test: enforce strict replay sandboxing in e2e fixtures #188

Workflow file for this run

	name: E2E Tests

	on:
	push:
	branches: [main]
	paths:
	- "drift/**"
	- ".github/workflows/e2e.yml"
	pull_request:
	branches: [main]
	paths:
	- "drift/**"
	- ".github/workflows/e2e.yml"
	workflow_dispatch: {}

	jobs:
	discover:
	name: Discover Tests
	runs-on: ubuntu-latest
	outputs:
	e2e_matrix: ${{ steps.set-matrix.outputs.e2e_matrix }}
	stack_matrix: ${{ steps.set-matrix.outputs.stack_matrix }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Find all test directories
	id: set-matrix
	run: \|
	# Find all e2e-tests directories (single instrumentation)
	E2E_TESTS=$(find drift/instrumentation -type d -name "e2e-tests" \
	\| sed 's\|drift/instrumentation/\|\|' \| sed 's\|/e2e-tests\|\|' \| sort \
	\| jq -R -s -c 'split("\n") \| map(select(length > 0))')

	# Find all stack-tests directories (multi-instrumentation)
	STACK_TESTS=$(find drift/stack-tests -mindepth 1 -maxdepth 1 -type d 2>/dev/null \
	\| xargs -I {} basename {} \| sort \
	\| jq -R -s -c 'split("\n") \| map(select(length > 0))') \|\| echo "[]"

	echo "Found e2e-tests: $E2E_TESTS"
	echo "Found stack-tests: $STACK_TESTS"
	echo "e2e_matrix=$E2E_TESTS" >> $GITHUB_OUTPUT
	echo "stack_matrix=$STACK_TESTS" >> $GITHUB_OUTPUT

	e2e:
	name: E2E - ${{ matrix.library }}
	needs: discover
	runs-on: ubuntu-latest
	timeout-minutes: 30
	strategy:
	fail-fast: false
	max-parallel: 6
	matrix:
	library: ${{ fromJSON(needs.discover.outputs.e2e_matrix) }}
	steps:
	- name: Checkout
	uses: actions/checkout@v6

	- name: Install uv
	uses: astral-sh/setup-uv@v4
	with:
	version: "latest"

	- name: Setup Python
	run: uv python install 3.9

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: docker

	- name: Install SDK dependencies
	run: uv sync --all-extras

	- name: Build SDK
	run: uv build

	- name: Verify SDK build
	run: \|
	ls -la dist/ \|\| (echo "dist folder not found!" && exit 1)
	test -f dist/*.whl \|\| (echo "SDK build incomplete!" && exit 1)

	- name: Get latest Tusk CLI version
	id: tusk-version
	run: \|
	VERSION=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
	"https://api.github.com/repos/Use-Tusk/tusk-drift-cli/releases/latest" \
	\| grep '"tag_name":' \| sed -E 's/."([^"]+)"./\1/')
	echo "version=$VERSION" >> $GITHUB_OUTPUT
	echo "Latest Tusk CLI version: $VERSION"

	- name: Build base image
	env:
	DOCKER_DEFAULT_PLATFORM: linux/amd64
	run: \|
	docker build \
	--build-arg TUSK_CLI_VERSION=${{ steps.tusk-version.outputs.version }} \
	-t python-e2e-base:latest \
	-f drift/instrumentation/e2e_common/Dockerfile.base \
	.

	- name: Run E2E tests for ${{ matrix.library }}
	env:
	DOCKER_DEFAULT_PLATFORM: linux/amd64
	TUSK_CLI_VERSION: ${{ steps.tusk-version.outputs.version }}
	TUSK_USE_RUST_CORE: "1"
	run: \|
	chmod +x ./drift/instrumentation/${{ matrix.library }}/e2e-tests/run.sh
	cd ./drift/instrumentation/${{ matrix.library }}/e2e-tests && ./run.sh 8000

