Unverified Commit aff489bb authored by ysaito1001's avatar ysaito1001 Committed by GitHub
Browse files

Run canary as part of CI (#3525) 

## Motivation and Context
CI now runs
[canary](https://github.com/smithy-lang/smithy-rs/tree/main/tools/ci-cdk/canary-lambda/src/latest)
on pull requests.

## Description
Historically, canary has been running only during releases and daily in
the
[aws-sdk-rust](https://github.com/awslabs/aws-sdk-rust/actions/workflows/canary.yaml)
repository. This presents a problem of action at a distance where a
potential bug that may hurt canary won't immediately be caught when a PR
is merged to `main` in `smithy-rs` (such as code under code under
`#[cfg(debug_assertions)]` was not used during canary's lambda execution
and the definition of an item only used under that resulted in unused
warning). This PR will address that problem.

PRs from forked repositories cannot run the `Canary` job (it will be
skipped). A maintainer can run it on their behalf within
`smithy-lang:smithy-rs` using a newly added [manual
workflow](https://github.com/smithy-lang/smithy-rs/pull/3525/files#diff-1b1b5b27850107cb97519c98de99d35a49b90277ccb52201b842e9b81feb5d47).

After we merge this to main, we will update the branch protection so
that the `Canary` job is required for merge, in addition to ` Matrix
Success ` (this will not affect PRs from forked repositories since the
`Canary` job will be skipped a skipped job will [report its status as
Success](https://docs.github.com/en/actions/using-jobs/using-conditions-to-control-job-execution),
but a manual canary run should pass).

## Testing
- Verified a PR in `smithy-lang:smithy-rs` ran the canary
([passed](https://github.com/smithy-lang/smithy-rs/actions/runs/8473703578/job/23219021189?pr=3525)).
- Verified a PR in a `smithy-rs` fork cannot run the canary and
[indicated that a maintainer needs to run it
manually](https://github.com/smithy-lang/smithy-rs/actions/runs/8473799146/job/23218944122?pr=3528)
- Verified a maintainer can manually invoke the canary using a PR from a
fork
([passed](https://github.com/smithy-lang/smithy-rs/actions/runs/8474050953))
- Verified internal release pipeline passed with [the changes to
canary-runner](https://github.com/smithy-lang/smithy-rs/pull/3525/files#diff-cc953ba68fec8cf937e1aa70181a901150fc5f1a74bf6ca1075d522c63d1eb6f)

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
parent 879a8e6a

.github/workflows/canary.yml

deleted100644 → 0
+0 −14
Original line number Diff line number Diff line 
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# SPDX-License-Identifier: Apache-2.0



name: Canary

on:

  workflow_dispatch:



jobs:

  canary:

    name: Canary

    runs-on: ubuntu-latest

    steps:

    - name: Invoke canary in aws-sdk-rust

      run: echo "Hello World"

.github/workflows/ci-main.yml

+2 −0
Original line number Diff line number Diff line
@@ -68,3 +68,5 @@ jobs: 
    secrets:

      ENCRYPTED_DOCKER_PASSWORD: ${{ needs.acquire-base-image.outputs.docker-login-password }}

      DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}

      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}

      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}

.github/workflows/ci-merge-queue.yml

+2 −0
Original line number Diff line number Diff line
@@ -91,3 +91,5 @@ jobs: 
    secrets:

      ENCRYPTED_DOCKER_PASSWORD: ${{ needs.save-docker-login-token.outputs.docker-login-password }}

      DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}

      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}

      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}

.github/workflows/ci-pr-forks.yml

+1 −0
Original line number Diff line number Diff line
@@ -42,4 +42,5 @@ jobs: 
    if: ${{ github.event.pull_request.head.repo.full_name != 'smithy-lang/smithy-rs' }}

    uses: ./.github/workflows/ci.yml

    with:

      run_canary: false

      run_sdk_examples: true

.github/workflows/ci-pr.yml

+2 −0
Original line number Diff line number Diff line
@@ -93,6 +93,8 @@ jobs: 
    secrets:

      ENCRYPTED_DOCKER_PASSWORD: ${{ needs.save-docker-login-token.outputs.docker-login-password }}

      DOCKER_LOGIN_TOKEN_PASSPHRASE: ${{ secrets.DOCKER_LOGIN_TOKEN_PASSPHRASE }}

      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}

      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}



  # The PR bot requires a Docker build image, so make it depend on the `acquire-base-image` job.

  pr_bot: