Skip to content

feat(relay): flow2

feat(relay): flow2 #4

Workflow file for this run

name: CI
on:
push:
branches:
- master
- release/**
- release-library/**
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Install libcurl-dev
run: |
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev
- uses: actions/checkout@v3
with:
submodules: recursive
- uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Install Rust Toolchain
run: rustup toolchain install stable --profile minimal --component clippy rustfmt rust-docs --no-self-update
- uses: swatinem/rust-cache@v2
with:
key: ${{ github.job }}
- run: make style lint
- name: Check Docs
run: cargo doc --workspace --all-features --no-deps --document-private-items
env:
RUSTDOCFLAGS: -Dwarnings
lint_default:
name: Lint Rust Default Features
runs-on: ubuntu-latest
steps:
- name: Install libcurl-dev
run: |
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Install Rust Toolchain
run: rustup toolchain install stable --profile minimal --component clippy --no-self-update
- uses: swatinem/rust-cache@v2
with:
key: ${{ github.job }}
- name: Run Clippy
run: cargo clippy --workspace --all-targets --no-deps -- -D warnings
test:
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
os: [macos-latest, windows-latest]
name: Test (${{ matrix.os }})
runs-on: ${{ matrix.os }}
# Skip redundant checks for library releases
if: "!startsWith(github.ref, 'refs/heads/release-library/')"
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Install Rust Toolchain
run: rustup toolchain install stable --profile minimal --no-self-update
- uses: swatinem/rust-cache@v2
with:
key: ${{ github.job }}
- name: Run Cargo Tests
run: cargo test --workspace
test_all:
timeout-minutes: 15
name: Test All Features (ubuntu-latest)
runs-on: ubuntu-latest
# Skip redundant checks for library releases
if: "!startsWith(github.ref, 'refs/heads/release-library/')"
# Testing all features requires Docker container operations that are only available on
# `ubuntu-latest`. This `test-all` job is to be seen as complementary to the `test` job. If
# services become available on other platforms, the jobs should be consolidated. See
# https://docs.github.com/en/actions/guides/about-service-containers
services:
redis: # https://docs.github.com/en/actions/guides/creating-redis-service-containers
image: redis
ports:
- 6379:6379
steps:
- name: Install libcurl-dev
run: |
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Install Rust Toolchain
run: rustup toolchain install stable --profile minimal --no-self-update
- uses: swatinem/rust-cache@v2
with:
key: ${{ github.job }}
- name: Run Cargo Tests
run: cargo test --workspace --all-features
test_py:
strategy:
fail-fast: false
matrix:
python-version: [3.8]
# Skip redundant checks for binary releases
if: "!startsWith(github.ref, 'refs/heads/release/')"
name: Test Python ${{ matrix.python-version }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Install Rust Toolchain
run: rustup toolchain install stable --profile minimal --no-self-update
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install Dependencies
run: pip install -U pytest
- uses: swatinem/rust-cache@v2
with:
key: ${{ github.job }}
- name: Build and Install Library
run: pip install -v --editable py
env:
RELAY_DEBUG: 1
- name: Run Python Tests
run: pytest -v py
build:
timeout-minutes: 30
strategy:
matrix:
# the arm64 build takes too long, so disable for now
arch: [amd64]
image_name: [relay, relay-pop]
name: Build Docker Image
runs-on: ubuntu-latest
# Skip redundant checks for library releases
if: "!startsWith(github.ref, 'refs/heads/release-library/')"
env:
IMG_BASE: ghcr.io/getsentry/${{ matrix.image_name }}
IMG_DEPS: ghcr.io/getsentry/relay-deps:${{ matrix.arch }}
# GITHUB_SHA in pull requests points to the merge commit
IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }}
ARCH: ${{ matrix.arch }}
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- uses: swatinem/rust-cache@v2
with:
key: ${{ github.job }}-${{ matrix.arch }}
