.github/workflows/pr_integration_tests.yml

name: pr-integration-tests

on:
  pull_request_target:
    types:
      - opened
      - synchronize
      - labeled

# concurrency is currently broken, see details https://github.com/actions/runner/issues/1532
#concurrency:
#  group: pr-integration-tests-${{ github.event.pull_request.number }}
#  cancel-in-progress: true

jobs:
  build-docker-image:
    # when using pull_request_target, all jobs MUST have this if check for 'ok-to-test' or 'approved' for security purposes.
    if:
      ((github.event.action == 'labeled' && (github.event.label.name == 'approved' || github.event.label.name == 'lgtm' || github.event.label.name == 'ok-to-test')) ||
      (github.event.action != 'labeled' && (contains(github.event.pull_request.labels.*.name, 'ok-to-test') || contains(github.event.pull_request.labels.*.name, 'approved') || contains(github.event.pull_request.labels.*.name, 'lgtm')))) &&
      github.repository == 'feast-dev/feast'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          # pull_request_target runs the workflow in the context of the base repo
          # as such actions/checkout needs to be explicit configured to retrieve
          # code from the PR.
          ref: refs/pull/${{ github.event.pull_request.number }}/merge
          submodules: recursive
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
        with:
          install: true
      - name: Set up AWS SDK
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-2
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Set ECR image tag
        id: image-tag
        run: echo "::set-output name=DOCKER_IMAGE_TAG::`git rev-parse HEAD`"
      - name: Cache Public ECR Image
        id: lambda_python_3_11
        uses: actions/cache@v2
        with:
          path: ~/cache
          key: lambda_python_3_11
      - name: Handle Cache Miss (pull public ECR image & save it to tar file)
        if: steps.cache-primes.outputs.cache-hit != 'true'
        run: |
          mkdir -p ~/cache
          docker pull public.ecr.aws/lambda/python:3.11
          docker save public.ecr.aws/lambda/python:3.11 -o ~/cache/lambda_python_3_11.tar
      - name: Handle Cache Hit (load docker image from tar file)
        if: steps.cache-primes.outputs.cache-hit == 'true'
        run: |
          docker load -i ~/cache/lambda_python_3_11.tar
      - name: Build and push
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: feast-python-server
        run: |
          docker build \
            --file sdk/python/feast/infra/feature_servers/aws_lambda/Dockerfile \
            --tag $ECR_REGISTRY/$ECR_REPOSITORY:${{ steps.image-tag.outputs.DOCKER_IMAGE_TAG }} \
            --load \
            .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:${{ steps.image-tag.outputs.DOCKER_IMAGE_TAG }}
    outputs:
      DOCKER_IMAGE_TAG: ${{ steps.image-tag.outputs.DOCKER_IMAGE_TAG }}
  integration-test-python:
    # when using pull_request_target, all jobs MUST have this if check for 'ok-to-test' or 'approved' for security purposes.
    if:
      ((github.event.action == 'labeled' && (github.event.label.name == 'approved' || github.event.label.name == 'lgtm' || github.event.label.name == 'ok-to-test')) ||
      (github.event.action != 'labeled' && (contains(github.event.pull_request.labels.*.name, 'ok-to-test') || contains(github.event.pull_request.labels.*.name, 'approved') || contains(github.event.pull_request.labels.*.name, 'lgtm')))) &&
      github.repository == 'feast-dev/feast'
    needs: build-docker-image
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        python-version: [ "3.11" ]
        os: [ ubuntu-latest ]
    env:
      OS: ${{ matrix.os }}
      PYTHON: ${{ matrix.python-version }}
    services:
      redis:
        image: redis
        ports:
          - 6379:6379
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - uses: actions/checkout@v4
        with:
          # pull_request_target runs the workflow in the context of the base repo
          # as such actions/checkout needs to be explicit configured to retrieve
          # code from the PR.
          ref: refs/pull/${{ github.event.pull_request.number }}/merge
          submodules: recursive
      - name: Setup Python
        uses: actions/setup-python@v5
        id: setup-python
        with:
          python-version: ${{ matrix.python-version }}
          architecture: x64
      - name: Authenticate to Google Cloud
        uses: 'google-github-actions/auth@v1'
        with:
          credentials_json: '${{ secrets.GCP_SA_KEY }}'
      - name: Set up gcloud SDK
        uses: google-github-actions/setup-gcloud@v1
        with:
          project_id: ${{ secrets.GCP_PROJECT_ID }}
      - name: Use gcloud CLI
        run: gcloud info
      - name: Set up AWS SDK
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-2
      - name: Use AWS CLI
        run: aws sts get-caller-identity
      - name: Install uv
        run: curl -LsSf https://astral.sh/uv/install.sh | sh
      - name: Get uv cache dir
        id: uv-cache
        run: |
          echo "::set-output name=dir::$(uv cache dir)"
      - name: uv cache
        uses: actions/cache@v4
        with:
          path: ${{ steps.uv-cache.outputs.dir }}
          key: ${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-uv-${{ hashFiles(format('**/py{0}-ci-requirements.txt', env.PYTHON)) }}
      - name: Install dependencies
        run: make install-python-ci-dependencies-uv
      - name: Setup Redis Cluster
        run: |
          docker pull vishnunair/docker-redis-cluster:latest
          docker run -d -p 6001:6379 -p 6002:6380 -p 6003:6381 -p 6004:6382 -p 6005:6383 -p 6006:6384 --name redis-cluster vishnunair/docker-redis-cluster
      - name: Test python
        if: ${{ always() }}  # this will guarantee that step won't be canceled and resources won't leak
        env:
          FEAST_SERVER_DOCKER_IMAGE_TAG: ${{ needs.build-docker-image.outputs.DOCKER_IMAGE_TAG }}
          SNOWFLAKE_CI_DEPLOYMENT: ${{ secrets.SNOWFLAKE_CI_DEPLOYMENT }}
          SNOWFLAKE_CI_USER: ${{ secrets.SNOWFLAKE_CI_USER }}
          SNOWFLAKE_CI_PASSWORD: ${{ secrets.SNOWFLAKE_CI_PASSWORD }}
          SNOWFLAKE_CI_ROLE: ${{ secrets.SNOWFLAKE_CI_ROLE }}
          SNOWFLAKE_CI_WAREHOUSE: ${{ secrets.SNOWFLAKE_CI_WAREHOUSE }}
        run: make test-python-integration