feat(relay): flow2 #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
- release/** | |
- release-library/** | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
env: | |
CARGO_TERM_COLOR: always | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install libcurl-dev | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libcurl4-openssl-dev | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: 3.8 | |
- name: Install Rust Toolchain | |
run: rustup toolchain install stable --profile minimal --component clippy rustfmt rust-docs --no-self-update | |
- uses: swatinem/rust-cache@v2 | |
with: | |
key: ${{ github.job }} | |
- run: make style lint | |
- name: Check Docs | |
run: cargo doc --workspace --all-features --no-deps --document-private-items | |
env: | |
RUSTDOCFLAGS: -Dwarnings | |
lint_default: | |
name: Lint Rust Default Features | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install libcurl-dev | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libcurl4-openssl-dev | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install Rust Toolchain | |
run: rustup toolchain install stable --profile minimal --component clippy --no-self-update | |
- uses: swatinem/rust-cache@v2 | |
with: | |
key: ${{ github.job }} | |
- name: Run Clippy | |
run: cargo clippy --workspace --all-targets --no-deps -- -D warnings | |
test: | |
timeout-minutes: 20 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, windows-latest] | |
name: Test (${{ matrix.os }}) | |
runs-on: ${{ matrix.os }} | |
# Skip redundant checks for library releases | |
if: "!startsWith(github.ref, 'refs/heads/release-library/')" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install Rust Toolchain | |
run: rustup toolchain install stable --profile minimal --no-self-update | |
- uses: swatinem/rust-cache@v2 | |
with: | |
key: ${{ github.job }} | |
- name: Run Cargo Tests | |
run: cargo test --workspace | |
test_all: | |
timeout-minutes: 15 | |
name: Test All Features (ubuntu-latest) | |
runs-on: ubuntu-latest | |
# Skip redundant checks for library releases | |
if: "!startsWith(github.ref, 'refs/heads/release-library/')" | |
# Testing all features requires Docker container operations that are only available on | |
# `ubuntu-latest`. This `test-all` job is to be seen as complementary to the `test` job. If | |
# services become available on other platforms, the jobs should be consolidated. See | |
# https://docs.github.com/en/actions/guides/about-service-containers | |
services: | |
redis: # https://docs.github.com/en/actions/guides/creating-redis-service-containers | |
image: redis | |
ports: | |
- 6379:6379 | |
steps: | |
- name: Install libcurl-dev | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libcurl4-openssl-dev | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install Rust Toolchain | |
run: rustup toolchain install stable --profile minimal --no-self-update | |
- uses: swatinem/rust-cache@v2 | |
with: | |
key: ${{ github.job }} | |
- name: Run Cargo Tests | |
run: cargo test --workspace --all-features | |
test_py: | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: [3.8] | |
# Skip redundant checks for binary releases | |
if: "!startsWith(github.ref, 'refs/heads/release/')" | |
name: Test Python ${{ matrix.python-version }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install Rust Toolchain | |
run: rustup toolchain install stable --profile minimal --no-self-update | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install Dependencies | |
run: pip install -U pytest | |
- uses: swatinem/rust-cache@v2 | |
with: | |
key: ${{ github.job }} | |
- name: Build and Install Library | |
run: pip install -v --editable py | |
env: | |
RELAY_DEBUG: 1 | |
- name: Run Python Tests | |
run: pytest -v py | |
build: | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
# the arm64 build takes too long, so disable for now | |
arch: [amd64] | |
image_name: [relay, relay-pop] | |
name: Build Docker Image | |
runs-on: ubuntu-latest | |
# Skip redundant checks for library releases | |
if: "!startsWith(github.ref, 'refs/heads/release-library/')" | |
env: | |
IMG_BASE: ghcr.io/getsentry/${{ matrix.image_name }} | |
IMG_DEPS: ghcr.io/getsentry/relay-deps:${{ matrix.arch }} | |
# GITHUB_SHA in pull requests points to the merge commit | |
IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }} | |
ARCH: ${{ matrix.arch }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- uses: swatinem/rust-cache@v2 | |
with: | |
key: ${{ github.job }}-${{ matrix.arch }} | |
- run: docker run --rm --privileged tonistiigi/binfmt --install arm64 | |
if: matrix.arch == 'arm64' | |
- name: Build | |
run: | | |
# Get the latest stable rust toolchain version available | |
TOOLCHAIN=$(curl -s 'https://static.rust-lang.org/dist/channel-rust-stable.toml' | awk '/\[pkg.rust\]/ {getline;print;}' | sed -r 's/^version = "([0-9.]+) .*/\1/') | |
./scripts/build-docker-image.sh "$ARCH" "$TOOLCHAIN" ${{ matrix.image_name }} | |
- name: Export Docker Image | |
run: docker save -o ${{ matrix.image_name }}-docker-image.tgz $IMG_VERSIONED | |
- name: Upload Docker Image to Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
retention-days: 1 | |
name: ${{ matrix.image_name }}-docker-image | |
path: ${{ matrix.image_name }}-docker-image.tgz | |
- name: Push to ghcr.io | |
# Do not run this on forks as they do not have access to secrets | |
if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" | |
run: | | |
set -euxo pipefail | |
docker login --username '${{ github.actor }}' --password '${{ secrets.GITHUB_TOKEN }}' ghcr.io | |
docker push $IMG_DEPS | |
docker push $IMG_VERSIONED | |
- name: Push nightly to ghcr.io | |
if: github.ref == 'refs/heads/master' | |
run: | | |
set -euxo pipefail | |
docker tag "$IMG_VERSIONED" "$IMG_BASE:nightly" | |
docker push "$IMG_BASE:nightly" | |
push-prod-image: | |
timeout-minutes: 5 | |
needs: build | |
strategy: | |
matrix: | |
image_name: [relay, relay-pop] | |
name: Push GCR Docker Image | |
runs-on: ubuntu-latest | |
# required for google auth | |
permissions: | |
contents: "read" | |
id-token: "write" | |
# Skip redundant checks for library releases | |
# Skip for dependabot and if run on a fork | |
if: "!startsWith(github.ref, 'refs/heads/release-library/') && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" | |
env: | |
# GITHUB_SHA in pull requests points to the merge commit | |
REVISION: ${{ github.event.pull_request.head.sha || github.sha }} | |
IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }} | |
steps: | |
- name: Download Docker Image | |
uses: actions/download-artifact@v3 | |
with: | |
name: ${{ matrix.image_name }}-docker-image | |
- name: Import Docker Image | |
run: docker load -i ${{ matrix.image_name }}-docker-image.tgz | |
- name: Google Auth | |
id: auth | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: projects/345757944225/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider | |
service_account: [email protected] | |
- name: "Set up Cloud SDK" | |
uses: "google-github-actions/setup-gcloud@v1" | |
with: | |
# https://github.com/google-github-actions/auth#authenticating-via-workload-identity-federation | |
# You must use the Cloud SDK version 390.0.0 or later to authenticate the bq and gsutil tools. | |
version: ">= 390.0.0" | |
- name: Configure docker | |
run: | | |
gcloud auth configure-docker us.gcr.io | |
- name: Push to us.gcr.io | |
run: | | |
set -euxo pipefail | |
docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION" | |
docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION" | |
- name: Push nightly to us.gcr.io | |
if: github.ref == 'refs/heads/master' | |
run: | | |
set -euxo pipefail | |
docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly" | |
docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly" | |
- name: Upload gocd deployment assets | |
# Collect assets only for processing Relay, since it contains more information. | |
if: matrix.image_name == 'relay' | |
run: | | |
set -euxo pipefail | |
VERSION="$(docker run --rm "$IMG_VERSIONED" --version | cut -d" " -f2)" | |
echo "relay@$VERSION+$REVISION" > release-name | |
docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay-debug.zip > relay-debug.zip | |
docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay.src.zip > relay.src.zip | |
docker run --rm --entrypoint tar "$IMG_VERSIONED" -cf - /lib/x86_64-linux-gnu > libs.tar | |
# debugging for mysterious "Couldn't write tracker file" issue: | |
(env | grep runner) || true | |
ls -ld \ | |
/home \ | |
/home/runner \ | |
/home/runner/.gsutil \ | |
/home/runner/.gsutil/tracker-files \ | |
/home/runner/.gsutil/tracker-files/upload_TRACKER_*.rc.zip__JSON.url \ | |