- run: docker run --rm --privileged tonistiigi/binfmt --install arm64
if: matrix.arch == 'arm64'
- name: Build
run: |
# Get the latest stable rust toolchain version available
TOOLCHAIN=$(curl -s 'https://static.rust-lang.org/dist/channel-rust-stable.toml' | awk '/\[pkg.rust\]/ {getline;print;}' | sed -r 's/^version = "([0-9.]+) .*/\1/')
./scripts/build-docker-image.sh "$ARCH" "$TOOLCHAIN" ${{ matrix.image_name }}
- name: Export Docker Image
run: docker save -o ${{ matrix.image_name }}-docker-image.tgz $IMG_VERSIONED
- name: Upload Docker Image to Artifact
uses: actions/upload-artifact@v3
with:
retention-days: 1
name: ${{ matrix.image_name }}-docker-image
path: ${{ matrix.image_name }}-docker-image.tgz
- name: Push to ghcr.io
# Do not run this on forks as they do not have access to secrets
if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'"
run: |
set -euxo pipefail
docker login --username '${{ github.actor }}' --password '${{ secrets.GITHUB_TOKEN }}' ghcr.io
docker push $IMG_DEPS
docker push $IMG_VERSIONED
- name: Push nightly to ghcr.io
if: github.ref == 'refs/heads/master'
run: |
set -euxo pipefail
docker tag "$IMG_VERSIONED" "$IMG_BASE:nightly"
docker push "$IMG_BASE:nightly"
push-prod-image:
timeout-minutes: 5
needs: build
strategy:
matrix:
image_name: [relay, relay-pop]
name: Push GCR Docker Image
runs-on: ubuntu-latest
# required for google auth
permissions:
contents: "read"
id-token: "write"
# Skip redundant checks for library releases
# Skip for dependabot and if run on a fork
if: "!startsWith(github.ref, 'refs/heads/release-library/') && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'"
env:
# GITHUB_SHA in pull requests points to the merge commit
REVISION: ${{ github.event.pull_request.head.sha || github.sha }}
IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }}
steps:
- name: Download Docker Image
uses: actions/download-artifact@v3
with:
name: ${{ matrix.image_name }}-docker-image
- name: Import Docker Image
run: docker load -i ${{ matrix.image_name }}-docker-image.tgz
- name: Google Auth
id: auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: projects/345757944225/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider
service_account: [email protected]
- name: "Set up Cloud SDK"
uses: "google-github-actions/setup-gcloud@v1"
with:
# https://github.com/google-github-actions/auth#authenticating-via-workload-identity-federation
# You must use the Cloud SDK version 390.0.0 or later to authenticate the bq and gsutil tools.
version: ">= 390.0.0"
- name: Configure docker
run: |
gcloud auth configure-docker us.gcr.io
- name: Push to us.gcr.io
run: |
set -euxo pipefail
docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION"
docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION"
- name: Push nightly to us.gcr.io
if: github.ref == 'refs/heads/master'
run: |
set -euxo pipefail
docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly"
docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly"
- name: Upload gocd deployment assets
# Collect assets only for processing Relay, since it contains more information.
if: matrix.image_name == 'relay'
run: |
set -euxo pipefail
VERSION="$(docker run --rm "$IMG_VERSIONED" --version | cut -d" " -f2)"
echo "relay@$VERSION+$REVISION" > release-name
docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay-debug.zip > relay-debug.zip
docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay.src.zip > relay.src.zip
docker run --rm --entrypoint tar "$IMG_VERSIONED" -cf - /lib/x86_64-linux-gnu > libs.tar
# debugging for mysterious "Couldn't write tracker file" issue:
(env | grep runner) || true
ls -ld \
/home \
/home/runner \
/home/runner/.gsutil \
/home/runner/.gsutil/tracker-files \
/home/runner/.gsutil/tracker-files/upload_TRACKER_*.rc.zip__JSON.url \
|| true
gsutil -m cp -L gsutil.log ./libs.tar ./relay-debug.zip ./relay.src.zip ./release-name \
"gs://dicd-team-devinfra-cd--relay/deployment-assets/$REVISION/" || status=$? && status=$?
cat gsutil.log
exit "$status"
test_integration:
name: Integration Tests
runs-on: ubuntu-latest
timeout-minutes: 20
# Skip redundant checks for library releases
if: "!startsWith(github.ref, 'refs/heads/release-library/')"
services:
redis: # https://docs.github.com/en/actions/guides/creating-redis-service-containers
image: redis
ports:
- 6379:6379
# Kafka + Zookeeper version synced with
# https://github.com/getsentry/sentry/blob/363509c242aff197409207ce4990fb061f3534a3/.github/actions/setup-sentry/action.yml#L174
zookeeper:
image: confluentinc/cp-zookeeper:4.1.0
env:
ZOOKEEPER_CLIENT_PORT: 2181
kafka:
image: confluentinc/cp-kafka:5.1.2
env:
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://127.0.0.1:9092
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
ports:
- 9092:9092
steps:
- name: Install libcurl-dev
run: |
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Install Rust Toolchain
run: rustup toolchain install stable --profile minimal --no-self-update
- uses: swatinem/rust-cache@v2
with:
key: ${{ github.job }}
- name: Cargo build
run: cargo build --all-features
- uses: actions/setup-python@v4
with:
python-version: 3.8
- run: make test-integration
env:
RELAY_VERSION_CHAIN: "20.6.0,latest"
sentry-relay-integration-tests:
name: Sentry-Relay Integration Tests
runs-on: ubuntu-latest
timeout-minutes: 30
needs: build
# Skip redundant checks for library releases
if: "!startsWith(github.ref, 'refs/heads/release-library/')"
steps:
# Checkout Sentry and run integration tests against latest Relay
- name: Checkout Sentry
uses: actions/checkout@v3
with:
repository: getsentry/sentry
path: sentry
- name: Setup steps
id: setup
run: |
# GITHUB_SHA in pull requests points to the merge commit
RELAY_TEST_IMAGE=ghcr.io/getsentry/relay:${{ github.event.pull_request.head.sha || github.sha }}
echo "We expected GCB to push this image $RELAY_TEST_IMAGE"
echo "relay-test-image=$RELAY_TEST_IMAGE" >> "$GITHUB_OUTPUT"
# We cannot execute actions that are not placed under .github of the main repo
mkdir -p .github/actions
cp -r sentry/.github/actions/setup-sentry .github/actions/
- name: Setup Sentry
uses: ./.github/actions/setup-sentry
with:
workdir: sentry
cache-files-hash: ${{ hashFiles('sentry/requirements**.txt') }}
python-version: 3.8
snuba: true
kafka: true
- name: Download Docker Image
uses: actions/download-artifact@v3
with:
name: relay-docker-image
- name: Import Docker Image
run: docker load -i relay-docker-image.tgz
- name: Run Sentry integration tests
working-directory: sentry
env:
RELAY_TEST_IMAGE: ${{ steps.setup.outputs.relay-test-image }}
run: |
echo "Testing against ${RELAY_TEST_IMAGE}"
make test-relay-integration
publish-to-dockerhub:
name: Publish Relay to DockerHub
needs: build
runs-on: ubuntu-20.04
if: ${{ (github.ref_name == 'master') }}
steps:
- uses: actions/checkout@v3
- timeout-minutes: 20
run: until docker pull "ghcr.io/getsentry/relay:${{ github.sha }}" 2>/dev/null; do sleep 10; done
- name: Push built docker image
shell: bash
run: |
IMAGE_URL="ghcr.io/getsentry/relay:${{ github.sha }}"
docker login --username=sentrybuilder --password ${{ secrets.DOCKER_HUB_RW_TOKEN }}
# We push 3 tags to Dockerhub:
# first, the full sha of the commit
docker tag "$IMAGE_URL" getsentry/relay:${GITHUB_SHA}
docker push getsentry/relay:${GITHUB_SHA}
# second, the short sha of the commit
SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA")
docker tag "$IMAGE_URL" getsentry/relay:${SHORT_SHA}
docker push getsentry/relay:${SHORT_SHA}
# finally, nightly
docker tag "$IMAGE_URL" getsentry/relay:nightly
docker push getsentry/relay:nightly