feat(observability): comprehensive webhook + evaluation tracing (#12)

* feat(observability): instrument webhook handlers and evaluation phases

Adds OpenTelemetry spans around every webhook handler and around each
phase of EvalContext (parse_config, evaluate_policy, post_status,
post_evaluate_actions, evaluate_pr per child PR). Spans carry typed
attributes so dashboards and Jaeger queries can filter by:

  github.event.type / github.event.action / github.delivery_id
  github.installation_id / github.sender.login
  github.repo.owner / github.repo.name / github.repo.full_name
  github.pr.number / github.sha
  github.review.state / github.review.author
  github.check_run.name / github.check_run.conclusion
  policy.status / policy.trigger / policy.skip_reason

policy.skip_reason values come from a stable enum (SkipReasonNoPolicy,
SkipReasonSelfSender, SkipReasonReviewDoesNotAffectApproval, ...) so
alerts and dashboards can pin to specific filter strings.

Errors are propagated to the span via SetStatus(Error)+RecordError so
Jaeger highlights failed spans. Named-return + 'defer RecordError(span,
&err)' is the per-handler idiom.

Webhook spans use SpanKind=Consumer to match the async dispatch model.
The handler logic runs in worker goroutines (QueueAsyncScheduler), so
the inbound HTTP server span ends quickly while these spans live on
under the same trace context (propagated via context.WithoutCancel).

* feat(observability): template outbound GitHub API paths in span names

Replace per-request span names like 'GitHub API: GET
/repos/{owner}/{repo}/pulls/12345/files' (where each PR number, SHA,
or installation ID produces a unique operation name) with templated
forms like 'GitHub API: GET /repos/{owner}/{repo}/pulls/{pull_number}/files'.
Without this, every distinct path fans out to its own operation in
Jaeger and defeats aggregation in dashboards.

The templater walks path segments contextually: numeric IDs after
pulls/issues/check-runs/comments/reviews/etc. become {pull_number},
{issue_number}, ...; hex SHAs after commits/statuses/trees/blobs
become {sha}; refs/heads/{ref} collapses everything after to {ref}
(branches can contain slashes); contents/{+path} similarly eats the
tail.

Owner and repo become {owner}/{repo} placeholders in the operation
name; they appear as attributes on the bot's own spans for per-repo
filtering.

Covered by otel_test.go with edge cases (numeric IDs vs hex SHAs,
branches with slashes, top-level paths, empty path).

Author: denysvitali-kaiko

go.mod

@@ -31,6 +31,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.39.0
 	go.opentelemetry.io/otel/sdk v1.39.0
 	go.opentelemetry.io/otel/sdk/metric v1.39.0
+	go.opentelemetry.io/otel/trace v1.39.0
 	goji.io v2.0.2+incompatible
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/text v0.33.0
@@ -81,7 +82,6 @@ require (
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.39.0 // indirect
 	go.opentelemetry.io/otel/log v0.15.0 // indirect
 	go.opentelemetry.io/otel/sdk/log v0.15.0 // indirect
-	go.opentelemetry.io/otel/trace v1.39.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	golang.org/x/crypto v0.47.0 // indirect

server/handler/check_run.go

@@ -23,6 +23,7 @@ import (
 	"github.com/palantir/policy-bot/policy/common"
 	"github.com/palantir/policy-bot/pull"
 	"github.com/pkg/errors"
+	"go.opentelemetry.io/otel/attribute"
 )
 
 type CheckRun struct {
@@ -31,22 +32,36 @@ type CheckRun struct {
 
 func (h *CheckRun) Handles() []string { return []string{"check_run"} }
 
-func (h *CheckRun) Handle(ctx context.Context, eventType, deliveryID string, payload []byte) error {
+func (h *CheckRun) Handle(ctx context.Context, eventType, deliveryID string, payload []byte) (err error) {
+	ctx, span := StartWebhookSpan(ctx, eventType, deliveryID)
+	defer span.End()
+	defer RecordError(span, &err)
+
 	var event github.CheckRunEvent
 	if err := json.Unmarshal(payload, &event); err != nil {
 		return errors.Wrap(err, "failed to parse check_run event payload")
 	}
 
+	span.SetAttributes(
+		attribute.String(AttrEventAction, event.GetAction()),
+		attribute.String(AttrCheckRunName, event.GetCheckRun().GetName()),
+		attribute.String(AttrCheckRunStatus, event.GetCheckRun().GetConclusion()),
+		attribute.String(AttrSenderLogin, event.GetSender().GetLogin()),
+	)
+
 	if event.GetAction() != "completed" {
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonActionNotHandled))
 		return nil
 	}
 
 	// Skip check runs created by this app to prevent infinite re-evaluation loops.
 	// Prefer matching by app ID (stable, numeric) over sender login (fragile string).
 	if h.AppID != 0 && event.GetCheckRun().GetApp().GetID() == h.AppID {
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonSelfCheckRun))
 		return nil
 	}
 	if event.GetSender().GetLogin() == h.AppName+"[bot]" {
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonSelfSender))
 		return nil
 	}
 
@@ -57,6 +72,12 @@ func (h *CheckRun) Handle(ctx context.Context, eventType, deliveryID string, pay
 	commitSHA := event.GetCheckRun().GetHeadSHA()
 	installationID := githubapp.GetInstallationIDFromEvent(&event)
 
+	span.SetAttributes(RepoAttrs(ownerName, repoName)...)
+	span.SetAttributes(
+		attribute.String(AttrSHA, commitSHA),
+		attribute.Int64(AttrInstallationID, installationID),
+	)
+
 	ctx, logger := githubapp.PrepareRepoContext(ctx, installationID, repo)
 
 	logger.Debug().Msgf("Check run event is for '%s', found %d PRs", event.GetCheckRun().GetName(), len(event.GetCheckRun().PullRequests))
@@ -80,15 +101,22 @@ func (h *CheckRun) Handle(ctx context.Context, eventType, deliveryID string, pay
 			continue
 		}
 
-		if err := h.Evaluate(ctx, installationID, common.TriggerStatus, pull.Locator{
+		prCtx, prSpan := StartChildSpan(ctx, "policy.evaluate_pr")
+		prSpan.SetAttributes(
+			attribute.Int(AttrPRNumber, pr.GetNumber()),
+			attribute.String(AttrSHA, commitSHA),
+		)
+		if evalErr := h.Evaluate(prCtx, installationID, common.TriggerStatus, pull.Locator{
 			Owner:  ownerName,
 			Repo:   repoName,
 			Number: pr.GetNumber(),
 			Value:  pr,
-		}); err != nil {
+		}); evalErr != nil {
 			evaluationFailures++
-			logger.Error().Err(err).Msgf("Failed to evaluate pull request '%d' for SHA '%s'", pr.GetNumber(), commitSHA)
+			logger.Error().Err(evalErr).Msgf("Failed to evaluate pull request '%d' for SHA '%s'", pr.GetNumber(), commitSHA)
+			RecordError(prSpan, &evalErr)
 		}
+		prSpan.End()
 	}
 	if evaluationFailures == 0 {
 		return nil

server/handler/eval_context.go

@@ -27,6 +27,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
 	"github.com/shurcooL/githubv4"
+	"go.opentelemetry.io/otel/attribute"
 )
 
 // EvalContext contains common fields and methods used to evaluate policy
@@ -51,12 +52,18 @@ type EvalContext struct {
 }
 
 // Evaluate runs the full process for evaluating a pull request.
-func (ec *EvalContext) Evaluate(ctx context.Context, trigger common.Trigger) error {
+func (ec *EvalContext) Evaluate(ctx context.Context, trigger common.Trigger) (err error) {
+	ctx, span := StartChildSpan(ctx, "policy.evaluate")
+	defer span.End()
+	defer RecordError(span, &err)
+	span.SetAttributes(attribute.String(AttrPolicyTrigger, trigger.String()))
+
 	evaluator, err := ec.ParseConfig(ctx, trigger)
 	if err != nil {
 		return err
 	}
 	if evaluator == nil {
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonNoPolicy))
 		return nil
 	}
 
