2021-03-13 13:54:29 +01:00
|
|
|
# NOTE: Everything test in this file should be in `tools/test-all`. If there's a
|
|
|
|
|
# reason not to run it there, it should be there as a comment
|
|
|
|
|
# explaining why.
|
|
|
|
|
|
2020-06-27 21:33:47 +02:00
|
|
|
name: Zulip CI
|
|
|
|
|
|
2022-07-05 23:57:53 +02:00
|
|
|
on:
|
|
|
|
|
push:
|
|
|
|
|
branches: ["*.x", chat.zulip.org, main]
|
|
|
|
|
tags: ["*"]
|
|
|
|
|
pull_request:
|
|
|
|
|
workflow_dispatch:
|
2020-06-27 21:33:47 +02:00
|
|
|
|
2022-07-05 01:14:47 +02:00
|
|
|
concurrency:
|
|
|
|
|
group: "${{ github.workflow }}-${{ github.head_ref || github.run_id }}"
|
|
|
|
|
cancel-in-progress: true
|
|
|
|
|
|
2020-06-27 21:33:47 +02:00
|
|
|
defaults:
|
|
|
|
|
run:
|
|
|
|
|
shell: bash
|
|
|
|
|
|
2022-08-30 02:12:55 +02:00
|
|
|
permissions:
|
|
|
|
|
contents: read
|
|
|
|
|
|
2020-06-27 21:33:47 +02:00
|
|
|
jobs:
|
2020-07-22 20:06:58 +02:00
|
|
|
tests:
|
github-actions: Use stratergy and if to deduplicate steps.
This is a fine solution short-term until github implements the
yaml anchors support. The limitation of this method is that we
cannot re-use most of the steps again for production install test
builds.
Thanks, Anders for this solution.
Verifying everything is migrated correctly is a pain. This script
ensures everything is done correctly (previous commit message
contains explainations for the steps being ignored if; in case
of github-actions steps they are ignored because they are actions
specific):
"""
This script prints out the ignore steps first. Then
prints out each step of both circle and actions side-by-side.
One step is out of order for bionic but verfying correction is
still easier. Format:
Actions: Install dependencies
Circle CI: install dependencies
....
"""
import yaml
with open('.circleci/config.yml') as f:
circleci_config = yaml.safe_load(f)
with open('.github/workflows/zulip-ci.yml') as f:
actions_config = yaml.safe_load(f)
circle_bionic_steps = []
circle_focal_steps = []
actions_bionic_steps = []
actions_focal_steps = []
"""
We ignore casper artifact upload, save_cache, and
store_tests_reports steps.
"""
def get_circleci_steps(job, arr):
for step in circleci_config['jobs'][job]['steps']:
if isinstance(step, str):
arr.append(step)
continue
step_name = step.get('run', {}).get('name', False)
if not step_name:
if step.get('restore_cache'):
key = step['restore_cache']['keys'][0].split('.')[0]
step_name = f'<restore-cache> {key}'
elif step.get('store_artifacts', False):
destination = step['store_artifacts']['destination']
step_name = f'<store-artificats> {destination}'
if destination == 'casper':
\# This is no longer needed
print('Ignoring step:')
print(step)
print()
continue
else:
"""
We don't care about save_cache; github-actions
does this automatically, and store_tests_reports
is circelci timing specific.
"""
print('Ignoring step:')
print(step)
print()
continue
if step_name != 'On fail':
arr.append(step_name)
get_circleci_steps('bionic-backend-frontend', circle_bionic_steps)
get_circleci_steps('focal-backend', circle_focal_steps)
""" We ignore there steps specific to github-actions"""
for step in actions_config['jobs']['focal_bionic']['steps']:
BOTH_OS = 'BOTH_OS'
if_check = step.get('if', BOTH_OS)
step_name = step.get('name')
if step_name is None:
step_name = step['uses']
if (
step_name == 'Upgrade git for bionic' or
step_name == 'Add required permissions' or
step_name == 'Move test reports to var'
):
print('Ignoring step:')
print(step)
print()
"""These are github-actions specific; see comments"""
continue
if if_check == BOTH_OS:
actions_bionic_steps.append(step_name)
actions_focal_steps.append(step_name)
elif 'is_bionic' in if_check:
actions_bionic_steps.append(step_name)
else:
actions_focal_steps.append(step_name)
bionic = zip(circle_bionic_steps, actions_bionic_steps)
focal = zip(circle_focal_steps, actions_focal_steps)
print('Bionic steps:')
for (circle_step, actions_step) in bionic:
print(f'CircleCI: {circle_step}')
print(f'Actions: {actions_step}')
print()
print('Focal steps:')
for (circle_step, actions_step) in focal:
print(f'CircleCI: {circle_step}')
print(f'Actions: {actions_step}')
print()
2020-07-02 19:12:22 +02:00
|
|
|
strategy:
|
2020-07-09 01:44:36 +02:00
|
|
|
fail-fast: false
|
github-actions: Use stratergy and if to deduplicate steps.
This is a fine solution short-term until github implements the
yaml anchors support. The limitation of this method is that we
cannot re-use most of the steps again for production install test
builds.
Thanks, Anders for this solution.
Verifying everything is migrated correctly is a pain. This script
ensures everything is done correctly (previous commit message
contains explainations for the steps being ignored if; in case
of github-actions steps they are ignored because they are actions
specific):
"""
This script prints out the ignore steps first. Then
prints out each step of both circle and actions side-by-side.
One step is out of order for bionic but verfying correction is
still easier. Format:
Actions: Install dependencies
Circle CI: install dependencies
....
"""
import yaml
with open('.circleci/config.yml') as f:
circleci_config = yaml.safe_load(f)
with open('.github/workflows/zulip-ci.yml') as f:
actions_config = yaml.safe_load(f)
circle_bionic_steps = []
circle_focal_steps = []
actions_bionic_steps = []
actions_focal_steps = []
"""
We ignore casper artifact upload, save_cache, and
store_tests_reports steps.
"""
def get_circleci_steps(job, arr):
for step in circleci_config['jobs'][job]['steps']:
if isinstance(step, str):
arr.append(step)
continue
step_name = step.get('run', {}).get('name', False)
if not step_name:
if step.get('restore_cache'):
key = step['restore_cache']['keys'][0].split('.')[0]
step_name = f'<restore-cache> {key}'
elif step.get('store_artifacts', False):
destination = step['store_artifacts']['destination']
step_name = f'<store-artificats> {destination}'
if destination == 'casper':
\# This is no longer needed
print('Ignoring step:')
print(step)
print()
continue
else:
"""
We don't care about save_cache; github-actions
does this automatically, and store_tests_reports
is circelci timing specific.
"""
print('Ignoring step:')
print(step)
print()
continue
if step_name != 'On fail':
arr.append(step_name)
get_circleci_steps('bionic-backend-frontend', circle_bionic_steps)
get_circleci_steps('focal-backend', circle_focal_steps)
""" We ignore there steps specific to github-actions"""
for step in actions_config['jobs']['focal_bionic']['steps']:
BOTH_OS = 'BOTH_OS'
if_check = step.get('if', BOTH_OS)
step_name = step.get('name')
if step_name is None:
step_name = step['uses']
if (
step_name == 'Upgrade git for bionic' or
step_name == 'Add required permissions' or
step_name == 'Move test reports to var'
):
print('Ignoring step:')
print(step)
print()
"""These are github-actions specific; see comments"""
continue
if if_check == BOTH_OS:
actions_bionic_steps.append(step_name)
actions_focal_steps.append(step_name)
elif 'is_bionic' in if_check:
actions_bionic_steps.append(step_name)
else:
actions_focal_steps.append(step_name)
bionic = zip(circle_bionic_steps, actions_bionic_steps)
focal = zip(circle_focal_steps, actions_focal_steps)
print('Bionic steps:')
for (circle_step, actions_step) in bionic:
print(f'CircleCI: {circle_step}')
print(f'Actions: {actions_step}')
print()
print('Focal steps:')
for (circle_step, actions_step) in focal:
print(f'CircleCI: {circle_step}')
print(f'Actions: {actions_step}')
print()
2020-07-02 19:12:22 +02:00
|
|
|
matrix:
|
|
|
|
|
include:
|
2021-07-22 21:33:39 +02:00
|
|
|
# Base images are built using `tools/ci/Dockerfile.prod.template`.
|
|
|
|
|
# The comments at the top explain how to build and upload these images.
|
2022-04-19 03:18:48 +02:00
|
|
|
# Ubuntu 20.04 ships with Python 3.8.10.
|
2021-04-01 00:59:59 +02:00
|
|
|
- docker_image: zulip/ci:focal
|
2022-04-19 03:18:48 +02:00
|
|
|
name: Ubuntu 20.04 (Python 3.8, backend + frontend)
|
github-actions: Use stratergy and if to deduplicate steps.
This is a fine solution short-term until github implements the
yaml anchors support. The limitation of this method is that we
cannot re-use most of the steps again for production install test
builds.
Thanks, Anders for this solution.
Verifying everything is migrated correctly is a pain. This script
ensures everything is done correctly (previous commit message
contains explainations for the steps being ignored if; in case
of github-actions steps they are ignored because they are actions
specific):
"""
This script prints out the ignore steps first. Then
prints out each step of both circle and actions side-by-side.
One step is out of order for bionic but verfying correction is
still easier. Format:
Actions: Install dependencies
Circle CI: install dependencies
....
"""
import yaml
with open('.circleci/config.yml') as f:
circleci_config = yaml.safe_load(f)
with open('.github/workflows/zulip-ci.yml') as f:
actions_config = yaml.safe_load(f)
circle_bionic_steps = []
circle_focal_steps = []
actions_bionic_steps = []
actions_focal_steps = []
"""
We ignore casper artifact upload, save_cache, and
store_tests_reports steps.
"""
def get_circleci_steps(job, arr):
for step in circleci_config['jobs'][job]['steps']:
if isinstance(step, str):
arr.append(step)
continue
step_name = step.get('run', {}).get('name', False)
if not step_name:
if step.get('restore_cache'):
key = step['restore_cache']['keys'][0].split('.')[0]
step_name = f'<restore-cache> {key}'
elif step.get('store_artifacts', False):
destination = step['store_artifacts']['destination']
step_name = f'<store-artificats> {destination}'
if destination == 'casper':
\# This is no longer needed
print('Ignoring step:')
print(step)
print()
continue
else:
"""
We don't care about save_cache; github-actions
does this automatically, and store_tests_reports
is circelci timing specific.
"""
print('Ignoring step:')
print(step)
print()
continue
if step_name != 'On fail':
arr.append(step_name)
get_circleci_steps('bionic-backend-frontend', circle_bionic_steps)
get_circleci_steps('focal-backend', circle_focal_steps)
""" We ignore there steps specific to github-actions"""
for step in actions_config['jobs']['focal_bionic']['steps']:
BOTH_OS = 'BOTH_OS'
if_check = step.get('if', BOTH_OS)
step_name = step.get('name')
if step_name is None:
step_name = step['uses']
if (
step_name == 'Upgrade git for bionic' or
step_name == 'Add required permissions' or
step_name == 'Move test reports to var'
):
print('Ignoring step:')
print(step)
print()
"""These are github-actions specific; see comments"""
continue
if if_check == BOTH_OS:
actions_bionic_steps.append(step_name)
actions_focal_steps.append(step_name)
elif 'is_bionic' in if_check:
actions_bionic_steps.append(step_name)
else:
actions_focal_steps.append(step_name)
bionic = zip(circle_bionic_steps, actions_bionic_steps)
focal = zip(circle_focal_steps, actions_focal_steps)
print('Bionic steps:')
for (circle_step, actions_step) in bionic:
print(f'CircleCI: {circle_step}')
print(f'Actions: {actions_step}')
print()
print('Focal steps:')
for (circle_step, actions_step) in focal:
print(f'CircleCI: {circle_step}')
print(f'Actions: {actions_step}')
print()
2020-07-02 19:12:22 +02:00
|
|
|
os: focal
|
2023-05-18 01:31:07 +02:00
|
|
|
include_documentation_tests: false
|
2022-04-19 03:18:48 +02:00
|
|
|
include_frontend_tests: true
|
2022-02-23 05:15:21 +01:00
|
|
|
# Debian 11 ships with Python 3.9.2.
|
2021-04-11 19:55:26 +02:00
|
|
|
- docker_image: zulip/ci:bullseye
|
2022-04-02 02:43:10 +02:00
|
|
|
name: Debian 11 (Python 3.9, backend + documentation)
