Merge branch 'master' into spalmurray/identity-linking-copy-change

.github/CODEOWNERS

@@ -139,6 +139,9 @@ yarn.lock @getsentry/owners-js-de
 /src/sentry/middleware/subdomain.py @getsentry/hybrid-cloud
 /src/sentry/middleware/integration/ @getsentry/hybrid-cloud
 /src/sentry/api/endpoints/rpc.py @getsentry/hybrid-cloud
+/src/sentry/models/outbox.py @getsentry/hybrid-cloud
+/src/sentry/tasks/deliver_from_outbox.py @getsentry/hybrid-cloud
+/src/sentry/tasks/deletion/hybrid_cloud.py @getsentry/hybrid-cloud
 ## End of Hybrid Cloud
 
 ## Workflow

.github/workflows/backend.yml

@@ -230,73 +230,6 @@ jobs:
  github-token: ${{ steps.token.outputs.token }}
  message: ':snowflake: re-freeze requirements'
 
- lint:
- if: needs.files-changed.outputs.backend == 'true'
- needs: files-changed
- name: backend lint
- runs-on: ubuntu-20.04
- timeout-minutes: 10
- steps:
- - uses: getsentry/action-github-app-token@97c9e23528286821f97fba885c1b1123284b29cc # v2.0.0
- id: token
- continue-on-error: true
- with:
- app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
- private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
-
- - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
-
- - uses: getsentry/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
- id: files
- with:
- # Enable listing of files matching each filter.
- # Paths to files will be available in `${FILTER_NAME}_files` output variable.
- # Paths will be escaped and space-delimited.
- # Output is usable as command line argument list in linux shell
- list-files: shell
-
- # It doesn't make sense to lint deleted files.
- # Therefore we specify we are only interested in added or modified files.
- filters: |
- all:
- - added|modified: '**/*.py'
- - added|modified: 'requirements-*.txt'
-
- - uses: getsentry/action-setup-venv@9e3bbae3836b1b6f129955bf55a19e1d99a61c67 # v1.0.5
- with:
- python-version: 3.8.16
- cache-dependency-path: |
- requirements-dev.txt
- requirements-dev-frozen.txt
- install-cmd: pip install -r requirements-dev.txt -c requirements-dev-frozen.txt
-
- - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
- with:
- path: ~/.cache/pre-commit
- key: cache-epoch-1|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
-
- - name: Setup pre-commit
- # We don't use make setup-git because we're only interested in installing
- # requirements-dev.txt as a fast path.
- # We don't need pre-commit install --install-hooks since we're just interested
- # in running the hooks.
- run: |
- pre-commit install-hooks
-
- - name: Run pre-commit on changed files
- run: |
- # Run pre-commit to lint and format check files that were changed (but not deleted) compared to master.
- # XXX: there is a very small chance that it'll expand to exceed Linux's limits
- # `getconf ARG_MAX` - max # bytes of args + environ for exec()
- pre-commit run --files ${{ steps.files.outputs.all_files }}
-
- - name: Apply any pre-commit fixed files
- if: steps.token.outcome == 'success' && github.ref != 'refs/heads/master' && always()
- uses: getsentry/action-github-commit@748c31dd78cffe76f51bef49a0be856b6effeda7 # v1.1.0
- with:
- github-token: ${{ steps.token.outputs.token }}
- message: ':hammer_and_wrench: apply pre-commit fixes'
-
  migration:
  if: needs.files-changed.outputs.migration_lockfile == 'true'
  needs: files-changed
@@ -397,7 +330,7 @@ jobs:
  needs: files-changed
  name: snuba test
  runs-on: ubuntu-20.04
- timeout-minutes: 30
+ timeout-minutes: 45
  strategy:
  # This helps not having to run multiple jobs because one fails, thus, reducing resource usage
  # and reducing the risk that one of many runs would turn red again (read: intermittent tests)
@@ -527,9 +460,9 @@ jobs:
  github-token: ${{ steps.token.outputs.token }}
  message: ':knife: regenerate mypy module blocklist'
 
- # This check runs once all dependant jobs have passed
+ # This check runs once all dependent jobs have passed
  # It symbolizes that all required Backend checks have succesfully passed (Or skipped)
- # This check is the only required Github check
+ # This step is the only required backend check
  backend-required-check:
  needs:
  [
@@ -538,7 +471,6 @@ jobs:
  backend-migration-tests,
  cli,
  files-changed,
- lint,
  requirements,
  migration,
  plugins,

.github/workflows/pre-commit.yml

@@ -0,0 +1,87 @@
+name: pre-commit
+
+on:
+ push:
+ branches:
+ - master
+ pull_request:
+
+# Cancel in progress workflows on pull_requests.
+# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
+concurrency:
+ group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+defaults:
+ run:
+ # the default default is:
+ # bash --noprofile --norc -eo pipefail {0}
+ shell: bash --noprofile --norc -eo pipefail -ux {0}
+
+# hack for https://github.com/actions/cache/issues/810#issuecomment-1222550359
+env:
+ SEGMENT_DOWNLOAD_TIMEOUT_MINS: 3
+ # workaround: secrets cannot be directly referenced in `if`
+ # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
+ SECRET_ACCESS: ${{toJSON(secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY != null)}}
+
+jobs:
+ lint:
+ name: pre-commit lint
+ runs-on: ubuntu-20.04
+ timeout-minutes: 10
+ steps:
+ - # get a non-default github token so that any changes are verified by CI
+ if: env.SECRET_ACCESS == 'true'
+ uses: getsentry/action-github-app-token@97c9e23528286821f97fba885c1b1123284b29cc # v2.0.0
+ id: token
+ with:
+ app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
+ private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
+ - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+ - name: Get changed files
+ id: changes
+ uses: getsentry/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
+ with:
+ # Enable listing of files matching each filter.
+ # Paths to files will be available in `${FILTER_NAME}_files` output variable.
+ list-files: json
+
+ # It doesn't make sense to lint deleted files.
+ # Therefore we specify we are only interested in added or modified files.
+ filters: |
+ all:
+ - added|modified: '**/*'
+
+ - uses: getsentry/action-setup-venv@9e3bbae3836b1b6f129955bf55a19e1d99a61c67 # v1.0.5
+ with:
+ python-version: 3.8.16
+ cache-dependency-path: |
+ requirements-dev.txt
+ requirements-dev-frozen.txt
+ install-cmd: pip install -r requirements-dev.txt -c requirements-dev-frozen.txt
+ - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
+ with:
+ path: ~/.cache/pre-commit
+ key: cache-epoch-1|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
+ - name: Setup pre-commit
+ # We don't use make setup-git because we're only interested in installing
+ # requirements-dev.txt as a fast path.
+ # We don't need pre-commit install --install-hooks since we're just interested
+ # in running the hooks.
+ run: |
+ pre-commit install-hooks
+
+ - name: Run pre-commit on PR commits
+ run: |
+ jq '.[]' --raw-output <<< '${{steps.changes.outputs.all_files}}' |
+ # Run pre-commit to lint and format check files that were changed (but not deleted) compared to master.
+ xargs pre-commit run --files
+
+ - name: Apply any pre-commit fixed files
+ # note: this runs "always" or else it's skipped when pre-commit fails
+ if: env.SECRET_ACCESS == 'true' && startsWith(github.ref, 'refs/pull') && always()
+ uses: getsentry/action-github-commit@748c31dd78cffe76f51bef49a0be856b6effeda7 # v1.1.0
+ with:
+ github-token: ${{ steps.token.outputs.token }}
+ message: ':hammer_and_wrench: apply pre-commit fixes'