@@ -72,7 +79,15 @@ func (ec *EvalContext) Evaluate(ctx context.Context, trigger common.Trigger) err
 // ParseConfig checks and validates the configuration in the EvalContext and
 // returns a non-nil Evaluator if the policy exists, is valid, and requires
 // evaluation for the trigger.
-func (ec *EvalContext) ParseConfig(ctx context.Context, trigger common.Trigger) (common.Evaluator, error) {
+func (ec *EvalContext) ParseConfig(ctx context.Context, trigger common.Trigger) (evaluator common.Evaluator, err error) {
+	ctx, span := StartChildSpan(ctx, "policy.parse_config")
+	defer span.End()
+	defer RecordError(span, &err)
+	span.SetAttributes(
+		attribute.String(AttrPolicyConfigSource, ec.Config.Source),
+		attribute.String(AttrPolicyConfigPath, ec.Config.Path),
+	)
+
 	logger := zerolog.Ctx(ctx)
 
 	fc := ec.Config
@@ -101,7 +116,7 @@ func (ec *EvalContext) ParseConfig(ctx context.Context, trigger common.Trigger)
 		ApprovalDefaults:     ec.Options.ApprovalDefaults,
 	}
 
-	evaluator, err := policy.ParsePolicy(fc.Config, opts)
+	evaluator, err = policy.ParsePolicy(fc.Config, opts)
 	if err != nil {
 		msg := fmt.Sprintf("Invalid policy in %s: %s", fc.Source, fc.Path)
 		logger.Warn().Err(err).Msg(msg)
@@ -125,7 +140,11 @@ func (ec *EvalContext) ParseConfig(ctx context.Context, trigger common.Trigger)
 // EvaluatePolicy evaluates the policy for a PR and generates a result. The
 // evaluator must be non-nil, meaning callers should check the output of
 // ParseConfig before calling this method.
-func (ec *EvalContext) EvaluatePolicy(ctx context.Context, evaluator common.Evaluator) (common.Result, error) {
+func (ec *EvalContext) EvaluatePolicy(ctx context.Context, evaluator common.Evaluator) (_ common.Result, err error) {
+	ctx, span := StartChildSpan(ctx, "policy.evaluate_policy")
+	defer span.End()
+	defer RecordError(span, &err)
+
 	logger := zerolog.Ctx(ctx)
 
 	result := evaluator.Evaluate(ctx, ec.PullContext)
@@ -139,6 +158,8 @@ func (ec *EvalContext) EvaluatePolicy(ctx context.Context, evaluator common.Eval
 		return result, result.Error
 	}
 
+	span.SetAttributes(attribute.String(AttrPolicyStatus, result.Status.String()))
+
 	statusDescription := result.StatusDescription
 
 	var statusState string
@@ -182,19 +203,31 @@ func (ec *EvalContext) EvaluatePolicy(ctx context.Context, evaluator common.Eval
 // Post-evaluate actions are best effort, so this function logs failures
 // instead of returning an error.
 func (ec *EvalContext) RunPostEvaluateActions(ctx context.Context, result common.Result, trigger common.Trigger) {
+	ctx, span := StartChildSpan(ctx, "policy.post_evaluate_actions")
+	defer span.End()
+
 	logger := zerolog.Ctx(ctx)
 
 	if err := ec.requestReviewsForResult(ctx, trigger, result); err != nil {
 		logger.Error().Err(err).Msg("Failed to request reviewers")
+		span.RecordError(err)
 	}
 
 	if err := ec.dismissStaleReviewsForResult(ctx, result); err != nil {
 		logger.Error().Err(err).Msg("Failed to dismiss stale reviews")
+		span.RecordError(err)
 	}
 }
 
