-
Notifications
You must be signed in to change notification settings - Fork 514
124 lines (124 loc) · 4.68 KB
/
test-integrations-aws.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# Do not edit this file. This file is generated automatically by executing
# python scripts/split-tox-gh-actions/split-tox-gh-actions.py
name: Test AWS
on:
push:
branches:
- master
- release/**
- sentry-sdk-2.0
# XXX: We are using `pull_request_target` instead of `pull_request` because we want
# this to run on forks with access to the secrets necessary to run the test suite.
# Prefer to use `pull_request` when possible.
pull_request_target:
types: [labeled, opened, reopened, synchronize]
# Cancel in progress workflows on pull_requests.
# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read
# `write` is needed to remove the `Trigger: tests using secrets` label
pull-requests: write
env:
SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID: ${{ secrets.SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID }}
SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY: ${{ secrets.SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY }}
BUILD_CACHE_KEY: ${{ github.sha }}
CACHED_BUILD_PATHS: |
${{ github.workspace }}/dist-serverless
jobs:
check-permissions:
name: permissions check
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4.2.2
with:
persist-credentials: false
- name: Check permissions on PR
if: github.event_name == 'pull_request_target'
run: |
python3 -uS .github/workflows/scripts/trigger_tests_on_label.py \
--repo-id ${{ github.event.repository.id }} \
--pr ${{ github.event.number }} \
--event ${{ github.event.action }} \
--username "$ARG_USERNAME" \
--label-names "$ARG_LABEL_NAMES"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# these can contain special characters
ARG_USERNAME: ${{ github.event.pull_request.user.login }}
ARG_LABEL_NAMES: ${{ toJSON(github.event.pull_request.labels.*.name) }}
- name: Check permissions on repo branch
if: github.event_name == 'push'
run: true
test-aws-pinned:
name: AWS (pinned)
timeout-minutes: 30
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
python-version: ["3.9"]
# python3.6 reached EOL and is no longer being supported on
# new versions of hosted runners on Github Actions
# ubuntu-20.04 is the last version that supported python3.6
# see https://github.com/actions/setup-python/issues/544#issuecomment-1332535877
os: [ubuntu-20.04]
needs: check-permissions
steps:
- uses: actions/checkout@v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
allow-prereleases: true
- name: Setup Test Env
run: |
pip install "coverage[toml]" tox
- name: Erase coverage
run: |
coverage erase
- name: Test aws_lambda pinned
run: |
set -x # print commands that are executed
./scripts/runtox.sh --exclude-latest "py${{ matrix.python-version }}-aws_lambda"
- name: Generate coverage XML (Python 3.6)
if: ${{ !cancelled() && matrix.python-version == '3.6' }}
run: |
export COVERAGE_RCFILE=.coveragerc36
coverage combine .coverage-sentry-*
coverage xml --ignore-errors
- name: Generate coverage XML
if: ${{ !cancelled() && matrix.python-version != '3.6' }}
run: |
coverage combine .coverage-sentry-*
coverage xml
- name: Upload coverage to Codecov
if: ${{ !cancelled() }}
uses: codecov/codecov-action@v5.0.2
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: coverage.xml
# make sure no plugins alter our coverage reports
plugin: noop
verbose: true
- name: Upload test results to Codecov
if: ${{ !cancelled() }}
uses: codecov/test-results-action@v1
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: .junitxml
verbose: true
check_required_tests:
name: All pinned AWS tests passed
needs: test-aws-pinned
# Always run this, even if a dependent job failed
if: always()
runs-on: ubuntu-20.04
steps:
- name: Check for failures
if: contains(needs.test-aws-pinned.result, 'failure') || contains(needs.test-aws-pinned.result, 'skipped')
run: |
echo "One of the dependent jobs has failed. You may need to re-run it." && exit 1