backend.yml 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522
  1. name: backend
  2. on:
  3. push:
  4. branches:
  5. - master
  6. pull_request:
  7. # Cancel in progress workflows on pull_requests.
  8. # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
  9. concurrency:
  10. group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  11. cancel-in-progress: true
  12. # hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359
  13. env:
  14. SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3
  15. jobs:
  16. files-changed:
  17. name: detect what files changed
  18. runs-on: ubuntu-20.04
  19. timeout-minutes: 3
  20. # Map a step output to a job output
  21. outputs:
  22. api_docs: ${{ steps.changes.outputs.api_docs }}
  23. backend: ${{ steps.changes.outputs.backend_all }}
  24. backend_dependencies: ${{ steps.changes.outputs.backend_dependencies }}
  25. backend_any_type: ${{ steps.changes.outputs.backend_any_type }}
  26. migration_lockfile: ${{ steps.changes.outputs.migration_lockfile }}
  27. plugins: ${{ steps.changes.outputs.plugins }}
  28. steps:
  29. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  30. - name: Check for backend file changes
  31. uses: getsentry/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
  32. id: changes
  33. with:
  34. token: ${{ github.token }}
  35. filters: .github/file-filters.yml
  36. api-docs:
  37. if: needs.files-changed.outputs.api_docs == 'true'
  38. needs: files-changed
  39. name: api docs test
  40. runs-on: ubuntu-20.04
  41. steps:
  42. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  43. - uses: getsentry/action-setup-volta@54775a59c41065f54ecc76d1dd5f2cdc7a1550cb # v1.1.0
  44. - name: Setup sentry python env
  45. uses: ./.github/actions/setup-sentry
  46. id: setup
  47. with:
  48. snuba: true
  49. - name: Run API docs tests
  50. # install ts-node for ts build scripts to execute properly without potentially installing
  51. # conflicting deps when running scripts locally
  52. # see: https://github.com/getsentry/sentry/pull/32328/files
  53. run: |
  54. yarn add ts-node && make test-api-docs
  55. backend-test:
  56. if: needs.files-changed.outputs.backend == 'true'
  57. needs: files-changed
  58. name: backend test
  59. runs-on: ubuntu-20.04
  60. timeout-minutes: 40
  61. strategy:
  62. # This helps not having to run multiple jobs because one fails, thus, reducing resource usage
  63. # and reducing the risk that one of many runs would turn red again (read: intermittent tests)
  64. fail-fast: false
  65. matrix:
  66. # XXX: When updating this, make sure you also update MATRIX_INSTANCE_TOTAL.
  67. instance: [0, 1, 2, 3, 4]
  68. pg-version: ['14']
  69. env:
  70. # XXX: MATRIX_INSTANCE_TOTAL must be hardcoded to the length of strategy.matrix.instance.
  71. MATRIX_INSTANCE_TOTAL: 5
  72. steps:
  73. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  74. with:
  75. # Avoid codecov error message related to SHA resolution:
  76. # https://github.com/codecov/codecov-bash/blob/7100762afbc822b91806a6574658129fe0d23a7d/codecov#L891
  77. fetch-depth: '2'
  78. - name: Setup sentry env
  79. uses: ./.github/actions/setup-sentry
  80. id: setup
  81. with:
  82. snuba: true
  83. # Right now, we run so few bigtable related tests that the
  84. # overhead of running bigtable in all backend tests
  85. # is way smaller than the time it would take to run in its own job.
