diff --git a/.github/workflows/twisted_trunk.yml b/.github/workflows/twisted_trunk.yml
index 5f0671f350..12267405be 100644
--- a/.github/workflows/twisted_trunk.yml
+++ b/.github/workflows/twisted_trunk.yml
@@ -96,6 +96,72 @@ jobs:
/logs/results.tap
/logs/**/*.log*
+ complement:
+ if: "${{ !failure() && !cancelled() }}"
+ runs-on: ubuntu-latest
+
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - arrangement: monolith
+ database: SQLite
+
+ - arrangement: monolith
+ database: Postgres
+
+ - arrangement: workers
+ database: Postgres
+
+ steps:
+ # The path is set via a file given by $GITHUB_PATH. We need both Go 1.17 and GOPATH on the path to run Complement.
+ # See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#adding-a-system-path
+ - name: "Set Go Version"
+ run: |
+ # Add Go 1.17 to the PATH: see https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-Readme.md#environment-variables-2
+ echo "$GOROOT_1_17_X64/bin" >> $GITHUB_PATH
+ # Add the Go path to the PATH: We need this so we can call gotestfmt
+ echo "~/go/bin" >> $GITHUB_PATH
+
+ - name: "Install Complement Dependencies"
+ run: |
+ sudo apt-get update && sudo apt-get install -y libolm3 libolm-dev
+ go get -v github.com/haveyoudebuggedit/gotestfmt/v2/cmd/gotestfmt@latest
+
+ - name: Run actions/checkout@v2 for synapse
+ uses: actions/checkout@v2
+ with:
+ path: synapse
+
+ # This step is specific to the 'Twisted trunk' test run:
+ - name: Patch dependencies
+ run: |
+ set -x
+ DEBIAN_FRONTEND=noninteractive sudo apt-get install -yqq python3 pipx
+ pipx install poetry==1.1.12
+
+ poetry remove -n twisted
+ poetry add -n --extras tls git+https://github.com/twisted/twisted.git#trunk
+ poetry lock --no-update
+ # NOT IN 1.1.12 poetry lock --check
+ working-directory: synapse
+
+ - name: "Install custom gotestfmt template"
+ run: |
+ mkdir .gotestfmt/github -p
+ cp synapse/.ci/complement_package.gotpl .gotestfmt/github/package.gotpl
+
+ # Attempt to check out the same branch of Complement as the PR. If it
+ # doesn't exist, fallback to HEAD.
+ - name: Checkout complement
+ run: synapse/.ci/scripts/checkout_complement.sh
+
+ - run: |
+ set -o pipefail
+ TEST_ONLY_SKIP_DEP_HASH_VERIFICATION=1 POSTGRES=${{ (matrix.database == 'Postgres') && 1 || '' }} WORKERS=${{ (matrix.arrangement == 'workers') && 1 || '' }} COMPLEMENT_DIR=`pwd`/complement synapse/scripts-dev/complement.sh -json 2>&1 | gotestfmt
+ shell: bash
+ name: Run Complement Tests
+
# open an issue if the build fails, so we know about it.
open-issue:
if: failure()
@@ -103,6 +169,7 @@ jobs:
- mypy
- trial
- sytest
+ - complement
runs-on: ubuntu-latest
diff --git a/changelog.d/13079.misc b/changelog.d/13079.misc
new file mode 100644
index 0000000000..0133097c83
--- /dev/null
+++ b/changelog.d/13079.misc
@@ -0,0 +1 @@
+Enable Complement testing in the 'Twisted Trunk' CI runs.
\ No newline at end of file
diff --git a/docker/Dockerfile b/docker/Dockerfile
index c676f83775..22707ed142 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -62,7 +62,13 @@ WORKDIR /synapse
# Copy just what we need to run `poetry export`...
COPY pyproject.toml poetry.lock /synapse/
-RUN /root/.local/bin/poetry export --extras all -o /synapse/requirements.txt
+
+# If specified, we won't verify the hashes of dependencies.
+# This is only needed if the hashes of dependencies cannot be checked for some
+# reason, such as when a git repository is used directly as a dependency.
+ARG TEST_ONLY_SKIP_DEP_HASH_VERIFICATION
+
+RUN /root/.local/bin/poetry export --extras all -o /synapse/requirements.txt ${TEST_ONLY_SKIP_DEP_HASH_VERIFICATION:+--without-hashes}
###
### Stage 1: builder
@@ -85,6 +91,7 @@ RUN \
openssl \
rustc \
zlib1g-dev \
+ git \
&& rm -rf /var/lib/apt/lists/*
# To speed up rebuilds, install all of the dependencies before we copy over
diff --git a/scripts-dev/complement.sh b/scripts-dev/complement.sh
index 20df5fbc24..8448d49e26 100755
--- a/scripts-dev/complement.sh
+++ b/scripts-dev/complement.sh
@@ -23,6 +23,9 @@
#
# ./complement.sh -run "TestOutboundFederation(Profile|Send)"
#
+# Specifying TEST_ONLY_SKIP_DEP_HASH_VERIFICATION=1 will cause `poetry export`
+# to not emit any hashes when building the Docker image. This then means that
+# you can use 'unverifiable' sources such as git repositories as dependencies.
# Exit if a line returns a non-zero exit code
set -e
@@ -86,7 +89,9 @@ fi
if [ -z "$skip_docker_build" ]; then
# Build the base Synapse image from the local checkout
echo_if_github "::group::Build Docker image: matrixdotorg/synapse"
- docker build -t matrixdotorg/synapse -f "docker/Dockerfile" .
+ docker build -t matrixdotorg/synapse \
+ --build-arg TEST_ONLY_SKIP_DEP_HASH_VERIFICATION \
+ -f "docker/Dockerfile" .
echo_if_github "::endgroup::"
# Build the workers docker image (from the base Synapse image we just built).
|
