feat(metrics): characterize-metric-anomaly endpoint and MCP tool #74087
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy recording-rasterizer container image | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| merge_group: | |
| push: | |
| branches: | |
| - 'master' | |
| schedule: | |
| # Weekly rebuild (Mondays 07:30 UTC) so floated deps (chrome-headless-shell@stable, | |
| # ffmpeg, unpinned apt packages) pick up security updates. Fires only from master. | |
| - cron: '30 7 * * 1' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
| jobs: | |
| changes: | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| timeout-minutes: 5 | |
| if: github.repository_owner == 'PostHog' && github.event_name != 'merge_group' | |
| name: Determine need to run recording-rasterizer Docker build | |
| outputs: | |
| rasterizer_files: ${{ steps.filter.outputs.rasterizer_files }} | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 | |
| id: app-token | |
| if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository | |
| with: | |
| client-id: ${{ secrets.GH_APP_POSTHOG_PATHS_FILTER_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_POSTHOG_PATHS_FILTER_PRIVATE_KEY }} | |
| - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 | |
| id: filter | |
| with: | |
| token: ${{ steps.app-token.outputs.token || github.token }} | |
| filters: | | |
| rasterizer_files: | |
| - 'nodejs/**' | |
| - 'common/hogvm/typescript/**' | |
| - 'common/plugin_transpiler/**' | |
| - 'common/esbuilder/**' | |
| - 'common/replay-shared/**' | |
| - 'common/replay-headless/**' | |
| - 'rust/cyclotron-node/**' | |
| - 'rust/cyclotron-core/**' | |
| - 'Dockerfile.recording-rasterizer' | |
| - '.github/workflows/ci-recording-rasterizer-container.yml' | |
| - 'bin/turbo' | |
| - 'patches/**' | |
| - 'turbo.json' | |
| - 'tsconfig.json' | |
| - 'package.json' | |
| - 'pnpm-lock.yaml' | |
| - 'pnpm-workspace.yaml' | |
| build: | |
| needs: changes | |
| name: Build and push recording-rasterizer image | |
| if: | | |
| (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && needs.changes.outputs.rasterizer_files == 'true') || | |
| github.event_name == 'merge_group' || | |
| (github.event_name == 'workflow_dispatch' && github.repository_owner == 'PostHog' && vars.CD_DEPLOY_ENABLED == 'true') || | |
| (github.event_name == 'schedule' && github.repository_owner == 'PostHog' && vars.CD_DEPLOY_ENABLED == 'true') || | |
| (github.event_name == 'push' && github.ref == 'refs/heads/master' && needs.changes.outputs.rasterizer_files == 'true' && github.repository_owner == 'PostHog' && vars.CD_DEPLOY_ENABLED == 'true') | |
| runs-on: depot-ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| id-token: write # allow issuing OIDC tokens for this workflow run | |
| contents: read # allow reading the repo contents | |
| packages: write # allow push to ghcr.io | |
| outputs: | |
| digest: ${{ steps.build.outputs.digest }} | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 | |
| - name: Set up Depot CLI | |
| uses: depot/setup-action@15c09a5f77a0840ad4bce955686522a257853461 # v1.7.1 | |
| - name: Docker meta and registry login | |
| id: docker-meta | |
| uses: ./.github/actions/docker-meta | |
| with: | |
| image-name: posthog-recording-rasterizer | |
| aws-role-to-assume: ${{ secrets.AWS_ECR_PUBLISH_IAM_ROLE }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| dockerhub-username: ${{ secrets.DOCKERHUB_USER }} | |
| dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and push container image | |
| id: build | |
| uses: depot/build-push-action@5f3b3c2e5a00f0093de47f657aeaefcedff27d18 # v1.17.0 | |
| with: | |
| context: . | |
| buildx-fallback: false | |
| project: '00mrvlsdvh' | |
| push: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' || vars.CD_DEPLOY_ENABLED == 'true' }} | |
| file: Dockerfile.recording-rasterizer | |
| tags: ${{ steps.docker-meta.outputs.tags }} | |
| labels: ${{ steps.docker-meta.outputs.labels }} | |
| platforms: linux/amd64 | |
| build-args: | | |
| COMMIT_HASH=${{ github.sha }} | |
| DEPS_CACHE_BUST=${{ github.event_name == 'schedule' && github.run_id || 'pinned' }} | |
| - name: Container image digest | |
| env: | |
| IMAGE_DIGEST: ${{ steps.build.outputs.digest }} | |
| IMAGE_REGISTRY: ${{ steps.docker-meta.outputs.ecr-registry }} | |
| COMMIT_SHA: ${{ github.sha }} | |
| run: | | |
| echo "Image digest: $IMAGE_DIGEST" | |
| echo "Full image reference: $IMAGE_REGISTRY/posthog-recording-rasterizer:$COMMIT_SHA@$IMAGE_DIGEST" | |
| echo "## Container image built :rocket:" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Image reference:** \`$IMAGE_REGISTRY/posthog-recording-rasterizer:$COMMIT_SHA@$IMAGE_DIGEST\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Image SHA:** \`$COMMIT_SHA@$IMAGE_DIGEST\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "- Commit: \`$COMMIT_SHA\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- Digest: \`$IMAGE_DIGEST\`" >> $GITHUB_STEP_SUMMARY | |
| - name: Report failure | |
| if: failure() | |
| uses: PostHog/posthog-github-action@58dea254b598fb5d469c0699c98af8288a7f7650 # v1.2.0 | |
| with: | |
| posthog-token: ${{ secrets.POSTHOG_API_TOKEN }} | |
| event: 'recording-rasterizer-image-build' | |
| properties: '{"status": "failure", "commit_hash": "${{ github.sha }}"}' | |
| - name: Report failure to DevEx PostHog | |
| if: failure() | |
| continue-on-error: true | |
| uses: PostHog/posthog-github-action@58dea254b598fb5d469c0699c98af8288a7f7650 # v1.2.0 | |
| with: | |
| posthog-token: ${{ secrets.POSTHOG_DEVEX_PROJECT_API_TOKEN }} | |
| event: 'recording-rasterizer-image-build' | |
| properties: '{"status": "failure", "commit_hash": "${{ github.sha }}"}' | |
| deploy: | |
| name: Deploy recording-rasterizer service | |
| runs-on: ubuntu-24.04 | |
| timeout-minutes: 5 | |
| needs: build | |
| if: github.repository_owner == 'PostHog' && vars.CD_DEPLOY_ENABLED == 'true' && ((github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'schedule') | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get deployer token | |
| id: deployer | |
| uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 | |
| with: | |
| client-id: ${{ secrets.GH_APP_CHARTS_DEPLOYER_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_CHARTS_DEPLOYER_PRIVATE_KEY }} | |
| owner: PostHog | |
| repositories: charts | |
| - name: Get PR labels | |
| id: labels | |
| uses: ./.github/actions/get-pr-labels | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| # On a scheduled (cron) run there is no head_commit in the event payload, so reuse it | |
| # verbatim for push and synthesize a minimal commit object from git HEAD for schedule. | |
| - name: Resolve commit metadata | |
| id: commit | |
| shell: bash | |
| env: | |
| EVENT_NAME: ${{ github.event_name }} | |
| HEAD_COMMIT_JSON: ${{ toJson(github.event.head_commit) }} | |
| HEAD_COMMIT_TIMESTAMP: ${{ github.event.head_commit.timestamp }} | |
| COMMIT_SHA: ${{ github.sha }} | |
| run: | | |
| if [ "$EVENT_NAME" = "schedule" ]; then | |
| timestamp="$(git show -s --format=%cI HEAD)" | |
| commit_json="$(jq -nc \ | |
| --arg id "$COMMIT_SHA" \ | |
| --arg message "$(git show -s --format=%s HEAD)" \ | |
| --arg timestamp "$timestamp" \ | |
| --arg name "$(git show -s --format=%an HEAD)" \ | |
| --arg email "$(git show -s --format=%ae HEAD)" \ | |
| '{id: $id, message: $message, timestamp: $timestamp, author: {name: $name, email: $email}}')" | |
| else | |
| commit_json="$HEAD_COMMIT_JSON" | |
| timestamp="$HEAD_COMMIT_TIMESTAMP" | |
| fi | |
| { | |
| echo "commit_json<<COMMIT_JSON_EOF" | |
| echo "$commit_json" | |
| echo "COMMIT_JSON_EOF" | |
| echo "timestamp=$timestamp" | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Trigger recording-rasterizer deployment | |
| uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 | |
| with: | |
| token: ${{ steps.deployer.outputs.token }} | |
| repository: PostHog/charts | |
| event-type: commit_state_update | |
| client-payload: | | |
| { | |
| "values": { | |
| "image": { | |
| "sha": "${{ github.sha }}@${{ needs.build.outputs.digest }}" | |
| } | |
| }, | |
| "release": "recording-rasterizer", | |
| "commit": ${{ steps.commit.outputs.commit_json }}, | |
| "repository": ${{ toJson(github.repository) }}, | |
| "labels": ${{ steps.labels.outputs.labels }}, | |
| "timestamp": "${{ steps.commit.outputs.timestamp }}" | |
| } |