
                       exit 1
                 displayName: "Check images are pushed to dev MCR"
-                retryCountOnTaskFailure: 5
+                retryCountOnTaskFailure: 2
               - bash: |
                   export AKS_REGION="eastus"
                   export AKS_RESOURCE_ID="/subscriptions/9b96ebbd-c57a-42d1-bbe9-b69296e4c7fb/resourceGroups/ci-dev-aks-mac-eus-rg/providers/Microsoft.ContainerService/managedClusters/ci-dev-aks-mac-eus"
@@ -2259,7 +2259,7 @@ extends:
                       echo "Images are not published to mcr within the timeout"
                       exit 1
                 displayName: "Check images are pushed to dev MCR"
-                retryCountOnTaskFailure: 5
+                retryCountOnTaskFailure: 2
               - bash: |
                   export AKS_REGION="centralus"
                   export AKS_RESOURCE_ID="/subscriptions/9b96ebbd-c57a-42d1-bbe9-b69296e4c7fb/resourcegroups/ci-dev-aks-tests/providers/Microsoft.ContainerService/managedClusters/ci-dev-aks-tests"
@@ -2332,7 +2332,7 @@ extends:
                       echo "Images are not published to mcr within the timeout"
                       exit 1
                 displayName: "Check images are pushed to dev MCR"
-                retryCountOnTaskFailure: 5
+                retryCountOnTaskFailure: 2
               - bash: |
                   export AKS_REGION="westus3"
                   export AKS_RESOURCE_ID="/subscriptions/9b96ebbd-c57a-42d1-bbe9-b69296e4c7fb/resourceGroups/ciprom-dev-aks-otlp/providers/Microsoft.ContainerService/managedClusters/ciprom-dev-aks-otlp"
@@ -2374,7 +2374,7 @@ extends:
       - deployment: Deploy_AKS_Chart_OTel_Upgrade_Cluster
         displayName: "Deploy: AKS OTel Upgrade cluster"
         environment: Prometheus-Collector
-        condition: eq(variables.IS_OTEL_UPGRADE_BRANCH, true)
+        condition: and(succeeded(), eq(variables.IS_OTEL_UPGRADE_BRANCH, true))
         variables:
           HELM_CHART_NAME: $[ stageDependencies.Build.Image_Tags_and_Ev2_Artifacts.outputs['setup.HELM_CHART_NAME'] ]
           HELM_SEMVER: $[ stageDependencies.Build.Image_Tags_and_Ev2_Artifacts.outputs['setup.SEMVER'] ]
@@ -2384,6 +2384,13 @@ extends:
           IMAGE_TAG_TARGET_ALLOCATOR: $[ stageDependencies.Build.Image_Tags_and_Ev2_Artifacts.outputs['setup.TARGET_ALLOCATOR_IMAGE_TAG'] ]
           IMAGE_TAG_CONFIG_READER: $[ stageDependencies.Build.Image_Tags_and_Ev2_Artifacts.outputs['setup.LINUX_CONFIG_READER_IMAGE_TAG'] ]
           skipComponentGovernanceDetection: true
+        templateContext:
+            type: releaseJob
+            isProduction: false
+            inputs:
+            - input: pipelineArtifact
+              artifactName: dev-cluster-helm-chart
+              targetPath: $(Pipeline.Workspace)
         strategy:
           runOnce:
             deploy:
@@ -2393,13 +2400,6 @@ extends:
                 inputs:
                   helmVersionToInstall: 3.12.3
               - bash: |
-
-                  RETINA_VERSION=$( curl -sL https://api.github.com/repos/microsoft/retina/releases/latest | jq -r .name)
-                  echo "##vso[task.setvariable variable=RETINA_VERSION]$RETINA_VERSION"
-                  echo $RETINA_VERSION
-                  helm pull oci://ghcr.io/microsoft/retina/charts/retina --version $RETINA_VERSION --untar --untardir $(Build.SourcesDirectory)/otelcollector/deploy/retina/chart
-                  mv $(Build.SourcesDirectory)/otelcollector/deploy/retina/custom-files/network-observability-service.yaml $(Build.SourcesDirectory)/otelcollector/deploy/retina/chart/retina/templates/
-
                   for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
                       do
                         sleep 30
@@ -2417,14 +2417,14 @@ extends:
                       echo "Images are not published to mcr within the timeout"
                       exit 1
                 displayName: "Check images are pushed to dev MCR"
-                retryCountOnTaskFailure: 5
+                retryCountOnTaskFailure: 2
               - bash: |
