ci: nightly E2E workflow for the Thrift and kernel backends#402
Conversation
ea1378e to
558f46c
Compare
4929e40 to
2a43d24
Compare
558f46c to
ba7b5d9
Compare
2a43d24 to
ebedfc7
Compare
ba7b5d9 to
2922c72
Compare
ebedfc7 to
23de162
Compare
2922c72 to
4b7b202
Compare
23de162 to
fb098a1
Compare
|
One operational concern: the kernel E2E job has a 40-minute job timeout, but it first runs a potentially cold On a cache miss or slow kernel build, the build only needs to take more than ~10 minutes before GitHub can kill the job before Go's timeout produces useful diagnostics about which E2E test hung or failed. Could we either raise the job timeout to something like 60-70 minutes, or split the budget explicitly, e.g. a timeout around |
|
Fixed in Went with the explicit-split option you suggested:
Worst case is now 25 (build) + 30 (go test) + setup < 65, so a wedged build is killed distinctly as a build-step failure, and a hung test still hits Go's own This comment was generated with GitHub MCP. |
6376422 to
4512646
Compare
ef7e5ec to
752e19b
Compare
4512646 to
091accc
Compare
752e19b to
125eec7
Compare
091accc to
ac112d4
Compare
Add a scheduled (07:00 UTC) + manually dispatchable workflow that runs the
credential-gated end-to-end suites against a real test SQL warehouse. The
ordinary "Go" workflow injects no warehouse secrets, so every E2E test t.Skip()s
there and real-warehouse behaviour — large multi-page CloudFetch, S3 downloads,
drain-past-deadline, real auth — is otherwise not exercised in CI.
Two jobs against one test warehouse:
- thrift-e2e: pure-Go (CGO_ENABLED=0), the high-value CloudFetch drain +
exact-row-count scenarios.
- kernel-e2e: reuses the go.yml kernel-build machinery (JFrog/cargo proxy,
pinned Rust, kernel App-token clone, kernel-lib/cargo caches), then runs the
databricks_kernel-tagged E2E funcs plus the Thrift-vs-kernel parity funcs
(which need both the kernel lib and live credentials).
Both suites now read the same DATABRICKS_PECOTESTING_* credentials, so one secret
set drives the whole workflow — the kernel E2E / parity test helpers are updated
from the ad-hoc DATABRICKS_HOST/_HTTP_PATH/_TOKEN vars to the PECOTESTING set
(with the _TOKEN_PERSONAL fallback the Thrift suite already uses). Each job has a
fail-loud credential guard so a missing secret errors instead of silently
skipping into a misleading green. TestKernelE2EM2M is excluded (-skip) since it
needs a service-principal client id/secret the warehouse secret set doesn't
carry; the job comment documents how to enable it.
Alerting is GitHub's built-in failed-scheduled-run notification. Provisioning the
DATABRICKS_PECOTESTING_* secrets in the repository is the remaining step to make
the nightly run green.
Closes PECOBLR-3308.
Co-authored-by: Isaac
Signed-off-by: Mani Kaustubh Mathur <mani.mathur@databricks.com>
…fires first The kernel E2E job had a 40-min job cap while `go test` alone was given -timeout 30m, leaving only ~10 min for checkout, toolchains, caches, and a potentially cold ~200-crate `make kernel-lib` Rust build. On a cache miss the build can exceed that, so GitHub SIGKILLs the whole job at 40 min before Go's timeout can emit its which-test-hung goroutine dump — losing the diagnostics. Split the budget explicitly: raise the job cap to 65 min and add a 25-min per-step timeout on `make kernel-lib`. Worst case is 25 (build) + 30 (go test) + setup < 65, so a wedged build is killed distinctly as a build failure and a hung test still hits Go's own -timeout first. Also moved the E2E step's descriptive comment down onto the Run step it documents. Co-authored-by: Isaac
125eec7 to
aa27368
Compare
ac112d4 to
0c68dfb
Compare
0c68dfb
into
mani/sea-kernel-consolidated
Context for reviewers
Adds a scheduled CI workflow that runs the credential-gated E2E suites against a real test SQL warehouse, for both the Thrift backend and the SEA-via-kernel backend (the alternative backend that talks to Databricks SQL through the Rust
databricks-sql-kernelstatic lib over a C ABI, behind thedatabricks_kernelbuild tag).Stack position:
Reviewer note on the small test-file diffs: the changes to
kernel_e2e_test.go/kernel_parity_test.goare credential-variable renames (see §Credentials), not behavior changes. The substance of the PR is the newnightly-e2e.yml.What
A scheduled (07:00 UTC daily) + manually dispatchable workflow that runs the credential-gated end-to-end suites against a real test SQL warehouse. The ordinary "Go" workflow injects no warehouse secrets, so every E2E test
t.Skip()s there and real-warehouse behaviour (large multi-page CloudFetch, S3 downloads, drain-past-deadline, real auth) is otherwise not exercised in CI.Closes PECOBLR-3308.
Two jobs, one test warehouse
thrift-e2e— pure-Go (CGO_ENABLED=0); runs the high-value CloudFetch drain-past-caller-deadline + exact-row-count scenarios (-count=1, not-short, so the-short-guarded exact-row-count test runs).kernel-e2e— reuses thego.ymlkernel-build machinery (JFrog + cargo proxy, pinned Rust, kernel App-token clone, kernel-lib/cargo caches), then runs thedatabricks_kernel-tagged E2E funcs plus the Thrift-vs-kernel parity funcs (TestKernelThriftParity/TestKernelParamsVsThrift), which need both the kernel lib and live credentials.Both jobs are gated on
vars.NIGHTLY_E2E_ENABLED != 'false', so the workflow can be disabled via a repo variable without editing the file.Credentials (one secret set)
Both suites now read the same
DATABRICKS_PECOTESTING_*credentials, so a single secret set drives the whole workflow. Rather than map env-var names in the workflow, the kernel E2E / parity test helpers were renamed from the ad-hocDATABRICKS_HOST/_HTTP_PATH/_TOKENvars to the PECOTESTING set (with the_TOKEN_PERSONALfallback the Thrift suite already uses). Each job has a fail-loud credential guard so a missing secret errors instead of silently skipping into a misleading green — a silent skip reporting green is exactly the gap this closes.Live validation before merge (done — both jobs green, tests actually ran)
The workflow's only triggers are
schedule+workflow_dispatch, both gated to the default branch, so a feature branch can't exercise it normally. A temporarypush:trigger was added to validate against the real warehouse, then removed once validation passed (no temp trigger ships).The first validation run failed at
make kernel-libbecause the pinnedKERNEL_REVwas orphaned when the kernel dependency PR force-pushed (the documented GC merge-gate actually firing). The whole stack was re-pinned to a fetchable kernel rev, and the re-run went green:The 0-SKIP counts confirm the credentials wired through and the tests genuinely executed — the whole point of the ticket.
M2M kept skipped (decision)
TestKernelE2EM2Mis excluded (-skip) — not a silent skip. It's the only test that needs a service-principalDATABRICKS_CLIENT_ID/_CLIENT_SECRET, and we don't add an SP credential to the public repo for one test when (a) the PAT already covers the real-warehouse path for both backends and (b) the M2M setter wiring is already unit-covered byTestSetAuthByMode. It runs locally for a developer who exports the two vars; the job comment documents how to enable it in CI.Remaining step (repo admin — cannot be done from a PR)
Provision these repository secrets to make the nightly run green (the kernel job's App-token secrets already exist):
DATABRICKS_PECOTESTING_SERVER_HOSTNAMEDATABRICKS_PECOTESTING_HTTP_PATH2DATABRICKS_PECOTESTING_TOKEN(or_TOKEN_PERSONAL)Until then the credential-guard step fails by design (never a silent skip). A failed scheduled run surfaces via GitHub's built-in notification (no external webhook).
Testing
SKIPcleanly with no creds (the safe local/PR default); the renames caused no regressions — defaultCGO_ENABLED=0and taggeddatabricks_kernelsuites both 24 pkg ok / 0 fail.go test -list/-skipconfirmed the kernel job selects all E2E + both parity funcs and excludes M2M.Stacking
Stacked on #401 (
mani/sea-kernel-log-unify).This pull request and its description were written by Isaac.