ci: Port CI to GitHub Actions

[jan-auer]

Moves all CI jobs from Travis and AppVeyor to GitHub Actions. This comes with a few changes in the build pipeline:

• Python linting and formatting is checked again
• The macOS wheel now requires 10.15.0 since this is the minimum version offered by GitHub
• Integration tests no longer run haproxy or gobetween. They can be added as service if they provide any value.

Due to the wheel change, this will require a changelog entry.

[jan-auer]

For some reason, macOS is failing now, where it already passed in 312845f. Since it complains that serde_derive is missing, I'm assuming that caches are somehow broken.

error[E0463]: can't find crate for `serde_derive` which `serde` depends on
##[error] --> relay-redis/src/config.rs:1:5
  |
1 | use serde::{Deserialize, Serialize};
  |     ^^^^^ can't find crate

[BYK]

Why not move this after the actions/cache step so it is also cached?

[BYK]

Btw protip: you can skip entire steps based on the action/cache step's output: getsentry/sentry-docs#2231

[jan-auer]

We're not caching toolchain installations, only cargo's own cache and the target folder. These are the expensive operations that take time. All the rest is usually so fast that caching doesn't really matter and I opted to reduce caches to the absolute minimum.

FWIW, you can see that release builds don't have caches at all, to ensure we're never working off a poisoned cache.

[BYK]

FWIW, you can see that release builds don't have caches at all, to ensure we're never working off a poisoned cache.

I don't think poitioned caches are a significant thread but even if they were, we can simply make the caching step conditional on this not being a release branch and speed up PR builds?

[BYK]

I think this part can/should be replaced with actions/checkout

[jan-auer]

Sounds good, I'll consider that in a follow-up PR. These jobs were just moved, so I would like to not touch them.

My plan is to make this a reusable action that we can use for all sorts of cross-committing activities we do in the organization.

[jan-auer]

This is ready now. Will disable AppVeyor and update status checks just before merging and then push the changelog to trigger the final build.

[billyvg]

lgtm!

[billyvg]

You could use a matrix here, but tbh what you have is probably more clear despite some duplication

[jan-auer]

Good point. I had a matrix at first, but ended up choosing this for the cleaner config. As soon as craft supports GitHub artifacts, the biggest chunk of duplication (zeus uploads) will be gone and this will be neat and clean. Would propose to revisit once we can move off Zeus.

[untitaker]

Do we really want to stop using the makefile entirely in CI? That creates a split between local dev and it.

[untitaker]

out of curiosity, what was wrong with install -g and running the binary directly?

[jan-auer]

Good point, I can try that. Originally, I used just npx, and then noticed that it is reinstalling on every invocation. On Azure Pipelines, one cannot run global installations, but that may work on GitHub actions.

[untitaker]

on_failure does not seem to be ported, is there no equivalent on gha?

[BYK]

There is: https://github.com/getsentry/onpremise/blob/21d1b6d42eee14d0de93ba77fe981f9f2a82447e/.github/workflows/test.yml#L38-L42

[jan-auer]

Also, we no longer need this, as we do not depend on Zeus for status checks. It is only an artifact storage, so it does not matter whether we report failures.

[untitaker]

this has come up before but do we have a general policy wrt third-party github actions? since github tags are mutable as opposed to most package registries, and this has access to a token

[jan-auer]

Deferring to the policy-makers here. So far, there has been no push-back.

Note that this was not changed from master, just moved.

[jan-auer]

Maybe @billyvg has insights?

[untitaker]

This seems like counterintuitive behavior. Do we want to start doing this across the org?

[jan-auer]

I think we should do this only where it shows significant benefits. I can imagine doing this in symbolicator, although there stack traces are actually useful for debugging in contrast to Relay. Repositories like symbolic or even smaller crates build fast enough so that such a hack is not necessary.

For the curious: This cuts build times in half, and reduces the size of the target folder by 45%.

[jan-auer]

Here are two test releases with craft:

• Library run: https://github.com/getsentry/relay/runs/1142528497
• Library artifacts: https://zeus.ci/gh/getsentry/relay/builds/7793
• Binary run: https://github.com/getsentry/relay/runs/1142527218
• Binary artifacts: https://zeus.ci/gh/getsentry/relay/builds/7795/artifacts

[jan-auer]

This will require getsentry/craft#124 for successful publishing with craft. Once we've released a patch release of craft, we need to bump the minimum craft requirement in craft.yml and then this can be merged.