	- name: Print replay logs for ${{ matrix.library }}
	if: always()
	run: \|
	log_dir=./drift/instrumentation/${{ matrix.library }}/e2e-tests/.tusk/logs
	if ! sudo test -d "$log_dir"; then
	echo "No replay log directory found"
	exit 0
	fi

	sudo chmod -R a+rX "$log_dir" \|\| true
	sudo chown -R "$(id -u):$(id -g)" "$log_dir" \|\| true

	shopt -s nullglob
	logs=("$log_dir"/*)
	if [ ${#logs[@]} -eq 0 ]; then
	echo "No replay logs found"
	exit 0
	fi

	for f in "${logs[@]}"; do
	echo "=== $f ==="
	cat "$f"
	done

	- name: Upload replay logs for ${{ matrix.library }}
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: e2e-${{ matrix.library }}-replay-logs
	path: ./drift/instrumentation/${{ matrix.library }}/e2e-tests/.tusk/logs
	if-no-files-found: ignore
	include-hidden-files: true

	- name: Cleanup Docker resources
	if: always()
	run: \|
	# Stop all running containers
	docker ps -aq \| xargs -r docker stop \|\| true
	docker ps -aq \| xargs -r docker rm \|\| true
	# Clean up volumes
	docker volume prune -f \|\| true
	# Clean up networks
	docker network prune -f \|\| true

	stack:
	name: Stack - ${{ matrix.test }}
	needs: discover
	if: ${{ needs.discover.outputs.stack_matrix != '[]' && needs.discover.outputs.stack_matrix != '' }}
	runs-on: ubuntu-latest
	timeout-minutes: 30
	strategy:
	fail-fast: false
	max-parallel: 3
	matrix:
	test: ${{ fromJSON(needs.discover.outputs.stack_matrix) }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install uv
	uses: astral-sh/setup-uv@v4
	with:
	version: "latest"

	- name: Setup Python
	run: uv python install 3.9

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: docker

	- name: Install SDK dependencies
	run: uv sync --all-extras

	- name: Build SDK
	run: uv build

	- name: Verify SDK build
	run: \|
	ls -la dist/ \|\| (echo "dist folder not found!" && exit 1)
	test -f dist/*.whl \|\| (echo "SDK build incomplete!" && exit 1)

	- name: Get latest Tusk CLI version
	id: tusk-version
	run: \|
	VERSION=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
	"https://api.github.com/repos/Use-Tusk/tusk-drift-cli/releases/latest" \
	\| grep '"tag_name":' \| sed -E 's/."([^"]+)"./\1/')
	echo "version=$VERSION" >> $GITHUB_OUTPUT
	echo "Latest Tusk CLI version: $VERSION"

	- name: Build base image
	env:
	DOCKER_DEFAULT_PLATFORM: linux/amd64
	run: \|
	docker build \
	--build-arg TUSK_CLI_VERSION=${{ steps.tusk-version.outputs.version }} \
	-t python-e2e-base:latest \
	-f drift/instrumentation/e2e_common/Dockerfile.base \
	.

	- name: Run stack tests for ${{ matrix.test }}
	env:
	DOCKER_DEFAULT_PLATFORM: linux/amd64
	TUSK_CLI_VERSION: ${{ steps.tusk-version.outputs.version }}
	TUSK_USE_RUST_CORE: "1"
	run: \|
	chmod +x ./drift/stack-tests/${{ matrix.test }}/run.sh
	cd ./drift/stack-tests/${{ matrix.test }} && ./run.sh 8000

	- name: Print replay logs for ${{ matrix.test }}
	if: always()
	run: \|
	log_dir=./drift/stack-tests/${{ matrix.test }}/.tusk/logs
	if ! sudo test -d "$log_dir"; then
	echo "No replay log directory found"
	exit 0
	fi

	sudo chmod -R a+rX "$log_dir" \|\| true
	sudo chown -R "$(id -u):$(id -g)" "$log_dir" \|\| true

	shopt -s nullglob
	logs=("$log_dir"/*)
	if [ ${#logs[@]} -eq 0 ]; then
	echo "No replay logs found"
	exit 0
	fi

	for f in "${logs[@]}"; do
	echo "=== $f ==="
	cat "$f"
	done

	- name: Upload replay logs for ${{ matrix.test }}
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: stack-${{ matrix.test }}-replay-logs
	path: ./drift/stack-tests/${{ matrix.test }}/.tusk/logs
	if-no-files-found: ignore
	include-hidden-files: true

	- name: Cleanup Docker resources
	if: always()
	run: \|
	# Stop all running containers
	docker ps -aq \| xargs -r docker stop \|\| true
	docker ps -aq \| xargs -r docker rm \|\| true
	# Clean up volumes
	docker volume prune -f \|\| true
	# Clean up networks
	docker network prune -f \|\| true

	non-rust-smoke:
	name: E2E Non-Rust Smoke - requests
	runs-on: ubuntu-latest
	timeout-minutes: 30
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install uv
	uses: astral-sh/setup-uv@v4
	with:
	version: "latest"

	- name: Setup Python
	run: uv python install 3.9

	- name: Setup Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: docker

	- name: Install SDK dependencies
	run: uv sync --all-extras

	- name: Build SDK
	run: uv build

	- name: Verify SDK build
	run: \|
	ls -la dist/ \|\| (echo "dist folder not found!" && exit 1)
	test -f dist/*.whl \|\| (echo "SDK build incomplete!" && exit 1)

	- name: Get latest Tusk CLI version
	id: tusk-version
	run: \|
	VERSION=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
	"https://api.github.com/repos/Use-Tusk/tusk-drift-cli/releases/latest" \
	\| grep '"tag_name":' \| sed -E 's/."([^"]+)"./\1/')
	echo "version=$VERSION" >> $GITHUB_OUTPUT
	echo "Latest Tusk CLI version: $VERSION"

	- name: Build base image
	env:
	DOCKER_DEFAULT_PLATFORM: linux/amd64
	run: \|
	docker build \
	--build-arg TUSK_CLI_VERSION=${{ steps.tusk-version.outputs.version }} \
	-t python-e2e-base:latest \
	-f drift/instrumentation/e2e_common/Dockerfile.base \
	.

	- name: Run non-rust smoke test
	env:
	DOCKER_DEFAULT_PLATFORM: linux/amd64
	TUSK_CLI_VERSION: ${{ steps.tusk-version.outputs.version }}
	TUSK_USE_RUST_CORE: "0"
	run: \|
	chmod +x ./drift/instrumentation/requests/e2e-tests/run.sh
	cd ./drift/instrumentation/requests/e2e-tests && ./run.sh 8000

	- name: Print replay logs for requests smoke test
	if: always()
	run: \|
	log_dir=./drift/instrumentation/requests/e2e-tests/.tusk/logs
	if ! sudo test -d "$log_dir"; then
	echo "No replay log directory found"
	exit 0
	fi

	sudo chmod -R a+rX "$log_dir" \|\| true
	sudo chown -R "$(id -u):$(id -g)" "$log_dir" \|\| true

	shopt -s nullglob
	logs=("$log_dir"/*)
	if [ ${#logs[@]} -eq 0 ]; then
	echo "No replay logs found"
	exit 0
	fi

	for f in "${logs[@]}"; do
	echo "=== $f ==="
	cat "$f"
	done

	- name: Upload replay logs for requests smoke test
	if: always()
	uses: actions/upload-artifact@v4
	with:
	name: requests-smoke-replay-logs
	path: ./drift/instrumentation/requests/e2e-tests/.tusk/logs
	if-no-files-found: ignore
	include-hidden-files: true

	- name: Cleanup Docker resources
	if: always()
	run: \|
	# Stop all running containers
	docker ps -aq \| xargs -r docker stop \|\| true
	docker ps -aq \| xargs -r docker rm \|\| true
	# Clean up volumes
	docker volume prune -f \|\| true
	# Clean up networks
	docker network prune -f \|\| true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test: enforce strict replay sandboxing in e2e fixtures #188

Workflow file

test: enforce strict replay sandboxing in e2e fixtures #188

Uh oh!

Workflow file for this run