feat(ci): run self-hosted upgrade test#113388
Conversation
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
aldy505
added
the
Trigger: getsentry tests
Dav1dde
added
Trigger: getsentry tests
kenzoengineer
left a comment
kenzoengineer
left a comment
There was a problem hiding this comment.
overall makes sense to me, would want some eyes from @hubertdeng123 though
just had one comment
| vroom | ||
| uptime_checker | ||
| image_url: |- | ||
| ghcr.io/getsentry/sentry:${{ github.sha }}-amd64 |
There was a problem hiding this comment.
we only build images if the PR author is an OWNER or MEMBER, does this mean this step fails when external contributors make a PR?
hubertdeng123
left a comment
hubertdeng123
left a comment
There was a problem hiding this comment.
Do we have an idea how long this will take to run in CI? I'd suspect this will take quite a while, and we'd be running tests on migrations which doesn't seem necessary.
TBH I'm pretty certain we don't need to even bring up self-hosted here. Instead, we can just checkout sentry at the latest release tag and run migrations up to latest using the dev environment
I would assume 15-20 mins
Sounds great to me. How do we do that? |
|
I'd imagine it'd look something like this at the beginning, we perform migrations up to the latest tag. Then, checkout nightly and perform migrations up to nightly |
github-actions
Bot
removed
the
Trigger: getsentry tests
aldy505
added
the
Trigger: getsentry tests
| runs-on: ubuntu-24.04 | ||
| timeout-minutes: 30 | ||
| needs: did-migration-change | ||
| if: ${{ needs.did-migration-change.outputs.modified == 'true' || needs.did-migration-change.outputs.added == 'true' }} |
There was a problem hiding this comment.
Bug: The upgrade-test CI job will not run for modified migration files because the migrations_modified filter is not defined in .github/file-filters.yml.
Severity: MEDIUM
Suggested Fix
Define the migrations_modified filter in .github/file-filters.yml using the modified: event qualifier, similar to how migrations_added is defined. This will ensure the dorny/paths-filter action correctly detects modified migration files and populates the migrations_modified output, allowing the upgrade-test job to trigger as intended.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: .github/workflows/migrations.yml#L84
Potential issue: The `upgrade-test` job's conditional logic is intended to trigger for
both added and modified migration files. However, the check for modified files,
`needs.did-migration-change.outputs.modified == 'true'`, will never evaluate to true.
This is because the underlying output `steps.changes.outputs.migrations_modified` from
the `dorny/paths-filter` action is always empty, as the `migrations_modified` filter key
is not defined in `.github/file-filters.yml`. Consequently, the `upgrade-test` job is
silently skipped for all modified migration files, potentially allowing breaking changes
to be merged without testing.
| runs-on: ubuntu-24.04 | ||
| timeout-minutes: 30 | ||
| needs: did-migration-change | ||
| if: ${{ needs.did-migration-change.outputs.modified == 'true' || needs.did-migration-change.outputs.added == 'true' }} |
There was a problem hiding this comment.
Upgrade test never triggers for modified migrations
Medium Severity
The modified == 'true' part of this condition will never be true because the migrations_modified filter is not defined in .github/file-filters.yml — only migrations_added exists. The needs.did-migration-change.outputs.modified value will always be an empty string, meaning this upgrade test only runs for newly added migrations, not for modified ones. Since the stated goal is to prevent InconsistentMigrationHistory, and modifying an existing migration's dependencies is one way to cause that error, this is a coverage gap.
Reviewed by Cursor Bugbot for commit d12be93. Configure here.
github-actions
Bot
removed
the
Trigger: getsentry tests
| run: | | ||
| sentry upgrade --noinput |
There was a problem hiding this comment.
Bug: The upgrade-test job may fail with a ModuleNotFoundError because it runs new migrations against a stale Python environment that lacks new dependencies from the PR.
Severity: MEDIUM
Suggested Fix
After checking out the PR's code with clean: false, re-synchronize the Python virtual environment using the PR's uv.lock file. Add a step to run uv sync --frozen --active to install any new dependencies before the sentry upgrade command is executed.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: .github/workflows/migrations.yml#L107-L108
Potential issue: In the `upgrade-test` job, the Python virtual environment is created
based on an old release tag's dependencies. The workflow then checks out the pull
request's code but preserves the old, stale environment. When `sentry upgrade --noinput`
is executed, it runs new migration files from the PR. If a new migration imports a
module from a newly added external Python dependency, the command will fail with a
`ModuleNotFoundError` because the required dependency is not present in the virtual
environment.
There was a problem hiding this comment.
Yes, this is true since you're checking out the new branch but not installing new dependencies
aldy505
added
the
Trigger: getsentry tests
|
Do you have a successful run of this in CI? I'd like to see one to verify that this is working as intended |
github-actions
Bot
removed
the
Trigger: getsentry tests
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit afac2a7. Configure here.
| clean: false | ||
| - name: Apply migrations again to test upgrade path | ||
| run: | | ||
| sentry upgrade --noinput |
There was a problem hiding this comment.
Missing dependency reinstall before second migration run
High Severity
After checking out the current ref (with clean: false), the upgrade-test job runs sentry upgrade --noinput without reinstalling Python dependencies. The setup-sentry action (which runs uv sync --frozen --active and fast_editable) is only executed against the release tag's uv.lock. If the current branch introduces any new dependencies, Django will fail to load apps/models with an ImportError, producing a false CI failure unrelated to migration consistency. Unlike the existing sql job which only runs git diff after checkout, this job needs the full sentry environment functional for the second sentry upgrade call.
Reviewed by Cursor Bugbot for commit afac2a7. Configure here.
@hubertdeng123 Nope, do you have any idea on how to test this? |
4 participants
To prevent
InconsistentMigrationHistoryin the future.Corresponding self-hosted PR: getsentry/self-hosted#4288