fix: make TCP drop recovery test deterministic#248
Conversation
posthog-go Compliance ReportDate: 2026-07-01 09:40:48 UTC ✅ All Tests Passed!110/110 tests passed Capture_V1 Tests✅ 94/94 tests passed View Details
Feature_Flags Tests✅ 16/16 tests passed View Details
|
|
705b6bc to
90a77e9
Compare
|
Addressed the review feedback in e8d0970: removed the duplicate deferred TCP server closes, explicitly close the server before reading counters, and applied the same deterministic close-before-counter-read pattern to |
💡 Motivation and Context
TestTCPDropRecovery/DropAfterConnectwas flaky because the test assertedserver.SuccessCount()immediately after the PostHog callback reported success. The TCP test server increments its success counter after writing the HTTP response, so the client callback can win that race and observe0successes even though delivery succeeded.This change makes the test wait for the TCP server's connection handler to finish before asserting server-side counters. Review feedback also pointed out the same server-counter race in
TestTCPDropFailure, so that test now closes the TCP server before reading connection counts as well.Semgrep also flagged the feature-flags project-board caller for using
secrets: inherit. This mirrors PostHog/posthog-python#717: the central reusable workflow requires inherited secrets because it does not declareworkflow_call.secrets, so the workflow keepssecrets: inheritwith a scoped# nosemgrepsuppression and explanatory comments. The workflow now also declarespermissions: {}to satisfy CodeQL's minimal-token-permissions recommendation.💚 How did you test it?
docker run --rm -v "$PWD":/src -w /src golang:1.24 go test ./extras -run 'TestTCPDropRecovery/DropAfterConnect' -count=100docker run --rm -v "$PWD":/src -w /src golang:1.24 go test ./extras -count=20docker run --rm -v "$PWD":/src -w /src golang:1.24 go test -race ./extras -run 'TestTCPDropRecovery/DropAfterConnect' -count=20docker run --rm -v "$PWD":/src -w /src golang:1.24 go test ./extras -run 'TestTCPDrop' -count=50docker run --rm -v "$PWD":/src -w /src golang:1.24 go test ./....github/workflows/call-flags-project-board.ymlwith PyYAML and verifiedpermissionsresolves to{}andsecretsresolves toinherit.docker run --rm -v "$PWD":/src -v /tmp/posthog-dotgithub-semgrep:/dotgithub -w /src semgrep/semgrep:1.163.0 semgrep ... .github/📝 Checklist
If releasing new changes
pnpm changesetto generate a changeset file🤖 Agent context
Autonomy: Human-driven (agent-assisted)
Pi investigated the flaky TCP drop recovery test in a dedicated git worktree. The chosen test fix is intentionally small: close the flaky TCP server before reading its counters, because
Closewaits for handler goroutines and removes the race between the client callback and server-side bookkeeping. Review feedback was addressed by removing duplicate deferred closes and applying the same deterministic close-before-counter-read pattern toTestTCPDropFailure.After CI reported a Semgrep failure, Pi inspected the job logs and aligned this repo's feature-flags project-board caller with PostHog/posthog-python#717: keep the required inherited secrets for the central reusable workflow and suppress only that intentional Semgrep finding inline with reviewer-facing context. CodeQL feedback was addressed by declaring minimal workflow permissions.