  86. bigtable: true
  87. pg-version: ${{ matrix.pg-version }}
  88. - name: Run backend test (${{ steps.setup.outputs.matrix-instance-number }} of ${{ steps.setup.outputs.matrix-instance-total }})
  89. run: |
  90. make test-python-ci
  91. # Upload coverage data even if running the tests step fails since
  92. # it reduces large coverage fluctuations
  93. - name: Handle artifacts
  94. if: ${{ always() }}
  95. uses: ./.github/actions/artifacts
  96. with:
  97. token: ${{ secrets.CODECOV_TOKEN }}
  98. backend-migration-tests:
  99. if: needs.files-changed.outputs.backend == 'true'
  100. needs: files-changed
  101. name: backend migration tests
  102. runs-on: ubuntu-20.04
  103. timeout-minutes: 30
  104. strategy:
  105. matrix:
  106. pg-version: ['14']
  107. steps:
  108. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  109. with:
  110. # Avoid codecov error message related to SHA resolution:
  111. # https://github.com/codecov/codecov-bash/blob/7100762afbc822b91806a6574658129fe0d23a7d/codecov#L891
  112. fetch-depth: '2'
  113. - name: Setup sentry env
  114. uses: ./.github/actions/setup-sentry
  115. id: setup
  116. with:
  117. snuba: true
  118. pg-version: ${{ matrix.pg-version }}
  119. - name: run tests
  120. run: |
  121. MIGRATIONS_TEST_MIGRATE=1 PYTEST_ADDOPTS="$PYTEST_ADDOPTS -m migrations" make test-python-ci
  122. # Upload coverage data even if running the tests step fails since
  123. # it reduces large coverage fluctuations
  124. - name: Handle artifacts
  125. if: ${{ always() }}
  126. uses: ./.github/actions/artifacts
  127. with:
  128. token: ${{ secrets.CODECOV_TOKEN }}
  129. cli:
  130. if: needs.files-changed.outputs.backend == 'true'
  131. needs: files-changed
  132. name: cli test
  133. runs-on: ubuntu-20.04
  134. timeout-minutes: 10
  135. strategy:
  136. matrix:
  137. pg-version: ['14']
  138. steps:
  139. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  140. - name: Setup sentry env
  141. uses: ./.github/actions/setup-sentry
  142. id: setup
  143. with:
  144. pg-version: ${{ matrix.pg-version }}
  145. - name: Run test
  146. run: |
  147. make test-cli
  148. # Upload coverage data even if running the tests step fails since
  149. # it reduces large coverage fluctuations
  150. - name: Handle artifacts
  151. if: ${{ always() }}
  152. uses: ./.github/actions/artifacts
  153. with:
  154. token: ${{ secrets.CODECOV_TOKEN }}
  155. requirements:
  156. if: needs.files-changed.outputs.backend_dependencies == 'true'
  157. needs: files-changed
  158. name: requirements check
  159. runs-on: ubuntu-20.04
  160. timeout-minutes: 3
  161. steps:
  162. - uses: getsentry/action-github-app-token@97c9e23528286821f97fba885c1b1123284b29cc # v2.0.0
  163. id: token
  164. continue-on-error: true
  165. with:
  166. app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
  167. private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
  168. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  169. - uses: getsentry/action-setup-venv@9e3bbae3836b1b6f129955bf55a19e1d99a61c67 # v1.0.5
  170. with:
  171. python-version: 3.8.16
  172. cache-depedency: requirements-dev-frozen.txt
  173. install-cmd: pip install -q --constraint requirements-dev-frozen.txt pip-tools
  174. - name: check requirements
  175. run: |
  176. python -S -m tools.freeze_requirements
  177. if ! git diff --exit-code; then
  178. echo $'\n\nrun `make freeze-requirements` locally to update requirements'
  179. exit 1
  180. fi
  181. - name: apply any requirements changes
  182. if: steps.token.outcome == 'success' && github.ref != 'refs/heads/master' && always()
  183. uses: getsentry/action-github-commit@bec0adb2924f8c19a9f84c18c83d375caf02ca38 # main
  184. with:
  185. github-token: ${{ steps.token.outputs.token }}
  186. message: ':snowflake: re-freeze requirements'
  187. lint:
  188. if: needs.files-changed.outputs.backend == 'true'
  189. needs: files-changed
  190. name: backend lint
  191. runs-on: ubuntu-20.04
  192. timeout-minutes: 10
  193. steps:
  194. - uses: getsentry/action-github-app-token@97c9e23528286821f97fba885c1b1123284b29cc # v2.0.0
  195. id: token
  196. continue-on-error: true
  197. with:
  198. app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
  199. private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
  200. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  201. - uses: getsentry/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
  202. id: files
  203. with:
  204. # Enable listing of files matching each filter.
  205. # Paths to files will be available in `${FILTER_NAME}_files` output variable.
  206. # Paths will be escaped and space-delimited.
  207. # Output is usable as command line argument list in linux shell
  208. list-files: shell
  209. # It doesn't make sense to lint deleted files.
  210. # Therefore we specify we are only interested in added or modified files.
  211. filters: |
  212. all:
  213. - added|modified: '**/*.py'
  214. - added|modified: 'requirements-*.txt'
  215. - uses: getsentry/action-setup-venv@9e3bbae3836b1b6f129955bf55a19e1d99a61c67 # v1.0.5
  216. with:
  217. python-version: 3.8.16
  218. cache-dependency-path: |
  219. requirements-dev.txt
  220. requirements-dev-frozen.txt
  221. install-cmd: pip install -r requirements-dev.txt -c requirements-dev-frozen.txt
  222. - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
  223. with:
  224. path: ~/.cache/pre-commit
  225. key: cache-epoch-1|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
  226. - name: Setup pre-commit
  227. # We don't use make setup-git because we're only interested in installing
  228. # requirements-dev.txt as a fast path.
