diff --git a/.github/workflows/acceptance.yml b/.github/workflows/acceptance.yml index 7cb6433b702fcc..f89ea5864351bf 100644 --- a/.github/workflows/acceptance.yml +++ b/.github/workflows/acceptance.yml @@ -23,28 +23,7 @@ env: SNUBA_NO_WORKERS: 1 jobs: - files-changed: - name: detect what files changed - runs-on: ubuntu-24.04 - timeout-minutes: 3 - # Map a step output to a job output - outputs: - acceptance: ${{ steps.changes.outputs.acceptance }} - backend_all: ${{ steps.changes.outputs.backend_all }} - frontend_all: ${{ steps.changes.outputs.frontend_all }} - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Check for backend file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - acceptance: - if: needs.files-changed.outputs.acceptance == 'true' - needs: files-changed name: acceptance runs-on: ubuntu-24.04 timeout-minutes: 30 @@ -58,10 +37,10 @@ jobs: fail-fast: false matrix: # XXX: When updating this, make sure you also update MATRIX_INSTANCE_TOTAL. - instance: [0, 1, 2, 3, 4] + instance: [0] env: # XXX: MATRIX_INSTANCE_TOTAL must be hardcoded to the length of strategy.matrix.instance. - MATRIX_INSTANCE_TOTAL: 5 + MATRIX_INSTANCE_TOTAL: 1 TEST_GROUP_STRATEGY: roundrobin steps: @@ -100,9 +79,6 @@ jobs: - name: webpack env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - # should set value either as `true` or `false` - CODECOV_ENABLE_BA: ${{ needs.files-changed.outputs.frontend_all == 'true'}} GH_COMMIT_SHA: ${{ github.event.pull_request.head.sha }} run: | pnpm run build-acceptance @@ -117,50 +93,18 @@ jobs: with: mode: acceptance-ci - - name: Run acceptance tests (#${{ steps.setup.outputs.matrix-instance-number }} of ${{ steps.setup.outputs.matrix-instance-total }}) - run: make run-acceptance - - - name: Inspect failure - if: failure() + - name: Run acceptance test run: | - if command -v devservices; then - devservices logs - fi + vmstat 1 > vmstat.txt & + VMSTAT_PID=$! - - name: Collect test data - uses: ./.github/actions/collect-test-data - if: ${{ !cancelled() }} - with: - artifact_path: .artifacts/pytest.acceptance.json - gcs_bucket: ${{ secrets.COLLECT_TEST_DATA_GCS_BUCKET }} - gcp_project_id: ${{ secrets.COLLECT_TEST_DATA_GCP_PROJECT_ID }} - workload_identity_provider: ${{ secrets.SENTRY_GCP_DEV_WORKLOAD_IDENTITY_POOL }} - service_account_email: ${{ secrets.COLLECT_TEST_DATA_SERVICE_ACCOUNT_EMAIL }} - matrix_instance_number: ${{ steps.setup.outputs.matrix-instance-number }} - - # This job runs when FE or BE changes happen, however, we only upload coverage data for - # BE changes since it conflicts with codecov's carry forward functionality - # Upload coverage data even if running the tests step fails since - # it reduces large coverage fluctuations - - name: Handle artifacts - uses: ./.github/actions/artifacts - if: ${{ !cancelled() && needs.files-changed.outputs.backend_all == 'true' }} - continue-on-error: true - timeout-minutes: 5 + TOTAL_TEST_GROUPS=5 TEST_GROUP=0 python3 -b -m pytest tests/acceptance || true + + kill $VMSTAT_PID + wait $VMSTAT_PID || true + + - name: Upload vmstat logs + uses: actions/upload-artifact@v4 with: - token: ${{ secrets.CODECOV_TOKEN }} - commit_sha: ${{ github.event.pull_request.head.sha }} - type: acceptance - - acceptance-required-checks: - # this is a required check so we need this job to always run and report a status. - if: always() - name: Acceptance - needs: [acceptance, files-changed] - runs-on: ubuntu-24.04 - timeout-minutes: 3 - steps: - - name: Check for failures - if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') - run: | - echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1 + name: vmstat + path: vmstat.txt diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml deleted file mode 100644 index d60ede485eb585..00000000000000 --- a/.github/workflows/backend.yml +++ /dev/null @@ -1,463 +0,0 @@ -name: backend - -on: - push: - branches: - - master - pull_request: - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 -env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 - SNUBA_NO_WORKERS: 1 - -jobs: - files-changed: - name: detect what files changed - runs-on: ubuntu-24.04 - timeout-minutes: 3 - # Map a step output to a job output - outputs: - api_docs: ${{ steps.changes.outputs.api_docs }} - backend: ${{ steps.changes.outputs.backend_all }} - backend_dependencies: ${{ steps.changes.outputs.backend_dependencies }} - backend_api_urls: ${{ steps.changes.outputs.backend_api_urls }} - backend_any_type: ${{ steps.changes.outputs.backend_any_type }} - migration_lockfile: ${{ steps.changes.outputs.migration_lockfile }} - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Check for backend file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - - api-docs: - if: needs.files-changed.outputs.api_docs == 'true' - needs: files-changed - name: api docs test - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: Setup sentry python env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: default - - - name: Run API docs tests - run: | - make test-api-docs - - - name: Inspect failure - if: failure() - run: | - if command -v devservices; then - devservices logs - fi - - backend-test: - if: needs.files-changed.outputs.backend == 'true' - needs: files-changed - name: backend test - runs-on: ubuntu-24.04 - timeout-minutes: 60 - permissions: - contents: read - id-token: write - actions: read # used for DIM metadata - strategy: - # This helps not having to run multiple jobs because one fails, thus, reducing resource usage - # and reducing the risk that one of many runs would turn red again (read: intermittent tests) - fail-fast: false - matrix: - # XXX: When updating this, make sure you also update MATRIX_INSTANCE_TOTAL. - instance: - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21] - - env: - # XXX: `MATRIX_INSTANCE_TOTAL` must be hardcoded to the length of `strategy.matrix.instance`. - # If this increases, make sure to also increase `flags.backend.after_n_builds` in `codecov.yml`. - MATRIX_INSTANCE_TOTAL: 22 - TEST_GROUP_STRATEGY: roundrobin - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: backend-ci - - - name: Run backend test (${{ steps.setup.outputs.matrix-instance-number }} of ${{ steps.setup.outputs.matrix-instance-total }}) - run: | - make test-python-ci - - - name: Inspect failure - if: failure() - run: | - if command -v devservices; then - devservices logs - fi - - - name: Collect test data - uses: ./.github/actions/collect-test-data - if: ${{ !cancelled() }} - with: - artifact_path: .artifacts/pytest.json - gcs_bucket: ${{ secrets.COLLECT_TEST_DATA_GCS_BUCKET }} - gcp_project_id: ${{ secrets.COLLECT_TEST_DATA_GCP_PROJECT_ID }} - workload_identity_provider: ${{ secrets.SENTRY_GCP_DEV_WORKLOAD_IDENTITY_POOL }} - service_account_email: ${{ secrets.COLLECT_TEST_DATA_SERVICE_ACCOUNT_EMAIL }} - matrix_instance_number: ${{ steps.setup.outputs.matrix-instance-number }} - - # Upload coverage data even if running the tests step fails since - # it reduces large coverage fluctuations - - name: Handle artifacts - if: ${{ !cancelled() }} - continue-on-error: true - timeout-minutes: 5 - uses: ./.github/actions/artifacts - with: - token: ${{ secrets.CODECOV_TOKEN }} - commit_sha: ${{ github.event.pull_request.head.sha }} - type: backend - - backend-migration-tests: - if: needs.files-changed.outputs.backend == 'true' - needs: files-changed - name: backend migration tests - runs-on: ubuntu-24.04 - timeout-minutes: 30 - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: default - - - name: run tests - run: | - PYTEST_ADDOPTS="$PYTEST_ADDOPTS -m migrations --migrations --reruns 0 --fail-slow=120s" make test-python-ci - - - name: Inspect failure - if: failure() - run: | - if command -v devservices; then - devservices logs - fi - - # Upload coverage data even if running the tests step fails since - # it reduces large coverage fluctuations - - name: Handle artifacts - if: ${{ !cancelled() }} - continue-on-error: true - timeout-minutes: 5 - uses: ./.github/actions/artifacts - with: - token: ${{ secrets.CODECOV_TOKEN }} - commit_sha: ${{ github.event.pull_request.head.sha }} - type: backend-migration - - cli: - if: needs.files-changed.outputs.backend == 'true' - needs: files-changed - name: cli test - runs-on: ubuntu-24.04 - timeout-minutes: 10 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: migrations - - - name: Run test - env: - # This short circuits the create_default_projects post_upgrade hook - # which spawns taskworkers which will spin for 5 minutes on kafka - # not being up. We don't need the default project here as this is not local dev. - SENTRY_NO_CREATE_DEFAULT_PROJECT: 1 - run: make test-cli - - - name: Inspect failure - if: failure() - run: | - if command -v devservices; then - devservices logs - fi - - requirements: - if: needs.files-changed.outputs.backend_dependencies == 'true' - needs: files-changed - name: requirements check - runs-on: ubuntu-24.04 - timeout-minutes: 3 - steps: - - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 - id: token - continue-on-error: true - with: - app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} - private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: astral-sh/setup-uv@884ad927a57e558e7a70b92f2bccf9198a4be546 # v6 - with: - version: '0.8.2' - - - uses: getsentry/action-setup-venv@3a832a9604b3e1a4202ae559248f26867b467cc7 # v2.1.1 - with: - python-version: 3.13.1 - cache-dependency-path: uv.lock - install-cmd: echo - - - name: check requirements - run: | - make freeze-requirements - if ! git diff --exit-code; then - echo $'\n\nrun `make freeze-requirements` locally to update requirements' - exit 1 - fi - - - name: apply any requirements changes - if: steps.token.outcome == 'success' && github.ref != 'refs/heads/master' && always() - uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0 - with: - github-token: ${{ steps.token.outputs.token }} - message: ':snowflake: re-freeze requirements' - - api-url-typescript: - if: needs.files-changed.outputs.backend_api_urls == 'true' - needs: files-changed - name: api url typescript generation - runs-on: ubuntu-24.04 - timeout-minutes: 10 - steps: - - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 - id: token - with: - app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} - private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - with: - mode: backend-ci - - - name: Sync API Urls to TypeScirpt - run: | - python3 -m tools.api_urls_to_typescript - - - name: Apply any file changes - if: github.ref != 'refs/heads/master' && always() - uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0 - with: - github-token: ${{ steps.token.outputs.token }} - message: ':hammer_and_wrench: Sync API Urls to TypeScirpt' - - migration: - if: needs.files-changed.outputs.migration_lockfile == 'true' - needs: files-changed - name: check migration - runs-on: ubuntu-24.04 - - steps: - - name: Checkout sentry - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: migrations - - - name: Migration & lockfile checks - env: - SENTRY_LOG_LEVEL: ERROR - PGPASSWORD: postgres - run: | - ./.github/workflows/scripts/migration-check.sh - - - name: Inspect failure - if: failure() - run: | - if command -v devservices; then - devservices logs - fi - - monolith-dbs: - if: needs.files-changed.outputs.backend == 'true' - needs: files-changed - name: monolith-dbs test - runs-on: ubuntu-24.04 - timeout-minutes: 20 - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: migrations - - - name: Run test - run: | - make test-monolith-dbs - - - name: Inspect failure - if: failure() - run: | - if command -v devservices; then - devservices logs - fi - - - name: Collect test data - uses: ./.github/actions/collect-test-data - if: ${{ !cancelled() }} - with: - artifact_path: .artifacts/pytest.monolith-dbs.json - gcs_bucket: ${{ secrets.COLLECT_TEST_DATA_GCS_BUCKET }} - gcp_project_id: ${{ secrets.COLLECT_TEST_DATA_GCP_PROJECT_ID }} - workload_identity_provider: ${{ secrets.SENTRY_GCP_DEV_WORKLOAD_IDENTITY_POOL }} - service_account_email: ${{ secrets.COLLECT_TEST_DATA_SERVICE_ACCOUNT_EMAIL }} - - # Upload coverage data even if running the tests step fails since - # it reduces large coverage fluctuations - - name: Handle artifacts - if: ${{ !cancelled() }} - continue-on-error: true - timeout-minutes: 5 - uses: ./.github/actions/artifacts - with: - token: ${{ secrets.CODECOV_TOKEN }} - commit_sha: ${{ github.event.pull_request.head.sha }} - type: monolith-dbs - - typing: - if: needs.files-changed.outputs.backend == 'true' - needs: files-changed - name: backend typing - runs-on: ubuntu-24.04 - timeout-minutes: 20 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: astral-sh/setup-uv@884ad927a57e558e7a70b92f2bccf9198a4be546 # v6 - with: - version: '0.8.2' - # we just cache the venv-dir directly in action-setup-venv - enable-cache: false - - - uses: getsentry/action-setup-venv@3a832a9604b3e1a4202ae559248f26867b467cc7 # v2.1.1 - with: - python-version: 3.13.1 - cache-dependency-path: uv.lock - install-cmd: uv sync --frozen --active - - - name: setup sentry (lite) - run: | - python3 -m tools.fast_editable --path . - sentry init - - - run: PYTHONWARNINGS=error::RuntimeWarning mypy - id: run - - - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 - id: token - continue-on-error: true - with: - app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} - private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - - # only if `mypy` succeeds should we try and trim the blocklist - - run: python3 -m tools.mypy_helpers.make_module_ignores - id: regen-blocklist - - - run: git diff --exit-code - - - run: | - # mypy does not have granular codes so don't allow specific messages to regress - set -euo pipefail - ! grep "'Settings' object has no attribute" .artifacts/mypy-all - ! grep 'Argument .* of "dispatch" is incompatible with' .artifacts/mypy-all - ! grep 'Cannot override class variable' .artifacts/mypy-all - ! grep 'Exception type must be derived from BaseException' .artifacts/mypy-all - ! grep 'Incompatible default for argument' .artifacts/mypy-all - ! grep 'Incompatible return value type (got "HttpResponseBase"' .artifacts/mypy-all - ! grep 'Incompatible types in "yield"' .artifacts/mypy-all - ! grep 'Module "sentry.*has no attribute' .artifacts/mypy-all - ! grep 'No return value expected' .artifacts/mypy-all - ! grep 'Return value expected' .artifacts/mypy-all - ! grep 'Unpacking a string is disallowed' .artifacts/mypy-all - ! grep 'base class .* defined the type as.*Permission' .artifacts/mypy-all - ! grep 'does not explicitly export attribute' .artifacts/mypy-all - ! grep 'gets multiple values for' .artifacts/mypy-all - - - name: apply blocklist changes - if: | - steps.token.outcome == 'success' && - steps.run.outcome == 'success' && - steps.regen-blocklist.outcome == 'success' && - github.ref != 'refs/heads/master' && - always() - uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0 - with: - github-token: ${{ steps.token.outputs.token }} - message: ':knife: regenerate mypy module blocklist' - - # This check runs once all dependent jobs have passed - # It symbolizes that all required Backend checks have succesfully passed (Or skipped) - # This step is the only required backend check - backend-required-check: - needs: - [ - api-docs, - backend-test, - backend-migration-tests, - cli, - files-changed, - requirements, - migration, - monolith-dbs, - typing, - ] - name: Backend - # This is necessary since a failed/skipped dependent job would cause this job to be skipped - if: always() - runs-on: ubuntu-24.04 - steps: - # If any jobs we depend on fail, we will fail since this is a required check - # NOTE: A timeout is considered a failure - - name: Check for failures - if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') - run: | - echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1 diff --git a/.github/workflows/bump-sentry-in-getsentry.yml b/.github/workflows/bump-sentry-in-getsentry.yml deleted file mode 100644 index d955d1d12cc492..00000000000000 --- a/.github/workflows/bump-sentry-in-getsentry.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: bump sentry in getsentry - -# Serializes the execution of this workflow. -concurrency: - group: ${{ github.workflow }} - -on: - push: - branches: - - master - -defaults: - run: - # the default default is: - # bash --noprofile --norc -eo pipefail {0} - shell: bash --noprofile --norc -eo pipefail -ux {0} - -jobs: - bump-sentry: - runs-on: ubuntu-24.04 - steps: - - name: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - # For getsentry/bin/bump-sentry, sentry needs to be at ../sentry relative to getsentry. - path: sentry - - - name: checkout getsentry - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - repository: 'getsentry/getsentry' - path: getsentry - # This PAT (Personal Access Token) belongs to getsentry-bot, - # who can write to getsentry and is SAML+SSO ready. - token: ${{ secrets.BUMP_SENTRY_TOKEN }} - - - name: bump-sentry ${{ github.sha }} - run: | - cd getsentry - - python -S -m bin.bump_sentry ${{ github.sha }} - - # If getsentry is pushed to by any other means while we were here, - # we won't be able to push. - for i in 1 2 3 4 5; do - git push origin master && exit 0 - # There's a little bit of network delay here that suffices - # as a small sleep. - git \ - -c user.name=getsentry-bot \ - -c user.email=bot@sentry.io \ - pull --rebase origin master - done - - # 5th and final attempt. - git push origin master diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml deleted file mode 100644 index 70c044beb67098..00000000000000 --- a/.github/workflows/bump-version.yml +++ /dev/null @@ -1,75 +0,0 @@ -on: - workflow_dispatch: - inputs: - package: - required: true - type: string - description: package name such as `sentry-arroyo` - version: - required: true - type: string - description: desired version such as `1.2.3`, or `latest` to pull the latest version from PyPI - pr_options: - type: string - default: '' - description: additional options for gh pr create, such as for asking for specific reviewers - - # for use in other (cron/scheduled) workflows to bump specific - # company-internal dependencies on a more aggressive schedule - workflow_call: - inputs: - package: - required: true - type: string - version: - required: true - type: string - pr_options: - type: string - default: '' - -# disable all permissions -- we use the PAT's permissions instead -permissions: {} - -jobs: - bump-version: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - token: ${{ secrets.BUMP_SENTRY_TOKEN }} - - uses: astral-sh/setup-uv@884ad927a57e558e7a70b92f2bccf9198a4be546 # v6 - with: - version: '0.8.2' - - run: | - set -euxo pipefail - - if [ "$VERSION" = latest ]; then - VERSION="$(curl -sL https://pypi.org/pypi/$PACKAGE/json | jq -r .info.version)" - fi - - git checkout -b "bot/bump-version/$PACKAGE/$VERSION" - - python3 -S -m tools.bump_version "$PACKAGE" "$VERSION" - - if git diff --exit-code; then - exit 0 - fi - - git \ - -c user.name=getsentry-bot \ - -c user.email='10587625+getsentry-bot@users.noreply.github.com' \ - commit \ - --all \ - --message "ref: bump $PACKAGE to $VERSION" \ - --message "Co-Authored-By: $SENDER <$SENDER_ID+$SENDER@users.noreply.github.com>" - - git push origin HEAD --quiet - - gh pr create --fill ${{ inputs.pr_options }} - env: - GH_TOKEN: ${{ secrets.BUMP_SENTRY_TOKEN }} - PACKAGE: ${{ inputs.package }} - VERSION: ${{ inputs.version }} - SENDER: ${{ github.event.sender.login }} - SENDER_ID: ${{ github.event.sender.id }} diff --git a/.github/workflows/codecov_ats.yml b/.github/workflows/codecov_ats.yml deleted file mode 100644 index b2885a28438006..00000000000000 --- a/.github/workflows/codecov_ats.yml +++ /dev/null @@ -1,180 +0,0 @@ -name: IGNORE ME codecov-ats - -on: - pull_request: - -env: - CLI_VERSION: v0.1.5 - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -defaults: - run: - # the default default is: - # bash --noprofile --norc -eo pipefail {0} - shell: bash --noprofile --norc -eo pipefail -ux {0} - -jobs: - files-changed: - name: detect what files changed - runs-on: ubuntu-24.04 - timeout-minutes: 3 - # Map a step output to a job output - outputs: - api_docs: ${{ steps.changes.outputs.api_docs }} - backend: ${{ steps.changes.outputs.backend_all }} - backend_dependencies: ${{ steps.changes.outputs.backend_dependencies }} - backend_any_type: ${{ steps.changes.outputs.backend_any_type }} - migration_lockfile: ${{ steps.changes.outputs.migration_lockfile }} - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Check for backend file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - coverage-ats: - if: needs.files-changed.outputs.backend == 'true' - needs: files-changed - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - # fetch-depth: 0 - Use if the BASE_COMMIT on codecov_automated_test_selection is at unknown depth - # (i.e. git merge-base ${{ github.sha }}^ origin/main) - # fetch-depth: 2 - Use if the BASE_COMMIT on codecov_automated_test_selection is at known depth - # (i.e. git rev-parse ${{ github.sha }}^) - fetch-depth: 0 - - name: Set up Python 3.10.10 - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 - with: - python-version: '3.10.10' - # We need the setup to collect the list of tests properly - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: backend-ci - - name: Download Codecov CLI - run: | - uv pip install --extra-index-url https://pypi.org/simple --no-cache-dir codecov-cli>=0.4.1 - # Creates the commit and report objects in codecov - - name: Codecov startup - run: | - codecovcli create-commit - codecovcli create-report - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - # Sends static analysis information to codecov - - name: Static Analysis - run: | - codecovcli static-analysis --token=${CODECOV_STATIC_TOKEN} \ - --folders-to-exclude .artifacts \ - --folders-to-exclude .github \ - --folders-to-exclude .venv \ - --folders-to-exclude static \ - --folders-to-exclude bin - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - CODECOV_STATIC_TOKEN: ${{ secrets.CODECOV_STATIC_TOKEN }} - # Run Automated Test Selection in dry mode to get the list of tests to run - # The base commit will be the parent commit (apparently commits on master don't exist in codecov) - - name: Codecov Automated Test Selection - id: codecov_automated_test_selection - run: | - # Directory for the artifacts from this step - mkdir .artifacts/codecov_ats - # This is the base for the git diff BASE..HEAD - BASE_COMMIT=$(git merge-base ${{ github.sha }}^ origin/master) - # Get list of tests to run from Codecov - output=$(codecovcli --codecov-yml-path=codecov.yml label-analysis --dry-run --token=${CODECOV_STATIC_TOKEN} --base-sha=${BASE_COMMIT}) || true - # Post processing and validation - if [ -n "${output}" ]; - then - - jq <<< $output '.runner_options + .ats_tests_to_run | @json' --raw-output > .artifacts/codecov_ats/tests_to_run.json - jq <<< $output '.runner_options + .ats_tests_to_skip | @json' --raw-output > .artifacts/codecov_ats/tests_to_skip.json - - testcount() { jq <<< $output ".$1 | length"; } - run_count=$(testcount ats_tests_to_run) - skip_count=$(testcount ats_tests_to_skip) - # Parse any potential errors that made ATS fallback to running all tests - # And surface them - ats_fallback_reason=$(jq <<< "$output" '.ats_fallback_reason') - if [ "$ats_fallback_reason" == "null" ]; then - ats_success=true - else - ats_success=false - fi - tee <<< \ - "{\"ats_success\": $ats_success, \"error\": $ats_fallback_reason, \"tests_to_run\": $run_count, \"tests_analyzed\": $((run_count+skip_count))}" \ - "$GITHUB_STEP_SUMMARY" \ - ".artifacts/codecov_ats/result.json" - else - # We need not forget to add the search options in the fallback command, otherwise pytest might run more tests than expected - # These search options match what's defined in codecov.yml:105 - jq '@json' --raw-output <<< '[ - "--cov-context=test", - "tests/sentry", - "tests/integration", - "--ignore=tests/sentry/eventstream/kafka", - "--ignore=tests/sentry/post_process_forwarder", - "--ignore=tests/sentry/snuba", - "--ignore=tests/sentry/search/events", - "--ignore=tests/sentry/ingest/ingest_consumer/test_ingest_consumer_kafka.py" - ]' > .artifacts/codecov_ats/tests_to_skip.json - echo '[]' > .artifacts/codecov_ats/tests_to_run.json - # If we reached this point it means that ATS failed with some error - tee <<< '{"ats_success": false, "error": "exception_raised"}' "$GITHUB_STEP_SUMMARY" ".artifacts/codecov_ats/result.json" - fi - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - CODECOV_STATIC_TOKEN: ${{ secrets.CODECOV_STATIC_TOKEN }} - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 - with: - name: codecov_ats - path: .artifacts/codecov_ats - if-no-files-found: error - # The actual running of tests would come here, after the labels are available - # Something like pytest $ATS_TESTS_TO_RUN - debug: - runs-on: ubuntu-latest - needs: - - coverage-ats - - files-changed - # Avoids running this job if it's a frontend change - # It would fail if the coverage-ats step didn't run - if: needs.files-changed.outputs.backend == 'true' - steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 - with: - name: codecov_ats - path: .artifacts - - name: Debug ATS_TESTS_TO_RUN - run: | - length_of_tests=$(cat .artifacts/tests_to_run.json | jq 'length') - # The 1st value doesn't count, it's '--cov-context=test' (hence -gt 1) - if [ $length_of_tests -gt 1 ]; then - echo "Running $length_of_tests tests" - # --raw-output0 doesn't work. - cat .artifacts/tests_to_run.json | jq 'join("\u0000")' --raw-output | tr -d '\n' | xargs -r0 echo 'pytest' - else - echo "No tests to run" - fi - - name: Debug ATS_TESTS_TO_SKIP - run: | - length_of_tests=$(cat .artifacts/tests_to_skip.json | jq 'length') - # The 1st value doesn't count, it's '--cov-context=test' - if [ $length_of_tests -gt 1 ]; then - echo "Running $length_of_tests tests" - # --raw-output0 doesn't work. - cat .artifacts/tests_to_skip.json | jq 'join("\u0000")' --raw-output | tr -d '\n' | xargs -r0 echo 'pytest' - else - echo "No tests to run" - fi diff --git a/.github/workflows/codecov_carryforward_reports.yml b/.github/workflows/codecov_carryforward_reports.yml deleted file mode 100644 index 1cc37e0c38183c..00000000000000 --- a/.github/workflows/codecov_carryforward_reports.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Carry forward codecov reports -# This workflow carries forward coverage reports for commits in master -# The coverage reports are generated by .github/workflows/codecov_per_test_coverage.yml -# By carrying forward the reports and uploading the static analysis information -# We can use the commits in master as the BASE for Automated Test Selection -# see .github/workflows/codecov_ats.yml - -on: - push: - branches: [master] - -jobs: - carryforward-reports-and-upload-static-analysis: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Set up Python 3.10.10 - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 - with: - python-version: '3.10.10' - - - uses: astral-sh/setup-uv@884ad927a57e558e7a70b92f2bccf9198a4be546 # v6 - with: - version: '0.8.2' - - - name: Download Codecov CLI - run: | - uv pip install --extra-index-url https://pypi.org/simple --no-cache-dir pytest codecov-cli==0.4.0 - # Creates the commit and report objects in codecov - # This carries forward previouly uploaded coverage reports to the new commit - - name: Codecov startup - run: | - codecovcli create-commit - codecovcli create-report - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - # Sends static analysis information to codecov - # This is used as an input in Codecov Automated Test Selection. - # It's necessary so we can use this commit as the BASE for comparison - - name: Static Analysis - run: | - codecovcli static-analysis --token=${CODECOV_STATIC_TOKEN} \ - --folders-to-exclude .artifacts \ - --folders-to-exclude .github \ - --folders-to-exclude .venv \ - --folders-to-exclude static \ - --folders-to-exclude bin - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - CODECOV_STATIC_TOKEN: ${{ secrets.CODECOV_STATIC_TOKEN }} diff --git a/.github/workflows/codecov_per_test_coverage.yml b/.github/workflows/codecov_per_test_coverage.yml deleted file mode 100644 index 740e97c0509df7..00000000000000 --- a/.github/workflows/codecov_per_test_coverage.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Codecov - per test coverage -# This workflow generates pytest coverage with the flag --cov-context=test -# This coverage is used as input for Codecov Automated Test Selection (see .github/workflows/codecov_ats.yml) -# However there's a performance toll in running tests with this flag. -# So we will not be running the test suite on every commit - -on: [workflow_dispatch, workflow_call] - -jobs: - # Same as 'backend' in .github/workflows/backed.yml - # Except for run_backend_tests step (which includes the extra --cov-context=test flag) - # And the coverage generation and handling - backend-test-with-cov-context: - if: github.ref == 'refs/heads/master' - name: backend test - runs-on: ubuntu-24.04 - timeout-minutes: 120 - strategy: - # This helps not having to run multiple jobs because one fails, thus, reducing resource usage - # and reducing the risk that one of many runs would turn red again (read: intermittent tests) - fail-fast: false - matrix: - # XXX: When updating this, make sure you also update MATRIX_INSTANCE_TOTAL. - instance: [0, 1, 2, 3, 4, 5, 6] - - env: - # XXX: `MATRIX_INSTANCE_TOTAL` must be hardcoded to the length of `strategy.matrix.instance`. - # If this increases, make sure to also increase `flags.backend.after_n_builds` in `codecov.yml`. - MATRIX_INSTANCE_TOTAL: 7 - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: backend-ci - - - name: Run backend test (${{ steps.setup.outputs.matrix-instance-number }} of ${{ steps.setup.outputs.matrix-instance-total }}) with --cov-context=test - id: run_backend_tests - run: | - make test-python-ci COV_ARGS=--cov-context=test - - # Separate from the testing step above so that we always create the report - # Even if some tests fail - - name: Create coverage report in JSON format - if: ${{ always() }} - run: | - coverage json --show-contexts -o .artifacts/python.coverage.json - - # Upload coverage data even if running the tests step fails since - # it reduces large coverage fluctuations - - name: Upload coverage - special case to test Codecov ATS - if: ${{ always() }} - uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: .artifacts/python.coverage.codecov.json - flags: smart-tests - override_commit: ${{ github.event.pull_request.head.sha }} - plugins: compress-pycoverage - continue-on-error: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 2ab3a274259355..00000000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: 'CodeQL' - -on: - pull_request: - # The branches below must be a subset of the branches above - branches: ['master'] - paths: - - '**.js' - - '**.ejs' - - '**.tsx' - - '**.ts' - - '**.py' - - '!tests/**' - schedule: - - cron: '44 12 * * 1' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ['javascript', 'python'] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support - - steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 - with: - trap-caching: false - config-file: ./.github/codeql/codeql-config.yml - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: security-extended - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - # - name: Autobuild - # uses: github/codeql-action/autobuild@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0116bc2df50751f9724a2e35ef1f24d22f90e4e1 # v2.22.3 - with: - category: '/language:${{matrix.language}}' diff --git a/.github/workflows/development-environment.yml b/.github/workflows/development-environment.yml deleted file mode 100644 index 370175ca4ce9a0..00000000000000 --- a/.github/workflows/development-environment.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: dev env -on: - pull_request: - paths: - - '.pre-commit-config.yaml' - - 'Makefile' - - '.github/workflows/development-environment.yml' - - 'requirements-*.txt' - - 'pyproject.toml' - - 'uv.lock' - - '.python-version' - - '.envrc' - - 'Brewfile' - - 'scripts/**' - - 'tools/**' - - 'src/sentry/runner/commands/devserver.py' - - 'src/sentry/runner/commands/devservices.py' - - 'bin/load-mocks' - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 -env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 - -jobs: - test: - runs-on: ubuntu-24.04 - timeout-minutes: 5 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: astral-sh/setup-uv@884ad927a57e558e7a70b92f2bccf9198a4be546 # v6 - with: - version: '0.8.2' - # we just cache the venv-dir directly in action-setup-venv - enable-cache: false - - - uses: getsentry/action-setup-venv@3a832a9604b3e1a4202ae559248f26867b467cc7 # v2.1.1 - with: - python-version: 3.13.1 - cache-dependency-path: uv.lock - install-cmd: uv sync --only-dev --frozen --active - - - name: test-tools - run: make test-tools - - name: Handle artifacts - uses: ./.github/actions/artifacts - with: - token: ${{ secrets.CODECOV_TOKEN }} - commit_sha: ${{ github.event.pull_request.head.sha }} - - devenv: - runs-on: ubuntu-24.04 - timeout-minutes: 10 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: astral-sh/setup-uv@884ad927a57e558e7a70b92f2bccf9198a4be546 # v6 - with: - version: '0.8.2' - # we just cache the venv-dir directly in action-setup-venv - enable-cache: false - - - uses: getsentry/action-setup-venv@3a832a9604b3e1a4202ae559248f26867b467cc7 # v2.1.1 - with: - python-version: 3.13.1 - cache-dependency-path: uv.lock - # technically we can just use --only-dev but more cache is nice - install-cmd: uv sync --frozen --active - - - name: devenv sync - run: | - devenv --nocoderoot sync diff --git a/.github/workflows/enforce-license-compliance.yml b/.github/workflows/enforce-license-compliance.yml deleted file mode 100644 index 5cb36295bc5eb4..00000000000000 --- a/.github/workflows/enforce-license-compliance.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: Enforce License Compliance - -on: - pull_request: - -jobs: - enforce-license-compliance: - runs-on: ubuntu-latest - steps: - - name: 'Enforce License Compliance' - uses: getsentry/action-enforce-license-compliance@48236a773346cb6552a7bda1ee370d2797365d87 # main - with: - fossa_api_key: ${{ secrets.FOSSA_API_KEY }} diff --git a/.github/workflows/fast-revert.yml b/.github/workflows/fast-revert.yml deleted file mode 100644 index 32469edf2a49cc..00000000000000 --- a/.github/workflows/fast-revert.yml +++ /dev/null @@ -1,40 +0,0 @@ -on: - pull_request_target: - types: [labeled] - workflow_dispatch: - inputs: - pr: - required: true - description: pr number - co_authored_by: - required: true - description: '`name ` for triggering user' - -# disable all permissions -- we use the PAT's permissions instead -permissions: {} - -jobs: - revert: - runs-on: ubuntu-latest - if: | - github.event_name == 'workflow_dispatch' || github.event.label.name == 'Trigger: Revert' - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - token: ${{ secrets.BUMP_SENTRY_TOKEN }} - - uses: getsentry/action-fast-revert@35b4b6c1f8f91b5911159568b3b15e531b5b8174 # v2.0.1 - with: - pr: ${{ github.event.number || github.event.inputs.pr }} - co_authored_by: ${{ github.event.inputs.co_authored_by || format('{0} <{1}+{0}@users.noreply.github.com>', github.event.sender.login, github.event.sender.id) }} - committer_name: getsentry-bot - committer_email: bot@sentry.io - token: ${{ secrets.BUMP_SENTRY_TOKEN }} - - name: comment on failure - run: | - curl \ - --silent \ - -X POST \ - -H 'Authorization: token ${{ secrets.BUMP_SENTRY_TOKEN }}' \ - -d'{"body": "revert failed (conflict? already reverted?) -- [check the logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})"}' \ - https://api.github.com/repositories/${{ github.event.repository.id }}/issues/${{ github.event.number || github.event.inputs.pr }}/comments - if: failure() diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml deleted file mode 100644 index f3d1db6bf9227f..00000000000000 --- a/.github/workflows/frontend.yml +++ /dev/null @@ -1,259 +0,0 @@ -name: frontend - -on: - push: - branches: - - master - pull_request: - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 -env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 - NODE_OPTIONS: '--max-old-space-size=4096' - -jobs: - files-changed: - name: detect what files changed - runs-on: ubuntu-24.04 - timeout-minutes: 3 - # Map a step output to a job output - outputs: - testable_modified: ${{ steps.changes.outputs.testable_modified }} - testable_rules_changed: ${{ steps.changes.outputs.testable_rules_changed }} - typecheckable_rules_changed: ${{ steps.changes.outputs.typecheckable_rules_changed }} - frontend_all: ${{ steps.changes.outputs.frontend_all }} - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Check for frontend file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - list-files: shell - - typescript: - if: needs.files-changed.outputs.frontend_all == 'true' - needs: files-changed - name: typescript - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: node_modules cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - id: nodemodulescache - with: - path: node_modules - key: ${{ runner.os }}-node-modules-${{ hashFiles('pnpm-lock.yaml', 'api-docs/pnpm-lock.yaml', '.node-version') }} - - - name: Install Javascript Dependencies - if: steps.nodemodulescache.outputs.cache-hit != 'true' - run: pnpm install --frozen-lockfile - - # Setup custom tsc matcher, see https://github.com/actions/setup-node/issues/97 - - name: setup matchers - run: | - echo "::remove-matcher owner=masters::" - echo "::add-matcher::.github/tsc.json" - - - name: tsc - id: tsc - run: pnpm exec tsc -p tsconfig.json - - eslint: - if: needs.files-changed.outputs.frontend_all == 'true' - needs: files-changed - name: eslint - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: node_modules cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - id: nodemodulescache - with: - path: node_modules - key: ${{ runner.os }}-node-modules-${{ hashFiles('pnpm-lock.yaml', 'api-docs/pnpm-lock.yaml', '.node-version') }} - - - name: Install Javascript Dependencies - if: steps.nodemodulescache.outputs.cache-hit != 'true' - run: pnpm install --frozen-lockfile - - # Setup custom eslint matcher, see https://github.com/actions/setup-node/issues/97 - - name: setup matchers - run: | - echo "::remove-matcher owner=masters::" - echo "::add-matcher::.github/eslint-stylish.json" - - - name: eslint - id: eslint - run: pnpm run lint:js - - knip: - if: needs.files-changed.outputs.frontend_all == 'true' - needs: files-changed - name: knip - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: node_modules cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - id: nodemodulescache - with: - path: node_modules - key: ${{ runner.os }}-node-modules-${{ hashFiles('pnpm-lock.yaml', 'api-docs/pnpm-lock.yaml', '.node-version') }} - - - name: Install Javascript Dependencies - if: steps.nodemodulescache.outputs.cache-hit != 'true' - run: pnpm install --frozen-lockfile - - # Setup custom eslint matcher, see https://github.com/actions/setup-node/issues/97 - - name: setup matchers - run: | - echo "::remove-matcher owner=masters::" - echo "::add-matcher::.github/eslint-stylish.json" - - - name: knip - id: knip - run: pnpm run knip - - - name: knip-prod - id: knip-prod - run: pnpm run knip:prod - - frontend-jest-tests: - if: needs.files-changed.outputs.testable_rules_changed == 'true' || needs.files-changed.outputs.testable_modified == 'true' - needs: [files-changed] - name: Jest - # If you change the runs-on image, you must also change the runner in jest-balance.yml - # so that the balancer runs in the same environment as the tests. - runs-on: ubuntu-24.04 - timeout-minutes: 30 - strategy: - # This helps not having to run multiple jobs because one fails, thus, reducing resource usage - # and reducing the risk that one of many runs would turn red again (read: intermittent tests) - fail-fast: false - matrix: - # XXX: When updating this, make sure you also update CI_NODE_TOTAL. - - instance: [0, 1, 2, 3] - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Checkout sentry - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: node_modules cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - id: nodemodulescache - with: - path: node_modules - key: ${{ runner.os }}-node-modules-${{ hashFiles('pnpm-lock.yaml', 'api-docs/pnpm-lock.yaml', '.node-version') }} - - - name: Install Javascript Dependencies - if: steps.nodemodulescache.outputs.cache-hit != 'true' - run: pnpm install --frozen-lockfile - - - name: Download jest-balance.json - id: download-artifact - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 - with: - workflow: 38531594 # jest-balancer.yml - workflow_conclusion: success # The conclusion of the workflow we're looking for - branch: master # The branch we're looking for - name: jest-balance.json # Artifact name - name_is_regexp: false - path: tests/js/test-balancer/ # Directory where to extract artifact(s), defaults to the current directory - search_artifacts: true # Search for the last workflow run whose stored the artifact we're looking for - if_no_artifact_found: warn # Can be one of: "fail", "warn", "ignore" - - - name: jest - env: - GITHUB_PR_SHA: ${{ github.event.pull_request.head.sha || github.sha }} - GITHUB_PR_REF: ${{ github.event.pull_request.head.ref || github.ref }} - # XXX: CI_NODE_TOTAL must be hardcoded to the length of strategy.matrix.instance. - # Otherwise, if there are other things in the matrix, using strategy.job-total - # wouldn't be correct. Also, if this increases, make sure to also increase - # `flags.frontend.after_n_builds` in `codecov.yml`. - CI_NODE_TOTAL: 4 - CI_NODE_INDEX: ${{ matrix.instance }} - # Disable testing-library from printing out any of of the DOM to - # stdout. No one actually looks through this in CI, they're just - # going to run it locally. - # - # This quiets up the logs quite a bit. - DEBUG_PRINT_LIMIT: 0 - run: | - if [ ${{ github.ref }} = 'refs/heads/master' ]; then - pnpm run test-ci --forceExit --coverage - else - pnpm run test-ci --forceExit - fi - - # We only upload coverage data for FE changes since it conflicts with - # codecov's carry forward functionality. - # Upload coverage data even if running the tests step fails since - # it reduces large coverage fluctuations. - - name: Handle artifacts - uses: ./.github/actions/artifacts - if: ${{ !cancelled() }} - continue-on-error: true - timeout-minutes: 5 - with: - files: .artifacts/coverage/* - type: frontend - token: ${{ secrets.CODECOV_TOKEN }} - commit_sha: ${{ github.event.pull_request.head.sha }} - - # This check runs once all dependant jobs have passed - # It symbolizes that all required Frontend checks have succesfully passed (Or skipped) - # This check is the only required Github check - frontend-required-check: - needs: [files-changed, frontend-jest-tests, typescript, eslint, knip] - name: Frontend - # This is necessary since a failed/skipped dependent job would cause this job to be skipped - if: always() - runs-on: ubuntu-24.04 - steps: - # If any jobs we depend on fail, we will fail since this is a required check - # NOTE: A timeout is considered a failure - - name: Check for failures - if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') - run: | - echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1 diff --git a/.github/workflows/getsentry-dispatch.yml b/.github/workflows/getsentry-dispatch.yml deleted file mode 100644 index ec4a3dd36ab45b..00000000000000 --- a/.github/workflows/getsentry-dispatch.yml +++ /dev/null @@ -1,81 +0,0 @@ -# Dispatch a request to getsentry to run getsentry test suites -name: getsentry dispatcher - -on: - # XXX: We are using `pull_request_target` instead of `pull_request` because we want - # this to run on forks. It allows forks to access secrets safely by - # only running workflows from the main branch. Prefer to use `pull_request` when possible. - # - # See https://github.com/getsentry/sentry/pull/21600 for more details - pull_request_target: - types: [labeled, opened, reopened, synchronize] - -# disable all other special privileges -permissions: - # needed for `actions/checkout` to clone the code - contents: read - # needed to remove the pull-request label - pull-requests: write - -jobs: - dispatch: - if: "github.event.action != 'labeled' || github.event.label.name == 'Trigger: getsentry tests'" - name: getsentry dispatch - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - - name: permissions - run: | - python3 -uS .github/workflows/scripts/getsentry-dispatch-setup \ - --repo-id ${{ github.event.repository.id }} \ - --pr ${{ github.event.number }} \ - --event ${{ github.event.action }} \ - --username "$ARG_USERNAME" \ - --label-names "$ARG_LABEL_NAMES" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # these can contain special characters - ARG_USERNAME: ${{ github.event.pull_request.user.login }} - ARG_LABEL_NAMES: ${{ toJSON(github.event.pull_request.labels.*.name) }} - - - name: Check for file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - - - name: getsentry token - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 - id: getsentry - with: - app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} - private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - - - name: Wait for PR merge commit - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - id: mergecommit - with: - github-token: ${{ steps.getsentry.outputs.token }} - script: | - require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/wait-for-merge-commit`).waitForMergeCommit({ - github, - context, - core, - }); - - - name: Dispatch getsentry tests - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ steps.getsentry.outputs.token }} - script: | - require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/getsentry-dispatch`).dispatch({ - github, - context, - core, - mergeCommitSha: '${{ steps.mergecommit.outputs.mergeCommitSha }}', - fileChanges: ${{ toJson(steps.changes.outputs) }}, - }); diff --git a/.github/workflows/jest-balance.yml b/.github/workflows/jest-balance.yml deleted file mode 100644 index de55de4c4de710..00000000000000 --- a/.github/workflows/jest-balance.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: jest balancer -on: - workflow_dispatch: - schedule: - - cron: '0 0 1,15 * *' -jobs: - jest-balance: - # Buckle up, this may take a while - timeout-minutes: 60 - # Make sure this matches the runner that runs frontend tests - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Checkout sentry - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: node_modules cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - id: nodemodulescache - with: - path: node_modules - key: ${{ runner.os }}-node-modules-${{ hashFiles('pnpm-lock.yaml', 'api-docs/pnpm-lock.yaml', '.node-version') }} - - - name: Install Javascript Dependencies - if: steps.nodemodulescache.outputs.cache-hit != 'true' - run: pnpm install --frozen-lockfile - - - name: jest balancer - env: - GITHUB_PR_SHA: ${{ github.event.pull_request.head.sha || github.sha }} - GITHUB_PR_REF: ${{ github.event.pull_request.head.ref || github.ref }} - run: JEST_TEST_BALANCER=1 pnpm run test-ci - - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2 - with: - name: jest-balance.json - path: tests/js/test-balancer/jest-balance.json diff --git a/.github/workflows/label-pullrequest.yml b/.github/workflows/label-pullrequest.yml deleted file mode 100644 index 48cfe4f909e607..00000000000000 --- a/.github/workflows/label-pullrequest.yml +++ /dev/null @@ -1,69 +0,0 @@ -# Adds labels to pull requests for the type of change the PR makes -name: meta(labels) - -on: - pull_request_target: - -jobs: - label-pullrequest: - permissions: - contents: read - pull-requests: write - name: labels pull requests (frontend / backend) - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - persist-credentials: false - - - name: Check for file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - - - name: Add frontend label - uses: getsentry/action-add-labels@54d0cba498c1eaf8bd34985d715504d1b6e2935f - if: steps.changes.outputs.frontend_all == 'true' - with: - labels: 'Scope: Frontend' - - - name: Add backend label - uses: getsentry/action-add-labels@54d0cba498c1eaf8bd34985d715504d1b6e2935f - if: steps.changes.outputs.backend_src == 'true' - with: - labels: 'Scope: Backend' - - - name: Find previous frontend/backend warning comment - uses: peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1 # v2.4.0 - id: fc - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: '' - - - name: Add frontend/backend warning comment - uses: peter-evans/create-or-update-comment@b95e16d2859ad843a14218d1028da5b2c4cbc4b4 - if: > - steps.changes.outputs.frontend_all == 'true' && - steps.changes.outputs.backend_src == 'true' && - steps.fc.outputs.comment-id == 0 - with: - issue-number: ${{ github.event.pull_request.number }} - body: > - - - 🚨 **Warning:** This pull request contains Frontend and Backend changes! - - - It's discouraged to make changes to Sentry's Frontend and Backend - in a single pull request. The Frontend and Backend are **not** - atomically deployed. If the changes are interdependent of each - other, they **must** be separated into two pull requests and be made - forward or backwards compatible, such that the Backend or Frontend - can be safely deployed independently. - - - Have questions? Please ask in the [`#discuss-dev-infra` - channel](https://app.slack.com/client/T024ZCV9U/CTJL7358X). diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml deleted file mode 100644 index bd0df9cd60adb0..00000000000000 --- a/.github/workflows/lock.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: 'lock closed issues/PRs' -on: - schedule: - - cron: '* */12 * * *' - workflow_dispatch: -jobs: - lock: - runs-on: ubuntu-latest - steps: - - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v4.0.1 - with: - github-token: ${{ github.token }} - issue-inactive-days: 15 - issue-lock-reason: '' - pr-inactive-days: 15 - pr-lock-reason: '' diff --git a/.github/workflows/meta-deploys-detect-change-type.yml b/.github/workflows/meta-deploys-detect-change-type.yml deleted file mode 100644 index 4cc98d2375c34f..00000000000000 --- a/.github/workflows/meta-deploys-detect-change-type.yml +++ /dev/null @@ -1,33 +0,0 @@ -# Add a GitHub Check to commits in "master" that specifies the "type" of files that were changed -# ex: "only frontend", "only backed", or "fullstack" -name: meta(deploy) - -on: - push: - branches: - - master - -jobs: - files-changed: - name: detect what files changed - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Check for file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - list-files: shell - token: ${{ github.token }} - filters: .github/file-filters.yml - - - name: Create GitHub job - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/deploy`).updateChangeType({ - github, - context, - fileChanges: ${{ toJson(steps.changes.outputs) }} - }); diff --git a/.github/workflows/migrations-drift.yml b/.github/workflows/migrations-drift.yml deleted file mode 100644 index 901da1af353ca9..00000000000000 --- a/.github/workflows/migrations-drift.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: migrations-drift -on: - pull_request: - paths: ['src/sentry/**/migrations/**.py', '.github/workflows/migrations-drift.yml'] - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -defaults: - run: - # the default default is: - # bash --noprofile --norc -eo pipefail {0} - shell: bash --noprofile --norc -eo pipefail -ux {0} - -jobs: - drift: - name: migration drift - runs-on: ubuntu-24.04 - timeout-minutes: 15 - - steps: - # Checkout master to run all merged migrations. - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: master - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - with: - mode: migrations - - - name: Apply migrations - env: - # This short circuits the create_default_projects post_upgrade hook - # which spawns taskworkers which will spin for 5 minutes on kafka - # not being up. We don't need the default project here as this is not local dev. - SENTRY_NO_CREATE_DEFAULT_PROJECT: 1 - run: make apply-migrations - - # Checkout the current ref - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - clean: false - - - name: Apply migrations (again) - env: - SENTRY_NO_CREATE_DEFAULT_PROJECT: 1 - run: make apply-migrations - - - name: capture database schema before - run: docker exec sentry-postgres-1 bash -c 'pg_dumpall -U postgres -s' > schema-before - - - name: clear db - run: make drop-db create-db - - - name: squash migrations - run: python3 -um tools.migrations.squash - - - name: apply squashed migrations - env: - SENTRY_NO_CREATE_DEFAULT_PROJECT: 1 - run: make drop-db apply-migrations - - - name: capture database schema after - run: docker exec sentry-postgres-1 bash -c 'pg_dumpall -U postgres -s' > schema-after - - - name: compare schema - run: python3 -um tools.migrations.compare --color schema-before schema-after diff --git a/.github/workflows/migrations.yml b/.github/workflows/migrations.yml deleted file mode 100644 index 359057e28a2fde..00000000000000 --- a/.github/workflows/migrations.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: migrations -on: pull_request - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -defaults: - run: - # the default default is: - # bash --noprofile --norc -eo pipefail {0} - shell: bash --noprofile --norc -eo pipefail -ux {0} - -jobs: - did-migration-change: - name: check if any migration changes - runs-on: ubuntu-24.04 - timeout-minutes: 3 - # Map a step output to a job output - outputs: - added: ${{ steps.changes.outputs.migrations_added }} - modified: ${{ steps.changes.outputs.migrations_modified }} - steps: - - name: Checkout sentry - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Match migration files - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - - sql: - name: Generate SQL - runs-on: ubuntu-24.04 - timeout-minutes: 8 - - needs: did-migration-change - if: needs.did-migration-change.outputs.added == 'true' - - steps: - # Checkout master to run all merged migrations. - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: master - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - with: - mode: migrations - - - name: Apply migrations - run: | - sentry upgrade --noinput - - # Checkout the current ref - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - clean: false - - - name: Get changed migration files - id: file - run: | - echo 'added<> "$GITHUB_OUTPUT" - git diff --diff-filter=A --name-only origin/master HEAD -- 'src/sentry/*/migrations/*' 'src/sentry/migrations/*' ':!*/__init__.py' >> "$GITHUB_OUTPUT" - echo 'EOF' >> "$GITHUB_OUTPUT" - - - name: Generate SQL for migration - uses: getsentry/action-migrations@9f4400077fa0d5216d2f251d3228380e5a774d7d # v1.3.0 - env: - SENTRY_LOG_LEVEL: ERROR - with: - githubToken: ${{ secrets.GITHUB_TOKEN }} - migration: ${{ steps.file.outputs.added }} diff --git a/.github/workflows/openapi-diff.yml b/.github/workflows/openapi-diff.yml deleted file mode 100644 index 4eb4c5da25eb56..00000000000000 --- a/.github/workflows/openapi-diff.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: openapi-diff -on: - pull_request: - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 -env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 - -jobs: - check-diff: - name: (Optional) Shows the difference between the prod and dev schema - runs-on: ubuntu-24.04 - timeout-minutes: 90 - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Check for python file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - with: - mode: migrations - if: steps.changes.outputs.api_docs == 'true' - - - name: Checkout getsentry/sentry-api-schema - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - if: steps.changes.outputs.api_docs == 'true' - with: - ref: 'main' - repository: getsentry/sentry-api-schema - path: sentry-api-schema - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: Build OpenAPI Derefed JSON - if: steps.changes.outputs.api_docs == 'true' - run: | - make build-api-docs - - - name: Compare OpenAPI Derefed JSON - if: steps.changes.outputs.api_docs == 'true' - run: | - npx json-diff@0.5.4 --color sentry-api-schema/openapi-derefed.json tests/apidocs/openapi-derefed.json - - - name: Dump RPC schema for new version - id: newschema - if: steps.changes.outputs.api_docs == 'true' - run: | - mkdir schemas - sentry rpcschema > rpc_method_schema.json - - - name: Output RPC schema comparison - uses: oasdiff/oasdiff-action/breaking@a2ff6682b27d175162a74c09ace8771bd3d512f8 # A few commits after v0.0.19 to get fixes - if: steps.changes.outputs.api_docs == 'true' - with: - base: sentry-api-schema/rpc_method_schema.json - revision: ./rpc_method_schema.json - fail-on: WARN diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml deleted file mode 100644 index 4e673f899e191f..00000000000000 --- a/.github/workflows/openapi.