Skip to content

feat(ci): add staging cloud smoke test#1310

Merged
kentwelcome merged 3 commits intomainfrom
feature/drc-3244-cloud-staging-smoke-test
Apr 14, 2026
Merged

feat(ci): add staging cloud smoke test#1310
kentwelcome merged 3 commits intomainfrom
feature/drc-3244-cloud-staging-smoke-test

Conversation

@kentwelcome
Copy link
Copy Markdown
Member

@kentwelcome kentwelcome commented Apr 14, 2026

Summary

  • Add daily scheduled staging cloud smoke test that runs after the nightly build (3 AM UTC+8)
  • Add workflow_dispatch trigger with environment selector (production/staging) for manual runs
  • Use resolve-environment job to cleanly route between production and staging tests

Required GitHub Settings

  • Secret: RECCE_CLOUD_TOKEN_STAGING — auth token for staging cloud
  • Variable: RECCE_CLOUD_API_HOST_STAGING — staging cloud API URL

Test plan

  • Verify push/PR triggers only run production smoke test (unchanged behavior)
  • Verify scheduled trigger only runs staging smoke test
  • Verify manual dispatch with "production" runs production test
  • Verify manual dispatch with "staging" runs staging test
  • Configure RECCE_CLOUD_TOKEN_STAGING secret and RECCE_CLOUD_API_HOST_STAGING variable in repo settings

Resolves: DRC-3244

🤖 Generated with Claude Code

@kentwelcome @claude
feat(ci): add staging cloud smoke test to integration test workflow
3bc4daa 
Add daily scheduled staging cloud smoke test that runs after the nightly
build. Uses resolve-environment job to cleanly route between production
and staging based on trigger type (push/PR → production, schedule →
staging, manual dispatch → user choice).

Resolves: DRC-3244

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Kent Huang <kent@infuseai.io>
Copilot AI review requested due to automatic review settings April 14, 2026 07:45
@kentwelcome @claude
feat(ci): notify Slack on staging smoke test failure
9d90086 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Kent Huang <kent@infuseai.io>
@kentwelcome kentwelcome self-assigned this Apr 14, 2026
@kentwelcome kentwelcome requested a review from even-wei April 14, 2026 07:48
Copilot AI reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a scheduled and manually selectable staging cloud smoke test while preserving existing production behavior for push/PR events by routing runs through a single environment-resolution job.

Changes:

  • Added a weekday (UTC+8) scheduled trigger intended to run against the staging cloud after the nightly build.
  • Added workflow_dispatch with an environment input (production/staging) and a resolve-environment job to route execution.
  • Introduced a dedicated staging smoke test job using staging-specific secret/variable wiring.

Comment thread .github/workflows/integration-tests-cloud.yaml Outdated
Comment on lines 29 to 32
# Explicitly limit permissions for pull_request_target
permissions:
contents: read
pull-requests: read
Copy link

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment says this workflow limits permissions for pull_request_target, but the workflow is triggered by pull_request (and push/schedule/workflow_dispatch). Please update the comment to match the actual trigger so readers don’t assume pull_request_target semantics/risks.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@kentwelcome kentwelcome Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed — updated the comment to remove the stale pull_request_target reference.

Comment thread .github/workflows/integration-tests-cloud.yaml Outdated
Comment thread .github/workflows/integration-tests-cloud.yaml
Comment on lines +124 to +167
# Staging cloud smoke test - runs daily after nightly build
smoke-test-cloud-staging:
needs: resolve-environment
if: needs.resolve-environment.outputs.environment == 'staging'
concurrency:
group: smoke-test-cloud-staging
cancel-in-progress: false
runs-on: ubuntu-latest
strategy:
max-parallel: 1
matrix:
include:
- python-version: "3.11"
dbt-version: "1.8"
- python-version: "3.13"
dbt-version: "latest"
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false

- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"

- name: Install Recce and dbt
run: |
uv venv
uv sync --no-dev --python ${{ matrix.python-version }}
if [ "${{ matrix.dbt-version }}" == "latest" ]; then
uv pip install dbt-core dbt-duckdb
else
uv pip install dbt-core~=${{ matrix.dbt-version }}.0 dbt-duckdb~=${{ matrix.dbt-version }}.0
fi

