chore: script that discovers minimum tested versions #9418
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
emmettbutler
added
the
changelog/no-changelog
There was a problem hiding this comment.
do we need to do this without riot?
are we able to use riot to generate an artifact during build time? e.g. the Build deploy job could generate sdist, wheels, and some other artifacts like supported library versions
then that can be packaged with the other artifacts into the OCI artifact.
(we could even generate the result as Python and have it just embedded into the sitecustomize.py file if we don't want to read something from disk)
Datadog ReportBranch report: ✅ 0 Failed, 140838 Passed, 36443 Skipped, 7h 50m 47.26s Total duration (2h 36m 3.2s time saved) New Flaky Tests (1)
|
|
@brettlangdon I realized a reason using I think this change is stable now. |
it just means the script needs to be executed from the root directory no? we could also just add the root directory to the python path either via shell script or directly in python. 🤷🏻 not trying to argue for one specific way vs the other |
|
@brettlangdon yup, you're right. Updated. |
22 tasks
|
@brettlangdon I've adjusted the script to avoid stripping out the specifier information (<, >=, etc) from the version string that it writes to the csv file. Because the determination of "minimum" is done based on naive gt/lt comparison there are probably some edge cases where the wrong thing gets written to the file, but I think that in the majority of cases this approach will be solid enough for use in the single-step guardrail logic. |
@emmettbutler what are you thinking, just parsing the specifiers in SSI and then comparing actual versions against them? if yes, we need to keep in mind that |
|
@brettlangdon pretty much, yes. It seems to me that including the range markers in the minimum versions file is the best we can do without going to PyPI during that file's creation. I'm trying to avoid having the script go to PyPI because I suspect the large overhead it would add is unnecessary to achieve the guardrails goal. I think we can compare version specifiers to the degree necessary without the |
|
@erikayasuda @ZStriker19 @brettlangdon let me know if you'd like any changes to this approach |
BenchmarksBenchmark execution time: 2024-06-07 14:16:41 Comparing candidate commit ade7bec in PR branch Found 0 performance improvements and 0 performance regressions! Performance is the same for 221 metrics, 9 unstable metrics. |
brettlangdon
reviewed
Jun 6, 2024
brettlangdon
reviewed
Jun 7, 2024
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
brettlangdon
reviewed
Jun 7, 2024
ignore riot environments that do not run pytest. this seems like a reasonable proxy for ignoring packages that are required only for tests
emmettbutler
added a commit
that referenced
this pull request
Jun 11, 2024
This pull request adds "guardrails" to the "library injection" process. These are early exit conditions from the instrumentation process intended to avoid sending any traces when undefined behavior is likely. The code makes this determination on the basis of software versions present in the application environment, both of Python packages and the Python runtime itself. The biggest risk here is that instrumentation is disabled when it's not intended to be. I think existing tests in `tests/lib-injection` cover this pretty well. There's a new test added that verifies instrumentation was cancelled when an unsupported package version is present. Contains changes from #9418 Related RFC: "[RFC] One Step Guardrails" ## Checklist - [x] minimum package version checks - [x] Testing - [x] replace envvars with inject_force - [x] figure out what to use instead of pkg_resources - [x] replace local file path with `DD_TELEMETRY_FORWARDER_PATH` - [x] Change(s) are motivated and described in the PR description - [x] Testing strategy is described if automated tests are not included in the PR - [x] Risks are described (performance impact, potential for breakage, maintainability) - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] [Library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) are followed or label `changelog/no-changelog` is set - [x] Documentation is included (in-code, generated user docs, [public corp docs](https://github.com/DataDog/documentation/)) - [x] Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) - [x] If this PR changes the public interface, I've notified `@DataDog/apm-tees`. ## Reviewer Checklist - [x] Title is accurate - [x] All changes are related to the pull request's stated goal - [x] Description motivates each change - [x] Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - [x] Testing strategy adequately addresses listed risks - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] Release note makes sense to a user of the library - [x] Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - [x] Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) --------- Co-authored-by: Emmett Butler <723615+emmettbutler@users.noreply.github.com> Co-authored-by: Emmett Butler <emmett.butler321@gmail.com>