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: openapi -on: - push: - branches: - - master - -# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 -env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 - -jobs: - build_and_deref_json: - runs-on: ubuntu-24.04 - timeout-minutes: 90 - steps: - - name: Getsentry Token - id: getsentry - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 - with: - app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} - private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Check for python file changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - id: changes - with: - token: ${{ github.token }} - filters: .github/file-filters.yml - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - with: - mode: migrations - if: steps.changes.outputs.api_docs == 'true' - - - name: Checkout getsentry/sentry-api-schema - if: steps.changes.outputs.api_docs == 'true' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: 'main' - repository: getsentry/sentry-api-schema - path: sentry-api-schema - token: ${{ steps.getsentry.outputs.token }} - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - if: steps.changes.outputs.api_docs == 'true' - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: Build OpenAPI Derefed JSON - if: steps.changes.outputs.api_docs == 'true' - run: | - make build-api-docs - - - name: Build RPC method schema - if: steps.changes.outputs.api_docs == 'true' - run: | - sentry rpcschema > rpc_method_schema.json - - - name: Copy artifacts into getsentry/sentry-api-schema - if: steps.changes.outputs.api_docs == 'true' - run: | - cp tests/apidocs/openapi-derefed.json sentry-api-schema - cp src/sentry/apidocs/api_ownership_stats_dont_modify.json sentry-api-schema - cp rpc_method_schema.json sentry-api-schema - - - name: Git Commit & Push - uses: stefanzweifel/git-auto-commit-action@0049e3fa4059ca715255fbbcb7dea4516f02ce0a # v4.15.3 - if: steps.changes.outputs.api_docs == 'true' - with: - repository: sentry-api-schema - branch: main - commit_message: Generated - commit_user_email: bot@getsentry.com - commit_user_name: openapi-getsentry-bot diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml deleted file mode 100644 index 15f55f5d4850fe..00000000000000 --- a/.github/workflows/pre-commit.yml +++ /dev/null @@ -1,107 +0,0 @@ -name: pre-commit - -on: - push: - branches: - - master - pull_request: - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -defaults: - run: - # the default default is: - # bash --noprofile --norc -eo pipefail {0} - shell: bash --noprofile --norc -eo pipefail -ux {0} - -# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 -env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 - # workaround: secrets cannot be directly referenced in `if` - # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets - SECRET_ACCESS: ${{toJSON(secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY != null)}} - -jobs: - lint: - name: pre-commit lint - runs-on: ubuntu-24.04 - timeout-minutes: 10 - steps: - - # get a non-default github token so that any changes are verified by CI - if: env.SECRET_ACCESS == 'true' - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 - id: token - with: - app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} - private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Get changed files - id: changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 - with: - # Enable listing of files matching each filter. - # Paths to files will be available in `${FILTER_NAME}_files` output variable. - list-files: json - - # It doesn't make sense to lint deleted files. - # Therefore we specify we are only interested in added or modified files. - filters: | - all: - - added|modified: '**/*' - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: node_modules cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - id: nodemodulescache - with: - path: node_modules - key: ${{ runner.os }}-node-modules-${{ hashFiles('pnpm-lock.yaml', 'api-docs/pnpm-lock.yaml', '.node-version') }} - - - name: Install Javascript Dependencies - if: steps.nodemodulescache.outputs.cache-hit != 'true' - run: pnpm install --frozen-lockfile - - - uses: astral-sh/setup-uv@884ad927a57e558e7a70b92f2bccf9198a4be546 # v6 - with: - version: '0.8.2' - # we just cache the venv-dir directly in action-setup-venv - enable-cache: false - - - uses: getsentry/action-setup-venv@3a832a9604b3e1a4202ae559248f26867b467cc7 # v2.1.1 - with: - python-version: 3.13.1 - cache-dependency-path: uv.lock - install-cmd: uv sync --only-dev --frozen --active - - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - with: - path: ~/.cache/pre-commit - key: cache-epoch-1|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} - - name: Setup pre-commit - # We don't need pre-commit install --install-hooks since we're just interested - # in running the hooks. - run: | - pre-commit install-hooks - - - name: Run pre-commit on PR commits - run: | - jq '.[]' --raw-output <<< '${{steps.changes.outputs.all_files}}' | - # Run pre-commit to lint and format check files that were changed (but not deleted) compared to master. - xargs pre-commit run --files - - - name: Apply any pre-commit fixed files - # note: this runs "always" or else it's skipped when pre-commit fails - if: env.SECRET_ACCESS == 'true' && startsWith(github.ref, 'refs/pull') && always() - uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0 - with: - github-token: ${{ steps.token.outputs.token }} - message: ':hammer_and_wrench: apply pre-commit fixes' diff --git a/.github/workflows/react-to-product-owners-yml-changes.yml b/.github/workflows/react-to-product-owners-yml-changes.yml deleted file mode 100644 index b856b06b63872f..00000000000000 --- a/.github/workflows/react-to-product-owners-yml-changes.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: React to product-owners.yml changes -on: - # This could be run manually, but the general expectation is that this fires - # from GHA in getsentry/security-as-code on changes there. - - workflow_dispatch: -jobs: - release: - runs-on: ubuntu-latest - name: React to product-owners.yml changes - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: getsentry/action-setup-venv@3a832a9604b3e1a4202ae559248f26867b467cc7 # v2.1.1 - with: - python-version: 3.13.1 - - - name: React to product-owners.yml changes - shell: bash - env: - GITHUB_TOKEN: ${{ secrets.BUMP_SENTRY_TOKEN }} - COMMITTER_NAME: getsentry-bot - COMMITTER_EMAIL: bot@sentry.io - run: ./bin/react-to-product-owners-yml-changes.sh diff --git a/.github/workflows/release-ghcr-version-tag.yml b/.github/workflows/release-ghcr-version-tag.yml deleted file mode 100644 index 3988c8dfa8df9e..00000000000000 --- a/.github/workflows/release-ghcr-version-tag.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Release GHCR Versioned Image - -on: - release: - types: [prereleased, released] - -jobs: - release-ghcr-version-tag: - runs-on: ubuntu-latest - steps: - - name: Log in to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Tag release version - run: | - docker buildx imagetools create --tag \ - ghcr.io/getsentry/sentry:${{ github.ref_name }} \ - ghcr.io/getsentry/sentry:${{ github.sha }} - - - name: Tag latest version - run: | - docker buildx imagetools create --tag \ - ghcr.io/getsentry/sentry:latest \ - ghcr.io/getsentry/sentry:${{ github.sha }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 406fed5714067e..00000000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Release -on: - workflow_dispatch: - inputs: - version: - description: Version to release (optional) - required: false - force: - description: Force a release even when there are release-blockers (optional) - required: false - schedule: - # We want the release to be at 9-10am Pacific Time - # We also want it to be 1 hour before the self-hosted release - - cron: '0 17 15 * *' -jobs: - release: - runs-on: ubuntu-latest - name: 'Release a new version' - steps: - - name: Get auth token - id: token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 - with: - app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} - private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - token: ${{ steps.token.outputs.token }} - fetch-depth: 0 - - name: Prepare release - uses: getsentry/action-prepare-release@d2cc2db3db92bc5b79a90c316f588f2b13626a2b # v1.5.6 - env: - GITHUB_TOKEN: ${{ steps.token.outputs.token }} - with: - version: ${{ github.event.inputs.version }} - force: ${{ github.event.inputs.force }} - calver: true diff --git a/.github/workflows/self-hosted.yml b/.github/workflows/self-hosted.yml deleted file mode 100644 index 2fcf4b90fb4fc5..00000000000000 --- a/.github/workflows/self-hosted.