                   export AKS_REGION="westus3"
                   export AKS_RESOURCE_ID="/subscriptions/9b96ebbd-c57a-42d1-bbe9-b69296e4c7fb/resourceGroups/ciprom-upgrade-bot/providers/Microsoft.ContainerService/managedClusters/ciprom-upgrade-bot"
                   export ARC_EXTENSION="false"
-                  envsubst < $(Build.SourcesDirectory)/otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/Chart-template.yaml > $(Build.SourcesDirectory)/otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/Chart.yaml && envsubst < $(Build.SourcesDirectory)/otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/values-template.yaml > $(Build.SourcesDirectory)/otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/values.yaml
-                  ls $(Build.SourcesDirectory)/otelcollector/deploy/addon-chart/azure-monitor-metrics-addon
-                  cd $(Build.SourcesDirectory)/otelcollector/deploy/addon-chart/azure-monitor-metrics-addon
+                  envsubst < $(Pipeline.Workspace)/azure-monitor-metrics-addon/Chart-template.yaml > $(Pipeline.Workspace)/azure-monitor-metrics-addon/Chart.yaml && envsubst < $(Pipeline.Workspace)/azure-monitor-metrics-addon/values-template.yaml > $(Pipeline.Workspace)/azure-monitor-metrics-addon/values.yaml
+                  ls $(Pipeline.Workspace)/azure-monitor-metrics-addon
+                  cd $(Pipeline.Workspace)/azure-monitor-metrics-addon
                   helm dependency update
                 displayName: "Build: substitute chart version for 3p in Chart.yaml and values.yaml"
               - task: HelmDeploy@0
@@ -2437,10 +2437,10 @@ extends:
                   namespace: 'default'
                   command: 'upgrade'
                   chartType: 'FilePath'
-                  chartPath: '$(Build.SourcesDirectory)/otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/'
+                  chartPath: '$(Pipeline.Workspace)/azure-monitor-metrics-addon/'
                   releaseName: 'ama-metrics'
                   waitForExecution: false
-                  arguments: --dependency-update --values $(Build.SourcesDirectory)/otelcollector/deploy/addon-chart/azure-monitor-metrics-addon/values.yaml
+                  arguments: --dependency-update --values $(Pipeline.Workspace)/azure-monitor-metrics-addon/values.yaml
               - task: HelmDeploy@1
                 displayName: "Deploy: retina onto ciprom-upgrade-bot cluster"
                 inputs:
@@ -2451,10 +2451,10 @@ extends:
                   namespace: 'kube-system'
                   command: 'upgrade'
                   chartType: 'FilePath'
-                  chartPath: '$(Build.SourcesDirectory)/otelcollector/deploy/retina/chart/retina'
+                  chartPath: '$(Pipeline.Workspace)/retina'
                   releaseName: 'retina'
                   waitForExecution: false
-                  arguments: --install --values $(Build.SourcesDirectory)/otelcollector/deploy/retina/chart/retina/values.yaml --skip-crds --version $(RETINA_VERSION) --set operator.enabled=true --set enabledPlugin_linux="\[dropreason\,packetforward\,linuxutil\,dns\,packetparser\]" --set logLevel=info --set operator.enableRetinaEndpoint=true --set image.tag=$(RETINA_VERSION) --set operator.tag=$(RETINA_VERSION) --set tolerations[0].key=CriticalAddonsOnly --set tolerations[0].operator=Exists --set tolerations[1].operator=Exists --set tolerations[1].effect=NoExecute --set tolerations[2].operator=Exists --set tolerations[2].effect=NoSchedule
+                  arguments: --install --values $(Pipeline.Workspace)/retina/values.yaml --skip-crds --version $(RETINA_VERSION) --set operator.enabled=true --set enabledPlugin_linux="\[dropreason\,packetforward\,linuxutil\,dns\,packetparser\]" --set logLevel=info --set operator.enableRetinaEndpoint=true --set image.tag=$(RETINA_VERSION) --set operator.tag=$(RETINA_VERSION) --set tolerations[0].key=CriticalAddonsOnly --set tolerations[0].operator=Exists --set tolerations[1].operator=Exists --set tolerations[1].effect=NoExecute --set tolerations[2].operator=Exists --set tolerations[2].effect=NoSchedule
 
       - deployment: Testkube
         displayName: "Test: AKS testkube tests"
@@ -2490,6 +2490,7 @@ extends:
                   export BUILD_BUILDID="$(Build.BuildId)"
                   export SYSTEM_JOBID="$(System.JobId)"
                   export SYSTEM_TASKINSTANCEID="$(System.TaskInstanceId)"
+                  chmod +x ./testkube/run-testkube-workflow.sh
                   ./testkube/run-testkube-workflow.sh \
                     "https://ci-dev-aks-eus-mac-mih6.eastus.prometheus.monitor.azure.com" \
                     "c7f895bb-c4f6-45af-be82-2273a424e237" \
@@ -2498,7 +2499,7 @@ extends:
                     "" \
                     "" \
                     "AKS"
-                workingDirectory: $(Pipeline.Workspace)/testkube-test-files
+                workingDirectory: $(Pipeline.Workspace)
                 displayName: "Run TestKube workflow"
                 continueOnError: true
               - bash: |
@@ -2549,6 +2550,7 @@ extends:
                   export BUILD_BUILDID="$(Build.BuildId)"
                   export SYSTEM_JOBID="$(System.JobId)"
                   export SYSTEM_TASKINSTANCEID="$(System.TaskInstanceId)"
+                  chmod +x ./testkube/run-testkube-workflow.sh
                   ./testkube/run-testkube-workflow.sh \
                     "https://ci-prom-dev-aks-otlp-geaqdgeuapfeh8b2.westus3.prometheus.monitor.azure.com" \
                     "6b8f6333-ecd0-4579-b05d-afc98a103a59" \
@@ -2608,6 +2610,7 @@ extends:
                   export BUILD_BUILDID="$(Build.BuildId)"
                   export SYSTEM_JOBID="$(System.JobId)"
                   export SYSTEM_TASKINSTANCEID="$(System.TaskInstanceId)"
+                  chmod +x ./testkube/run-testkube-workflow.sh
                   ./testkube/run-testkube-workflow.sh \
                   "https://ci-dev-arc-amw-p3eu.eastus.prometheus.monitor.azure.com" \
                   "5f13547e-a4e2-4efd-85fe-a2b03d5b8661" \
@@ -2616,7 +2619,7 @@ extends:
                   "" \
                   "" \
                   "ARC"
-                workingDirectory: $(Pipeline.Workspace)/testkube-test-files
+                workingDirectory: $(Pipeline.Workspace)
                 displayName: "Run TestKube workflow"
                 continueOnError: true
               - bash: |
@@ -2663,10 +2666,12 @@ extends:
                   scriptLocation: 'inlineScript'
                   inlineScript: 'az aks get-credentials --resource-group ciprom-upgrade-bot --name ciprom-upgrade-bot'
               - bash: |
+                  echo "bot/$(Build.SourceBranchName)"
                   export BUILD_ARTIFACTSTAGINGDIRECTORY="$(Build.ArtifactStagingDirectory)"
                   export BUILD_BUILDID="$(Build.BuildId)"
                   export SYSTEM_JOBID="$(System.JobId)"
                   export SYSTEM_TASKINSTANCEID="$(System.TaskInstanceId)"
+                  chmod +x ./testkube/run-testkube-workflow.sh
                   ./testkube/run-testkube-workflow.sh \
                     "https://ciprom-upgrade-bot-e4c4gvcgcqd7awhw.westus3.prometheus.monitor.azure.com" \
                     "3bf21bd6-3dd9-449d-8f17-5f3b1a61ecd6" \
@@ -2675,14 +2680,14 @@ extends:
                     "" \
                     "" \
                     "OTelCollector-Upgrade" \
-                    "$(System.PullRequest.SourceBranch)"
-                workingDirectory: $(Pipeline.Workspace)/testkube-test-files
+                    "bot/$(Build.SourceBranchName)"
+                workingDirectory: $(Pipeline.Workspace)
                 displayName: "Run TestKube workflow"
                 continueOnError: true
               - bash: |
-                  if [ -f "$(Build.ArtifactStagingDirectory)/testkube-results-Otel-Upgrade.json" ]; then
+                  if [ -f "$(Build.ArtifactStagingDirectory)/testkube-results-OTelCollector-Upgrade.json" ]; then
                     # Read the JSON content and set it as a pipeline variable
-                    TESTKUBE_RESULTS_UPGRADE=$(cat "$(Build.ArtifactStagingDirectory)/testkube-results-Otel-Upgrade.json" | jq -c .)
+                    TESTKUBE_RESULTS_UPGRADE=$(cat "$(Build.ArtifactStagingDirectory)/testkube-results-OTelCollector-Upgrade.json" | jq -c .)
                     echo "##vso[task.setvariable variable=TESTKUBE_RESULTS_UPGRADE;isoutput=true]$TESTKUBE_RESULTS_UPGRADE"
                     echo "TestKube Upgrade results set as pipeline variable"
                   else
@@ -2708,6 +2713,13 @@ extends:
           TESTKUBE_RESULTS_ARC: $[ dependencies.Testkube_ARC.outputs['testkube_results.TESTKUBE_RESULTS_ARC'] ]
           TESTKUBE_RESULTS_AKS: $[ dependencies.Testkube.outputs['testkube_results.TESTKUBE_RESULTS_AKS'] ]
           TESTKUBE_RESULTS_OTEL: $[ dependencies.Testkube_OTel.outputs['testkube_results.TESTKUBE_RESULTS_OTEL'] ]
+        templateContext:
+          type: releaseJob
+          isProduction: false
+          inputs:
+          - input: pipelineArtifact
+            artifactName: testkube-test-files
+            targetPath: $(Pipeline.Workspace)
         steps:
         - bash: |
             # Create results directory and write pipeline variables to JSON files
@@ -2747,8 +2759,9 @@ extends:
             export BUILD_SOURCEVERSIONMESSAGE="$(Build.SourceVersionMessage)"
             export BUILD_SOURCEBRANCHNAME="$(Build.SourceBranchName)"
             export BUILD_BUILDNUMBER="$(Build.BuildNumber)"
+            chmod +x ./testkube/send-testkube-summary.sh
             ./testkube/send-testkube-summary.sh $(TEAMS_WEBHOOK_URL) $(Pipeline.Workspace)/testkube-results
-          workingDirectory: $(Pipeline.Workspace)/testkube-test-files
+          workingDirectory: $(Pipeline.Workspace)
           displayName: "Send TestKube Summary Notification"
 
       - job: TestKube_Notification_OTelCollector_Upgrade
@@ -2763,6 +2776,13 @@ extends:
         variables:
           skipComponentGovernanceDetection: true
           TESTKUBE_RESULTS_UPGRADE: $[ dependencies.Testkube_OTel_Upgrade.outputs['testkube_results.TESTKUBE_RESULTS_UPGRADE'] ]
+        templateContext:
+          type: releaseJob
+          isProduction: false
+          inputs:
+          - input: pipelineArtifact
+            artifactName: testkube-test-files
+            targetPath: $(Pipeline.Workspace)
         steps:
         - bash: |
             # Create results directory and write pipeline variables to JSON files
@@ -2786,6 +2806,7 @@ extends:
             export BUILD_SOURCEVERSIONMESSAGE="$(Build.SourceVersionMessage)"
             export BUILD_SOURCEBRANCHNAME="$(Build.SourceBranchName)"
             export BUILD_BUILDNUMBER="$(Build.BuildNumber)"
+            chmod +x ./testkube/send-testkube-summary.sh
             ./testkube/send-testkube-summary.sh $(TEAMS_WEBHOOK_URL) $(Pipeline.Workspace)/testkube-results
-          workingDirectory: $(Pipeline.Workspace)/testkube-test-files
+          workingDirectory: $(Pipeline.Workspace)
           displayName: "Send TestKube Summary Notification"

.trivyignore

@@ -1,17 +1,23 @@
+# This file contains CVEs to be ignored by Trivy
+# Auto-generated on Mon Aug  4 17:43:16 UTC 2025
+
 # CRITICAL
 
 # HIGH
 # kube-state-metrics
-CVE-2024-33599
-CVE-2024-33601
+CVE-2024-33599 # 
+CVE-2024-33601 # 
 
 # MEDIUM
-# prometheusui
-CVE-2025-22872 # golang.org/x/net
-GHSA-fv92-fjc5-jj9h 
 # kube-state-metrics
-CVE-2023-4527
-CVE-2023-4806
-CVE-2024-33600
+CVE-2023-4527 # 
+CVE-2023-4806 # 
+CVE-2024-33600 # 
+# otelcollector
+CVE-2025-54388 # github.com/docker/docker
+# promconfigvalidator
+CVE-2025-54388 # github.com/docker/docker
+
+# LOW
+# kube-state-metrics
 
-# LOW

OPENTELEMETRY_VERSION

@@ -1 +1 @@
-v0.127.0
+v0.131.0

TARGETALLOCATOR_VERSION

@@ -1 +1 @@
-v0.127.0
+v0.131.0

internal/otel-upgrade-scripts/upgrade.sh

@@ -433,6 +433,25 @@ echo "PrometheusUI Test Prometheus dependencies updated successfully."
 
 cd "$CURRENT_DIR"
 
+# Step 7.3: Run go mod tidy in all test/ginkgo-e2e subdirectories
+echo "Running go mod tidy in all test/ginkgo-e2e subdirectories..."
+
+# Start with utils directory
+echo "Running go mod tidy in utils directory..."
+cd "$CURRENT_DIR/otelcollector/test/ginkgo-e2e/utils"
+go mod tidy
+cd "$CURRENT_DIR"
+
+# Get all subdirectories except utils
+for dir in $(find "$CURRENT_DIR/otelcollector/test/ginkgo-e2e" -maxdepth 1 -type d | grep -v "/utils$" | grep -v "^$CURRENT_DIR/otelcollector/test/ginkgo-e2e$"); do
+    echo "Running go mod tidy in $(basename $dir) directory..."
+    cd "$dir"
+    go mod tidy
+    cd "$CURRENT_DIR"
+done
+
+echo "Completed go mod tidy in all test/ginkgo-e2e subdirectories"
+
 # Step 8: Update golang version in azure-pipeline-build.yaml using highest version
 echo "Updating golang version in azure-pipeline-build.yaml..."
 

otelcollector/configuration-reader-builder/go.mod

@@ -47,7 +47,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.22.2 // indirect
 	github.com/onsi/gomega v1.36.2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
-	github.com/prometheus/common v0.64.0 // indirect
+	github.com/prometheus/common v0.65.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	golang.org/x/net v0.40.0 // indirect
 	golang.org/x/oauth2 v0.30.0 // indirect

otelcollector/configuration-reader-builder/go.sum

@@ -60,8 +60,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.64.0 h1:pdZeA+g617P7oGv1CzdTzyeShxAGrTBsolKNOLQPGO4=
-github.com/prometheus/common v0.64.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
+github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE=
+github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=