From 95e48b34f945c16d20ed6b52924957848d559bce Mon Sep 17 00:00:00 2001 From: David Herberth Date: Fri, 15 Mar 2024 10:00:02 +0100 Subject: [PATCH] . --- .github/workflows/ci.yml | 895 ++++++++++++++++++++------------------- 1 file changed, 459 insertions(+), 436 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e4b1e74cab..9da1cffa42 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,456 +17,479 @@ env: CARGO_TERM_COLOR: always jobs: - lint: - name: Lint - runs-on: ubuntu-latest - - steps: - - name: Install libcurl-dev - run: | - sudo apt-get update - sudo apt-get install -y libcurl4-openssl-dev - - - uses: actions/checkout@v4 - with: - submodules: recursive - - - uses: actions/setup-python@v5 - with: - python-version: '3.10' - - - name: Install Rust Toolchain - run: rustup toolchain install stable --profile minimal --component clippy rustfmt rust-docs --no-self-update - - - uses: swatinem/rust-cache@v2 - with: - key: ${{ github.job }} - - - run: make style lint - - - name: Check Docs - run: cargo doc --workspace --all-features --no-deps --document-private-items - env: - RUSTDOCFLAGS: -Dwarnings - - lint_default: - name: Lint Rust Default Features - runs-on: ubuntu-latest - - steps: - - name: Install libcurl-dev - run: | - sudo apt-get update - sudo apt-get install -y libcurl4-openssl-dev - - - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Install Rust Toolchain - run: rustup toolchain install stable --profile minimal --component clippy --no-self-update - - - uses: swatinem/rust-cache@v2 - with: - key: ${{ github.job }} - - - name: Run Clippy - run: cargo clippy --workspace --all-targets --no-deps -- -D warnings - - test: - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - os: [macos-latest, windows-latest] - - name: Test (${{ matrix.os }}) - runs-on: ${{ matrix.os }} - - # Skip redundant checks for library releases - if: "!startsWith(github.ref, 'refs/heads/release-library/')" - - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Install Rust Toolchain - run: rustup toolchain install stable --profile minimal --no-self-update - - - uses: swatinem/rust-cache@v2 - with: - key: ${{ github.job }} - - - name: Run Cargo Tests - run: cargo test --workspace - - test_all: - timeout-minutes: 15 - name: Test All Features (ubuntu-latest) - runs-on: ubuntu-latest - - # Skip redundant checks for library releases - if: "!startsWith(github.ref, 'refs/heads/release-library/')" - - # Testing all features requires Docker container operations that are only available on - # `ubuntu-latest`. This `test-all` job is to be seen as complementary to the `test` job. If - # services become available on other platforms, the jobs should be consolidated. See - # https://docs.github.com/en/actions/guides/about-service-containers - - services: - redis: # https://docs.github.com/en/actions/guides/creating-redis-service-containers - image: redis - ports: - - 6379:6379 - - steps: - - name: Install libcurl-dev - run: | - sudo apt-get update - sudo apt-get install -y libcurl4-openssl-dev - - - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Install Rust Toolchain - run: rustup toolchain install stable --profile minimal --no-self-update - - - uses: swatinem/rust-cache@v2 - with: - key: ${{ github.job }} - - - name: Run Cargo Tests - run: cargo test --workspace --all-features - - test_py: - strategy: - fail-fast: false - matrix: - python-version: ['3.10'] - - # Skip redundant checks for binary releases - if: "!startsWith(github.ref, 'refs/heads/release/')" - - name: Test Python ${{ matrix.python-version }} - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Install Rust Toolchain - run: rustup toolchain install stable --profile minimal --no-self-update - - - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} - - - name: Install Dependencies - run: pip install -U pytest - - - uses: swatinem/rust-cache@v2 - with: - key: ${{ github.job }} - - - name: Build and Install Library - run: pip install -v --editable py - env: - RELAY_DEBUG: 1 - - - name: Run Python Tests - run: pytest -v py + # lint: + # name: Lint + # runs-on: ubuntu-latest + # + # steps: + # - name: Install libcurl-dev + # run: | + # sudo apt-get update + # sudo apt-get install -y libcurl4-openssl-dev + # + # - uses: actions/checkout@v4 + # with: + # submodules: recursive + # + # - uses: actions/setup-python@v5 + # with: + # python-version: '3.10' + # + # - name: Install Rust Toolchain + # run: rustup toolchain install stable --profile minimal --component clippy rustfmt rust-docs --no-self-update + # + # - uses: swatinem/rust-cache@v2 + # with: + # key: ${{ github.job }} + # + # - run: make style lint + # + # - name: Check Docs + # run: cargo doc --workspace --all-features --no-deps --document-private-items + # env: + # RUSTDOCFLAGS: -Dwarnings + # + # lint_default: + # name: Lint Rust Default Features + # runs-on: ubuntu-latest + # + # steps: + # - name: Install libcurl-dev + # run: | + # sudo apt-get update + # sudo apt-get install -y libcurl4-openssl-dev + # + # - uses: actions/checkout@v4 + # with: + # submodules: recursive + # + # - name: Install Rust Toolchain + # run: rustup toolchain install stable --profile minimal --component clippy --no-self-update + # + # - uses: swatinem/rust-cache@v2 + # with: + # key: ${{ github.job }} + # + # - name: Run Clippy + # run: cargo clippy --workspace --all-targets --no-deps -- -D warnings + # + # test: + # timeout-minutes: 20 + # strategy: + # fail-fast: false + # matrix: + # os: [macos-latest, windows-latest] + # + # name: Test (${{ matrix.os }}) + # runs-on: ${{ matrix.os }} + # + # # Skip redundant checks for library releases + # if: "!startsWith(github.ref, 'refs/heads/release-library/')" + # + # steps: + # - uses: actions/checkout@v4 + # with: + # submodules: recursive + # + # - name: Install Rust Toolchain + # run: rustup toolchain install stable --profile minimal --no-self-update + # + # - uses: swatinem/rust-cache@v2 + # with: + # key: ${{ github.job }} + # + # - name: Run Cargo Tests + # run: cargo test --workspace + # + # test_all: + # timeout-minutes: 15 + # name: Test All Features (ubuntu-latest) + # runs-on: ubuntu-latest + # + # # Skip redundant checks for library releases + # if: "!startsWith(github.ref, 'refs/heads/release-library/')" + # + # # Testing all features requires Docker container operations that are only available on + # # `ubuntu-latest`. This `test-all` job is to be seen as complementary to the `test` job. If + # # services become available on other platforms, the jobs should be consolidated. See + # # https://docs.github.com/en/actions/guides/about-service-containers + # + # services: + # redis: # https://docs.github.com/en/actions/guides/creating-redis-service-containers + # image: redis + # ports: + # - 6379:6379 + # + # steps: + # - name: Install libcurl-dev + # run: | + # sudo apt-get update + # sudo apt-get install -y libcurl4-openssl-dev + # + # - uses: actions/checkout@v4 + # with: + # submodules: recursive + # + # - name: Install Rust Toolchain + # run: rustup toolchain install stable --profile minimal --no-self-update + # + # - uses: swatinem/rust-cache@v2 + # with: + # key: ${{ github.job }} + # + # - name: Run Cargo Tests + # run: cargo test --workspace --all-features + # + # test_py: + # strategy: + # fail-fast: false + # matrix: + # python-version: ['3.10'] + # + # # Skip redundant checks for binary releases + # if: "!startsWith(github.ref, 'refs/heads/release/')" + # + # name: Test Python ${{ matrix.python-version }} + # runs-on: ubuntu-latest + # + # steps: + # - uses: actions/checkout@v4 + # with: + # submodules: recursive + # + # - name: Install Rust Toolchain + # run: rustup toolchain install stable --profile minimal --no-self-update + # + # - uses: actions/setup-python@v5 + # with: + # python-version: ${{ matrix.python-version }} + # + # - name: Install Dependencies + # run: pip install -U pytest + # + # - uses: swatinem/rust-cache@v2 + # with: + # key: ${{ github.job }} + # + # - name: Build and Install Library + # run: pip install -v --editable py + # env: + # RELAY_DEBUG: 1 + # + # - name: Run Python Tests + # run: pytest -v py build: timeout-minutes: 30 strategy: matrix: - # the arm64 build takes too long, so disable for now - arch: [amd64] - image_name: [relay, relay-pop] + target: [aarch64-unknown-linux-gnu, x86_64-unknown-linux-gnu] name: Build Docker Image runs-on: ubuntu-latest - # Skip redundant checks for library releases - if: "!startsWith(github.ref, 'refs/heads/release-library/')" - - env: - IMG_BASE: ghcr.io/getsentry/${{ matrix.image_name }} - IMG_DEPS: ghcr.io/getsentry/${{ matrix.image_name }}-deps:${{ matrix.arch }} - # GITHUB_SHA in pull requests points to the merge commit - IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }} - ARCH: ${{ matrix.arch }} - steps: - uses: actions/checkout@v4 with: submodules: recursive - + - uses: dtolnay/rust-toolchain@stable + target: ["${{ matrix.target }}"] - uses: swatinem/rust-cache@v2 with: key: ${{ github.job }}-${{ matrix.arch }} - - - run: docker run --rm --privileged tonistiigi/binfmt --install arm64 - if: matrix.arch == 'arm64' - - - name: Build - run: | - # Get the latest stable rust toolchain version available - TOOLCHAIN=$(curl -s 'https://static.rust-lang.org/dist/channel-rust-stable.toml' | awk '/\[pkg.rust\]/ {getline;print;}' | sed -r 's/^version = "([0-9.]+) .*/\1/') - ./scripts/build-docker-image.sh "$ARCH" "$TOOLCHAIN" ${{ matrix.image_name }} - - - name: Export Docker Image - run: docker save -o ${{ matrix.image_name }}-docker-image.tgz $IMG_VERSIONED - - - name: Upload Docker Image to Artifact - uses: actions/upload-artifact@v3 - with: - retention-days: 1 - name: ${{ matrix.image_name }}-docker-image - path: ${{ matrix.image_name }}-docker-image.tgz - - - name: Push to ghcr.io - # Do not run this on forks as they do not have access to secrets - if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" - run: | - set -euxo pipefail - docker login --username '${{ github.actor }}' --password '${{ secrets.GITHUB_TOKEN }}' ghcr.io - docker push $IMG_DEPS - docker push $IMG_VERSIONED - - - name: Push nightly to ghcr.io - if: github.ref == 'refs/heads/master' - run: | - set -euxo pipefail - docker tag "$IMG_VERSIONED" "$IMG_BASE:nightly" - docker push "$IMG_BASE:nightly" - - push-prod-image: - timeout-minutes: 5 - needs: build - - strategy: - matrix: - image_name: [relay, relay-pop] - - name: Push GCR Docker Image - runs-on: ubuntu-latest - - # required for google auth - permissions: - contents: "read" - id-token: "write" - - # Skip redundant checks for library releases - # Skip for dependabot and if run on a fork - if: "!startsWith(github.ref, 'refs/heads/release-library/') && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" - - env: - # GITHUB_SHA in pull requests points to the merge commit - REVISION: ${{ github.event.pull_request.head.sha || github.sha }} - IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }} - - steps: - - name: Download Docker Image - uses: actions/download-artifact@v3 - with: - name: ${{ matrix.image_name }}-docker-image - - - name: Import Docker Image - run: docker load -i ${{ matrix.image_name }}-docker-image.tgz - - - name: Google Auth - id: auth - uses: google-github-actions/auth@v2 - with: - workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool - service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com - - - name: "Set up Cloud SDK" - uses: "google-github-actions/setup-gcloud@v2" - with: - # https://github.com/google-github-actions/auth#authenticating-via-workload-identity-federation - # You must use the Cloud SDK version 390.0.0 or later to authenticate the bq and gsutil tools. - version: ">= 390.0.0" - - - name: Configure docker - run: | - gcloud auth configure-docker us.gcr.io - - - name: Push to us.gcr.io - run: | - set -euxo pipefail - docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION" - docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION" - - - name: Push nightly to us.gcr.io - if: github.ref == 'refs/heads/master' - run: | - set -euxo pipefail - docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly" - docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly" - - - name: Upload gocd deployment assets - run: | - set -euxo pipefail - VERSION="$(docker run --rm "$IMG_VERSIONED" --version | cut -d" " -f2)" - echo "relay@$VERSION+$REVISION" > release-name - - docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay-debug.zip > relay-debug.zip - docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay.src.zip > relay.src.zip - docker run --rm --entrypoint tar "$IMG_VERSIONED" -cf - /lib/x86_64-linux-gnu > libs.tar - - # debugging for mysterious "Couldn't write tracker file" issue: - (env | grep runner) || true - ls -ld \ - /home \ - /home/runner \ - /home/runner/.gsutil \ - /home/runner/.gsutil/tracker-files \ - /home/runner/.gsutil/tracker-files/upload_TRACKER_*.rc.zip__JSON.url \ - || true - gsutil -m cp -L gsutil.log ./libs.tar ./relay-debug.zip ./relay.src.zip ./release-name \ - "gs://dicd-team-devinfra-cd--relay/deployment-assets/$REVISION/${{ matrix.image_name }}/" || status=$? && status=$? - cat gsutil.log - exit "$status" - - test_integration: - name: Integration Tests - runs-on: ubuntu-latest - timeout-minutes: 20 - - # Skip redundant checks for library releases - if: "!startsWith(github.ref, 'refs/heads/release-library/')" - - services: - redis: # https://docs.github.com/en/actions/guides/creating-redis-service-containers - image: redis - ports: - - 6379:6379 - - # Kafka + Zookeeper version synced with - # https://github.com/getsentry/sentry/blob/363509c242aff197409207ce4990fb061f3534a3/.github/actions/setup-sentry/action.yml#L174 - - zookeeper: - image: confluentinc/cp-zookeeper:4.1.0 - env: - ZOOKEEPER_CLIENT_PORT: 2181 - - kafka: - image: confluentinc/cp-kafka:5.1.2 - env: - KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 - KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://127.0.0.1:9092 - KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 - KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1 - ports: - - 9092:9092 - - steps: - - name: Install libcurl-dev - run: | - sudo apt-get update - sudo apt-get install -y libcurl4-openssl-dev - - - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Install Rust Toolchain - run: rustup toolchain install stable --profile minimal --no-self-update - - - uses: swatinem/rust-cache@v2 - with: - key: ${{ github.job }} - - - name: Cargo build - run: cargo build --all-features - - - uses: actions/setup-python@v5 - with: - python-version: '3.10' - - - run: make test-integration - env: - RELAY_VERSION_CHAIN: "20.6.0,latest" - - sentry-relay-integration-tests: - name: Sentry-Relay Integration Tests - runs-on: ubuntu-latest - timeout-minutes: 30 - needs: build - - # Skip redundant checks for library releases - if: "!startsWith(github.ref, 'refs/heads/release-library/')" - - steps: - # Checkout Sentry and run integration tests against latest Relay - - name: Checkout Sentry - uses: actions/checkout@v4 - with: - repository: getsentry/sentry - path: sentry - - - name: Setup steps - id: setup - run: | - # GITHUB_SHA in pull requests points to the merge commit - RELAY_TEST_IMAGE=ghcr.io/getsentry/relay:${{ github.event.pull_request.head.sha || github.sha }} - echo "We expected GCB to push this image $RELAY_TEST_IMAGE" - echo "relay-test-image=$RELAY_TEST_IMAGE" >> "$GITHUB_OUTPUT" - # We cannot execute actions that are not placed under .github of the main repo - mkdir -p .github/actions - cp -r sentry/.github/actions/setup-sentry .github/actions/ - - - name: Setup Sentry - uses: ./.github/actions/setup-sentry - with: - workdir: sentry - snuba: true - kafka: true - symbolicator: true - - - name: Download Docker Image - uses: actions/download-artifact@v3 - with: - name: relay-docker-image - - - name: Import Docker Image - run: docker load -i relay-docker-image.tgz - - - name: Run Sentry integration tests - working-directory: sentry - env: - RELAY_TEST_IMAGE: ${{ steps.setup.outputs.relay-test-image }} - run: | - echo "Testing against ${RELAY_TEST_IMAGE}" - make test-relay-integration - - publish-to-dockerhub: - name: Publish Relay to DockerHub - needs: build - runs-on: ubuntu-20.04 - if: ${{ (github.ref_name == 'master') }} - steps: - - uses: actions/checkout@v4 - - timeout-minutes: 20 - run: until docker pull "ghcr.io/getsentry/relay:${{ github.sha }}" 2>/dev/null; do sleep 10; done - - name: Push built docker image - shell: bash + - name: Compile run: | - IMAGE_URL="ghcr.io/getsentry/relay:${{ github.sha }}" - docker login --username=sentrybuilder --password ${{ secrets.DOCKER_HUB_RW_TOKEN }} - # We push 3 tags to Dockerhub: - # first, the full sha of the commit - docker tag "$IMAGE_URL" getsentry/relay:${GITHUB_SHA} - docker push getsentry/relay:${GITHUB_SHA} - # second, the short sha of the commit - SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA") - docker tag "$IMAGE_URL" getsentry/relay:${SHORT_SHA} - docker push getsentry/relay:${SHORT_SHA} - # finally, nightly - docker tag "$IMAGE_URL" getsentry/relay:nightly - docker push getsentry/relay:nightly + cargo build --all-features --release --target "${{ matrix.target }}" + + + # build: + # timeout-minutes: 30 + # strategy: + # matrix: + # # the arm64 build takes too long, so disable for now + # arch: [amd64] + # image_name: [relay, relay-pop] + # + # name: Build Docker Image + # runs-on: ubuntu-latest + # + # # Skip redundant checks for library releases + # if: "!startsWith(github.ref, 'refs/heads/release-library/')" + # + # env: + # IMG_BASE: ghcr.io/getsentry/${{ matrix.image_name }} + # IMG_DEPS: ghcr.io/getsentry/${{ matrix.image_name }}-deps:${{ matrix.arch }} + # # GITHUB_SHA in pull requests points to the merge commit + # IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }} + # ARCH: ${{ matrix.arch }} + # + # steps: + # - uses: actions/checkout@v4 + # with: + # submodules: recursive + # + # - uses: swatinem/rust-cache@v2 + # with: + # key: ${{ github.job }}-${{ matrix.arch }} + # + # - run: docker run --rm --privileged tonistiigi/binfmt --install arm64 + # if: matrix.arch == 'arm64' + # + # - name: Build + # run: | + # # Get the latest stable rust toolchain version available + # TOOLCHAIN=$(curl -s 'https://static.rust-lang.org/dist/channel-rust-stable.toml' | awk '/\[pkg.rust\]/ {getline;print;}' | sed -r 's/^version = "([0-9.]+) .*/\1/') + # ./scripts/build-docker-image.sh "$ARCH" "$TOOLCHAIN" ${{ matrix.image_name }} + # + # - name: Export Docker Image + # run: docker save -o ${{ matrix.image_name }}-docker-image.tgz $IMG_VERSIONED + # + # - name: Upload Docker Image to Artifact + # uses: actions/upload-artifact@v3 + # with: + # retention-days: 1 + # name: ${{ matrix.image_name }}-docker-image + # path: ${{ matrix.image_name }}-docker-image.tgz + # + # - name: Push to ghcr.io + # # Do not run this on forks as they do not have access to secrets + # if: "!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" + # run: | + # set -euxo pipefail + # docker login --username '${{ github.actor }}' --password '${{ secrets.GITHUB_TOKEN }}' ghcr.io + # docker push $IMG_DEPS + # docker push $IMG_VERSIONED + # + # - name: Push nightly to ghcr.io + # if: github.ref == 'refs/heads/master' + # run: | + # set -euxo pipefail + # docker tag "$IMG_VERSIONED" "$IMG_BASE:nightly" + # docker push "$IMG_BASE:nightly" + + # push-prod-image: + # timeout-minutes: 5 + # needs: build + # + # strategy: + # matrix: + # image_name: [relay, relay-pop] + # + # name: Push GCR Docker Image + # runs-on: ubuntu-latest + # + # # required for google auth + # permissions: + # contents: "read" + # id-token: "write" + # + # # Skip redundant checks for library releases + # # Skip for dependabot and if run on a fork + # if: "!startsWith(github.ref, 'refs/heads/release-library/') && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'" + # + # env: + # # GITHUB_SHA in pull requests points to the merge commit + # REVISION: ${{ github.event.pull_request.head.sha || github.sha }} + # IMG_VERSIONED: ghcr.io/getsentry/${{ matrix.image_name }}:${{ github.event.pull_request.head.sha || github.sha }} + # + # steps: + # - name: Download Docker Image + # uses: actions/download-artifact@v3 + # with: + # name: ${{ matrix.image_name }}-docker-image + # + # - name: Import Docker Image + # run: docker load -i ${{ matrix.image_name }}-docker-image.tgz + # + # - name: Google Auth + # id: auth + # uses: google-github-actions/auth@v2 + # with: + # workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool + # service_account: gha-gcr-push@sac-prod-sa.iam.gserviceaccount.com + # + # - name: "Set up Cloud SDK" + # uses: "google-github-actions/setup-gcloud@v2" + # with: + # # https://github.com/google-github-actions/auth#authenticating-via-workload-identity-federation + # # You must use the Cloud SDK version 390.0.0 or later to authenticate the bq and gsutil tools. + # version: ">= 390.0.0" + # + # - name: Configure docker + # run: | + # gcloud auth configure-docker us.gcr.io + # + # - name: Push to us.gcr.io + # run: | + # set -euxo pipefail + # docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION" + # docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:$REVISION" + # + # - name: Push nightly to us.gcr.io + # if: github.ref == 'refs/heads/master' + # run: | + # set -euxo pipefail + # docker tag "$IMG_VERSIONED" "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly" + # docker push "us.gcr.io/sentryio/${{ matrix.image_name }}:nightly" + # + # - name: Upload gocd deployment assets + # run: | + # set -euxo pipefail + # VERSION="$(docker run --rm "$IMG_VERSIONED" --version | cut -d" " -f2)" + # echo "relay@$VERSION+$REVISION" > release-name + # + # docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay-debug.zip > relay-debug.zip + # docker run --rm --entrypoint cat "$IMG_VERSIONED" /opt/relay.src.zip > relay.src.zip + # docker run --rm --entrypoint tar "$IMG_VERSIONED" -cf - /lib/x86_64-linux-gnu > libs.tar + # + # # debugging for mysterious "Couldn't write tracker file" issue: + # (env | grep runner) || true + # ls -ld \ + # /home \ + # /home/runner \ + # /home/runner/.gsutil \ + # /home/runner/.gsutil/tracker-files \ + # /home/runner/.gsutil/tracker-files/upload_TRACKER_*.rc.zip__JSON.url \ + # || true + # gsutil -m cp -L gsutil.log ./libs.tar ./relay-debug.zip ./relay.src.zip ./release-name \ + # "gs://dicd-team-devinfra-cd--relay/deployment-assets/$REVISION/${{ matrix.image_name }}/" || status=$? && status=$? + # cat gsutil.log + # exit "$status" + # + # test_integration: + # name: Integration Tests + # runs-on: ubuntu-latest + # timeout-minutes: 20 + # + # # Skip redundant checks for library releases + # if: "!startsWith(github.ref, 'refs/heads/release-library/')" + # + # services: + # redis: # https://docs.github.com/en/actions/guides/creating-redis-service-containers + # image: redis + # ports: + # - 6379:6379 + # + # # Kafka + Zookeeper version synced with + # # https://github.com/getsentry/sentry/blob/363509c242aff197409207ce4990fb061f3534a3/.github/actions/setup-sentry/action.yml#L174 + # + # zookeeper: + # image: confluentinc/cp-zookeeper:4.1.0 + # env: + # ZOOKEEPER_CLIENT_PORT: 2181 + # + # kafka: + # image: confluentinc/cp-kafka:5.1.2 + # env: + # KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 + # KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://127.0.0.1:9092 + # KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 + # KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1 + # ports: + # - 9092:9092 + # + # steps: + # - name: Install libcurl-dev + # run: | + # sudo apt-get update + # sudo apt-get install -y libcurl4-openssl-dev + # + # - uses: actions/checkout@v4 + # with: + # submodules: recursive + # + # - name: Install Rust Toolchain + # run: rustup toolchain install stable --profile minimal --no-self-update + # + # - uses: swatinem/rust-cache@v2 + # with: + # key: ${{ github.job }} + # + # - name: Cargo build + # run: cargo build --all-features + # + # - uses: actions/setup-python@v5 + # with: + # python-version: '3.10' + # + # - run: make test-integration + # env: + # RELAY_VERSION_CHAIN: "20.6.0,latest" + # + # sentry-relay-integration-tests: + # name: Sentry-Relay Integration Tests + # runs-on: ubuntu-latest + # timeout-minutes: 30 + # needs: build + # + # # Skip redundant checks for library releases + # if: "!startsWith(github.ref, 'refs/heads/release-library/')" + # + # steps: + # # Checkout Sentry and run integration tests against latest Relay + # - name: Checkout Sentry + # uses: actions/checkout@v4 + # with: + # repository: getsentry/sentry + # path: sentry + # + # - name: Setup steps + # id: setup + # run: | + # # GITHUB_SHA in pull requests points to the merge commit + # RELAY_TEST_IMAGE=ghcr.io/getsentry/relay:${{ github.event.pull_request.head.sha || github.sha }} + # echo "We expected GCB to push this image $RELAY_TEST_IMAGE" + # echo "relay-test-image=$RELAY_TEST_IMAGE" >> "$GITHUB_OUTPUT" + # # We cannot execute actions that are not placed under .github of the main repo + # mkdir -p .github/actions + # cp -r sentry/.github/actions/setup-sentry .github/actions/ + # + # - name: Setup Sentry + # uses: ./.github/actions/setup-sentry + # with: + # workdir: sentry + # snuba: true + # kafka: true + # symbolicator: true + # + # - name: Download Docker Image + # uses: actions/download-artifact@v3 + # with: + # name: relay-docker-image + # + # - name: Import Docker Image + # run: docker load -i relay-docker-image.tgz + # + # - name: Run Sentry integration tests + # working-directory: sentry + # env: + # RELAY_TEST_IMAGE: ${{ steps.setup.outputs.relay-test-image }} + # run: | + # echo "Testing against ${RELAY_TEST_IMAGE}" + # make test-relay-integration + # + # publish-to-dockerhub: + # name: Publish Relay to DockerHub + # needs: build + # runs-on: ubuntu-20.04 + # if: ${{ (github.ref_name == 'master') }} + # steps: + # - uses: actions/checkout@v4 + # - timeout-minutes: 20 + # run: until docker pull "ghcr.io/getsentry/relay:${{ github.sha }}" 2>/dev/null; do sleep 10; done + # - name: Push built docker image + # shell: bash + # run: | + # IMAGE_URL="ghcr.io/getsentry/relay:${{ github.sha }}" + # docker login --username=sentrybuilder --password ${{ secrets.DOCKER_HUB_RW_TOKEN }} + # # We push 3 tags to Dockerhub: + # # first, the full sha of the commit + # docker tag "$IMAGE_URL" getsentry/relay:${GITHUB_SHA} + # docker push getsentry/relay:${GITHUB_SHA} + # # second, the short sha of the commit + # SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA") + # docker tag "$IMAGE_URL" getsentry/relay:${SHORT_SHA} + # docker push getsentry/relay:${SHORT_SHA} + # # finally, nightly + # docker tag "$IMAGE_URL" getsentry/relay:nightly + # docker push getsentry/relay:nightly