  229. # We don't need pre-commit install --install-hooks since we're just interested
  230. # in running the hooks.
  231. run: |
  232. pre-commit install-hooks
  233. - name: Run pre-commit on changed files
  234. run: |
  235. # Run pre-commit to lint and format check files that were changed (but not deleted) compared to master.
  236. # XXX: there is a very small chance that it'll expand to exceed Linux's limits
  237. # `getconf ARG_MAX` - max # bytes of args + environ for exec()
  238. pre-commit run --files ${{ steps.files.outputs.all_files }}
  239. - name: Apply any pre-commit fixed files
  240. if: steps.token.outcome == 'success' && github.ref != 'refs/heads/master' && always()
  241. uses: getsentry/action-github-commit@bec0adb2924f8c19a9f84c18c83d375caf02ca38 # main
  242. with:
  243. github-token: ${{ steps.token.outputs.token }}
  244. message: ':hammer_and_wrench: apply pre-commit fixes'
  245. migration:
  246. if: needs.files-changed.outputs.migration_lockfile == 'true'
  247. needs: files-changed
  248. name: check migration
  249. runs-on: ubuntu-20.04
  250. strategy:
  251. matrix:
  252. pg-version: ['14']
  253. steps:
  254. - name: Checkout sentry
  255. uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  256. - name: Setup sentry env
  257. uses: ./.github/actions/setup-sentry
  258. id: setup
  259. with:
  260. pg-version: ${{ matrix.pg-version }}
  261. - name: Migration & lockfile checks
  262. env:
  263. SENTRY_LOG_LEVEL: ERROR
  264. PGPASSWORD: postgres
  265. run: |
  266. ./.github/workflows/scripts/migration-check.sh
  267. plugins:
  268. if: needs.files-changed.outputs.plugins == 'true'
  269. needs: files-changed
  270. name: plugins test
  271. runs-on: ubuntu-20.04
  272. timeout-minutes: 10
  273. steps:
  274. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  275. - name: Setup sentry env
  276. uses: ./.github/actions/setup-sentry
  277. id: setup
  278. with:
  279. snuba: true
  280. - name: Run test
  281. run: |
  282. make test-plugins
  283. relay:
  284. if: needs.files-changed.outputs.backend == 'true'
  285. needs: files-changed
  286. name: relay test
  287. runs-on: ubuntu-20.04
  288. timeout-minutes: 20
  289. steps:
  290. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  291. with:
  292. # Avoid codecov error message related to SHA resolution:
  293. # https://github.com/codecov/codecov-bash/blob/7100762afbc822b91806a6574658129fe0d23a7d/codecov#L891
  294. fetch-depth: '2'
  295. - name: Setup sentry env
  296. uses: ./.github/actions/setup-sentry
  297. id: setup
  298. with:
  299. snuba: true
  300. kafka: true
  301. - name: Pull relay image
  302. run: |
  303. # pull relay we'll run and kill it for each test
  304. docker pull us.gcr.io/sentryio/relay:nightly
  305. docker ps -a
  306. - name: Run test
  307. run: |
  308. make test-relay-integration
  309. # Upload coverage data even if running the tests step fails since
  310. # it reduces large coverage fluctuations
  311. - name: Handle artifacts
  312. if: ${{ always() }}
  313. uses: ./.github/actions/artifacts
  314. with:
  315. token: ${{ secrets.CODECOV_TOKEN }}
  316. snuba:
  317. if: needs.files-changed.outputs.backend == 'true'
  318. needs: files-changed
  319. name: snuba test
  320. runs-on: ubuntu-20.04
  321. timeout-minutes: 30
  322. strategy:
  323. # This helps not having to run multiple jobs because one fails, thus, reducing resource usage
  324. # and reducing the risk that one of many runs would turn red again (read: intermittent tests)
  325. fail-fast: false
  326. matrix:
  327. # XXX: When updating this, make sure you also update MATRIX_INSTANCE_TOTAL.
  328. instance: [0, 1, 2]
  329. env:
  330. # XXX: MATRIX_INSTANCE_TOTAL must be hardcoded to the length of strategy.matrix.instance.