github-actions bot
pushed a commit
that referenced
this pull request
Jun 11, 2024
This pull request adds "guardrails" to the "library injection" process. These are early exit conditions from the instrumentation process intended to avoid sending any traces when undefined behavior is likely. The code makes this determination on the basis of software versions present in the application environment, both of Python packages and the Python runtime itself. The biggest risk here is that instrumentation is disabled when it's not intended to be. I think existing tests in `tests/lib-injection` cover this pretty well. There's a new test added that verifies instrumentation was cancelled when an unsupported package version is present. Contains changes from #9418 Related RFC: "[RFC] One Step Guardrails" ## Checklist - [x] minimum package version checks - [x] Testing - [x] replace envvars with inject_force - [x] figure out what to use instead of pkg_resources - [x] replace local file path with `DD_TELEMETRY_FORWARDER_PATH` - [x] Change(s) are motivated and described in the PR description - [x] Testing strategy is described if automated tests are not included in the PR - [x] Risks are described (performance impact, potential for breakage, maintainability) - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] [Library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) are followed or label `changelog/no-changelog` is set - [x] Documentation is included (in-code, generated user docs, [public corp docs](https://github.com/DataDog/documentation/)) - [x] Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) - [x] If this PR changes the public interface, I've notified `@DataDog/apm-tees`. ## Reviewer Checklist - [x] Title is accurate - [x] All changes are related to the pull request's stated goal - [x] Description motivates each change - [x] Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - [x] Testing strategy adequately addresses listed risks - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] Release note makes sense to a user of the library - [x] Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - [x] Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) --------- Co-authored-by: Emmett Butler <723615+emmettbutler@users.noreply.github.com> Co-authored-by: Emmett Butler <emmett.butler321@gmail.com> (cherry picked from commit 0c38e09)
22 tasks
auto-merge was automatically disabled
June 11, 2024 14:13
Pull request was closed
emmettbutler
pushed a commit
that referenced
this pull request
Jun 11, 2024
…10] (#9512) Backport 0c38e09 from #9323 to 2.10. This pull request adds "guardrails" to the "library injection" process. These are early exit conditions from the instrumentation process intended to avoid sending any traces when undefined behavior is likely. The code makes this determination on the basis of software versions present in the application environment, both of Python packages and the Python runtime itself. The biggest risk here is that instrumentation is disabled when it's not intended to be. I think existing tests in `tests/lib-injection` cover this pretty well. There's a new test added that verifies instrumentation was cancelled when an unsupported package version is present. Contains changes from #9418 Related RFC: "[RFC] One Step Guardrails" ## Checklist - [x] minimum package version checks - [x] Testing - [x] replace envvars with inject_force - [x] figure out what to use instead of pkg_resources - [x] replace local file path with `DD_TELEMETRY_FORWARDER_PATH` - [x] Change(s) are motivated and described in the PR description - [x] Testing strategy is described if automated tests are not included in the PR - [x] Risks are described (performance impact, potential for breakage, maintainability) - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] [Library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) are followed or label `changelog/no-changelog` is set - [x] Documentation is included (in-code, generated user docs, [public corp docs](https://github.com/DataDog/documentation/)) - [x] Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) - [x] If this PR changes the public interface, I've notified `@DataDog/apm-tees`. ## Reviewer Checklist - [x] Title is accurate - [x] All changes are related to the pull request's stated goal - [x] Description motivates each change - [x] Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - [x] Testing strategy adequately addresses listed risks - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] Release note makes sense to a user of the library - [x] Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - [x] Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) Co-authored-by: Zachary Groves <32471391+ZStriker19@users.noreply.github.com>
emmettbutler
pushed a commit
that referenced
this pull request
Sep 9, 2024
This pull request adds "guardrails" to the "library injection" process. These are early exit conditions from the instrumentation process intended to avoid sending any traces when undefined behavior is likely. The code makes this determination on the basis of software versions present in the application environment, both of Python packages and the Python runtime itself. The biggest risk here is that instrumentation is disabled when it's not intended to be. I think existing tests in `tests/lib-injection` cover this pretty well. There's a new test added that verifies instrumentation was cancelled when an unsupported package version is present. Contains changes from #9418 Related RFC: "[RFC] One Step Guardrails" - [x] minimum package version checks - [x] Testing - [x] replace envvars with inject_force - [x] figure out what to use instead of pkg_resources - [x] replace local file path with `DD_TELEMETRY_FORWARDER_PATH` - [x] Change(s) are motivated and described in the PR description - [x] Testing strategy is described if automated tests are not included in the PR - [x] Risks are described (performance impact, potential for breakage, maintainability) - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] [Library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) are followed or label `changelog/no-changelog` is set - [x] Documentation is included (in-code, generated user docs, [public corp docs](https://github.com/DataDog/documentation/)) - [x] Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) - [x] If this PR changes the public interface, I've notified `@DataDog/apm-tees`. - [x] Title is accurate - [x] All changes are related to the pull request's stated goal - [x] Description motivates each change - [x] Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - [x] Testing strategy adequately addresses listed risks - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] Release note makes sense to a user of the library - [x] Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - [x] Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) --------- Co-authored-by: Emmett Butler <723615+emmettbutler@users.noreply.github.com> Co-authored-by: Emmett Butler <emmett.butler321@gmail.com> (cherry picked from commit 0c38e09)
22 tasks
emmettbutler
added a commit
that referenced
this pull request
Sep 9, 2024
…9] (#10563) This pull request adds "guardrails" to the "library injection" process. These are early exit conditions from the instrumentation process intended to avoid sending any traces when undefined behavior is likely. The code makes this determination on the basis of software versions present in the application environment, both of Python packages and the Python runtime itself. The biggest risk here is that instrumentation is disabled when it's not intended to be. I think existing tests in `tests/lib-injection` cover this pretty well. There's a new test added that verifies instrumentation was cancelled when an unsupported package version is present. Contains changes from #9418 Related RFC: "[RFC] One Step Guardrails" - [x] minimum package version checks - [x] Testing - [x] replace envvars with inject_force - [x] figure out what to use instead of pkg_resources - [x] replace local file path with `DD_TELEMETRY_FORWARDER_PATH` - [x] Change(s) are motivated and described in the PR description - [x] Testing strategy is described if automated tests are not included in the PR - [x] Risks are described (performance impact, potential for breakage, maintainability) - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] [Library release note guidelines](https://ddtrace.readthedocs.io/en/stable/releasenotes.html) are followed or label `changelog/no-changelog` is set - [x] Documentation is included (in-code, generated user docs, [public corp docs](https://github.com/DataDog/documentation/)) - [x] Backport labels are set (if [applicable](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting)) - [x] If this PR changes the public interface, I've notified `@DataDog/apm-tees`. - [x] Title is accurate - [x] All changes are related to the pull request's stated goal - [x] Description motivates each change - [x] Avoids breaking [API](https://ddtrace.readthedocs.io/en/stable/versioning.html#interfaces) changes - [x] Testing strategy adequately addresses listed risks - [x] Change is maintainable (easy to change, telemetry, documentation) - [x] Release note makes sense to a user of the library - [x] Author has acknowledged and discussed the performance implications of this PR as reported in the benchmarks PR comment - [x] Backport labels are set in a manner that is consistent with the [release branch maintenance policy](https://ddtrace.readthedocs.io/en/latest/contributing.html#backporting) Co-authored-by: Zachary Groves <32471391+ZStriker19@users.noreply.github.com> Co-authored-by: Taegyun Kim <taegyun.kim@datadoghq.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This script discovers the minimum version of every package referenced in riotfile.py's Venv tree (excluding those envs that do not execute a
pytestcommand) and writes that information to a CSV file. It also takes into account the installation dependencies in pyproject.toml.For use in #9323
Checklist
changelog/no-changelogis set@DataDog/apm-tees.Reviewer Checklist