chore(repo): Expand CW Metric logging to all tests #3912
Conversation
|
Please note that all dart unit tests on beta have been failing since an unknown time due to a compile issue with Object on a smithy http_operation. This will need to be fixed separately. Failing scheduled dart test (same for all category dart tests): https://github.com/aws-amplify/amplify-flutter/actions/runs/6439416299/job/17487065066 |
fjnoyp
changed the title
1. Take working-directory instead of package-name to find category 2. Matrix is not required in cases when matrix does not exist 3. Remove category input, will be calculated using working-directory input instead. 4. Refactory Github API response parse logic to use generated class files
Generated workflows now need additional permissions and inherit secrets to enable their sub workflow calls to be authorized to log metrics.
This reverts commit b19c40b.
fjnoyp
force-pushed
the
feat/mine/finalizedDartActionV4
branch
from
451aa57 to
3c01a85
Compare
| @@ -8,12 +8,11 @@ inputs: | |||
| github-token: | |||
| required: true | |||
| description: Github token for requesting failing steps. | |||
| package-name: | |||
| description: The name of the package being tested | |||
| working-directory: | |||
There was a problem hiding this comment.
Switch parameter sent because package-name does not give sufficient information on category information for smithy and other minor categories.
| @@ -22,9 +21,6 @@ inputs: | |||
| test-type: | |||
| description: canary, integration, unit testType. | |||
| required: true | |||
| category: | |||
There was a problem hiding this comment.
This is now computed based on working-directory
| package-name: ${{ inputs.package-name }} | ||
| matrix: ${{ toJson(matrix) }} | ||
| working-directory: ${{ inputs.working-directory }} | ||
| matrix: ${{ toJson(matrix) != 'null' && toJson(matrix) || '' }} |
There was a problem hiding this comment.
Updated to handle null matrix cases
| # These permissions are needed to interact with GitHub's OIDC Token endpoint. | ||
| permissions: | ||
| id-token: write | ||
| contents: read |
There was a problem hiding this comment.
All workflows need these permissions now in order to send the Cloudwatch Metric
| @@ -12,8 +12,7 @@ on: | |||
| type: string | |||
|
|
|||
| jobs: | |||
| test: | |||
| name: Test | |||
| test-dart-ddc: | |||
There was a problem hiding this comment.
NOTE: in order to properly distinguish jobs within a given workflow run, the jobs must not have a name field set and must have a unique identifiable name. Please see the comments added to log_cw_metric.dart for more information.
| package-name: ${{ inputs.package-name }} | ||
| matrix: ${{ toJson(matrix) }} | ||
| working-directory: ${{ inputs.working-directory }} | ||
| matrix: ${{ toJson(matrix) != 'null' && toJson(matrix) || '' }} |
There was a problem hiding this comment.
I'm not following this. Is there a way to write this more clearly in code? If not, can you add a comment.
There was a problem hiding this comment.
Good point, this code can be improved. Updated to:
# Sending a null value will cause the action to fail so we must send an empty string here.
matrix: ${{ matrix == '' && '{}' || toJSON(matrix) }}
If the matrix value is empty we send a blank {} else we convert to json and send back.
| permissions: read-all | ||
| # These permissions are needed to interact with GitHub's OIDC Token endpoint. | ||
| permissions: | ||
| id-token: write |
There was a problem hiding this comment.
Why is write access needed?
There was a problem hiding this comment.
Setting the permissions to write is required in order to request an OpenID Connect JWT.
Removing this permission causes logging to fail to assume the token.
There was a problem hiding this comment.
We need a token in order to post the log to cloudwatch, I assume?
There was a problem hiding this comment.
This utilizes the same framework that AppSec signed off several months ago when we just started sending Cloudwatch logs from our canaries.
| working-directory: ${{ inputs.working-directory }} | ||
|
|
||
| # Sending a null value will cause the action to fail so we must send an empty string here. | ||
| matrix: ${{ matrix == '' && '{}' || toJSON(matrix) }} |
There was a problem hiding this comment.
Question asked out of ignorance: Where does the matrix var come from, and why wouldn't we do ${{ toJSON(matrix) || matrix == '' && '{}' }}?
There was a problem hiding this comment.
matrix is a github context variable see: https://docs.github.com/en/actions/learn-github-actions/contexts#matrix-context
I guess we could do it that way as it's just an inversion of the logic.
There was a problem hiding this comment.
I read this statement as:
if
matrixequals "{}", assign the matrix yaml value to "true".
ELSE
parse the matrix yaml value from json
I don't understand that logic. Why would we set the matrix yaml value to "true"? Or am I misreading this? I'm very new to GH actions so it's entirely possible I am missing something crucial here.
Also - I don't understand how a single value can evaluate to both '' and '{}' at the same time? Is this javascript?
There was a problem hiding this comment.
We don't have ternary operators in Github Actions but that's essentially what we're trying to do here. If matrix is null we want to send {} otherwise we send a json version of matrix.
To do that we first check if matrix environment variable is empty or not. If it's empty we send {} this is achieved via &&, otherwise (||) we send toJSON(matrix).
Yes it is a javascript style logical operators. It is not evaluating to both '' and '{}' at the same time, it is using the '' to check matrix value before returning {} in that case.
${{ matrix == '' && '{}' || toJSON(matrix) }}
fjnoyp
force-pushed
the
feat/mine/finalizedDartActionV4
branch
from
4d54849 to
4d6e399
Compare
* chore(repo): Update Metric Logging Logic 1. Take working-directory instead of package-name to find category 2. Matrix is not required in cases when matrix does not exist 3. Remove category input, will be calculated using working-directory input instead. 4. Refactory Github API response parse logic to use generated class files Generated workflows now need additional permissions and inherit secrets to enable their sub workflow calls to be authorized to log metrics.
* chore(repo): Update Metric Logging Logic 1. Take working-directory instead of package-name to find category 2. Matrix is not required in cases when matrix does not exist 3. Remove category input, will be calculated using working-directory input instead. 4. Refactory Github API response parse logic to use generated class files Generated workflows now need additional permissions and inherit secrets to enable their sub workflow calls to be authorized to log metrics.
* chore(repo): Update Metric Logging Logic 1. Take working-directory instead of package-name to find category 2. Matrix is not required in cases when matrix does not exist 3. Remove category input, will be calculated using working-directory input instead. 4. Refactory Github API response parse logic to use generated class files Generated workflows now need additional permissions and inherit secrets to enable their sub workflow calls to be authorized to log metrics.
Issue #, if available:
Description of changes:
Add logic to send Cloudwatch metrics from all Github Action workflows.
Update aft to generate workflows that track metrics.
Update base github workflows to track metrics.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.