  331. MATRIX_INSTANCE_TOTAL: 3
  332. steps:
  333. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  334. with:
  335. # Avoid codecov error message related to SHA resolution:
  336. # https://github.com/codecov/codecov-bash/blob/7100762afbc822b91806a6574658129fe0d23a7d/codecov#L891
  337. fetch-depth: '2'
  338. - name: Setup sentry env
  339. uses: ./.github/actions/setup-sentry
  340. id: setup
  341. with:
  342. snuba: true
  343. kafka: true
  344. - name: Run snuba test (${{ steps.setup.outputs.matrix-instance-number }} of ${{ steps.setup.outputs.matrix-instance-total }})
  345. run: |
  346. make test-snuba
  347. # Upload coverage data even if running the tests step fails since
  348. # it reduces large coverage fluctuations
  349. - name: Handle artifacts
  350. if: ${{ always() }}
  351. uses: ./.github/actions/artifacts
  352. with:
  353. token: ${{ secrets.CODECOV_TOKEN }}
  354. symbolicator:
  355. if: needs.files-changed.outputs.backend == 'true'
  356. needs: files-changed
  357. name: symbolicator test
  358. runs-on: ubuntu-20.04
  359. timeout-minutes: 20
  360. steps:
  361. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  362. with:
  363. # Avoid codecov error message related to SHA resolution:
  364. # https://github.com/codecov/codecov-bash/blob/7100762afbc822b91806a6574658129fe0d23a7d/codecov#L891
  365. fetch-depth: '2'
  366. - name: Setup sentry env
  367. uses: ./.github/actions/setup-sentry
  368. id: setup
  369. with:
  370. snuba: true
  371. kafka: true
  372. - name: Start symbolicator
  373. run: |
  374. echo $PWD
  375. docker run \
  376. -d \
  377. -v $PWD/config/symbolicator/:/etc/symbolicator \
  378. --network host \
  379. --name symbolicator \
  380. us.gcr.io/sentryio/symbolicator:nightly \
  381. run -c /etc/symbolicator/config.yml
  382. docker ps -a
  383. - name: Run test
  384. run: |
  385. make test-symbolicator
  386. # Upload coverage data even if running the tests step fails since
  387. # it reduces large coverage fluctuations
  388. - name: Handle artifacts
  389. if: ${{ always() }}
  390. uses: ./.github/actions/artifacts
  391. with:
  392. token: ${{ secrets.CODECOV_TOKEN }}
  393. typing:
  394. if: needs.files-changed.outputs.backend == 'true'
  395. needs: files-changed
  396. name: backend typing
  397. runs-on: ubuntu-20.04
  398. timeout-minutes: 12
  399. steps:
  400. - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
  401. - uses: getsentry/action-setup-venv@9e3bbae3836b1b6f129955bf55a19e1d99a61c67 # v1.0.5
  402. with:
  403. python-version: 3.8.16
  404. cache-dependency-path: requirements-dev-frozen.txt
  405. install-cmd: pip install -r requirements-dev-frozen.txt
  406. - name: setup sentry (lite)
  407. run: |
  408. SENTRY_LIGHT_BUILD=1 pip install --no-deps -e .
  409. sentry init
  410. - run: make backend-typing
  411. id: run
  412. - uses: getsentry/action-github-app-token@97c9e23528286821f97fba885c1b1123284b29cc # v2.0.0
  413. id: token
  414. continue-on-error: true
  415. with:
  416. app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
  417. private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
  418. # only if `backend-typing` succeeds should we try and trim the blocklist
  419. - run: |
  420. python3 -m tools.mypy_helpers.make_module_ignores
  421. git diff --exit-code
  422. - name: apply blocklist changes
  423. if: steps.token.outcome == 'success' && steps.run.outcome == 'success' && github.ref != 'refs/heads/master' && always()
  424. uses: getsentry/action-github-commit@bec0adb2924f8c19a9f84c18c83d375caf02ca38 # main
  425. with:
  426. github-token: ${{ steps.token.outputs.token }}
  427. message: ':knife: regenerate mypy module blocklist'
  428. # This check runs once all dependant jobs have passed
  429. # It symbolizes that all required Backend checks have succesfully passed (Or skipped)
  430. # This check is the only required Github check
  431. backend-required-check:
  432. needs:
  433. [
  434. api-docs,
  435. backend-test,
  436. backend-migration-tests,
  437. cli,
  438. files-changed,
  439. lint,
  440. requirements,
  441. migration,
  442. plugins,
  443. relay,
  444. snuba,
  445. symbolicator,
  446. typing,
  447. ]
  448. name: Backend
  449. # This is necessary since a failed/skipped dependent job would cause this job to be skipped
  450. if: always()
  451. runs-on: ubuntu-20.04
  452. steps:
  453. # If any jobs we depend on fail, we will fail since this is a required check
  454. # NOTE: A timeout is considered a failure
  455. - name: Check for failures
  456. if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
  457. run: |
  458. echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1