Page MenuHomePhabricator
Create Task
Maniphest T246914

Enable integration testing in CI
Closed, DeclinedPublic
Actions

Description

The MediaModeration extension will be doing requests to external providers in order to assess whether the media contains child abuse.

The extension is covered well with unit tests, however, it would be interesting to explore if we could enable an integration test running in CI hitting the real cloud provider. Currently a test like this exist but it skipped.

Questions for Release-Engineering-Team :

  1. There are pros and cons of doing an integration test with hitting real external service, do we have a policy or already made decision regarding this?
  2. Is it even possible in our CI infrastructure?
  3. In case it is possible and desirable - we would need to make an api key available in CI via some secret management way - is that feasible?

Related Objects
Search...

StatusSubtypeAssignedTask
 DeclinedNoneT247977 Implement Hash Checking of Media Files
 DeclinedNoneT256982 MediaModeration Productionizing
 DeclinedNoneT246914 Enable integration testing in CI

Event Timeline

Pchelolo created this task.Mar 4 2020, 4:59 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 4 2020, 4:59 PM
Peter.ovchyn closed this task as Resolved.Mar 18 2020, 10:39 AM
Peter.ovchyn reopened this task as Open.Mar 18 2020, 2:00 PM
CCicalese_WMF triaged this task as Medium priority.Mar 18 2020, 2:14 PM
CCicalese_WMF added a project: Core Platform Team Initiatives (Hash Checking).
CCicalese_WMF edited parent tasks, added: T247977: Implement Hash Checking of Media Files; removed: T246206: PhotoDNA integration.Jul 2 2020, 1:47 PM
eprodromou edited parent tasks, added: T256982: MediaModeration Productionizing; removed: T247977: Implement Hash Checking of Media Files.Jul 2 2020, 3:17 PM
eprodromou removed a project: Platform Team Workboards (S&F Workboard).Sep 1 2020, 3:19 PM
hashar edited projects, added Continuous-Integration-Config, Release-Engineering-Team (Seen); removed Release-Engineering-Team.Jun 7 2021, 4:36 PM
hashar subscribed.

Sorry that task has not been noticed.

My rule of thumb is that tests running on CI should avoid relying on a third party, cause if the external resource is unreachable that means the test suite will fail and would block any change.

To exercise the logic of your code you should mock what is expected from the third party. The mock would define the interface defined by the external service. Then to ensure that contract is still honored by the third party, you would need a monitoring probe that runs on schedule and ensure that they respect the contract, but I don't have a good solution for that. Maybe an Icinga probe?

In case it is possible and desirable - we would need to make an api key available in CI via some secret management way - is that feasible?

The API key would end up being exposed publicly. We do that for example to authenticate requests to the GitHub API to drop the rate limit when using composer/npm installs. They key is exposed via an environment variable,, which is rather trivial to retrieve by sending a patch dumping the environment variable. So potentially that aims at using an Icinga probe which would not expose the key.

Pchelolo closed this task as Declined.Jun 7 2021, 4:44 PM

Ok, thank you @hashar This is mostly what I thought, just wanted to confirm.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits