backend.yml 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376
  1. name: backend
  2. on:
  3. push:
  4. branches:
  5. - master
  6. pull_request:
  7. # Cancel in progress workflows on pull_requests.
  8. # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
  9. concurrency:
  10. group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  11. cancel-in-progress: true
  12. # hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359
  13. env:
  14. SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3
  15. jobs:
  16. files-changed:
  17. name: detect what files changed
  18. runs-on: ubuntu-22.04
  19. timeout-minutes: 3
  20. # Map a step output to a job output
  21. outputs:
  22. api_docs: ${{ steps.changes.outputs.api_docs }}
  23. backend: ${{ steps.changes.outputs.backend_all }}
  24. backend_dependencies: ${{ steps.changes.outputs.backend_dependencies }}
  25. backend_any_type: ${{ steps.changes.outputs.backend_any_type }}
  26. migration_lockfile: ${{ steps.changes.outputs.migration_lockfile }}
  27. steps:
  28. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  29. - name: Check for backend file changes
  30. uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0
  31. id: changes
  32. with:
  33. token: ${{ github.token }}
  34. filters: .github/file-filters.yml
  35. api-docs:
  36. if: needs.files-changed.outputs.api_docs == 'true'
  37. needs: files-changed
  38. name: api docs test
  39. runs-on: ubuntu-22.04
  40. steps:
  41. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  42. - uses: getsentry/action-setup-volta@e4939d337b83760d13a9d7030a6f68c9d0ee7581 # v2.0.0
  43. - name: Setup sentry python env
  44. uses: ./.github/actions/setup-sentry
  45. id: setup
  46. with:
  47. snuba: true
  48. - name: Run API docs tests
  49. # install ts-node for ts build scripts to execute properly without potentially installing
  50. # conflicting deps when running scripts locally
  51. # see: https://github.com/getsentry/sentry/pull/32328/files
  52. run: |
  53. yarn add ts-node && make test-api-docs
  54. backend-test:
  55. if: needs.files-changed.outputs.backend == 'true'
  56. needs: files-changed
  57. name: backend test
  58. runs-on: ubuntu-22.04
  59. timeout-minutes: 60
  60. permissions:
  61. contents: read
  62. id-token: write
  63. strategy:
  64. # This helps not having to run multiple jobs because one fails, thus, reducing resource usage
  65. # and reducing the risk that one of many runs would turn red again (read: intermittent tests)
  66. fail-fast: false
  67. matrix:
  68. # XXX: When updating this, make sure you also update MATRIX_INSTANCE_TOTAL.
  69. instance: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
  70. pg-version: ['14']
  71. env:
  72. # XXX: `MATRIX_INSTANCE_TOTAL` must be hardcoded to the length of `strategy.matrix.instance`.
  73. # If this increases, make sure to also increase `flags.backend.after_n_builds` in `codecov.yml`.
  74. MATRIX_INSTANCE_TOTAL: 11
  75. steps:
  76. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  77. - name: Setup sentry env
  78. uses: ./.github/actions/setup-sentry
  79. id: setup
  80. with:
  81. redis_cluster: true
  82. kafka: true
  83. snuba: true
  84. symbolicator: true
  85. # Right now, we run so few bigtable related tests that the
  86. # overhead of running bigtable in all backend tests
  87. # is way smaller than the time it would take to run in its own job.
  88. bigtable: true
  89. pg-version: ${{ matrix.pg-version }}
  90. - name: Run backend test (${{ steps.setup.outputs.matrix-instance-number }} of ${{ steps.setup.outputs.matrix-instance-total }})
  91. run: |
  92. make test-python-ci
  93. - name: Collect test data
  94. uses: ./.github/actions/collect-test-data
  95. if: ${{ !cancelled() }}
  96. with:
  97. artifact_path: .artifacts/pytest.json
  98. gcs_bucket: ${{ secrets.COLLECT_TEST_DATA_GCS_BUCKET }}
  99. gcp_project_id: ${{ secrets.COLLECT_TEST_DATA_GCP_PROJECT_ID }}
  100. workload_identity_provider: ${{ secrets.SENTRY_GCP_DEV_WORKLOAD_IDENTITY_POOL }}
  101. service_account_email: ${{ secrets.COLLECT_TEST_DATA_SERVICE_ACCOUNT_EMAIL }}
  102. matrix_instance_number: ${{ steps.setup.outputs.matrix-instance-number }}
  103. # Upload coverage data even if running the tests step fails since
  104. # it reduces large coverage fluctuations
  105. - name: Handle artifacts
  106. if: ${{ always() }}
  107. uses: ./.github/actions/artifacts
  108. with:
  109. token: ${{ secrets.CODECOV_TOKEN }}
  110. commit_sha: ${{ github.event.pull_request.head.sha }}
  111. backend-migration-tests:
  112. if: needs.files-changed.outputs.backend == 'true'
  113. needs: files-changed
  114. name: backend migration tests
  115. runs-on: ubuntu-22.04
  116. timeout-minutes: 30
  117. strategy:
  118. matrix:
  119. pg-version: ['14']
  120. steps:
  121. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  122. - name: Setup sentry env
  123. uses: ./.github/actions/setup-sentry
  124. id: setup
  125. with:
  126. snuba: true
  127. pg-version: ${{ matrix.pg-version }}
  128. - name: run tests
  129. run: |
  130. PYTEST_ADDOPTS="$PYTEST_ADDOPTS -m migrations --migrations --reruns 0" make test-python-ci
  131. # Upload coverage data even if running the tests step fails since
  132. # it reduces large coverage fluctuations
  133. - name: Handle artifacts
  134. if: ${{ always() }}
  135. uses: ./.github/actions/artifacts
  136. with:
  137. token: ${{ secrets.CODECOV_TOKEN }}
  138. commit_sha: ${{ github.event.pull_request.head.sha }}
  139. cli:
  140. if: needs.files-changed.outputs.backend == 'true'
  141. needs: files-changed
  142. name: cli test
  143. runs-on: ubuntu-22.04
  144. timeout-minutes: 10
  145. strategy:
  146. matrix:
  147. pg-version: ['14']
  148. steps:
  149. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  150. - name: Setup sentry env
  151. uses: ./.github/actions/setup-sentry
  152. id: setup
  153. with:
  154. pg-version: ${{ matrix.pg-version }}
  155. - name: Run test
  156. run: |
  157. make test-cli
  158. # Upload coverage data even if running the tests step fails since
  159. # it reduces large coverage fluctuations
  160. - name: Handle artifacts
  161. if: ${{ always() }}
  162. uses: ./.github/actions/artifacts
  163. with:
  164. token: ${{ secrets.CODECOV_TOKEN }}
  165. commit_sha: ${{ github.event.pull_request.head.sha }}
  166. requirements:
  167. if: needs.files-changed.outputs.backend_dependencies == 'true'
  168. needs: files-changed
  169. name: requirements check
  170. runs-on: ubuntu-22.04
  171. timeout-minutes: 3
  172. steps:
  173. - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
  174. id: token
  175. continue-on-error: true
  176. with:
  177. app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
  178. private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
  179. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  180. - uses: getsentry/action-setup-venv@a133e6fd5fa6abd3f590a1c106abda344f5df69f # v2.1.0
  181. with:
  182. python-version: 3.11.8
  183. cache-dependency-path: requirements-dev-frozen.txt
  184. install-cmd: python3 -m tools.hack_pip && pip install -q --constraint requirements-dev-frozen.txt pip-tools
  185. - name: check requirements
  186. run: |
  187. python -S -m tools.freeze_requirements
  188. if ! git diff --exit-code; then
  189. echo $'\n\nrun `make freeze-requirements` locally to update requirements'
  190. exit 1
  191. fi
  192. - name: apply any requirements changes
  193. if: steps.token.outcome == 'success' && github.ref != 'refs/heads/master' && always()
  194. uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0
  195. with:
  196. github-token: ${{ steps.token.outputs.token }}
  197. message: ':snowflake: re-freeze requirements'
  198. migration:
  199. if: needs.files-changed.outputs.migration_lockfile == 'true'
  200. needs: files-changed
  201. name: check migration
  202. runs-on: ubuntu-22.04
  203. strategy:
  204. matrix:
  205. pg-version: ['14']
  206. steps:
  207. - name: Checkout sentry
  208. uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  209. - name: Setup sentry env
  210. uses: ./.github/actions/setup-sentry
  211. id: setup
  212. with:
  213. pg-version: ${{ matrix.pg-version }}
  214. - name: Migration & lockfile checks
  215. env:
  216. SENTRY_LOG_LEVEL: ERROR
  217. PGPASSWORD: postgres
  218. run: |
  219. ./.github/workflows/scripts/migration-check.sh
  220. monolith-dbs:
  221. if: needs.files-changed.outputs.backend == 'true'
  222. needs: files-changed
  223. name: monolith-dbs test
  224. runs-on: ubuntu-22.04
  225. timeout-minutes: 20
  226. permissions:
  227. contents: read
  228. id-token: write
  229. steps:
  230. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  231. - name: Setup sentry env
  232. uses: ./.github/actions/setup-sentry
  233. id: setup
  234. - name: Run test
  235. run: |
  236. make test-monolith-dbs
  237. - name: Collect test data
  238. uses: ./.github/actions/collect-test-data
  239. if: ${{ !cancelled() }}
  240. with:
  241. artifact_path: .artifacts/pytest.monolith-dbs.json
  242. gcs_bucket: ${{ secrets.COLLECT_TEST_DATA_GCS_BUCKET }}
  243. gcp_project_id: ${{ secrets.COLLECT_TEST_DATA_GCP_PROJECT_ID }}
  244. workload_identity_provider: ${{ secrets.SENTRY_GCP_DEV_WORKLOAD_IDENTITY_POOL }}
  245. service_account_email: ${{ secrets.COLLECT_TEST_DATA_SERVICE_ACCOUNT_EMAIL }}
  246. # Upload coverage data even if running the tests step fails since
  247. # it reduces large coverage fluctuations
  248. - name: Handle artifacts
  249. if: ${{ always() }}
  250. uses: ./.github/actions/artifacts
  251. with:
  252. token: ${{ secrets.CODECOV_TOKEN }}
  253. commit_sha: ${{ github.event.pull_request.head.sha }}
  254. typing:
  255. if: needs.files-changed.outputs.backend == 'true'
  256. needs: files-changed
  257. name: backend typing
  258. runs-on: ubuntu-22.04
  259. timeout-minutes: 20
  260. steps:
  261. - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  262. - uses: getsentry/action-setup-venv@a133e6fd5fa6abd3f590a1c106abda344f5df69f # v2.1.0
  263. with:
  264. python-version: 3.11.8
  265. cache-dependency-path: requirements-dev-frozen.txt
  266. install-cmd: python3 -m tools.hack_pip && pip install -r requirements-dev-frozen.txt
  267. - name: setup sentry (lite)
  268. run: |
  269. python3 -m tools.fast_editable --path .
  270. sentry init
  271. - run: PYTHONWARNINGS=error::RuntimeWarning mypy
  272. id: run
  273. - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
  274. id: token
  275. continue-on-error: true
  276. with:
  277. app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
  278. private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
  279. # only if `mypy` succeeds should we try and trim the blocklist
  280. - run: python3 -m tools.mypy_helpers.make_module_ignores
  281. id: regen-blocklist
  282. - run: git diff --exit-code
  283. - run: |
  284. # mypy does not have granular codes so don't allow specific messages to regress
  285. ! grep "'Settings' object has no attribute" .artifacts/mypy-all
  286. ! grep 'Cannot override class variable' .artifacts/mypy-all
  287. ! grep 'Exception type must be derived from BaseException' .artifacts/mypy-all
  288. ! grep 'Incompatible default for argument' .artifacts/mypy-all
  289. ! grep 'Incompatible return value type (got "HttpResponseBase"' .artifacts/mypy-all
  290. ! grep 'Incompatible types in "yield"' .artifacts/mypy-all
  291. ! grep 'Module "sentry.*has no attribute' .artifacts/mypy-all
  292. ! grep 'base class .* defined the type as.*Permission' .artifacts/mypy-all
  293. ! grep 'does not explicitly export attribute' .artifacts/mypy-all
  294. - name: apply blocklist changes
  295. if: |
  296. steps.token.outcome == 'success' &&
  297. steps.run.outcome == 'success' &&
  298. steps.regen-blocklist.outcome == 'success' &&
  299. github.ref != 'refs/heads/master' &&
  300. always()
  301. uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0
  302. with:
  303. github-token: ${{ steps.token.outputs.token }}
  304. message: ':knife: regenerate mypy module blocklist'
  305. # This check runs once all dependent jobs have passed
  306. # It symbolizes that all required Backend checks have succesfully passed (Or skipped)
  307. # This step is the only required backend check
  308. backend-required-check:
  309. needs:
  310. [
  311. api-docs,
  312. backend-test,
  313. backend-migration-tests,
  314. cli,
  315. files-changed,
  316. requirements,
  317. migration,
  318. monolith-dbs,
  319. typing,
  320. ]
  321. name: Backend
  322. # This is necessary since a failed/skipped dependent job would cause this job to be skipped
  323. if: always()
  324. runs-on: ubuntu-22.04
  325. steps:
  326. # If any jobs we depend on fail, we will fail since this is a required check
  327. # NOTE: A timeout is considered a failure
  328. - name: Check for failures
  329. if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
  330. run: |
  331. echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1