|
2021-04-11 19:55:26 +02:00
|
|
|
os: bullseye
|
2022-04-02 02:43:10 +02:00
|
|
|
include_documentation_tests: true
|
2023-05-18 01:31:07 +02:00
|
|
|
include_frontend_tests: false
|
2022-03-16 00:45:07 +01:00
|
|
|
# Ubuntu 22.04 ships with Python 3.10.4.
|
|
|
|
|
- docker_image: zulip/ci:jammy
|
|
|
|
|
name: Ubuntu 22.04 (Python 3.10, backend)
|
|
|
|
|
os: jammy
|
2023-05-18 01:31:07 +02:00
|
|
|
include_documentation_tests: false
|
|
|
|
|
include_frontend_tests: false
|
2023-05-10 23:20:46 +02:00
|
|
|
# Debian 12 ships with Python 3.11.2.
|
|
|
|
|
- docker_image: zulip/ci:bookworm
|
|
|
|
|
name: Debian 12 (Python 3.11, backend)
|
|
|
|
|
os: bookworm
|
|
|
|
|
include_documentation_tests: false
|
|
|
|
|
include_frontend_tests: false
|
2021-04-11 19:55:26 +02:00
|
|
|
|
github-actions: Use stratergy and if to deduplicate steps.
This is a fine solution short-term until github implements the
yaml anchors support. The limitation of this method is that we
cannot re-use most of the steps again for production install test
builds.
Thanks, Anders for this solution.
Verifying everything is migrated correctly is a pain. This script
ensures everything is done correctly (previous commit message
contains explainations for the steps being ignored if; in case
of github-actions steps they are ignored because they are actions
specific):
"""
This script prints out the ignore steps first. Then
prints out each step of both circle and actions side-by-side.
One step is out of order for bionic but verfying correction is
still easier. Format:
Actions: Install dependencies
Circle CI: install dependencies
....
"""
import yaml
with open('.circleci/config.yml') as f:
circleci_config = yaml.safe_load(f)
with open('.github/workflows/zulip-ci.yml') as f:
actions_config = yaml.safe_load(f)
circle_bionic_steps = []
circle_focal_steps = []
actions_bionic_steps = []
actions_focal_steps = []
"""
We ignore casper artifact upload, save_cache, and
store_tests_reports steps.
"""
def get_circleci_steps(job, arr):
for step in circleci_config['jobs'][job]['steps']:
if isinstance(step, str):
arr.append(step)
continue
step_name = step.get('run', {}).get('name', False)
if not step_name:
if step.get('restore_cache'):
key = step['restore_cache']['keys'][0].split('.')[0]
step_name = f'<restore-cache> {key}'
elif step.get('store_artifacts', False):
destination = step['store_artifacts']['destination']
step_name = f'<store-artificats> {destination}'
if destination == 'casper':
\# This is no longer needed
print('Ignoring step:')
print(step)
print()
continue
else:
"""
We don't care about save_cache; github-actions
does this automatically, and store_tests_reports
is circelci timing specific.
"""
print('Ignoring step:')
print(step)
print()
continue
if step_name != 'On fail':
arr.append(step_name)
get_circleci_steps('bionic-backend-frontend', circle_bionic_steps)
get_circleci_steps('focal-backend', circle_focal_steps)
""" We ignore there steps specific to github-actions"""
for step in actions_config['jobs']['focal_bionic']['steps']:
BOTH_OS = 'BOTH_OS'
if_check = step.get('if', BOTH_OS)
step_name = step.get('name')
if step_name is None:
step_name = step['uses']
if (
step_name == 'Upgrade git for bionic' or
step_name == 'Add required permissions' or
step_name == 'Move test reports to var'
):
print('Ignoring step:')
print(step)
print()
"""These are github-actions specific; see comments"""
continue
if if_check == BOTH_OS:
actions_bionic_steps.append(step_name)
actions_focal_steps.append(step_name)
elif 'is_bionic' in if_check:
actions_bionic_steps.append(step_name)
else:
actions_focal_steps.append(step_name)
bionic = zip(circle_bionic_steps, actions_bionic_steps)
focal = zip(circle_focal_steps, actions_focal_steps)
print('Bionic steps:')
for (circle_step, actions_step) in bionic:
print(f'CircleCI: {circle_step}')
print(f'Actions: {actions_step}')
print()
print('Focal steps:')
for (circle_step, actions_step) in focal:
print(f'CircleCI: {circle_step}')
print(f'Actions: {actions_step}')
print()
2020-07-02 19:12:22 +02:00
|
|
|
runs-on: ubuntu-latest
|
|
|
|
|
name: ${{ matrix.name }}
|
|
|
|
|
container: ${{ matrix.docker_image }}
|
2020-06-27 21:33:47 +02:00
|
|
|
env:
|
|
|
|
|
# GitHub Actions sets HOME to /github/home which causes
|
2022-02-08 00:13:33 +01:00
|
|
|
# problem later in provision and frontend test that runs
|
2020-10-26 22:50:18 +01:00
|
|
|
# tools/setup/postgresql-init-dev-db because of the .pgpass
|
2020-10-23 02:43:28 +02:00
|
|
|
# location. PostgreSQL (psql) expects .pgpass to be at
|
2020-06-27 21:33:47 +02:00
|
|
|
# /home/github/.pgpass and setting home to `/home/github/`
|
|
|
|
|
# ensures it written there because we write it to ~/.pgpass.
|
|
|
|
|
HOME: /home/github/
|
|
|
|
|
|
|
|
|
|
steps:
|
2022-07-06 00:16:38 +02:00
|
|
|
- uses: actions/checkout@v3
|
2020-06-27 21:33:47 +02:00
|
|
|
|
|
|
|
|
- name: Create cache directories
|
|
|
|
|
run: |
|
2023-03-20 19:52:59 +01:00
|
|
|
dirs=(/srv/zulip-{venv,emoji}-cache)
|
2020-06-27 21:33:47 +02:00
|
|
|
sudo mkdir -p "${dirs[@]}"
|
|
|
|
|
sudo chown -R github "${dirs[@]}"
|
|
|
|
|
|
2023-03-20 19:52:59 +01:00
|
|
|
- name: Restore pnpm store
|
2022-07-06 00:16:38 +02:00
|
|
|
uses: actions/cache@v3
|
2022-04-29 23:03:12 +02:00
|
|
|
with:
|
2023-05-31 18:53:44 +02:00
|
|
|
path: /__w/.pnpm-store
|
2023-03-20 19:52:59 +01:00
|
|
|
key: v1-pnpm-store-${{ matrix.os }}-${{ hashFiles('pnpm-lock.yaml') }}
|
2020-06-27 21:33:47 +02:00
|
|
|
|
2022-04-29 23:03:12 +02:00
|
|
|
- name: Restore python cache
|
2022-07-06 00:16:38 +02:00
|
|
|
uses: actions/cache@v3
|
2022-04-29 23:03:12 +02:00
|
|
|
with:
|
|
|
|
|
path: /srv/zulip-venv-cache
|
|
|
|
|
key: v1-venv-${{ matrix.os }}-${{ hashFiles('requirements/dev.txt') }}
|
|
|
|
|
restore-keys: v1-venv-${{ matrix.os }}
|
2020-06-27 21:33:47 +02:00
|
|
|
|
2022-04-29 23:03:12 +02:00
|
|
|
- name: Restore emoji cache
|
2022-07-06 00:16:38 +02:00
|
|
|
uses: actions/cache@v3
|
2022-04-29 23:03:12 +02:00
|
|
|
with:
|
|
|
|
|
path: /srv/zulip-emoji-cache
|
2022-08-29 19:37:10 +02:00
|
|
|
key: v1-emoji-${{ matrix.os }}-${{ hashFiles('tools/setup/emoji/emoji_map.json', 'tools/setup/emoji/build_emoji', 'tools/setup/emoji/emoji_setup_utils.py', 'tools/setup/emoji/emoji_names.py', 'package.json') }}
|
2022-04-29 23:03:12 +02:00
|
|
|
restore-keys: v1-emoji-${{ matrix.os }}
|
2020-06-27 21:33:47 +02:00
|
|
|
|
|
|
|
|
- name: Install dependencies
|
|
|
|
|
run: |
|
|
|
|
|
# This is the main setup job for the test suite
|
2021-03-13 12:49:36 +01:00
|
|
|
./tools/ci/setup-backend --skip-dev-db-build
|
2023-08-23 23:05:54 +02:00
|
|
|
scripts/lib/clean_unused_caches.py --verbose --threshold=0
|
2020-06-27 21:33:47 +02:00
|
|
|
|
2021-03-13 13:54:29 +01:00
|
|
|
- name: Run tools test
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
./tools/test-tools
|
|
|
|
|
|
2021-10-18 13:48:08 +02:00
|
|
|
- name: Run Codespell lint
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
./tools/run-codespell
|
|
|
|
|
|
2023-08-10 00:57:55 +02:00
|
|
|
# We run the tests that are only run in a specific job early, so
|
|
|
|
|
# that we get feedback to the developer about likely failures as
|
|
|
|
|
# quickly as possible. Backend/mypy failures that aren't
|
|
|
|
|
# identical across different versions are much more rare than
|
|
|
|
|
# frontend linter or node test failures.
|
|
|
|
|
- name: Run documentation and api tests
|
|
|
|
|
if: ${{ matrix.include_documentation_tests }}
|
2021-03-13 13:54:29 +01:00
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
2023-08-10 00:57:55 +02:00
|
|
|
# In CI, we only test links we control in test-documentation to avoid flakes
|
|
|
|
|
./tools/test-documentation --skip-external-links
|
|
|
|
|
./tools/test-help-documentation --skip-external-links
|
|
|
|
|
./tools/test-api
|
|
|
|
|
|
|
|
|
|
- name: Run node tests
|
|
|
|
|
if: ${{ matrix.include_frontend_tests }}
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
# Run the node tests first, since they're fast and deterministic
|
|
|
|
|
./tools/test-js-with-node --coverage --parallel=1
|
2021-03-13 13:54:29 +01:00
|
|
|
|
|
|
|
|
- name: Run frontend lint
|
|
|
|
|
if: ${{ matrix.include_frontend_tests }}
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
./tools/lint --groups=frontend --skip=gitlint # gitlint disabled because flaky
|
|
|
|
|
|
2023-08-10 00:57:55 +02:00
|
|
|
- name: Check schemas
|
|
|
|
|
if: ${{ matrix.include_frontend_tests }}
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
# Check that various schemas are consistent. (is fast)
|
|
|
|
|
./tools/check-schemas
|
|
|
|
|
|
|
|
|
|
- name: Check capitalization of strings
|
|
|
|
|
if: ${{ matrix.include_frontend_tests }}
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
./manage.py makemessages --locale en
|
|
|
|
|
PYTHONWARNINGS=ignore ./tools/check-capitalization --no-generate
|
|
|
|
|
PYTHONWARNINGS=ignore ./tools/check-frontend-i18n --no-generate
|
|
|
|
|
|
|
|
|
|
- name: Run puppeteer tests
|
|
|
|
|
if: ${{ matrix.include_frontend_tests }}
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
./tools/test-js-with-puppeteer
|
|
|
|
|
|
|
|
|
|
- name: Check pnpm dedupe
|
|
|
|
|
if: ${{ matrix.include_frontend_tests }}
|
|
|
|
|
run: pnpm dedupe --check
|
|
|
|
|
|
|
|
|
|
- name: Run backend lint
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
echo "Test suite is running under $(python --version)."
|
|
|
|
|
./tools/lint --groups=backend --skip=gitlint,mypy # gitlint disabled because flaky
|
|
|
|
|
|
2020-06-27 21:33:47 +02:00
|
|
|
- name: Run backend tests
|
|
|
|
|
run: |
|
2021-03-13 13:54:29 +01:00
|
|
|
source tools/ci/activate-venv
|
user_groups: Make locks required for updating user group memberships.
**Background**
User groups are expected to comply with the DAG constraint for the
many-to-many inter-group membership. The check for this constraint has
to be performed recursively so that we can find all direct and indirect
subgroups of the user group to be added.
This kind of check is vulnerable to phantom reads which is possible at
the default read committed isolation level because we cannot guarantee
that the check is still valid when we are adding the subgroups to the
user group.
**Solution**
To avoid having another transaction concurrently update one of the
to-be-subgroup after the recursive check is done, and before the subgroup
is added, we use SELECT FOR UPDATE to lock the user group rows.
The lock needs to be acquired before a group membership change is about
to occur before any check has been conducted.
Suppose that we are adding subgroup B to supergroup A, the locking protocol
is specified as follows:
1. Acquire a lock for B and all its direct and indirect subgroups.
2. Acquire a lock for A.
For the removal of user groups, we acquire a lock for the user group to
be removed with all its direct and indirect subgroups. This is the special
case A=B, which is still complaint with the protocol.
**Error handling**
We currently rely on Postgres' deadlock detection to abort transactions
and show an error for the users. In the future, we might need some
recovery mechanism or at least better error handling.
**Notes**
An important note is that we need to reuse the recursive CTE query that
finds the direct and indirect subgroups when applying the lock on the
rows. And the lock needs to be acquired the same way for the addition and
removal of direct subgroups.
User membership change (as opposed to user group membership) is not
affected. Read-only queries aren't either. The locks only protect
critical regions where the user group dependency graph might violate
the DAG constraint, where users are not participating.
**Testing**
We implement a transaction test case targeting some typical scenarios
when an internal server error is expected to happen (this means that the
user group view makes the correct decision to abort the transaction when
something goes wrong with locks).
To achieve this, we add a development view intended only for unit tests.
It has a global BARRIER that can be shared across threads, so that we
can synchronize them to consistently reproduce certain potential race
conditions prevented by the database locks.
The transaction test case lanuches pairs of threads initiating possibly
conflicting requests at the same time. The tests are set up such that exactly N
of them are expected to succeed with a certain error message (while we don't
know each one).
**Security notes**
get_recursive_subgroups_for_groups will no longer fetch user groups from
other realms. As a result, trying to add/remove a subgroup from another
realm results in a UserGroup not found error response.
We also implement subgroup-specific checks in has_user_group_access to
keep permission managing in a single place. Do note that the API
currently don't have a way to violate that check because we are only
checking the realm ID now.
2023-06-17 04:39:52 +02:00
|
|
|
./tools/test-backend --coverage --xml-report --no-html-report --include-webhooks --include-transaction-tests --no-cov-cleanup --ban-console-output
|
2021-03-13 13:54:29 +01:00
|
|
|
|
|
|
|
|
- name: Run mypy
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
# We run mypy after the backend tests so we get output from the
|
|
|
|
|
# backend tests, which tend to uncover more serious problems, first.
|
|
|
|
|
./tools/run-mypy --version
|
|
|
|
|
./tools/run-mypy
|
|
|
|
|
|
|
|
|
|
- name: Run miscellaneous tests
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
|
2022-04-19 03:18:48 +02:00
|
|
|
# Currently our compiled requirements files will differ for different
|
|
|
|
|
# Python versions, so we will run test-locked-requirements only on the
|
|
|
|
|
# platform with the oldest one.
|
2021-03-13 13:54:29 +01:00
|
|
|
# ./tools/test-locked-requirements
|
|
|
|
|
# ./tools/test-run-dev # https://github.com/zulip/zulip/pull/14233
|
|
|
|
|
#
|
|
|
|
|
# This test has been persistently flaky at like 1% frequency, is slow,
|
|
|
|
|
# and is for a very specific single feature, so we don't run it by default:
|
|
|
|
|
# ./tools/test-queue-worker-reload
|
|
|
|
|
|
|
|
|
|
./tools/test-migrations
|
2021-04-16 23:33:35 +02:00
|
|
|
./tools/setup/optimize-svg --check
|
2021-03-13 13:54:29 +01:00
|
|
|
./tools/setup/generate_integration_bots_avatars.py --check-missing
|
2022-12-06 01:12:00 +01:00
|
|
|
./tools/ci/check-executables
|
2021-03-13 13:54:29 +01:00
|
|
|
|
2023-03-04 02:16:37 +01:00
|
|
|
# Ban check-database-compatibility from transitively
|
2022-02-23 04:09:17 +01:00
|
|
|
# relying on static/generated, because it might not be
|
|
|
|
|
# up-to-date at that point in upgrade-zulip-stage-2.
|
2023-02-22 23:03:47 +01:00
|
|
|
chmod 000 static/generated web/generated
|
2023-03-04 02:16:37 +01:00
|
|
|
./scripts/lib/check-database-compatibility
|
2023-02-22 23:03:47 +01:00
|
|
|
chmod 755 static/generated web/generated
|
2022-02-23 04:09:17 +01:00
|
|
|
|
2021-03-13 13:54:29 +01:00
|
|
|
- name: Check for untracked files
|
|
|
|
|
run: |
|
|
|
|
|
source tools/ci/activate-venv
|
|
|
|
|
# This final check looks for untracked files that may have been
|
|
|
|
|
# created by test-backend or provision.
|
|
|
|
|
untracked="$(git ls-files --exclude-standard --others)"
|
|
|
|
|
if [ -n "$untracked" ]; then
|
|
|
|
|
printf >&2 "Error: untracked files:\n%s\n" "$untracked"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2020-06-27 21:33:47 +02:00
|
|
|
|
|
|
|
|
- name: Test locked requirements
|
2022-04-19 03:18:48 +02:00
|
|
|
if: ${{ matrix.os == 'focal' }}
|
2020-06-27 21:33:47 +02:00
|
|
|
run: |
|
|
|
|
|
. /srv/zulip-py3-venv/bin/activate && \
|
2021-03-29 20:51:40 +02:00
|
|
|
./tools/test-locked-requirements
|
2020-06-27 21:33:47 +02:00
|
|
|
|
|
|
|
|
- name: Upload coverage reports
|
2020-07-07 20:46:21 +02:00
|
|
|
|
|
|
|
|
# Only upload coverage when both frontend and backend
|
2022-02-08 00:13:33 +01:00
|
|
|
# tests are run.
|
2020-07-07 20:46:21 +02:00
|
|
|
if: ${{ matrix.include_frontend_tests }}
|
2022-07-06 00:16:38 +02:00
|
|
|
uses: codecov/codecov-action@v3
|
2021-10-13 23:25:36 +02:00
|
|
|
with:
|
|
|
|
|
files: var/coverage.xml,var/node-coverage/lcov.info
|
2020-06-27 21:33:47 +02:00
|
|
|
|
2020-10-23 02:43:28 +02:00
|
|
|
- name: Store Puppeteer artifacts
|
2021-03-08 22:50:44 +01:00
|
|
|
# Upload these on failure, as well
|
|
|
|
|
if: ${{ always() && matrix.include_frontend_tests }}
|
2022-07-06 00:16:38 +02:00
|
|
|
uses: actions/upload-artifact@v3
|
2020-06-27 21:33:47 +02:00
|
|
|
with:
|
|
|
|
|
name: puppeteer
|
|
|
|
|
path: ./var/puppeteer
|
2020-11-04 01:36:23 +01:00
|
|
|
retention-days: 60
|
2020-06-27 21:33:47 +02:00
|
|
|
|
2020-06-26 22:19:57 +02:00
|
|
|
- name: Check development database build
|
2021-03-13 12:49:36 +01:00
|
|
|
run: ./tools/ci/setup-backend
|
2021-02-16 06:27:02 +01:00
|
|
|
|
2023-05-31 18:53:44 +02:00
|
|
|
- name: Verify pnpm store path
|
|
|
|
|
run: |
|
|
|
|
|
set -x
|
|
|
|
|
path="$(pnpm store path)"
|
|
|
|
|
[[ "$path" == /__w/.pnpm-store/* ]]
|
|
|
|
|
|
2022-12-01 05:51:52 +01:00
|
|
|
- name: Generate failure report string
|
|
|
|
|
id: failure_report_string
|
2022-12-06 23:10:11 +01:00
|
|
|
if: ${{ failure() && github.repository == 'zulip/zulip' && github.event_name == 'push' }}
|
2022-12-01 05:51:52 +01:00
|
|
|
run: tools/ci/generate-failure-message >> $GITHUB_OUTPUT
|
|
|
|
|
|
|
|
|
|
- name: Report status to CZO
|
2022-12-06 23:10:11 +01:00
|
|
|
if: ${{ failure() && github.repository == 'zulip/zulip' && github.event_name == 'push' }}
|
2022-12-01 05:51:52 +01:00
|
|
|
uses: zulip/github-actions-zulip/send-message@v1
|
|
|
|
|
with:
|
|
|
|
|
api-key: ${{ secrets.ZULIP_BOT_KEY }}
|
|
|
|
|
email: "github-actions-bot@chat.zulip.org"
|
|
|
|
|
organization-url: "https://chat.zulip.org"
|
|
|
|
|
to: "automated testing"
|
|
|
|
|
topic: ${{ steps.failure_report_string.outputs.topic }}
|
|
|
|
|
type: "stream"
|
|
|
|
|
content: ${{ steps.failure_report_string.outputs.content }}
|
