You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore: document atmosphere usage during PR builds (#551)
Outline the reasons why a PR may pass locally, but fail during PR build.
---
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license
Copy file name to clipboardExpand all lines: packages/@aws-cdk-testing/cli-integ/README.md
+24Lines changed: 24 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -124,6 +124,30 @@ $ publib-ca delete
124
124
2. In the `"args"` value after `"-t"`, place the name of the test that you'd like to run.
125
125
3. Press the VS code green arrow to launch the debugger.
126
126
127
+
### Running during PRs
128
+
129
+
Integration tests are executed automatically during PRs. Every workflow run generates a markdown summary
130
+
of the suite, detailing which tests passed/failed, and some additional statistics.
131
+
132
+
> For exmaple: https://github.com/aws/aws-cdk-cli/actions/runs/15305859516
133
+
134
+
To debug a failing test, navigate to the execution logs and search for the name of the test.
135
+
You'll find a verbose log that displays all operations taken during the test.
136
+
137
+
Unlike running locally, PRs make use of the *Atmosphere* service, an internal CDK service designed
138
+
to provide integration tests with clean AWS environments. It allows us to run many concurrent tests,
139
+
and significantly reduce suite durations. Most of the time, *Atmosphere* should be transparent to you,
140
+
but sometimes, tests that pass locally may fail during PRs because of additional restrictions
141
+
it imposes:
142
+
143
+
-**Service Control Policy (SCP):** AWS environments (i.e accounts) are subject to an SCP that denies access
144
+
to specific services. For example, you might see a failure similar to:
145
+
146
+
```
147
+
User: arn:aws:sts::111111111111:assumed-role/cdk-hnb659fds-cfn-exec-role-111111111111-eu-central-1/AWSCloudFormation is not authorized to perform: logs:CreateLogGroup on resource: arn:aws:logs:eu-central-1:111111111111:log-group:/aws/lambda/cdktest-00cyqupxno939-imp-cdkimportnodejslambdates-6X36hssZOiZk:log-stream: with an explicit deny in a service control policy
148
+
```
149
+
This means that your PR introduces a need to invoke a new service, or deploy a new type of resource, that wasn't previously required. When this happens - reach out to a maintainer through the PR. They will evaluate if the new requirement is justified, and grant the necessary permissions.
150
+
127
151
## Tools
128
152
129
153
There are a number of tools in the `bin/` directory. They are:
0 commit comments