From cc7edb78852bcf55f820192d738a5da84fb34c04 Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Thu, 25 Jun 2026 10:38:46 +0200 Subject: [PATCH 1/6] feat(otel): Add OpenTelemetry compatibility BOM Add an opt-in Sentry OpenTelemetry BOM that imports the tested OpenTelemetry stable and alpha BOMs and constrains Sentry OpenTelemetry modules to the SDK version. Keep the main Sentry BOM from managing the dedicated OpenTelemetry BOM so regular Sentry consumers are unaffected. --- .craft.yml | 1 + README.md | 1 + gradle/libs.versions.toml | 5 ++ sentry-bom/build.gradle.kts | 1 + .../sentry-opentelemetry-bom/README.md | 71 +++++++++++++++++++ .../sentry-opentelemetry-bom/build.gradle.kts | 34 +++++++++ settings.gradle.kts | 1 + 7 files changed, 114 insertions(+) create mode 100644 sentry-opentelemetry/sentry-opentelemetry-bom/README.md create mode 100644 sentry-opentelemetry/sentry-opentelemetry-bom/build.gradle.kts diff --git a/.craft.yml b/.craft.yml index cc4636cd32d..63bc50d215b 100644 --- a/.craft.yml +++ b/.craft.yml @@ -45,6 +45,7 @@ targets: maven:io.sentry:sentry-launchdarkly-android: maven:io.sentry:sentry-launchdarkly-server: maven:io.sentry:sentry-opentelemetry-agent: + maven:io.sentry:sentry-opentelemetry-bom: maven:io.sentry:sentry-opentelemetry-agentcustomization: maven:io.sentry:sentry-opentelemetry-agentless: maven:io.sentry:sentry-opentelemetry-agentless-spring: diff --git a/README.md b/README.md index 0aab8a4e75d..849aaf74457 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ Sentry SDK for Java and Android | sentry-launchdarkly-android | [![Maven Central Version](https://img.shields.io/maven-central/v/io.sentry/sentry-launchdarkly-android?style=for-the-badge&logo=sentry&color=green)](https://central.sonatype.com/artifact/io.sentry/sentry-launchdarkly-android) | | sentry-launchdarkly-server | [![Maven Central Version](https://img.shields.io/maven-central/v/io.sentry/sentry-launchdarkly-server?style=for-the-badge&logo=sentry&color=green)](https://central.sonatype.com/artifact/io.sentry/sentry-launchdarkly-server) | | sentry-opentelemetry-agent | [![Maven Central Version](https://img.shields.io/maven-central/v/io.sentry/sentry-opentelemetry-agent?style=for-the-badge&logo=sentry&color=green)](https://central.sonatype.com/artifact/io.sentry/sentry-opentelemetry-agent) | +| sentry-opentelemetry-bom | [![Maven Central Version](https://img.shields.io/maven-central/v/io.sentry/sentry-opentelemetry-bom?style=for-the-badge&logo=sentry&color=green)](https://central.sonatype.com/artifact/io.sentry/sentry-opentelemetry-bom) | | sentry-opentelemetry-agentcustomization | [![Maven Central Version](https://img.shields.io/maven-central/v/io.sentry/sentry-opentelemetry-agentcustomization?style=for-the-badge&logo=sentry&color=green)](https://central.sonatype.com/artifact/io.sentry/sentry-opentelemetry-agentcustomization) | | sentry-opentelemetry-core | [![Maven Central Version](https://img.shields.io/maven-central/v/io.sentry/sentry-opentelemetry-core?style=for-the-badge&logo=sentry&color=green)](https://central.sonatype.com/artifact/io.sentry/sentry-opentelemetry-core) | | sentry-opentelemetry-otlp | [![Maven Central Version](https://img.shields.io/maven-central/v/io.sentry/sentry-opentelemetry-otlp?style=for-the-badge&logo=sentry&color=green)](https://central.sonatype.com/artifact/io.sentry/sentry-opentelemetry-otlp) | diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 24064703ca1..8774183e5ba 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -26,6 +26,8 @@ nopen = "1.0.1" okhttp = "4.9.2" openfeature = "1.18.2" otel = "1.60.1" +# Keep alpha OpenTelemetry BOMs in sync with their stable counterparts: -alpha. +otelAlpha = "1.60.1-alpha" otelInstrumentation = "2.26.0" otelInstrumentationAlpha = "2.26.0-alpha" # check https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/dependencyManagement/build.gradle.kts#L49 for release version above to find a compatible version @@ -153,7 +155,10 @@ otel-exporter-otlp = { module = "io.opentelemetry:opentelemetry-exporter-otlp", otel-exporter-logging = { module = "io.opentelemetry:opentelemetry-exporter-logging", version.ref = "otel" } otel-extension-autoconfigure = { module = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure", version.ref = "otel" } otel-extension-autoconfigure-spi = { module = "io.opentelemetry:opentelemetry-sdk-extension-autoconfigure-spi", version.ref = "otel" } +otel-bom = { module = "io.opentelemetry:opentelemetry-bom", version.ref = "otel" } +otel-alpha-bom = { module = "io.opentelemetry:opentelemetry-bom-alpha", version.ref = "otelAlpha" } otel-instrumentation-bom = { module = "io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom", version.ref = "otelInstrumentation" } +otel-instrumentation-alpha-bom = { module = "io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha", version.ref = "otelInstrumentationAlpha" } otel-javaagent = { module = "io.opentelemetry.javaagent:opentelemetry-javaagent", version.ref = "otelInstrumentation" } otel-javaagent-tooling = { module = "io.opentelemetry.javaagent:opentelemetry-javaagent-tooling", version.ref = "otelInstrumentationAlpha" } otel-javaagent-extension-api = { module = "io.opentelemetry.javaagent:opentelemetry-javaagent-extension-api", version.ref = "otelInstrumentationAlpha" } diff --git a/sentry-bom/build.gradle.kts b/sentry-bom/build.gradle.kts index 45ef7363d47..f219c964e52 100644 --- a/sentry-bom/build.gradle.kts +++ b/sentry-bom/build.gradle.kts @@ -9,6 +9,7 @@ dependencies { .filter { !it.name.startsWith("sentry-samples") && it.name != project.name && + !it.name.endsWith("-bom") && !it.name.contains("test", ignoreCase = true) && !it.name.contains("sentry-android-distribution") } diff --git a/sentry-opentelemetry/sentry-opentelemetry-bom/README.md b/sentry-opentelemetry/sentry-opentelemetry-bom/README.md new file mode 100644 index 00000000000..a71f4144fbd --- /dev/null +++ b/sentry-opentelemetry/sentry-opentelemetry-bom/README.md @@ -0,0 +1,71 @@ +# sentry-opentelemetry-bom + +This BOM aligns Sentry OpenTelemetry modules with the OpenTelemetry artifacts tested by Sentry. + +Use this BOM only when you want Sentry to manage OpenTelemetry dependency versions for Sentry's OpenTelemetry integrations. Do not import it for regular Sentry usage unless you also want this OpenTelemetry version alignment. + +The BOM intentionally manages stable and `-alpha` OpenTelemetry artifacts, including incubator artifacts used by the OpenTelemetry instrumentation stack. It makes Sentry's tested OpenTelemetry versions authoritative, so verify dependency resolution before importing it if your application already uses newer OpenTelemetry versions. + +This BOM is primarily for classpath-based OpenTelemetry integrations such as `sentry-opentelemetry-agentless`, `sentry-opentelemetry-agentless-spring`, `sentry-opentelemetry-otlp`, and `sentry-opentelemetry-otlp-spring`. It does not change the OpenTelemetry dependencies shaded into the `sentry-opentelemetry-agent` Java agent JAR. + +## Dependency management ordering + +Ordering matters when another BOM, such as Spring Boot's dependency management, also manages OpenTelemetry versions. + +### Gradle + +When using Gradle with the Spring dependency management plugin, the last imported BOM wins. Import this BOM after Spring Boot's dependency management so its OpenTelemetry versions take precedence: + +```kotlin +dependencyManagement { + imports { + mavenBom("org.springframework.boot:spring-boot-dependencies:") + mavenBom("io.sentry:sentry-opentelemetry-bom:") + } +} +``` + +If the Spring Boot Gradle plugin imports Spring Boot dependency management implicitly, add the Sentry BOM in your `dependencyManagement` block; explicit imports are applied after the implicit Spring Boot import. + +### Maven + +Maven uses different precedence rules: when multiple BOMs are imported in the same `` block, the first declaration wins. + +When using `spring-boot-starter-parent`, declare `sentry-opentelemetry-bom` in the child POM's `` block. Dependency management in the child POM takes precedence over the parent: + +```xml + + + + io.sentry + sentry-opentelemetry-bom + ${sentry.version} + pom + import + + + +``` + +When importing `spring-boot-dependencies` manually in the same POM, import `sentry-opentelemetry-bom` first so Sentry's OpenTelemetry versions win: + +```xml + + + + io.sentry + sentry-opentelemetry-bom + ${sentry.version} + pom + import + + + org.springframework.boot + spring-boot-dependencies + ${spring-boot.version} + pom + import + + + +``` diff --git a/sentry-opentelemetry/sentry-opentelemetry-bom/build.gradle.kts b/sentry-opentelemetry/sentry-opentelemetry-bom/build.gradle.kts new file mode 100644 index 00000000000..a1329c90ca0 --- /dev/null +++ b/sentry-opentelemetry/sentry-opentelemetry-bom/build.gradle.kts @@ -0,0 +1,34 @@ +plugins { + `java-platform` + `maven-publish` +} + +javaPlatform.allowDependencies() + +dependencies { + api(platform(libs.otel.bom)) + api(platform(libs.otel.alpha.bom)) + api(platform(libs.otel.instrumentation.bom)) + api(platform(libs.otel.instrumentation.alpha.bom)) + + constraints { + project.rootProject.subprojects + .filter { + it.path.startsWith(":sentry-opentelemetry:") && + it.name != project.name && + !it.name.contains("test", ignoreCase = true) + } + .forEach { project -> + evaluationDependsOn(project.path) + project.publishing.publications + .mapNotNull { it as? MavenPublication } + .filter { + !it.artifactId.endsWith("-kotlinMultiplatform") && !it.artifactId.endsWith("-metadata") + } + .forEach { + val dependency = "${it.groupId}:${it.artifactId}:${it.version}" + api(dependency) + } + } + } +} diff --git a/settings.gradle.kts b/settings.gradle.kts index 51dd84abb4f..ff7380cdc26 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -84,6 +84,7 @@ include( "sentry-opentelemetry:sentry-opentelemetry-core", "sentry-opentelemetry:sentry-opentelemetry-agentcustomization", "sentry-opentelemetry:sentry-opentelemetry-agent", + "sentry-opentelemetry:sentry-opentelemetry-bom", "sentry-opentelemetry:sentry-opentelemetry-agentless", "sentry-opentelemetry:sentry-opentelemetry-agentless-spring", "sentry-opentelemetry:sentry-opentelemetry-otlp", From 5c5b6b36cf4cc084773a630a4becb9ee617cc77a Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Thu, 25 Jun 2026 10:41:20 +0200 Subject: [PATCH 2/6] changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 48a1115f8ae..ee6223af65f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## Unreleased + +### Features + +- Add `io.sentry:sentry-opentelemetry-bom` to align Sentry OpenTelemetry modules with tested OpenTelemetry dependencies ([#5629](https://github.com/getsentry/sentry-java/pull/5629)) + ## 8.45.0 ### Features From b162d2e0d4921387cd383987877eedb9afc951b3 Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Thu, 2 Jul 2026 17:09:39 +0200 Subject: [PATCH 3/6] build(otel): Declare BOM constraints explicitly Replace dynamic publication scanning with explicit Sentry OpenTelemetry project constraints. This avoids cross-project evaluation while preserving the generated BOM dependency management. Co-Authored-By: Claude --- .../sentry-opentelemetry-bom/build.gradle.kts | 26 ++++++------------- 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/sentry-opentelemetry/sentry-opentelemetry-bom/build.gradle.kts b/sentry-opentelemetry/sentry-opentelemetry-bom/build.gradle.kts index a1329c90ca0..d945002b716 100644 --- a/sentry-opentelemetry/sentry-opentelemetry-bom/build.gradle.kts +++ b/sentry-opentelemetry/sentry-opentelemetry-bom/build.gradle.kts @@ -12,23 +12,13 @@ dependencies { api(platform(libs.otel.instrumentation.alpha.bom)) constraints { - project.rootProject.subprojects - .filter { - it.path.startsWith(":sentry-opentelemetry:") && - it.name != project.name && - !it.name.contains("test", ignoreCase = true) - } - .forEach { project -> - evaluationDependsOn(project.path) - project.publishing.publications - .mapNotNull { it as? MavenPublication } - .filter { - !it.artifactId.endsWith("-kotlinMultiplatform") && !it.artifactId.endsWith("-metadata") - } - .forEach { - val dependency = "${it.groupId}:${it.artifactId}:${it.version}" - api(dependency) - } - } + api(projects.sentryOpentelemetry.sentryOpentelemetryAgent) + api(projects.sentryOpentelemetry.sentryOpentelemetryAgentcustomization) + api(projects.sentryOpentelemetry.sentryOpentelemetryAgentless) + api(projects.sentryOpentelemetry.sentryOpentelemetryAgentlessSpring) + api(projects.sentryOpentelemetry.sentryOpentelemetryBootstrap) + api(projects.sentryOpentelemetry.sentryOpentelemetryCore) + api(projects.sentryOpentelemetry.sentryOpentelemetryOtlp) + api(projects.sentryOpentelemetry.sentryOpentelemetryOtlpSpring) } } From b9a8fcbb88182888317aa6a47f40832e0fb4b7f3 Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Thu, 2 Jul 2026 17:16:34 +0200 Subject: [PATCH 4/6] docs(otel): Document native Gradle BOM usage Add a platform example for Gradle users that do not use the Spring dependency management plugin. Clarify when to use enforcedPlatform if another platform also manages OpenTelemetry versions. Co-Authored-By: Claude --- .../sentry-opentelemetry-bom/README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/sentry-opentelemetry/sentry-opentelemetry-bom/README.md b/sentry-opentelemetry/sentry-opentelemetry-bom/README.md index a71f4144fbd..c7522772d21 100644 --- a/sentry-opentelemetry/sentry-opentelemetry-bom/README.md +++ b/sentry-opentelemetry/sentry-opentelemetry-bom/README.md @@ -14,6 +14,19 @@ Ordering matters when another BOM, such as Spring Boot's dependency management, ### Gradle +With Gradle's native dependency management, import the BOM as a platform and omit versions from Sentry OpenTelemetry and OpenTelemetry dependencies: + +```kotlin +dependencies { + implementation(platform("io.sentry:sentry-opentelemetry-bom:")) + + implementation("io.sentry:sentry-opentelemetry-agentless") + implementation("io.opentelemetry:opentelemetry-sdk-extension-autoconfigure") +} +``` + +If another imported platform also manages OpenTelemetry versions, Gradle's normal version conflict resolution applies. Use `enforcedPlatform(...)` only when you need Sentry's tested OpenTelemetry versions to override other platforms. + When using Gradle with the Spring dependency management plugin, the last imported BOM wins. Import this BOM after Spring Boot's dependency management so its OpenTelemetry versions take precedence: ```kotlin From aae1eb94cdae539545de78993cf688a345fbb7a3 Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Thu, 2 Jul 2026 17:24:01 +0200 Subject: [PATCH 5/6] docs(changelog): Add OpenTelemetry BOM usage snippets Document the common Spring Boot Gradle plugin setup first, then native Gradle and Maven usage. This gives release note readers enough guidance to import the new BOM without opening the module README. Co-Authored-By: Claude --- CHANGELOG.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ee6223af65f..c3ddfbe8ba0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,28 @@ ### Features - Add `io.sentry:sentry-opentelemetry-bom` to align Sentry OpenTelemetry modules with tested OpenTelemetry dependencies ([#5629](https://github.com/getsentry/sentry-java/pull/5629)) + - Spring Boot Gradle plugin: add the Sentry BOM to `dependencyManagement`; explicit imports are applied after Spring Boot's implicit BOM + ```kotlin + dependencyManagement { + imports { + mavenBom("io.sentry:sentry-opentelemetry-bom:") + } + } + ``` + - Gradle: import it as a platform and omit versions from Sentry OpenTelemetry and OpenTelemetry dependencies + ```kotlin + implementation(platform("io.sentry:sentry-opentelemetry-bom:")) + ``` + - Maven: import it before Spring Boot's BOM in the same `` block, or in the child POM when using `spring-boot-starter-parent` + ```xml + + io.sentry + sentry-opentelemetry-bom + ${sentry.version} + pom + import + + ``` ## 8.45.0 From a46e5671b8ebc8f10fe8eedfc786f4ae9bb198be Mon Sep 17 00:00:00 2001 From: Alexander Dinauer Date: Thu, 2 Jul 2026 17:25:17 +0200 Subject: [PATCH 6/6] ci(otel): Defer registry entry for OpenTelemetry BOM Comment out the new OpenTelemetry BOM registry entry until the artifact has been released once. This keeps craft from looking up an SDK package that is not available yet. Co-Authored-By: Claude --- .craft.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.craft.yml b/.craft.yml index 63bc50d215b..bee668917c1 100644 --- a/.craft.yml +++ b/.craft.yml @@ -45,7 +45,8 @@ targets: maven:io.sentry:sentry-launchdarkly-android: maven:io.sentry:sentry-launchdarkly-server: maven:io.sentry:sentry-opentelemetry-agent: - maven:io.sentry:sentry-opentelemetry-bom: + # TODO: Add after first release of the artifact. + # maven:io.sentry:sentry-opentelemetry-bom: maven:io.sentry:sentry-opentelemetry-agentcustomization: maven:io.sentry:sentry-opentelemetry-agentless: maven:io.sentry:sentry-opentelemetry-agentless-spring: