Draft fix for https://github.com/neondatabase/neon/issues/10381 #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Test with Sanitizers | |
| on: | |
| push: | |
| branches: | |
| - "enable-sanitizers-for-v17" | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash -euxo pipefail {0} | |
| concurrency: | |
| # Allow only one workflow per any non-`main` branch. | |
| group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.ref_name == 'main' && github.sha || 'anysha' }} | |
| cancel-in-progress: true | |
| env: | |
| RUST_BACKTRACE: 1 | |
| COPT: '-Werror' | |
| # A concurrency group that we use for e2e-tests runs, matches `concurrency.group` above with `github.repository` as a prefix | |
| E2E_CONCURRENCY_GROUP: ${{ github.repository }}-e2e-tests-${{ github.ref_name }}-${{ github.ref_name == 'main' && github.sha || 'anysha' }} | |
| jobs: | |
| check-permissions: | |
| if: ${{ !contains(github.event.pull_request.labels.*.name, 'run-no-ci') }} | |
| uses: ./.github/workflows/check-permissions.yml | |
| with: | |
| github-event-name: ${{ github.event_name }} | |
| cancel-previous-e2e-tests: | |
| needs: [ check-permissions ] | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Cancel previous e2e-tests runs for this PR | |
| env: | |
| GH_TOKEN: ${{ secrets.CI_ACCESS_TOKEN }} | |
| run: | | |
| gh workflow --repo neondatabase/cloud \ | |
| run cancel-previous-in-concurrency-group.yml \ | |
| --field concurrency_group="${{ env.E2E_CONCURRENCY_GROUP }}" | |
| tag: | |
| needs: [ check-permissions ] | |
| runs-on: [ self-hosted, small ] | |
| container: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/base:pinned | |
| outputs: | |
| build-tag: ${{steps.build-tag.outputs.tag}} | |
| steps: | |
| # Need `fetch-depth: 0` to count the number of commits in the branch | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get build tag | |
| run: | | |
| echo run:$GITHUB_RUN_ID | |
| echo ref:$GITHUB_REF_NAME | |
| echo rev:$(git rev-list --count HEAD) | |
| if [[ "$GITHUB_REF_NAME" == "main" ]]; then | |
| echo "tag=$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT | |
| elif [[ "$GITHUB_REF_NAME" == "release" ]]; then | |
| echo "tag=release-$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT | |
| elif [[ "$GITHUB_REF_NAME" == "release-proxy" ]]; then | |
| echo "tag=release-proxy-$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT | |
| elif [[ "$GITHUB_REF_NAME" == "release-compute" ]]; then | |
| echo "tag=release-compute-$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT | |
| else | |
| echo "GITHUB_REF_NAME (value '$GITHUB_REF_NAME') is not set to either 'main' or 'release', 'release-proxy', 'release-compute'" | |
| echo "tag=$GITHUB_RUN_ID" >> $GITHUB_OUTPUT | |
| fi | |
| shell: bash | |
| id: build-tag | |
| build-build-tools-image: | |
| needs: [ check-permissions ] | |
| uses: ./.github/workflows/build-build-tools-image.yml | |
| secrets: inherit | |
| build-and-test-locally: | |
| needs: [ tag, build-build-tools-image ] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [ x64, arm64 ] | |
| # Do not build or run tests in debug for release branches | |
| build-type: [ debug-with-sanitizers ] | |
| uses: ./.github/workflows/_build-and-test-locally.yml | |
| with: | |
| arch: ${{ matrix.arch }} | |
| build-tools-image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm | |
| build-tag: ${{ needs.tag.outputs.build-tag }} | |
| build-type: ${{ matrix.build-type }} | |
| # Run tests on the latest Postgres version in debug builds. | |
| test-cfg: '[{"pg_version":"v17", "lfc_state": "with-lfc"}]' | |
| secrets: inherit | |
| create-test-report: | |
| needs: [ check-permissions, build-and-test-locally ] | |
| if: ${{ !cancelled() && contains(fromJSON('["skipped", "success"]'), needs.check-permissions.result) }} | |
| permissions: | |
| id-token: write # aws-actions/configure-aws-credentials | |
| statuses: write | |
| contents: write | |
| pull-requests: write | |
| outputs: | |
| report-url: ${{ steps.create-allure-report.outputs.report-url }} | |
| runs-on: [ self-hosted, small ] | |
| container: | |
| image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm | |
| credentials: | |
| username: ${{ secrets.NEON_DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }} | |
| options: --init | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create Allure report | |
| if: ${{ !cancelled() }} | |
| id: create-allure-report | |
| uses: ./.github/actions/allure-report-generate | |
| with: | |
| store-test-results-into-db: true | |
| aws-oicd-role-arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }} | |
| env: | |
| REGRESS_TEST_RESULT_CONNSTR_NEW: ${{ secrets.REGRESS_TEST_RESULT_CONNSTR_NEW }} | |
| - uses: actions/github-script@v7 | |
| if: ${{ !cancelled() }} | |
| with: | |
| # Retry script for 5XX server errors: https://github.com/actions/github-script#retries | |
| retries: 5 | |
| script: | | |
| const report = { | |
| reportUrl: "${{ steps.create-allure-report.outputs.report-url }}", | |
| reportJsonUrl: "${{ steps.create-allure-report.outputs.report-json-url }}", | |
| } | |
| const coverage = { | |
| coverageUrl: "${{ needs.coverage-report.outputs.coverage-html }}", | |
| summaryJsonUrl: "${{ needs.coverage-report.outputs.coverage-json }}", | |
| } | |
| const script = require("./scripts/comment-test-report.js") | |
| await script({ | |
| github, | |
| context, | |
| fetch, | |
| report, | |
| coverage, | |
| }) |