- name: Run smoke test - dbt (staging)
run: |
source .venv/bin/activate
./integration_tests/dbt/smoke_test_cloud.sh
env:
GITHUB_TOKEN: ${{ secrets.RECCE_CLOUD_TOKEN_STAGING }}
RECCE_STATE_PASSWORD: ${{ vars.RECCE_STATE_PASSWORD }}
RECCE_CLOUD_API_HOST: ${{ vars.RECCE_CLOUD_API_HOST_STAGING }}
Copy link

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

smoke-test-cloud and smoke-test-cloud-staging are nearly identical (same matrix and steps) and may drift over time. Consider factoring into a single job with an environment matrix/conditional env vars, or extracting a reusable workflow/composite action to keep production/staging behavior in sync.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member Author

@kentwelcome kentwelcome Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Acknowledged. The two jobs only differ in env vars (secrets/API host), so the duplication is minimal. Merging them into one job with conditional env vars would add complexity to the conditions we just simplified. Keeping them separate for now — we can extract a reusable workflow if we add more environments later.

@kentwelcome @claude
fix(ci): address PR review — fix stale comment and GITHUB_OUTPUT style
ca984a6 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Kent Huang <kent@infuseai.io>
@even-wei
Copy link
Copy Markdown
Contributor

even-wei commented Apr 14, 2026

Code Review: PR #1310

Files reviewed: 1
Categories: Config/infra (CI workflow)
Passes run: A, B, D, F

Validation Results

Pass A: Correctness & Logic — PASS

  • Cron schedule 0 19 * * 0,1,2,3,4 correctly maps to Mon–Fri 03:00 UTC+8 (Sun–Thu 19:00 UTC). ✓
  • Environment routing logic is sound: schedule → staging, workflow_dispatch → user input, push/pull_request → production. ✓
  • Job dependency chain is correct:
    • Staging path: resolve-environmentsmoke-test-cloud-staging (authorize skipped, production smoke-test auto-skipped via GitHub's needs-skip propagation)
    • Production path: resolve-environmentauthorizesmoke-test-cloud (staging smoke-test skipped via if condition)
  • Pre-existing behavior preserved: push-to-main and PR triggers still route through authorize → smoke-test-cloud exactly as before, with only the added resolve-environment step in the chain. ✓

Pass B: Security — PASS

  • Secrets (RECCE_CLOUD_TOKEN_STAGING, SLACK_WEBHOOK_URL_DEV) are properly referenced via ${{ secrets.* }} and passed as env vars to shell scripts (not interpolated inline). ✓
  • workflow_dispatch can only be triggered by users with repo write access — no authorization bypass risk from the staging path skipping the authorize job. ✓
  • inputs.environment is a choice type with fixed options — no injection surface. ✓
  • github.event_name is GitHub-controlled and limited to a fixed set of values. ✓

Pass D: Error Handling & Edge Cases — PASS

One note below regarding Slack notification resilience.

Pass F: Diff-Specific Checks — PASS

  • authorize and smoke-test-cloud both gain the environment == 'production' gate — consistent and correct. ✓
  • smoke-test-cloud-staging correctly mirrors the production job's matrix and install steps while using staging-specific secrets/vars. ✓
  • Staging job correctly adds RECCE_CLOUD_API_HOST env var (not needed for production since it defaults to the production host). ✓

Verification Results

YAML syntax valid. No linting issues in the workflow diff.

Verdict: GO

No blockers or issues found. Clean, well-structured addition.

Notes

  1. SLACK_WEBHOOK_URL_DEV not listed in PR's "Required GitHub Settings" — the PR body lists RECCE_CLOUD_TOKEN_STAGING and RECCE_CLOUD_API_HOST_STAGING but doesn't mention SLACK_WEBHOOK_URL_DEV. If this secret isn't configured, the notify-staging-failure job's curl will fail. The existing Slack pattern in address-dependabot.yaml guards with if [ -n "$SLACK_WEBHOOK_URL" ] before posting — consider adding the same guard here for resilience. (.github/workflows/integration-tests-cloud.yaml:162)

🤖 Reviewed by Claude Code

even-wei
even-wei approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@even-wei even-wei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review: No critical issues found. Clean CI workflow addition with correct environment routing logic.

@kentwelcome kentwelcome merged commit 1b9dc6b into main Apr 14, 2026
14 checks passed
@kentwelcome kentwelcome deleted the feature/drc-3244-cloud-staging-smoke-test branch April 14, 2026 07:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@even-wei even-wei even-wei approved these changes

Assignees

@kentwelcome kentwelcome

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kentwelcome @even-wei