Skip to content

ci: Configure SDK compliance capture suite#191

Closed
marandaneto wants to merge 1 commit into
mainfrom
fix/sdk-harness-options-20260630
Closed

ci: Configure SDK compliance capture suite#191
marandaneto wants to merge 1 commit into
mainfrom
fix/sdk-harness-options-20260630

Conversation

@marandaneto

Copy link
Copy Markdown
Member

Problem

SDK compliance workflows need explicit harness suite/sdk-type selection and configurable blocking behavior so CI only runs the intended contract checks.

Changes

  • Point SDK compliance to the harness branch with new workflow inputs.
  • Run capture v0 as a server SDK.
  • Keep compliance failures non-blocking for now.
  • Align local compose with the same suite/sdk type.

Testing

  • Parsed workflow YAML.
  • Ran docker compose config for the adapter compose file.
  • Ran git diff --check.

Release / changeset

No SDK package changeset: CI/local compliance configuration only.

🤖 Agent context

Autonomy: Human-driven (agent-assisted)

Implemented with Pi using dedicated git worktrees. The change was requested to align SDK compliance harness setup across SDK repositories while keeping non-ready SDKs non-blocking.

@marandaneto marandaneto self-assigned this Jun 30, 2026
@greptile-apps

greptile-apps Bot commented Jun 30, 2026

Copy link
Copy Markdown

Security Review

  • Supply-chain / mutable workflow ref (.github/workflows/sdk-compliance.yml line 17): the reusable-workflow call was changed from a pinned commit SHA to a branch name (fix/sdk-harness-options-20260630) in the external PostHog/posthog-sdk-test-harness repo. Any commit to that branch will execute new, unreviewed code inside this repo's CI without a corresponding PR here.

Reviews (1): Last reviewed commit: "ci: Configure SDK compliance capture sui..." | Re-trigger Greptile

compliance:
name: PostHog SDK compliance tests
uses: PostHog/posthog-sdk-test-harness/.github/workflows/test-sdk-action.yml@be8b8d5a3f94a249659844e94832e874f049c1e4
uses: PostHog/posthog-sdk-test-harness/.github/workflows/test-sdk-action.yml@fix/sdk-harness-options-20260630

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 security Mutable branch reference replaces pinned SHA

The original ref (be8b8d5a3f94a249659844e94832e874f049c1e4) was an immutable commit SHA; the new ref (fix/sdk-harness-options-20260630) is a mutable branch in an external repository. Any force-push or new commit to that branch in PostHog/posthog-sdk-test-harness will silently alter the workflow code executed against this repo's CI — a classic supply-chain risk for reusable-workflow consumers. Once the upstream branch is merged and a stable SHA or tag is available, this should be pinned back to an immutable ref.

@github-actions

Copy link
Copy Markdown
Contributor

posthog-php Compliance Report

Date: 2026-06-30 10:01:40 UTC
Duration: 95018ms

✅ All Tests Passed!

29/29 tests passed


Capture Tests

29/29 tests passed

View Details
Test Status Duration
Format Validation.Event Has Required Fields 12ms
Format Validation.Event Has Uuid 7ms
Format Validation.Event Has Lib Properties 5ms
Format Validation.Distinct Id Is String 6ms
Format Validation.Token Is Present 7ms
Format Validation.Custom Properties Preserved 6ms
Format Validation.Event Has Timestamp 6ms
Retry Behavior.Retries On 503 5317ms
Retry Behavior.Does Not Retry On 400 2009ms
Retry Behavior.Does Not Retry On 401 2009ms
Retry Behavior.Respects Retry After Header 8015ms
Retry Behavior.Implements Backoff 15723ms
Retry Behavior.Retries On 500 5115ms
Retry Behavior.Retries On 502 5116ms
Retry Behavior.Retries On 504 5114ms
Retry Behavior.Max Retries Respected 16517ms
Deduplication.Generates Unique Uuids 12ms
Deduplication.Preserves Uuid On Retry 5113ms
Deduplication.Preserves Uuid And Timestamp On Retry 10322ms
Deduplication.Preserves Uuid And Timestamp On Batch Retry 5117ms
Deduplication.No Duplicate Events In Batch 12ms
Deduplication.Different Events Have Different Uuids 7ms
Compression.Sends Gzip When Enabled 5ms
Batch Format.Uses Proper Batch Structure 6ms
Batch Format.Flush With No Events Sends Nothing 4ms
Batch Format.Multiple Events Batched Together 10ms
Error Handling.Does Not Retry On 403 2007ms
Error Handling.Does Not Retry On 413 2010ms
Error Handling.Retries On 408 5114ms

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant