fix: deprecate creation of legacy API Keys #102159
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: backend | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
# Cancel in progress workflows on pull_requests. | |
# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359 | |
env: | |
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3 | |
jobs: | |
files-changed: | |
name: detect what files changed | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 3 | |
# Map a step output to a job output | |
outputs: | |
api_docs: ${{ steps.changes.outputs.api_docs }} | |
backend: ${{ steps.changes.outputs.backend_all }} | |
backend_dependencies: ${{ steps.changes.outputs.backend_dependencies }} | |
backend_any_type: ${{ steps.changes.outputs.backend_any_type }} | |
migration_lockfile: ${{ steps.changes.outputs.migration_lockfile }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Check for backend file changes | |
uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 | |
id: changes | |
with: | |
token: ${{ github.token }} | |
filters: .github/file-filters.yml | |
api-docs: | |
if: needs.files-changed.outputs.api_docs == 'true' | |
needs: files-changed | |
name: api docs test | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: getsentry/action-setup-volta@e4939d337b83760d13a9d7030a6f68c9d0ee7581 # v2.0.0 | |
- name: Setup sentry python env | |
uses: ./.github/actions/setup-sentry | |
id: setup | |
with: | |
snuba: true | |
- name: Run API docs tests | |
# install ts-node for ts build scripts to execute properly without potentially installing | |
# conflicting deps when running scripts locally | |
# see: https://github.com/getsentry/sentry/pull/32328/files | |
run: | | |
yarn add ts-node && make test-api-docs | |
backend-test: | |
if: needs.files-changed.outputs.backend == 'true' | |
needs: files-changed | |
name: backend test | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
strategy: | |
# This helps not having to run multiple jobs because one fails, thus, reducing resource usage | |
# and reducing the risk that one of many runs would turn red again (read: intermittent tests) | |
fail-fast: false | |
matrix: | |
# XXX: When updating this, make sure you also update MATRIX_INSTANCE_TOTAL. | |
instance: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10] | |
pg-version: ['14'] | |
env: | |
# XXX: `MATRIX_INSTANCE_TOTAL` must be hardcoded to the length of `strategy.matrix.instance`. | |
# If this increases, make sure to also increase `flags.backend.after_n_builds` in `codecov.yml`. | |
MATRIX_INSTANCE_TOTAL: 11 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
# Avoid codecov error message related to SHA resolution: | |
# https://github.com/codecov/codecov-bash/blob/7100762afbc822b91806a6574658129fe0d23a7d/codecov#L891 | |
fetch-depth: '2' | |
- name: Setup sentry env | |
uses: ./.github/actions/setup-sentry | |
id: setup | |
with: | |
redis_cluster: true | |
kafka: true | |
snuba: true | |
symbolicator: true | |
# Right now, we run so few bigtable related tests that the | |
# overhead of running bigtable in all backend tests | |
# is way smaller than the time it would take to run in its own job. | |
bigtable: true | |
pg-version: ${{ matrix.pg-version }} | |
- name: Run backend test (${{ steps.setup.outputs.matrix-instance-number }} of ${{ steps.setup.outputs.matrix-instance-total }}) | |
run: | | |
make test-python-ci | |
# Upload coverage data even if running the tests step fails since | |
# it reduces large coverage fluctuations | |
- name: Handle artifacts | |
if: ${{ always() }} | |
uses: ./.github/actions/artifacts | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
backend-migration-tests: | |
if: needs.files-changed.outputs.backend == 'true' | |
needs: files-changed | |
name: backend migration tests | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 30 | |
strategy: | |
matrix: | |
pg-version: ['14'] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
# Avoid codecov error message related to SHA resolution: | |
# https://github.com/codecov/codecov-bash/blob/7100762afbc822b91806a6574658129fe0d23a7d/codecov#L891 | |
fetch-depth: '2' | |
- name: Setup sentry env | |
uses: ./.github/actions/setup-sentry | |
id: setup | |
with: | |
snuba: true | |
pg-version: ${{ matrix.pg-version }} | |
- name: run tests | |
run: | | |
# historic migrations trigger some warnings | |
PYTEST_ADDOPTS="$PYTEST_ADDOPTS -m migrations --migrations" make test-python-ci | |
# Upload coverage data even if running the tests step fails since | |
# it reduces large coverage fluctuations | |
- name: Handle artifacts | |
if: ${{ always() }} | |
uses: ./.github/actions/artifacts | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
cli: | |
if: needs.files-changed.outputs.backend == 'true' | |
needs: files-changed | |
name: cli test | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
strategy: | |
matrix: | |
pg-version: ['14'] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Setup sentry env | |
uses: ./.github/actions/setup-sentry | |
id: setup | |
with: | |
pg-version: ${{ matrix.pg-version }} | |
- name: Run test | |
run: | | |
make test-cli | |
# Upload coverage data even if running the tests step fails since | |
# it reduces large coverage fluctuations | |
- name: Handle artifacts | |
if: ${{ always() }} | |
uses: ./.github/actions/artifacts | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
requirements: | |
if: needs.files-changed.outputs.backend_dependencies == 'true' | |
needs: files-changed | |
