.github/workflows/tests.yml

name: Tests

on:
  push:
    branches: [main, experimental]
  pull_request:

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

jobs:
  build:
    runs-on: ubuntu-latest
    # required for google auth
    permissions:
      contents: "read"
      id-token: "write"

    env:
      TEST: 1

    steps:
      - uses: actions/checkout@v4
      - id: "auth"
        uses: google-github-actions/auth@v1
        with:
          workload_identity_provider: "projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool"
          service_account: "gha-seer-models@sac-prod-sa.iam.gserviceaccount.com"
          token_format: "id_token"
          id_token_audience: "610575311308-9bsjtgqg4jm01mt058rncpopujgk3627.apps.googleusercontent.com"
          id_token_include_email: true
          create_credentials_file: true
      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v1
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Fetch models
        if: github.event_name == 'push'
        run: |
          rm -rf ./models
          gcloud storage cp -r gs://sentry-ml/seer/models ./
      - name: Build image
        run: |
          make .env
          docker buildx bake --file docker-compose.yml --file docker-compose-cache.json --load
          docker compose run app flask db history
          docker compose run app flask db upgrade
      - name: Save Docker images
        run: |
          mkdir -p /tmp/docker-images
          docker compose config --format json | jq -r '.services[].image' | while read -r image; do
            docker save "$image" > "/tmp/docker-images/$(echo $image | tr '/:' '_').tar"
          done
      - name: Upload Docker images
        uses: actions/upload-artifact@v4
        with:
          name: docker-images
          path: /tmp/docker-images/*.tar
          retention-days: 1

  test:
    needs: build
    runs-on: ubuntu-latest
    permissions:
      contents: "read"
      id-token: "write"
    env:
      TEST: 1
    steps:
      - uses: actions/checkout@v4
      - id: "auth"
        uses: google-github-actions/auth@v1
        with:
          workload_identity_provider: "projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool"
          service_account: "gha-seer-models@sac-prod-sa.iam.gserviceaccount.com"
          token_format: "id_token"
          id_token_audience: "610575311308-9bsjtgqg4jm01mt058rncpopujgk3627.apps.googleusercontent.com"
          id_token_include_email: true
          create_credentials_file: true
      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v1
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Set EXTRA_COMPOSE_TEST_OPTIONS
        run: |
          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
            echo "EXTRA_COMPOSE_TEST_OPTIONS=-e NO_REAL_MODELS=1 -e NO_SENTRY_INTEGRATION=1 -e CI=1" >> $GITHUB_ENV
          else
            echo "EXTRA_COMPOSE_TEST_OPTIONS=-e NO_SENTRY_INTEGRATION=1 -e CI=1" >> $GITHUB_ENV
          fi
      - name: Download Docker images
        uses: actions/download-artifact@v4
        with:
          name: docker-images
          path: /tmp/docker-images
      - name: Load Docker images
        run: |
          for image in /tmp/docker-images/*.tar; do
            docker load < "$image"
          done
      - name: Typecheck with mypy
        run: |
          make mypy
      - name: Validate no pending migrations
        run: |
          make check-no-pending-migrations
      - name: Decrypt VCR cassettes
        run: |
          pip install -r scripts/requirements.txt
          make vcr-decrypt
      - name: Test with pytest
        run: |
          make test
      - name: Upload to codecov
        if: ${{ always() }}
        uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: ".artifacts/coverage.xml"
          override_commit: ${{ github.event.pull_request.head.sha }}
          plugin: noop
          verbose: true