Prepare to remove actions hooks #1038
Conversation
danielrbradley
force-pushed
the
test-prepare-upstream
branch
from
b157648
to
13f6190
Compare
danielrbradley
changed the title
- Prepare upstream if we're running tests via the provider module. - Run `make upstream` before running any extra `setup-script`. - Only run provider integration tests on PRs if we're in "local" mode and not "pulumiExamples". - Format main test command to avoid confusing line break.
danielrbradley
force-pushed
the
test-prepare-upstream
branch
from
13f6190
to
4beba4e
Compare
This addresses the use of the preTest hook in the docker provider.
|
pulumi/pulumi-docker-build#82 is another example where we need some similar extensibility for a native provider. I didn't want to just shoehorn an
I wonder if there's a better way to strike a balance between provider repos still having some control over their prerequisites while not being so tightly coupled to ci-mgmt. We can certainly add specific options like I think ideally provider authors should be able to "own" some of their CI setup without needing to know or care about how ci-mgmt orchestrates things. This is a big problem area, but one simple strategy we could consider is to treat
You wouldn't be able to add arbitrary GH actions with that approach, but I agree that should probably be a non-goal anyway. Often times the GH actions we're talking about can be replicated with a few shell commands or a simple script. For example the docker-build provider has the same SSH key requirement as the docker provider, but that's addressable with a little bit of code that works equally well locally as in CI. |
| #{{- if .Config.integrationTestProvider }}# | ||
| - name: Run provider tests | ||
| working-directory: provider | ||
| run: go test -v -json -count=1 -cover -timeout 2h -tags=${{ matrix.language }} -parallel 4 . 2>&1 | tee /tmp/gotest.log | gotestfmt | ||
| #{{- end }}# |
There was a problem hiding this comment.
This is unit testing the provider, no?
It's natural for providers to have slightly different ways to test themselves (for example I think it's a mistake to assume the provider subdiretory). Simplifying this to something like make test_provider_ci (or whatever) could accomplish the same while still leaving the door open for some repo-specific behavior.
There was a problem hiding this comment.
This is running the language-specific tests within the provider. I think these are basically all tests which depend on either the SDKs or having access to deploy test infrastructure. These are specified by tags such as nodejs similar to the examples. These tests are excluded from running by default when running the normal provider unit tests.
There was a problem hiding this comment.
Oh man I missed the language tag, that's weird! Is this maybe just an instance of someone dropping E2E tests under provider instead of examples?
There was a problem hiding this comment.
Correct - which is what we already have in a few providers. I think all the replay tests are in the provider folder, for example. This just formalises what's already being done into a simple option rather than leaning on providers to inject their own custom steps and matrix options.
Indeed, provider-specific switches should be an absolute last resort! I think there's normally a way to generalise what we're trying to achive with a specific provider to describe the intent better. My leaning is that more smaller, more focused options are easier to reason against compared to the arbitrary hooks which then have to be carefully audited before each refactor.
I agree we don't want too much sprawl, though right now I think we only need to introduce these 2 new options (
I like this idea - adding the more custom hooks via the makefile - it's somewhat easier to reason about the impact compared to changing CI workflows. I discussed trying to formalise the interface between local builds and CI a while back in the provider build systems design. Another simple way of implementing this could be via having the option to add scripts to call as part of different steps. E.g. Leaning towards injecting commands rather than injecting actions is where I'm pushing towards for the near-future. |
There was a problem hiding this comment.
I'm a bit concerned about this as well.
I wonder if there's a better way to strike a balance between provider repos still having some control over their prerequisites while not being so tightly coupled to ci-mgmt. We can certainly add specific options like sshPrivateKey:, injectEnvVarsForDockerBuild:, etc., but in the limit we'll end up with a ton of one-off special cases. That adds up to a lot of accidental complexity -- ci-mgmt needs to know more about provider internals than it really should, and changing those internals becomes a coordination problem between the provider and ci-mgmt. Additionally, any time ci-mgmt needs a new option added it represents some friction that will nudge people towards hacky workarounds, inaction (as I've done with docker-build), or forks.
Especially for SSH which is only used by one provider, correct?
I wouldn't block on this PR but maybe there are other options?
It is only currently used by one provider, though will probably need it for at least one more as we onboard the other providers. There's already the SSH feels like a generic enough option to be generally useful. |
This will allow us to remove all of our
preTesthooks in provider ci-mgmt configs - which we'd like to get rid of to avoid arbitary code injection into workflows which make them fragile and hard to refactor. See also #1037Related to #936
Add standalone option for running provider integration tests
Set
integrationTestProvider: trueto rungo test [...] -tags=${{ matrix.language }}in theproviderdirectory.Example of existing preTest usage: https://github.com/pulumi/pulumi-gcp/blob/92b64b51bfb05fc0d2d7b9c1cbcafe7de8a6f7f3/.ci-mgmt.yaml#L43
Always prepare upstream before testing
This step is safe to run, as we already do before the Go build steps elsewhere. The upstream target is always there but might be a no-op.
Add SSH setup option
Set
sshPrivateKey: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }}to set up SSH for testing.Example of docker use of preTest: https://github.com/pulumi/pulumi-docker/blob/fc1d68f823c34cef72e34e060b093230e21fc636/.ci-mgmt.yaml#L35
Migration
preTesthook with alternative settingsintegrationTestProvider: trueon all providers which run integration tests via the provider modulesetup-scriptfor arbitrary bash commands before testssshPrivateKey: ${{ secrets.PRIVATE_SSH_KEY_FOR_DIGITALOCEAN }}for dockeractionsconfig completelyExisting usage of
actionshooks (there is no use ofpreBuild- onlypreTest): https://github.com/search?q=org%3Apulumi+path%3A.ci-mgmt.yaml+%22actions%3A%22&type=code