Overhaul various 'update status' checks - meets_testing_requirements, check_requirements, critpath_approved, check_karma_thresholds - and approve_testing script

[AdamWill]

This is a huge patch series that more or less entirely overhauls Bodhi's approach to checking if updates "meet requirements" in various senses. See each individual commit's extensive message for details, but broadly the goal is to make the code (and tests) more consistent, correct, in line with the actual Fedora update policies, and simpler.

[AdamWill]

Oh, one of the commit messages promises my evaluation of the test_approve_testing tests as a comment on the PR, soo:

assessment of approve_testing code

there are only four main paths.

1. if not update.release.mandatory_days_in_testing and not update.autotime: bail
2. if not update.meets_testing_requirements: bail
3. if not update.autotime or update.days_in_testing < update.stable_days (but does meet testing requirements): 3a) comment + publish (if not already done) 3b) bail (if already commented)
4. if update.autotime and update.days_in_testing >= update.stable_days (and meets testing requirements): 4a) set_request stable (if update.release.composed_by_bodhi) 4b) actually push update stable (if not update.release.composed_by_bodhi)

assessment of test_approve_testing tests

test_autokarma_update_meeting_time_requirements_gets_one_comment - ensures we comment exactly once on multiple runs when update meets manual push time threshold but not autopush threshold test_non_autokarma_critpath_update_meeting_karma_requirements_gets_one_comment - ditto, but for a non-autokarma, critpath update, and tries to meet the karma threshold. sets update.stable_karma=1, then adds 1 karma before 'approving' (which I think means the update actually hits +2) test_non_autokarma_update_meeting_karma_requirements_gets_one_comment - ditto, non-autokarma, non-critpath test_autotime_update_no_autokarma_met_karma_requirements_get_comments - ditto, only update has autotime=True. doesn't check for repeat comments test_non_autokarma_critpath_update_meeting_time_requirements_gets_one_comment - ditto, non-autokarma, critpath, sets mandatory time in testing to 14 days and time in testing to 14 days. intends to check that the message doesn't say "7 days" if the minimum is not 7 days. current message is very generic ("This update can be pushed to stable now if the maintainer wishes") so this test is less relevant test_non_autokarma_update_with_unmet_karma_requirement_after_time_met - similar, but doesn't check for only one comment. non-autokarma, non-critpath, update is set to meet time in testing requirement but no karma threshold.

test_autokarma_update_without_mandatory_days_in_testing - tests we dip early if no mandatory_days_in_testing or autotime test_non_autokarma_update_without_mandatory_days_in_testing - ditto, non-autokarma

test_autokarma_update_not_meeting_testing_requirements - ensures we don't comment on or approve update that doesn't meet requirements. leaves karma at default (I think +1), sets days in testing to 6 test_non_autokarma_critpath_update_not_meeting_time_requirements_gets_no_comment - similar, but non-autokarma, critpath. doesn't check date_approved. sets stable_karma = 1, leaves karma at default (+1). intends to test the case where update meets stable_karma but autokarma is not set and update doesn't reach critpath_min_karma test_non_autokarma_update_with_unmet_karma_requirement - ditto, non-autokarma, not critpath. update is set not to meet any threshold at all (time or karma, auto or manual)

test_exception_handler - tests exception handler test_exception_handler_on_the_second_update - moar exception handler

test_subsequent_comments_after_initial_push_comment - tests the case where the update is approved, edited, then approved again, expects to see two approvals. is effectively redundant with test_has_stable_comment tests in test_models, because all approve_testing cares about is whether the update has_stable_comment

test_autotime_update_meeting_test_requirements_gets_pushed - tests non-autokarma, non-critpath, autotime update with stable_days set to 7 and time in testing of 7 days is autopushed (and marked approved). does not check whether an approval comment is posted test_autotime_update_does_not_meet_stable_days_doesnt_get_pushed - similar, but sets stable_days to 10 and time in testing to 7 (so autotime requirement is not met) and tests the update is not pushed test_autotime_update_meeting_stable_days_get_pushed - similar, but sets both stable_days and time_in_testing to 10. functionally equivalent to test_autotime_update_meeting_test_requirements_gets_pushed with current code, not sure whether this is ever useful test_autotime_update_no_autokarma_met_karma_and_time_requirements_get_pushed - similar, but update also meets all karma requirements (but has autokarma disabled). probably pointless test_autotime_update_with_autokarma_met_karma_and_time_requirements_get_pushed - ditto, but update has autokarma enabled. probably isn't actually testing approve_testing at all; update would be pushed by check_karma_thresholds() when the +1 karma is posted. test passes if you skip approve_testing_main(). should be a check_karma_thresholds() test

test_no_autotime_update_meeting_stable_days_and_test_requirement - tests update without autotime set does not get autopushed, even with a stable_days value set and reached (uses 10 days)

test_autotime_update_does_not_meet_test_requirements - tests autotime update with stable_days and mandatory_days_in_testing set to 2 is not pushed if days in testing is 1. mostly functionally equivalent to test_autotime_update_does_not_meet_stable_days_doesnt_get_pushed , except with a non-default mandatory days in testing value and an update that does not meet it. probably useless

test_autotime_update_does_no_mandatory_days_in_testing - tests that autotime update is pushed stable with zero days in testing if stable_days is 0. relies on the default value of stable_days being 0, but doesn't say so. sets mandatory_days_in_testing to 0 to ensure meets_testing_requirements passes test_autotime_update_zero_day_in_testing_meeting_test_requirements_gets_pushed - exactly the same, but explicitly sets stable_days to 0 test_autotime_update_zero_day_in_testing_no_gated_gets_pushed_to_rawhide - ditto, but for release not composed by rawhide. tests the path where approve_testing actually has to do all the push work itself. parametrized to also test when update is from a side tag test_autotime_update_zero_day_in_testing_fail_gating_is_not_pushed - ditto test_autotime_update_zero_day_in_testing_meeting_test_requirements_gets_pushed, buts sets test_gating_status to failed so meets_testing_requirements will fail, and expects update not to be pushed test_autotime_update_negative_karma_does_not_get_pushed - ditto test_autotime_update_zero_day_in_testing_meeting_test_requirements_gets_pushed , but adds a negative karma. is actually testing that update.comment() disables autotime, though this is not clear. should be a check_karma_thresholds() test test_autotime_update_no_autokarma_negative_karma_not_pushed - virtually identical to test_autotime_update_negative_karma_does_not_get_pushed (both updates have autokarma = False), but sets stable_karma to 10 instead of 1 (seems irrelevant). does assert that update.autotime = False, so this test realized to some extent what was actually happening. should be check_karma_thresholds() test

test_update_conflicting_build_not_pushed - tests we don't push updates with conflicting builds. also tests we don't post a comment saying they're approved, or set date_approved.

test_autotime_update_gets_pushed_dont_send_duplicated_notification - tests we don't publish UpdateRequirementsMetStable again when auto-pushing, if the update previously met the manual push threshold and had it published then. doesn't test whether we repeat the comment test_autotime_update_with_stable_comment_set_stable_on_branched - tests similar flow, but for the not-composed-by-bodhi case where approve_testing actually does the work

ACTUALLY USEFUL TESTS:

• two early bails (until we remove the first)
• when meets_testing_requirements but not autotime push requirements: "ready for stable" comment, publish UpdateRequirementsMetStable, set date_approved, if not already done. do not push. parametrize: composed_by_bodhi, side_tag. check all possible ways of not meeting autotime requirements
• when meets_testing_requirements and autotime push requirements: set request (composed-by-bodhi) or do all the work (not-composed-by-bodhi). check everything is done in both cases. check we do not post the "ready for stable" comment but do publish UpdateRequirementsMetStable if the update does not have the comment.
• conflicting builds checks. note only done when autopushing on not-composed-by-bodhi path, so we still set date_approved, post "ready for stable" and/or publish UpdateRequirementsMetStable on other paths even if update has conflicting builds
• exception handler checks
• check against repeated comments

STUFF TO ENSURE IS TESTED ELSEWHERE:

• different ways of meeting different thresholds (these should all be on the tests for meets_testing_requirements / check_karma_thresholds)
• whether check_karma_thresholds disables autopush on negative karma (should be in its own tests)
• autopush of autokarma-enabled update for composed-by-bodhi release reaching stable_karma (this is done by check_karma_thresholds)

[AdamWill]

here's some more random assessment notes lying around my note-to-self that I kept while working on this:

assessment of test_models tests

• test_critpath_negative_karma - completely redundant with test_critpath_14_days_negative_karma
• test_karma_2_met - folded into test_critpath_min_karma_met
• test_stable_karma - merged into test_autopush_reached_main
• test_unstable_karma - merged into test_obsolete_if_unstable

assessment of test_updates tests

• test_manually_push_critical_update_with_negative_karma - critpath, -1 then +3. tests autokarma gets disabled and update is not pushed. once tested that "Push to Stable" button was in the HTML but has not done for years. replaced by test_autopush_disabled_on_negative_karma . doesn't need to have the 'add +4 and make sure it's not pushed' bit as that is covered by test_autopush_reached_main once we've asserted that autopush is set False here. test_disable_autopush_for_critical_updates - merged into test_autopush_disabled_on_negative_karma
• test_pending_update_on_stable_karma_reached_autopush_enabled - merged into test_autopush_reached_main. note source of "stays in testing if it hits stable karma while pending" is from when we had batched; there was an issue where things were getting queued from pending directly to batched so they never made it to updates-testing. this is of course irrelevant now and all the test was doing was testing autopush from pending state
• test_pending_urgent_update_on_stable_karma_reached_autopush_enabled - ditto. urgency is not relevant to autopush logic now
• test_pending_update_on_stable_karma_not_reached - also merged into test_autopush_reached_main , which does check that autopush doesn't happen with only +1 (if threshold is +2)
• test_pending_update_on_stable_karma_reached_autopush_disabled - this test doesn't make much sense. it checks that autopush doesn't happen if it's disabled, which is fine (but folded into test_autopush_reached_main also), but in the docstring it claims to "Ensure that pending update has option to request for stable directly", but it really does no such thing. it just posts the comment indicating that itself, and then...checks that it posted it. wat?

test_update_reaching_time_in_testing_negative_karma - dupe of test_update_reaching_stable_karma_not_critpath_min_karma test_check_requirements_testgating* - dupe of test_test_gating_status test_num_admin_approvals_after_karma_reset - obsolete, num_admin_approvals removed

[AdamWill]

still needs...

• news item(s)
• maybe fix the 'new update' webUI page to not let you try and set stable_days or stable_karma below the policy minima (the backend now won't actually let you do this if you try, but we should implement a check at the webUI level rather than just let the backend silently increase the values), and maybe grey them out if you disable the respective autopush setting
• move "obsolete update if it reaches unstable karma threshold" up higher in check_karma_thresholds so it is always checked, currently it gets skipped sometimes when it really shouldn't

[AdamWill]

seems like the CI is timing out at 30 minutes. don't know why it's taking so long. possibly i've got something in there which isn't mocking out a message publish, or something...will try and look at it tomorrow...

[AdamWill]

Hallelujah, praise the lord! That took a while. So, yeah, there were several unmocked message publish events happening, but in bcd (where I tested this), this doesn't break things the way it does in CI. Filed https://github.com/fedora-infra/bodhi/issues/5633 about that. I'll see if I can think of any way to tweak it tomorrow.

The integration tests are not my fault, I don't think. They also failed on https://github.com/fedora-infra/bodhi/pull/5632 , which changed nothing but the README (I filed that PR just as a dumb way to check if this PR was really causing the problems). I don't know what's changed to make them suddenly fail.

[AdamWill]

also todo, obviously: fix test coverage. but any comments while I work on the little todo list are still welcome :D

[AdamWill]

integration test failures don't look to be my fault, github is having trouble reaching pagure.io for some reason.