|| true | |
gsutil -m cp -L gsutil.log ./libs.tar ./relay-debug.zip ./relay.src.zip ./release-name \ | |
"gs://dicd-team-devinfra-cd--relay/deployment-assets/$REVISION/" || status=$? && status=$? | |
cat gsutil.log | |
exit "$status" | |
test_integration: | |
name: Integration Tests | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
# Skip redundant checks for library releases | |
if: "!startsWith(github.ref, 'refs/heads/release-library/')" | |
services: | |
redis: # https://docs.github.com/en/actions/guides/creating-redis-service-containers | |
image: redis | |
ports: | |
- 6379:6379 | |
# Kafka + Zookeeper version synced with | |
# https://github.com/getsentry/sentry/blob/363509c242aff197409207ce4990fb061f3534a3/.github/actions/setup-sentry/action.yml#L174 | |
zookeeper: | |
image: confluentinc/cp-zookeeper:4.1.0 | |
env: | |
ZOOKEEPER_CLIENT_PORT: 2181 | |
kafka: | |
image: confluentinc/cp-kafka:5.1.2 | |
env: | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://127.0.0.1:9092 | |
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 | |
KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1 | |
ports: | |
- 9092:9092 | |
steps: | |
- name: Install libcurl-dev | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libcurl4-openssl-dev | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install Rust Toolchain | |
run: rustup toolchain install stable --profile minimal --no-self-update | |
- uses: swatinem/rust-cache@v2 | |
with: | |
key: ${{ github.job }} | |
- name: Cargo build | |
run: cargo build --all-features | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: 3.8 | |
- run: make test-integration | |
env: | |
RELAY_VERSION_CHAIN: "20.6.0,latest" | |
sentry-relay-integration-tests: | |
name: Sentry-Relay Integration Tests | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
needs: build | |
# Skip redundant checks for library releases | |
if: "!startsWith(github.ref, 'refs/heads/release-library/')" | |
steps: | |
# Checkout Sentry and run integration tests against latest Relay | |
- name: Checkout Sentry | |
uses: actions/checkout@v3 | |
with: | |
repository: getsentry/sentry | |
path: sentry | |
- name: Setup steps | |
id: setup | |
run: | | |
# GITHUB_SHA in pull requests points to the merge commit | |
RELAY_TEST_IMAGE=ghcr.io/getsentry/relay:${{ github.event.pull_request.head.sha || github.sha }} | |
echo "We expected GCB to push this image $RELAY_TEST_IMAGE" | |
echo "relay-test-image=$RELAY_TEST_IMAGE" >> "$GITHUB_OUTPUT" | |
# We cannot execute actions that are not placed under .github of the main repo | |
mkdir -p .github/actions | |
cp -r sentry/.github/actions/setup-sentry .github/actions/ | |
- name: Setup Sentry | |
uses: ./.github/actions/setup-sentry | |
with: | |
workdir: sentry | |
cache-files-hash: ${{ hashFiles('sentry/requirements**.txt') }} | |
python-version: 3.8 | |
snuba: true | |
kafka: true | |
- name: Download Docker Image | |
uses: actions/download-artifact@v3 | |
with: | |
name: relay-docker-image | |
- name: Import Docker Image | |
run: docker load -i relay-docker-image.tgz | |
- name: Run Sentry integration tests | |
working-directory: sentry | |
env: | |
RELAY_TEST_IMAGE: ${{ steps.setup.outputs.relay-test-image }} | |
run: | | |
echo "Testing against ${RELAY_TEST_IMAGE}" | |
make test-relay-integration | |
publish-to-dockerhub: | |
name: Publish Relay to DockerHub | |
needs: build | |
runs-on: ubuntu-20.04 | |
if: ${{ (github.ref_name == 'master') }} | |
steps: | |
- uses: actions/checkout@v3 | |
- timeout-minutes: 20 | |
run: until docker pull "ghcr.io/getsentry/relay:${{ github.sha }}" 2>/dev/null; do sleep 10; done | |
- name: Push built docker image | |
shell: bash | |
run: | | |
IMAGE_URL="ghcr.io/getsentry/relay:${{ github.sha }}" | |
docker login --username=sentrybuilder --password ${{ secrets.DOCKER_HUB_RW_TOKEN }} | |
# We push 3 tags to Dockerhub: | |
# first, the full sha of the commit | |
docker tag "$IMAGE_URL" getsentry/relay:${GITHUB_SHA} | |
docker push getsentry/relay:${GITHUB_SHA} | |
# second, the short sha of the commit | |
SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA") | |
docker tag "$IMAGE_URL" getsentry/relay:${SHORT_SHA} | |
docker push getsentry/relay:${SHORT_SHA} | |
# finally, nightly | |
docker tag "$IMAGE_URL" getsentry/relay:nightly | |
docker push getsentry/relay:nightly |