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: self-hosted -on: - push: - branches: - - master - - releases/** - pull_request: - -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 -env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 - NODE_OPTIONS: '--max-old-space-size=4096' - -jobs: - self-hosted: - runs-on: ${{ matrix.os }} - strategy: - matrix: - include: - - os: ubuntu-24.04 - platform: amd64 - - os: ubuntu-24.04-arm - platform: arm64 - name: self-hosted-${{ matrix.os }}-${{ matrix.platform }} - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - uses: astral-sh/setup-uv@884ad927a57e558e7a70b92f2bccf9198a4be546 # v6 - with: - version: '0.8.2' - - - uses: getsentry/action-setup-venv@3a832a9604b3e1a4202ae559248f26867b467cc7 # v2.1.1 - with: - python-version: 3.13.1 - cache-dependency-path: uv.lock - # sentry.build.main has no external dependencies; - # this is only to set up the venv with the correct - # python version - install-cmd: echo - - - name: Step configurations - id: config - run: | - echo "webpack-path=.webpack_cache" >> "$GITHUB_OUTPUT" - echo "WEBPACK_CACHE_PATH=.webpack_cache" >> "$GITHUB_ENV" - - - name: webpack cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - with: - path: ${{ steps.config.outputs.webpack-path }} - key: ${{ runner.os }}-self-hosted-webpack-cache-${{ hashFiles('webpack.config.ts') }} - - - name: node_modules cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 - id: nodemodulescache - with: - path: node_modules - key: ${{ runner.os }}-self-hosted-node-modules-${{ hashFiles('pnpm-lock.yaml', '.node-version') }} - - - name: Install Javascript Dependencies - if: steps.nodemodulescache.outputs.cache-hit != 'true' - run: pnpm install --frozen-lockfile --production - - - run: | - python3 -m tools.fast_editable --path . - python3 -m sentry.build.main - - - uses: getsentry/action-build-and-push-images@07a1c835f7a78e0f438fc766cc6024ed0ca1bf03 - with: - image_name: 'sentry' - platforms: linux/${{ matrix.platform }} - dockerfile_path: 'self-hosted/Dockerfile' - tag_suffix: -${{ matrix.platform }} - build_args: | - SOURCE_COMMIT=${{ github.sha }} - TARGETARCH=${{ matrix.platform }} - ghcr: true - tag_nightly: false - tag_latest: false - - assemble: - needs: [self-hosted] - if: ${{ (github.ref_name == 'master' || startsWith(github.ref_name, 'releases/')) && github.event_name != 'pull_request' }} - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - name: Docker Login - run: docker login --username '${{ github.actor }}' --password-stdin ghcr.io <<< "$GHCR_TOKEN" - env: - GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - - - name: Create multiplatform manifests - run: | - docker buildx imagetools create \ - --tag ghcr.io/getsentry/sentry:${{ github.sha }} \ - --tag ghcr.io/getsentry/sentry:nightly \ - ghcr.io/getsentry/sentry:${{ github.sha }}-amd64 \ - ghcr.io/getsentry/sentry:${{ github.sha }}-arm64 diff --git a/.github/workflows/sentry-pull-request-bot.yml b/.github/workflows/sentry-pull-request-bot.yml deleted file mode 100644 index 4da9362d566a11..00000000000000 --- a/.github/workflows/sentry-pull-request-bot.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: sentry pull request bot - -# Note this event happens on Issue comments AND PR comments, -# we make sure that we only respond to PR comments. -on: - issue_comment: - types: [created, edited] - pull_request: - types: [opened, edited] - -jobs: - # TODO(billy): Move this into an external action as we add more functionality - test-getsentry: - name: test getsentry - runs-on: ubuntu-24.04 - - # Ensure this bot only responds for pull requests and only for the main repository - if: >- - (github.event.issue.pull_request.url != '' || github.event.pull_request.id != '') && - (contains(github.event.comment.body, '#test-getsentry') || contains(github.event.pull_request.body, '#test-getsentry')) && - github.repository == 'getsentry/sentry' - - steps: - - name: Check getsentry membership - id: org - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - script: | - try { - const result = await github.rest.orgs.checkMembershipForUser({ - org: 'getsentry', - username: context.payload.sender.login, - }) - return result.status == 204; - } catch { - return false; - } - - - name: Fetch getsentry token - if: steps.org.outputs.result == 'true' - id: getsentry - uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 - with: - app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} - private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} - - - name: Wait for PR merge commit - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - id: mergecommit - with: - github-token: ${{ steps.getsentry.outputs.token }} - script: | - require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/wait-for-merge-commit`).waitForMergeCommit({ - github, - context, - core, - }); - - - name: Dispatch getsentry tests - if: steps.org.outputs.result == 'true' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - with: - github-token: ${{ steps.getsentry.outputs.token }} - script: | - github.rest.actions.createWorkflowDispatch({ - owner: 'getsentry', - repo: 'getsentry', - workflow_id: 'acceptance.yml', - ref: 'master', - inputs: { - 'sentry-sha': '${{ steps.mergecommit.outputs.mergeCommitSha }}', - 'sentry-pr-sha': '${{ github.event.pull_request.head.sha }}', - } - }) diff --git a/.github/workflows/shuffle-tests.yml b/.github/workflows/shuffle-tests.yml deleted file mode 100644 index a4334dc56da37e..00000000000000 --- a/.github/workflows/shuffle-tests.yml +++ /dev/null @@ -1,83 +0,0 @@ -name: shuffle-tests - -on: - # Allow manually running - workflow_dispatch: - inputs: - per-test-coverage: - description: Whether to get per-test coverage (uses ./github/workflows/codecov_per_test_coverage.yml) - required: true - default: 'true' - seed: - description: The seed for the test ordering - required: false - - # Run once a day - schedule: - - cron: '0 1 * * *' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -env: - SENTRY_SHUFFLE_TESTS: true -jobs: - per-test-coverage: - if: ${{ inputs.per-test-coverage == 'true' || github.event_name == 'schedule' }} - uses: ./.github/workflows/codecov_per_test_coverage.yml - secrets: inherit - backend-test: - name: run backend tests - runs-on: ubuntu-24.04 - timeout-minutes: 90 - permissions: - contents: read - id-token: write - strategy: - # This helps not having to run multiple jobs because one fails, thus, reducing resource usage - # and reducing the risk that one of many runs would turn red again (read: intermittent tests) - fail-fast: false - matrix: - # XXX: When updating this, make sure you also update MATRIX_INSTANCE_TOTAL. - instance: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10] - - env: - # XXX: `MATRIX_INSTANCE_TOTAL` must be hardcoded to the length of `strategy.matrix.instance`. - # If this increases, make sure to also increase `flags.backend.after_n_builds` in `codecov.yml`. - MATRIX_INSTANCE_TOTAL: 11 - - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - name: Setup sentry env - uses: ./.github/actions/setup-sentry - id: setup - with: - mode: backend-ci - env: - SENTRY_SHUFFLE_TESTS_SEED: ${{ inputs.seed }} - - - name: Run backend test (${{ steps.setup.outputs.matrix-instance-number }} of ${{ steps.setup.outputs.matrix-instance-total }}) - run: | - make test-python-ci - env: - SENTRY_SHUFFLE_TESTS_SEED: ${{ inputs.seed }} - - - name: Inspect failure - if: failure() - run: | - if command -v devservices; then - devservices logs - fi - - - name: Collect test data - uses: ./.github/actions/collect-test-data - if: ${{ !cancelled() }} - with: - artifact_path: .artifacts/pytest.json - gcs_bucket: ${{ secrets.COLLECT_TEST_DATA_GCS_BUCKET }} - gcp_project_id: ${{ secrets.COLLECT_TEST_DATA_GCP_PROJECT_ID }} - workload_identity_provider: ${{ secrets.SENTRY_GCP_DEV_WORKLOAD_IDENTITY_POOL }} - service_account_email: ${{ secrets.COLLECT_TEST_DATA_SERVICE_ACCOUNT_EMAIL }} - matrix_instance_number: ${{ steps.setup.outputs.matrix-instance-number }} diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml deleted file mode 100644 index 77c947a1faff49..00000000000000 --- a/.github/workflows/sync-labels.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: meta(labels) -on: - pull_request: - paths: - - .github/labels.yml - push: - branches: - - master - paths: - - .github/labels.yml - -# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 -env: - SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 - -jobs: - sync: - name: syncs repository labels - runs-on: ubuntu-latest - permissions: - issues: write - pull-requests: write - steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 - id: setup-node - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@36de12bed180fa130ed56a35e7344f2fa7a820ab # v4 - - - name: Install github-label-sync - run: pnpm add github-label-sync@2.2.0 - - - name: Run github-label-sync - run: | - pnpm exec github-label-sync \ - --access-token ${{ secrets.GITHUB_TOKEN }} \ - --labels .github/labels.yml \ - ${{ github.event_name == 'pull_request' && '--dry-run' || '' }} \ - ${{ github.repository }} \ - 2>&1 | tee sync-report.txt - - - name: Read sync output into variable - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 - if: github.event_name == 'pull_request' - id: github-label-sync - with: - script: | - const fs = require('fs'); - return fs.readFileSync('sync-report.txt','utf8').toString(); - result-encoding: string - - - name: Find previous dry-run comment - uses: peter-evans/find-comment@a54c31d7fa095754bfef525c0c8e5e5674c4b4b1 # v2.4.0 - if: github.event_name == 'pull_request' - id: fc - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: '' - - - name: Add or update dry-run comment - uses: peter-evans/create-or-update-comment@b95e16d2859ad843a14218d1028da5b2c4cbc4b4 - if: github.event_name == 'pull_request' - with: - issue-number: ${{ github.event.pull_request.number }} - comment-id: ${{ steps.fc.outputs.comment-id }} - edit-mode: replace - body: > - - - 🏷 The following changes will be made to the repository labels - - ``` - ${{ steps.github-label-sync.outputs.result }} - ```