Merge branch 'master' into byk/feat/s3-nodestore

Author: aldy505

.env

@@ -9,11 +9,13 @@ SENTRY_EVENT_RETENTION_DAYS=90
 SENTRY_BIND=9000
 # Set SENTRY_MAIL_HOST to a valid FQDN (host/domain name) to be able to send emails!
 # SENTRY_MAIL_HOST=example.com
-SENTRY_IMAGE=getsentry/sentry:nightly
-SNUBA_IMAGE=getsentry/snuba:nightly
-RELAY_IMAGE=getsentry/relay:nightly
-SYMBOLICATOR_IMAGE=getsentry/symbolicator:nightly
-VROOM_IMAGE=getsentry/vroom:nightly
+SENTRY_IMAGE=ghcr.io/getsentry/sentry:nightly
+SNUBA_IMAGE=ghcr.io/getsentry/snuba:nightly
+RELAY_IMAGE=ghcr.io/getsentry/relay:nightly
+SYMBOLICATOR_IMAGE=ghcr.io/getsentry/symbolicator:nightly
+TASKBROKER_IMAGE=ghcr.io/getsentry/taskbroker:nightly
+VROOM_IMAGE=ghcr.io/getsentry/vroom:nightly
+UPTIME_CHECKER_IMAGE=ghcr.io/getsentry/uptime-checker:nightly
 HEALTHCHECK_INTERVAL=30s
 HEALTHCHECK_TIMEOUT=1m30s
 HEALTHCHECK_RETRIES=10

.github/ISSUE_TEMPLATE/release.yml

@@ -15,6 +15,7 @@ body:
           - [ ] [`snuba`](https://github.com/getsentry/snuba/actions/workflows/release.yml)
           - [ ] [`symbolicator`](https://github.com/getsentry/symbolicator/actions/workflows/release.yml)
           - [ ] [`vroom`](https://github.com/getsentry/vroom/actions/workflows/release.yaml)
+          - [ ] [`taskbroker`](https://github.com/getsentry/taskbroker/actions/workflows/release.yml)
         - [ ] Release self-hosted.
           - [ ] [Prepare the `self-hosted` release](https://github.com/getsentry/self-hosted/actions/workflows/release.yml) (_replace with publish issue repo link_).
           - [ ] Check to make sure the new release branch in self-hosted includes the appropriate CalVer images.

.github/dependabot.yml

@@ -6,7 +6,7 @@ updates:
       interval: daily
     open-pull-requests-limit: 0 # only security updates
     reviewers:
-      - "@getsentry/open-source"
+      - "@getsentry/dev-infra"
       - "@getsentry/security"
 
   - package-ecosystem: "github-actions"
@@ -15,5 +15,5 @@ updates:
       # Check for updates to GitHub Actions every week
       interval: "weekly"
     reviewers:
-      - "@getsentry/open-source"
+      - "@getsentry/dev-infra"
       - "@getsentry/security"

.github/workflows/enforce-license-compliance.yml

@@ -8,6 +8,7 @@ on:
 
 jobs:
   enforce-license-compliance:
+    if: github.repository_owner == 'getsentry'
     runs-on: ubuntu-latest
     steps:
       - name: 'Enforce License Compliance'

.github/workflows/release.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
       - name: Get auth token
         id: token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
         with:
           app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
           private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
@@ -49,7 +49,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: getsentry/action-release@v1
+      - uses: getsentry/action-release@v3
         env:
           SENTRY_ORG: self-hosted
           SENTRY_PROJECT: installer

.github/workflows/shellcheck.yml

@@ -0,0 +1,44 @@
+---
+name: "ShellCheck"
+on:
+  push:
+    paths:
+      - "**.sh"
+    branches: [master]
+  pull_request:
+    paths:
+      - "**.sh"
+    branches: [master]
+
+jobs:
+  shellcheck:
+    name: ShellCheck
+    runs-on: ubuntu-latest
+    steps:
+      - name: Repository checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run ShellCheck
+        run: |
+          git diff --name-only -z `git merge-base origin/master HEAD` -- \
+            install/_lib.sh \
+            'optional-modifications/**.sh' \
+            'scripts/**.sh' \
+            unit-test.sh \
+            'workstation/**.sh' \
+          | xargs -0 -r -- \
+            shellcheck \
+              --shell=bash \
+              --format=json1 \
+              --external-sources \
+          | jq -r '
+            .comments
+            | map(.level |= if ([.] | inside(["info", "style"])) then "notice" else . end)
+            | .[] as $note
+            | "::\($note.level) file=\($note.file),line=\($note.line),endLine=\($note.endLine),col=\($note.column),endColumn=\($note.endColumn)::[SC\($note.code)] \($note.message)"
+          ' \
+          | grep . >&2 && exit 1
+
+          exit 0

.github/workflows/test.yml

@@ -19,250 +19,38 @@ defaults:
   run:
     shell: bash
 jobs:
-  e2e-test:
-    if: github.repository_owner == 'getsentry'
-    runs-on: ubuntu-22.04
-    name: "Sentry self-hosted end-to-end tests"
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: self-hosted
-
-      - name: End to end tests
-        uses: getsentry/action-self-hosted-e2e-tests@main
-        with:
-          project_name: self-hosted
-
   unit-test:
     if: github.repository_owner == 'getsentry'
-    runs-on: ubuntu-22.04
-    name: "unit tests"
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-24.04, ubuntu-24.04-arm]
+    name: ${{ matrix.os == 'ubuntu-24.04-arm' && 'unit tests (arm64)' || 'unit tests' }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Unit Tests
-        run: ./unit-test.sh
-
-  upgrade-test:
-    if: github.repository_owner == 'getsentry'
-    runs-on: ubuntu-22.04
-    name: "Sentry upgrade test"
-    env:
-      REPORT_SELF_HOSTED_ISSUES: 0
-    steps:
-      - name: Get latest self-hosted release version
-        run: |
-          LATEST_TAG=$(curl -s https://api.github.com/repos/getsentry/self-hosted/releases/latest | jq -r '.tag_name')
-          echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV
-
-      - name: Checkout latest release
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ env.LATEST_TAG }}
-
       - name: Get Compose
-        run: |
-          # Docker Compose v1 is installed here, remove it
-          sudo rm -f "/usr/local/bin/docker-compose"
-          sudo rm -f "/usr/local/lib/docker/cli-plugins/docker-compose"
-          sudo mkdir -p "/usr/local/lib/docker/cli-plugins"
-          sudo curl -L https://github.com/docker/compose/releases/download/v2.26.0/docker-compose-`uname -s`-`uname -m` -o "/usr/local/lib/docker/cli-plugins/docker-compose"
-          sudo chmod +x "/usr/local/lib/docker/cli-plugins/docker-compose"
-
-      - name: Prepare Docker Volume Caching
-        id: cache_key
-        run: |
-          # Set permissions for docker volumes so we can cache and restore
-          sudo chmod o+x /var/lib/docker
-          sudo chmod -R o+rwx /var/lib/docker/volumes
-          source .env
-          SENTRY_IMAGE_SHA=$(docker buildx imagetools inspect $SENTRY_IMAGE --format "{{println .Manifest.Digest}}")
-          echo "SENTRY_IMAGE_SHA=$SENTRY_IMAGE_SHA" >> $GITHUB_OUTPUT
-          SNUBA_IMAGE_SHA=$(docker buildx imagetools inspect $SNUBA_IMAGE --format "{{println .Manifest.Digest}}")
-          echo "SNUBA_IMAGE_SHA=$SNUBA_IMAGE_SHA" >> $GITHUB_OUTPUT
-
-      - name: Restore DB Volumes Cache
-        id: restore_cache
-        uses: actions/cache/restore@v4
-        with:
-          key: db-volumes-v4-${{ steps.cache_key.outputs.SENTRY_IMAGE_SHA }}-${{ steps.cache_key.outputs.SNUBA_IMAGE_SHA }}
-          restore-keys: |
-            db-volumes-v4-${{ steps.cache_key.outputs.SENTRY_IMAGE_SHA }}
-            db-volumes-v4-
-          path: |
-            /var/lib/docker/volumes/sentry-postgres/_data
-            /var/lib/docker/volumes/sentry-clickhouse/_data
-            /var/lib/docker/volumes/sentry-kafka/_data
+        uses: ./get-compose-action
 
-      - name: Install ${{ env.LATEST_TAG }}
-        env:
-          SKIP_DB_MIGRATIONS: ${{ steps.restore_cache.outputs.cache-hit == 'true' && '1' || '' }}
-        run: |
-          # This is for the cache restore on Kafka to work in older releases
-          docker run --rm -v "sentry-kafka:/data" busybox chown -R 1000:1000 /data
-          ./install.sh
-
-      - name: Prepare Docker Volume Caching
-        run: |
-          # Set permissions for docker volumes so we can cache and restore
-          sudo chmod o+x /var/lib/docker
-          sudo chmod -R o+rx /var/lib/docker/volumes
-          # Set tar ownership for it to be able to read
-          # From: https://github.com/actions/toolkit/issues/946#issuecomment-1726311681
-          sudo chown root /usr/bin/tar && sudo chmod u+s /usr/bin/tar
-
-      - name: Save DB Volumes Cache
-        if: steps.restore_cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
-        with:
-          key: ${{ steps.restore_cache.outputs.cache-primary-key }}
-          path: |
-            /var/lib/docker/volumes/sentry-postgres/_data
-            /var/lib/docker/volumes/sentry-clickhouse/_data
-            /var/lib/docker/volumes/sentry-kafka/_data
-
-      - name: Checkout current ref
-        uses: actions/checkout@v4
-
-      - name: Install current ref
-        run: |
-          # This is for the cache restore on Kafka to work in older releases
-          docker run --rm -v "sentry-kafka:/data" busybox chown -R 1000:1000 /data
-          ./install.sh
-
-      - name: Inspect failure
-        if: failure()
-        run: |
-          docker compose ps
-          docker compose logs
+      - name: Unit Tests
+        run: ./unit-test.sh
 