 // PostStatus posts a check run for the evaluated PR.
 func (ec *EvalContext) PostStatus(ctx context.Context, state, message string) {
+	ctx, span := StartChildSpan(ctx, "policy.post_status")
+	defer span.End()
+	span.SetAttributes(
+		attribute.String(AttrPolicyStatus, state),
+		attribute.String(AttrSHA, ec.PullContext.HeadSHA()),
+	)
+
 	logger := zerolog.Ctx(ctx)
 
 	owner := ec.PullContext.RepositoryOwner()

server/handler/installation.go

@@ -24,6 +24,7 @@ import (
 	"github.com/palantir/go-githubapp/githubapp"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
+	"go.opentelemetry.io/otel/attribute"
 )
 
 type Installation struct {
@@ -37,7 +38,11 @@ func (h *Installation) Handles() []string {
 // Handle installation, installation_repositories
 // https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#installation
 // https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#installation_repositories
-func (h *Installation) Handle(ctx context.Context, eventType, deliveryID string, payload []byte) error {
+func (h *Installation) Handle(ctx context.Context, eventType, deliveryID string, payload []byte) (err error) {
+	ctx, span := StartWebhookSpan(ctx, eventType, deliveryID)
+	defer span.End()
+	defer RecordError(span, &err)
+
 	var action string
 	var installationID int64
 	var repositories []*github.Repository
@@ -64,6 +69,12 @@ func (h *Installation) Handle(ctx context.Context, eventType, deliveryID string,
 		repositories = event.RepositoriesAdded
 	}
 
+	span.SetAttributes(
+		attribute.String(AttrEventAction, action),
+		attribute.Int64(AttrInstallationID, installationID),
+		attribute.Int("github.installation.repo_count", len(repositories)),
+	)
+
 	switch action {
 	case "created", "added":
 		client, err := h.NewInstallationClient(installationID)
@@ -73,6 +84,8 @@ func (h *Installation) Handle(ctx context.Context, eventType, deliveryID string,
 		for _, repo := range repositories {
 			h.postRepoInstallationStatus(ctx, client, repo)
 		}
+	default:
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonInstallationActionNotHandled))
 	}
 
 	return nil

server/handler/issue_comment.go

@@ -26,6 +26,7 @@ import (
 	"github.com/palantir/policy-bot/pull"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
+	"go.opentelemetry.io/otel/attribute"
 )
 
 type IssueComment struct {
@@ -36,7 +37,11 @@ func (h *IssueComment) Handles() []string { return []string{"issue_comment"} }
 
 // Handle issue_comment
 // See https://developer.github.com/v3/activity/events/types/#issuecommentevent
-func (h *IssueComment) Handle(ctx context.Context, eventType, deliveryID string, payload []byte) error {
+func (h *IssueComment) Handle(ctx context.Context, eventType, deliveryID string, payload []byte) (err error) {
+	ctx, span := StartWebhookSpan(ctx, eventType, deliveryID)
+	defer span.End()
+	defer RecordError(span, &err)
+
 	var event github.IssueCommentEvent
 	if err := json.Unmarshal(payload, &event); err != nil {
 		return errors.Wrap(err, "failed to parse issue comment event payload")
@@ -47,8 +52,17 @@ func (h *IssueComment) Handle(ctx context.Context, eventType, deliveryID string,
 	number := event.GetIssue().GetNumber()
 	installationID := githubapp.GetInstallationIDFromEvent(&event)
 
+	span.SetAttributes(RepoAttrs(owner, repo.GetName())...)
+	span.SetAttributes(
+		attribute.String(AttrEventAction, event.GetAction()),
+		attribute.Int(AttrPRNumber, number),
+		attribute.Int64(AttrInstallationID, installationID),
+		attribute.String(AttrSenderLogin, event.GetSender().GetLogin()),
+	)
+
 	if !event.GetIssue().IsPullRequest() {
 		zerolog.Ctx(ctx).Debug().Msg("Issue comment event is not for a pull request")
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonNotPullRequest))
 		return nil
 	}
 
@@ -77,9 +91,11 @@ func (h *IssueComment) Handle(ctx context.Context, eventType, deliveryID string,
 	switch {
 	case evalCtx.Config.LoadError != nil || evalCtx.Config.ParseError != nil:
 		logger.Warn().Str(LogKeyAudit, "issue_comment").Msg("Skipping tampering check because the policy is not valid")
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonInvalidPolicyTamperingCheck))
 	case evalCtx.Config.Config != nil:
 		tampered := h.detectAndLogTampering(ctx, evalCtx, event)
 		if tampered {
+			span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonCommentTampered))
 			return nil
 		}
 	}
@@ -89,11 +105,13 @@ func (h *IssueComment) Handle(ctx context.Context, eventType, deliveryID string,
 		return err
 	}
 	if evaluator == nil {
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonNoPolicy))
 		return nil
 	}
 
 	if !h.affectsApproval(event, evalCtx.Config.Config) {
 		logger.Debug().Msg("Skipping evaluation because this comment does not impact approval")
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonCommentDoesNotAffectApproval))
 		return nil
 	}
 

server/handler/merge_group.go

@@ -24,6 +24,7 @@ import (
 	"github.com/palantir/go-githubapp/githubapp"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
+	"go.opentelemetry.io/otel/attribute"
 )
 
 type MergeGroup struct {
@@ -34,34 +35,50 @@ func (h *MergeGroup) Handles() []string { return []string{"merge_group"} }
 
 // Handle merge_group
 // https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#merge_group
-func (h *MergeGroup) Handle(ctx context.Context, eventType, devlieryID string, payload []byte) error {
+func (h *MergeGroup) Handle(ctx context.Context, eventType, deliveryID string, payload []byte) (err error) {
+	ctx, span := StartWebhookSpan(ctx, eventType, deliveryID)
+	defer span.End()
+	defer RecordError(span, &err)
+
 	var event github.MergeGroupEvent
 
 	if err := json.Unmarshal(payload, &event); err != nil {
 		return errors.Wrap(err, "failed to parse merge group event payload")
 	}
 
+	span.SetAttributes(attribute.String(AttrEventAction, event.GetAction()))
+
 	if event.GetAction() != "checks_requested" {
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonActionNotHandled))
 		return nil
 	}
 
 	logger := zerolog.Ctx(ctx)
 	installationID := githubapp.GetInstallationIDFromEvent(&event)
-	client, err := h.NewInstallationClient(installationID)
-	if err != nil {
-		return err
-	}
 
 	repository := event.GetRepo().GetName()
 	owner := event.GetRepo().GetOwner().GetLogin()
 	mergeGroup := event.GetMergeGroup()
 	baseBranch := strings.TrimPrefix(mergeGroup.GetBaseRef(), "refs/heads/")
 	headSHA := mergeGroup.GetHeadSHA()
 
+	span.SetAttributes(RepoAttrs(owner, repository)...)
+	span.SetAttributes(
+		attribute.String(AttrSHA, headSHA),
+		attribute.Int64(AttrInstallationID, installationID),
+		attribute.String("github.merge_group.base_branch", baseBranch),
+	)
+
+	client, err := h.NewInstallationClient(installationID)
+	if err != nil {
+		return err
+	}
+
 	// If a PR is added to the merge queue, presumably the policy existed and was valid at the time of merge,
 	// so we're just checking for the existance of a policy here and don't care about its validity.
 	fetchedConfig := h.ConfigFetcher.ConfigForRepositoryBranch(ctx, client, owner, repository, baseBranch)
 	if fetchedConfig.Config == nil {
+		span.SetAttributes(attribute.String(AttrPolicySkipReason, SkipReasonNoPolicy))
 		return nil
 	}