[AdamWill]

noooo merge commits! evil!

I can just rebase it. can I rebase it?

[AdamWill]

i rebased it. :P

[mattiaverga]

noooo merge commits! evil!

I can just rebase it. can I rebase it?

Sure, it's just the "update branch" button in the webUI is just too comfy to ignore 😉

[AdamWill]

Thanks. Yeah, I made a little todo list up there somewhere which has adding news fragments in it, I will try to get to that ASAP.

[AdamWill]

FWIW, I just took a look at adding a mechanism to abort if any of the removed config settings are set, to make sure we don't deploy any new release with these changes without updating the configs. But unfortunately, our real use of these values uses the prefixing mechanism - we set e.g. f{{ FedoraBranchedNumber }}.pre_beta.critpath.stable_after_days_without_negative_karma = 0 and f{{ FedoraBranchedNumber }}.post_beta.critpath.min_karma = 2 - and it would be overly tedious to make the check that sophisticated...so I think we'll just have to rely on careful co-ordination when the deployment happens.

[AdamWill]

Pushed one more change to always apply the obsolete-on-unstable_karma check in check_karma_thresholds. I noticed this logic hole while revising the tests and it bugged me. To enlarge on the change in the test suite a bit:

When the request is UpdateRequest.stable, the first negative karma does not trigger the "disable autokarma" branch, because it doesn't fire when request is stable. So the second negative karma now triggers both branches of check_karma_thresholds. First it obsoletes the update, generates an UpdateKarmaThresholdV1 message, and publishes it. Then it disables autokarma and publishes a comment. This is the thing we wanted this change to achieve, so yay!

But this is awkward for the test code, because it means the UpdateKarmaThresholdV1 message is generated using a state of the update it simply doesn't have access to. Before it sends the negative karma comment, the update state doesn't have the negative karma comment text in it (obviously), it isn't obsoleted, and its autokarma status is the original one.

After it sends the negative karma comment, the negative karma comment text is present and the update has been obsoleted (which is the state in which the UKT message is generated), but also, an additional comment has been posted that wasn't present when the UKT message was generated, and the autokarma status may have changed.

The test code never has access to the update state after the comment is added and the obsoletion changes occur but before the autokarma disablement changes happen, which is the state the update is in when the UKT message is generated. So it's just not cleanly possible for the test code to predict the UKT message content. So on this path we just have to assert that some kind of UKT message is published.

[AdamWill]

OK, added a news fragment, so I think this is ready to go. Sorry, I really can't boil these changes down to one line! I think towncrier should do an OK job of parsing a long fragment, from the test run I did.

I fiddled around with tweaking the 'new update' HTML template, but it seems like making meaningful change there would be rather harder than I thought. We don't actually know the min_karma or mandatory_days_in_stable for an update before it exists, because we don't know what release it's for (we might even be creating multiple updates for multiple releases with different values), or whether or not it's critical path. So it's not really practical to try and restrict the allowable values to the 'valid' ones.

[AdamWill]

sounds good. let's hope I didn't blow anything up too badly. :D

[mattiaverga]

A new build made from master branch has been made in koji staging. I've submitted https://pagure.io/fedora-infra/ansible/pull-request/1974 with the necessary config changes. When that PR is merged I will redeploy staging bodhi.

[mattiaverga]

So, I've pushed the latest code to staging. I see that pretty much all updates in "testing" status have a comment "This update's test gating status has been changed to 'failed'." even if "no tests are required". It might be that builds/updates synched from prod don't exist in stg and don't have tests in staging?

[AdamWill]

If you look in the right column, they're all showing "1 errors handling remote rules", which indicates a problematic response from greenwave. If you use browser tools to examine the exact response from greenwave, you'll see something like error "Koji build not found for subject_type 'koji_build', subject_identifier 'firefox-125.0.2-1.fc38'", so yeah, problem is that the koji build just doesn't exist. perhaps we should have staging bodhi talk to prod koji, or something...

Do you remember what happened before the new release, by any chance?