   integration-test:
     if: github.repository_owner == 'getsentry'
-    runs-on: ubuntu-22.04
-    name: integration test ${{ matrix.compose_version }} - customizations ${{ matrix.customizations }}
+    runs-on: ${{ matrix.os }}
     strategy:
-      fail-fast: false
       matrix:
-        customizations: ["disabled", "enabled"]
-        compose_version: ["v2.19.0", "v2.26.0"]
-        include:
-          - compose_version: "v2.19.0"
-            compose_path: "/usr/local/lib/docker/cli-plugins"
-          - compose_version: "v2.26.0"
-            compose_path: "/usr/local/lib/docker/cli-plugins"
+        os: [ubuntu-24.04, ubuntu-24.04-arm]
+    name: ${{ matrix.os == 'ubuntu-24.04-arm' && 'integration test (arm64)' || 'integration test' }}
     env:
-      COMPOSE_PROJECT_NAME: self-hosted-${{ strategy.job-index }}
       REPORT_SELF_HOSTED_ISSUES: 0
       SELF_HOSTED_TESTING_DSN: ${{ vars.SELF_HOSTED_TESTING_DSN }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Setup dev environment
-        run: |
-          pip install -r requirements-dev.txt
-          echo "PY_COLORS=1" >> "$GITHUB_ENV"
-          ### pytest-sentry configuration ###
-          if [ "$GITHUB_REPOSITORY" = "getsentry/self-hosted" ]; then
-            echo "PYTEST_SENTRY_DSN=$SELF_HOSTED_TESTING_DSN" >> $GITHUB_ENV
-            echo "PYTEST_SENTRY_TRACES_SAMPLE_RATE=0" >> $GITHUB_ENV
-
-            # This records failures on master to sentry in order to detect flakey tests, as it's
-            # expected that people have failing tests on their PRs
-            if [ "$GITHUB_REF" = "refs/heads/master" ]; then
-              echo "PYTEST_SENTRY_ALWAYS_REPORT=1" >> $GITHUB_ENV
-            fi
-          fi
-
-      - name: Get Compose
-        run: |
-          # Always remove `docker compose` support as that's the newer version
-          # and comes installed by default nowadays.
-          sudo rm -f "/usr/local/lib/docker/cli-plugins/docker-compose"
-          # Docker Compose v1 is installed here, remove it
-          sudo rm -f "/usr/local/bin/docker-compose"
-          sudo rm -f "${{ matrix.compose_path }}/docker-compose"
-          sudo mkdir -p "${{ matrix.compose_path }}"
-          sudo curl -L https://github.com/docker/compose/releases/download/${{ matrix.compose_version }}/docker-compose-`uname -s`-`uname -m` -o "${{ matrix.compose_path }}/docker-compose"
-          sudo chmod +x "${{ matrix.compose_path }}/docker-compose"
-
-      - name: Prepare Docker Volume Caching
-        id: cache_key
-        run: |
-          # Set permissions for docker volumes so we can cache and restore
-          sudo chmod o+x /var/lib/docker
-          sudo chmod -R o+rwx /var/lib/docker/volumes
-          source .env
-          SENTRY_IMAGE_SHA=$(docker buildx imagetools inspect $SENTRY_IMAGE --format "{{println .Manifest.Digest}}")
-          echo "SENTRY_IMAGE_SHA=$SENTRY_IMAGE_SHA" >> $GITHUB_OUTPUT
-          SNUBA_IMAGE_SHA=$(docker buildx imagetools inspect $SNUBA_IMAGE --format "{{println .Manifest.Digest}}")
-          echo "SNUBA_IMAGE_SHA=$SNUBA_IMAGE_SHA" >> $GITHUB_OUTPUT
-
-      - name: Restore DB Volumes Cache
-        id: restore_cache
-        uses: actions/cache/restore@v4
-        with:
-          key: db-volumes-v4-${{ steps.cache_key.outputs.SENTRY_IMAGE_SHA }}-${{ steps.cache_key.outputs.SNUBA_IMAGE_SHA }}
-          restore-keys: |
-            db-volumes-v4-${{ steps.cache_key.outputs.SENTRY_IMAGE_SHA }}
-            db-volumes-v4-
-          path: |
-            /var/lib/docker/volumes/sentry-postgres/_data
-            /var/lib/docker/volumes/sentry-clickhouse/_data
-            /var/lib/docker/volumes/sentry-kafka/_data
-
-      - name: Install self-hosted
-        env:
-          SKIP_DB_MIGRATIONS: ${{ steps.restore_cache.outputs.cache-hit == 'true' && '1' || '' }}
-        run: |
-          # This is for the cache restore on Kafka to work in older releases
-          docker run --rm -v "sentry-kafka:/data" busybox chown -R 1000:1000 /data
-          ./install.sh
-
-      - name: Prepare Docker Volume Caching
-        run: |
-          # Set permissions for docker volumes so we can cache and restore
-          sudo chmod o+x /var/lib/docker
-          sudo chmod -R o+rx /var/lib/docker/volumes
-          # Set tar ownership for it to be able to read
-          # From: https://github.com/actions/toolkit/issues/946#issuecomment-1726311681
-          sudo chown root /usr/bin/tar && sudo chmod u+s /usr/bin/tar
-
-      - name: Save DB Volumes Cache
-        if: steps.restore_cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
-        with:
-          key: ${{ steps.restore_cache.outputs.cache-primary-key }}
-          path: |
-            /var/lib/docker/volumes/sentry-postgres/_data
-            /var/lib/docker/volumes/sentry-clickhouse/_data
-            /var/lib/docker/volumes/sentry-kafka/_data
-
-      - name: Integration Test
-        run: |
-          docker compose up --wait
-          if [ "${{ matrix.compose_version }}" = "v2.19.0" ]; then
-            pytest --reruns 3 --cov --junitxml=junit.xml _integration-test/ --customizations=${{ matrix.customizations }}
-          else
-            pytest --cov --junitxml=junit.xml _integration-test/ --customizations=${{ matrix.customizations }}
-          fi
-
-      - name: Inspect failure
-        if: failure()
-        run: |
-          docker compose ps
-          docker compose logs
-
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          slug: getsentry/self-hosted
-
-      - name: Upload test results to Codecov
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@v1
+      - name: Use action from local checkout
+        uses: './'
         with:
-          token: ${{ secrets.CODECOV_TOKEN }}
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.pre-commit-config.yaml

@@ -1,3 +1,4 @@
+exclude: '\.patch$'
 repos:
 - repo: local
   hooks:
@@ -11,7 +12,6 @@ repos:
       args: [-w, -d]
       files: .*\.sh
       stages: [commit, merge-commit, push, manual]
-
 - repo: https://github.com/pre-commit/pre-commit-hooks
   rev: v4.3.0
   hooks: