Integration Tests #1074
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Tier 2 integration suite - runs only when a PR is added to the merge queue. | |
| # | |
| # Design (microsoft/apm#770): | |
| # - Tier 1 (ci.yml) runs unit tests + binary build on every PR push and on | |
| # every merge_group event. No secrets needed there. | |
| # - Tier 2 (this workflow) runs smoke + integration + release-validation | |
| # against the tentative merge commit that the merge queue creates. | |
| # | |
| # Required-check satisfaction at PR time: | |
| # - Branch protection requires only `gate` (from `merge-gate.yml`), which | |
| # aggregates all PR-time signals. The four check names produced by THIS | |
| # workflow (Build/Smoke/Integration/Release Validation - all Linux) are | |
| # not required at PR time; they only run on the `gh-readonly-queue/main/*` | |
| # SHA the merge queue creates, against the tentative merge commit. | |
| # - This workflow intentionally does NOT trigger on pull_request events. | |
| # Doing so would let a fork PR check out and run code with the secrets | |
| # declared below, which is a supply-chain attack vector. Keep this file | |
| # `merge_group`-only forever. | |
| # | |
| # Trust model: | |
| # - merge_group only fires when a user with write access enqueues a PR. | |
| # - The gh-readonly-queue/main/* ref contains the PR's code merged into | |
| # main and is created by GitHub, not by the contributor. | |
| # - Trust boundary = write-access grant, managed in repo settings. | |
| # Write access is granted only to vetted contributors. | |
| # - Fork PRs without write access never reach this workflow and never see | |
| # CI secrets. | |
| # | |
| # Binary is built inline rather than downloaded from ci.yml so this workflow | |
| # tests exactly the merge-queue tentative merge SHA without cross-workflow | |
| # artifact plumbing. | |
| name: Integration Tests | |
| env: | |
| PYTHON_VERSION: '3.12' | |
| on: | |
| merge_group: | |
| branches: [ main ] | |
| types: [ checks_requested ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build (Linux) | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| run: uv sync --extra dev --extra build | |
| - name: Install UPX | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y upx-ucl | |
| - name: Build binary | |
| run: | | |
| chmod +x scripts/build-binary.sh | |
| uv run ./scripts/build-binary.sh | |
| - name: Upload binary | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: apm-mq-linux-x86_64 | |
| path: | | |
| ./dist/apm-linux-x86_64 | |
| ./dist/apm-linux-x86_64.sha256 | |
| include-hidden-files: true | |
| retention-days: 7 | |
| if-no-files-found: error | |
| smoke-test: | |
| name: Smoke Test (Linux) | |
| needs: [build] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Artifact root is ./dist/ (least common ancestor of the uploaded paths | |
| # in the build job), so download to ./dist/ to preserve the | |
| # dist/apm-linux-x86_64/apm layout the conftest expects. | |
| - name: Download binary | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: apm-mq-linux-x86_64 | |
| path: ./dist/ | |
| - name: Make binary executable | |
| run: chmod +x ./dist/apm-linux-x86_64/apm | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Install dependencies | |
| run: uv sync --extra dev | |
| # Smoke target is test_core_smoke.py: a hermetic, network-free pre-flight | |
| # over the README's three promises (portable / secure / governed). It | |
| # runs against the built binary in ~10s and fails the merge queue early | |
| # if the bundle is broken before the 30-min integration suite even | |
| # starts. The legacy test_runtime_smoke.py covers the experimental | |
| # `apm run` execution layer and stays in the heavy integration job | |
| # under requires_runtime_* markers. | |
| - name: Run core smoke tests | |
| env: | |
| APM_E2E_TESTS: "1" | |
| APM_BINARY_PATH: ${{ github.workspace }}/dist/apm-linux-x86_64/apm | |
| run: uv run pytest tests/integration/test_core_smoke.py -v | |
| integration-tests: | |
| name: Integration Tests (Linux) | |
| needs: [build, smoke-test] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Artifact root is ./dist/ (least common ancestor of the uploaded paths in | |
| # the build job), so download to ./dist/ to preserve dist/apm-linux-x86_64/apm. | |
| - name: Download binary | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: apm-mq-linux-x86_64 | |
| path: ./dist/ | |
| - name: Make binary executable | |
| run: chmod +x ./dist/apm-linux-x86_64/apm | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '24' | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v6 | |
| with: | |
| enable-cache: true | |
| - name: Install test dependencies | |
| run: uv sync --extra dev | |
| - name: Run integration tests | |
| env: | |
| APM_E2E_TESTS: "1" | |
| APM_RUN_INTEGRATION_TESTS: "1" | |
| GITHUB_APM_PAT: ${{ secrets.GH_CLI_PAT }} | |
| ADO_APM_PAT: ${{ secrets.ADO_APM_PAT }} | |
| run: | | |
| chmod +x scripts/test-integration.sh | |
| uv run ./scripts/test-integration.sh | |
| # Bumped from 20 to 30 minutes when test discovery widened from | |
| # the 28 enumerated files to the full tests/integration/ suite | |
| # (PR2 of #1166). | |
| timeout-minutes: 30 | |
| release-validation: | |
| name: Release Validation (Linux) | |
| needs: [build, integration-tests] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout test scripts | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: scripts | |
| path: repo | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '24' | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| # See note in integration-tests: download to dist/ to preserve layout. | |
| - name: Download binary | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: apm-mq-linux-x86_64 | |
| path: /tmp/apm-isolated-test/dist/ | |
| - name: Make binary executable | |
| run: chmod +x /tmp/apm-isolated-test/dist/apm-linux-x86_64/apm | |
| - name: Create APM symlink for testing | |
| run: | | |
| cd /tmp/apm-isolated-test | |
| ln -s "$(pwd)/dist/apm-linux-x86_64/apm" "$(pwd)/apm" | |
| echo "/tmp/apm-isolated-test" >> $GITHUB_PATH | |
| - name: Prepare test scripts | |
| run: | | |
| cp -r repo/scripts /tmp/apm-isolated-test/scripts | |
| - name: Run release validation tests | |
| env: | |
| APM_E2E_TESTS: "1" | |
| GITHUB_APM_PAT: ${{ secrets.GH_CLI_PAT }} | |
| ADO_APM_PAT: ${{ secrets.ADO_APM_PAT }} | |
| run: | | |
| cd /tmp/apm-isolated-test | |
| chmod +x scripts/test-release-validation.sh | |
| ./scripts/test-release-validation.sh | |
| timeout-minutes: 20 |