name: requirements check | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 3 | |
steps: | |
- uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 | |
id: token | |
continue-on-error: true | |
with: | |
app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} | |
private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: getsentry/action-setup-venv@a133e6fd5fa6abd3f590a1c106abda344f5df69f # v2.1.0 | |
with: | |
python-version: 3.11.6 | |
cache-dependency-path: requirements-dev-frozen.txt | |
install-cmd: python3 -m tools.hack_pip && pip install -q --constraint requirements-dev-frozen.txt pip-tools | |
- name: check requirements | |
run: | | |
python -S -m tools.freeze_requirements | |
if ! git diff --exit-code; then | |
echo $'\n\nrun `make freeze-requirements` locally to update requirements' | |
exit 1 | |
fi | |
- name: apply any requirements changes | |
if: steps.token.outcome == 'success' && github.ref != 'refs/heads/master' && always() | |
uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0 | |
with: | |
github-token: ${{ steps.token.outputs.token }} | |
message: ':snowflake: re-freeze requirements' | |
migration: | |
if: needs.files-changed.outputs.migration_lockfile == 'true' | |
needs: files-changed | |
name: check migration | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
pg-version: ['14'] | |
steps: | |
- name: Checkout sentry | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Setup sentry env | |
uses: ./.github/actions/setup-sentry | |
id: setup | |
with: | |
pg-version: ${{ matrix.pg-version }} | |
- name: Migration & lockfile checks | |
env: | |
SENTRY_LOG_LEVEL: ERROR | |
PGPASSWORD: postgres | |
run: | | |
./.github/workflows/scripts/migration-check.sh | |
monolith-dbs: | |
if: needs.files-changed.outputs.backend == 'true' | |
needs: files-changed | |
name: monolith-dbs test | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
# Avoid codecov error message related to SHA resolution: | |
# https://github.com/codecov/codecov-bash/blob/7100762afbc822b91806a6574658129fe0d23a7d/codecov#L891 | |
fetch-depth: '2' | |
- name: Setup sentry env | |
uses: ./.github/actions/setup-sentry | |
id: setup | |
- name: Run test | |
run: | | |
make test-monolith-dbs | |
# Upload coverage data even if running the tests step fails since | |
# it reduces large coverage fluctuations | |
- name: Handle artifacts | |
if: ${{ always() }} | |
uses: ./.github/actions/artifacts | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
typing: | |
if: needs.files-changed.outputs.backend == 'true' | |
needs: files-changed | |
name: backend typing | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: getsentry/action-setup-venv@a133e6fd5fa6abd3f590a1c106abda344f5df69f # v2.1.0 | |
with: | |
python-version: 3.11.6 | |
cache-dependency-path: requirements-dev-frozen.txt | |
install-cmd: python3 -m tools.hack_pip && pip install -r requirements-dev-frozen.txt | |
- name: setup sentry (lite) | |
run: | | |
python3 -m tools.fast_editable --path . | |
sentry init | |
- run: mypy | |
id: run | |
- uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0 | |
id: token | |
continue-on-error: true | |
with: | |
app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }} | |
private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }} | |
# only if `mypy` succeeds should we try and trim the blocklist | |
- run: python3 -m tools.mypy_helpers.make_module_ignores | |
id: regen-blocklist | |
- run: git diff --exit-code | |
- run: | | |
# mypy does not have granular codes so don't allow specific messages to regress | |
! grep "'Settings' object has no attribute" .artifacts/mypy-all | |
! grep 'Cannot override class variable' .artifacts/mypy-all | |
! grep 'Exception type must be derived from BaseException' .artifacts/mypy-all | |
! grep 'Incompatible default for argument' .artifacts/mypy-all | |
! grep 'Incompatible return value type (got "HttpResponseBase"' .artifacts/mypy-all | |
! grep 'Incompatible types in "yield"' .artifacts/mypy-all | |
! grep 'Module "sentry.*has no attribute' .artifacts/mypy-all | |
! grep 'base class .* defined the type as.*Permission' .artifacts/mypy-all | |
! grep 'does not explicitly export attribute' .artifacts/mypy-all | |
- name: apply blocklist changes | |
if: | | |
steps.token.outcome == 'success' && | |
steps.run.outcome == 'success' && | |
steps.regen-blocklist.outcome == 'success' && | |
github.ref != 'refs/heads/master' && | |
always() | |
uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0 | |
with: | |
github-token: ${{ steps.token.outputs.token }} | |
message: ':knife: regenerate mypy module blocklist' | |
# This check runs once all dependent jobs have passed | |
# It symbolizes that all required Backend checks have succesfully passed (Or skipped) | |
# This step is the only required backend check | |
backend-required-check: | |
needs: | |
[ | |
api-docs, | |
backend-test, | |
backend-migration-tests, | |
cli, | |
files-changed, | |
requirements, | |
migration, | |
monolith-dbs, | |
typing, | |
] | |
name: Backend | |
# This is necessary since a failed/skipped dependent job would cause this job to be skipped | |
if: always() | |
runs-on: ubuntu-22.04 | |
steps: | |
# If any jobs we depend on fail, we will fail since this is a required check | |
# NOTE: A timeout is considered a failure | |
- name: Check for failures | |
if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') | |
run: | | |
echo "One of the dependent jobs have failed. You may need to re-run it." && exit 1 |