Merge branch 'observability/add-local-o11y' into staging

Author: edisile

.env

@@ -4,3 +4,11 @@ FLASK_DEBUG=true
 DEVEL=True
 SECRET_KEY=local_development_fake_key
 LP_API_USERNAME=test_lp_user
+
+# OpenTelemetry
+# Uncomment to enable tracing:
+# OTEL_SERVICE_NAME=snapcraft-io
+# if using Linux, uncomment this:
+# OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
+# if using MacOS, uncomment this:
+# OTEL_EXPORTER_OTLP_ENDPOINT=http://host.docker.internal:4318

.github/workflows/coverage.yml

@@ -2,6 +2,7 @@ name: Test coverage
 on:
   schedule:
     - cron: "0 22 * * *"
+  workflow_dispatch: # Allows manual triggering
 
 jobs:
   test:
@@ -39,68 +40,67 @@ jobs:
       - name: Zip coverage report
         run: |
           zip -r coverage/cobertura-coverage.zip coverage/cobertura-coverage.xml coverage/coverage.xml
-      
+
       - name: Upload coverage report
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: snapcraftio-coverage
           path: coverage
           retention-days: 1
-  
-  publish-coverage-report:
-      name: publish-coverage-report
-      runs-on: ubuntu-latest
-      needs: test
-      continue-on-error: true
-      steps:
-        - uses: actions/checkout@v4
-          with:
-            ref: gh-pages
-            token: ${{ secrets.GITHUB_TOKEN }}
-        - name: Cleanup coverage directory
-          run: |
-            rm -rf coverage
-            mkdir coverage
-        - name: Download coverage report artifact
-          uses: actions/download-artifact@v4
-          with:
-            name: snapcraftio-coverage
-            path: coverage
-        # user git configs are needed for git commands to work
-        # actual authentication is done using secrets.GITHUB_TOKEN with write permission
-        - name: Set Git User
-          run: |
-            git config --global user.email "github-action@example.com"
-            git config --global user.name "GitHub Action"
-        - name: Push coverage Report
-          timeout-minutes: 3
-          run: |
-            git add .
-            git commit -m "workflow: update coverage report"
-            
-            # In case of another action job pushing to gh-pages while we are rebasing for the current job
-            while true; do
-              git pull --rebase
-              if [ $? -ne 0 ]; then
-                echo "Failed to rebase. Please review manually."
-                exit 1
-              fi
-  
-              git push
-              if [ $? -eq 0 ]; then
-                echo "Successfully pushed HTML report to repo."
-                exit 0
-              fi
-            done
-        - name: Output Report URL as Worfklow Annotation
-          run: |
-            FULL_HTML_REPORT_URL=https://canonical.github.io/snapcraft.io/coverage
-            echo "::notice title=Published Playwright Test Report::$FULL_HTML_REPORT_URL"
 
+  publish-coverage-report:
+    name: publish-coverage-report
+    runs-on: ubuntu-latest
+    needs: test
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: gh-pages
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Cleanup coverage directory
+        run: |
+          rm -rf coverage
+          mkdir coverage
+      - name: Download coverage report artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: snapcraftio-coverage
+          path: coverage
+      # user git configs are needed for git commands to work
+      # actual authentication is done using secrets.GITHUB_TOKEN with write permission
+      - name: Set Git User
+        run: |
+          git config --global user.email "github-action@example.com"
+          git config --global user.name "GitHub Action"
+      - name: Push coverage Report
+        timeout-minutes: 3
+        run: |
+          git add .
+          git commit -m "workflow: update coverage report"
+
+          # In case of another action job pushing to gh-pages while we are rebasing for the current job
+          while true; do
+            git pull --rebase
+            if [ $? -ne 0 ]; then
+              echo "Failed to rebase. Please review manually."
+              exit 1
+            fi
+
+            git push
+            if [ $? -eq 0 ]; then
+              echo "Successfully pushed HTML report to repo."
+              exit 0
+            fi
+          done
+      - name: Output Report URL as Worfklow Annotation
+        run: |
+          FULL_HTML_REPORT_URL=https://canonical.github.io/snapcraft.io/coverage
+          echo "::notice title=Published Playwright Test Report::$FULL_HTML_REPORT_URL"
 
   tics-report:
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, reactive, amd64, tiobe, noble]
     needs: publish-coverage-report
     steps:
       - uses: actions/checkout@v4
@@ -111,21 +111,35 @@ jobs:
           name: snapcraftio-coverage
           path: coverage
 
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.10"
+          cache: "pip"
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+          cache: "yarn"
+
       - name: Install Python requirements
         run: |
-          sudo pip3 install -r requirements.txt
-
-      - name: Install Python dependencies
-        run: sudo pip3 install pylint
+          python -m pip install --upgrade pip
+          pip3 install -r requirements.txt
+          pip3 install pylint
 
       - name: Install JS dependencies
-        run: yarn install --immutable
-
-      - name: Produce TICS report
-        shell: bash
         run: |
-          set -x
-          export TICSAUTHTOKEN=${{ secrets.TICSAUTHTOKEN }}
-          curl --silent --show-error "https://canonical.tiobe.com/tiobeweb/TICS/api/public/v1/fapi/installtics/Script?cfg=default&platform=linux&url=https://canonical.tiobe.com/tiobeweb/TICS/" > install_tics.sh
-          . ./install_tics.sh
-          TICSQServer -project snapcraft.io -tmpdir /tmp/tics -branchdir . -nosanity
+          yarn install --immutable
+
+      - name: Run TICS analysis with github-action
+        uses: tiobe/tics-github-action@v3
+        with:
+          mode: qserver
+          project: snapcraft.io
+          branchdir: .
+          viewerUrl: https://canonical.tiobe.com/tiobeweb/TICS/api/cfg?name=default
+          ticsAuthToken: ${{ secrets.TICSAUTHTOKEN }}
+          installTics: true
+

entrypoint

@@ -8,4 +8,9 @@ if [ "${FLASK_DEBUG}" = true ] || [ "${FLASK_DEBUG}" = 1 ]; then
     RUN_COMMAND="${RUN_COMMAND} --reload --log-level debug --timeout 9999"
 fi
 
+# if OTEL_SERVICE_NAME is defined, inject OTEL sdk
+if [ -n "${OTEL_SERVICE_NAME}" ]; then
+    RUN_COMMAND="${RUN_COMMAND} --config observability/observability.gunicorn.conf.py"
+fi
+
 ${RUN_COMMAND}

observability/README.md

@@ -0,0 +1,69 @@
+# Local Tracing for charmhub.io
+
+This guide explains how to test OpenTelemetry traces locally using OpenTelemetry, Grafana and Tempo. 
+
+*This setup is intended for local development and testing purposes only.*
+
+## Overview
+
+This setup enables observability for local development by capturing traces from the application and visualising them in Grafana, using Tempo as the backend.
+
+## Prerequisites
+
+- Docker and Docker Compose installed
+- A properly configured `.env` file
+
+## Setup Instructions
+
+### 1. Configure environment variables
+
+In your `.env` file, make the following changes:
+
+- Uncomment the appropriate `OTEL_EXPORTER_OTLP_ENDPOINT` based on your operating system.
+- Uncomment `OTEL_SERVICE_NAME` to enable tracing.
+
+### 2. Start observability stack
+
+Open a new terminal window and run:
+
+`cd observability`
+`docker compose up -d`
+
+This starts the OpenTelemetry Collector, Grafana and Tempo containers for tracing.
+
+### 3. Run the application
+
+Back in the main terminal (in the root of the project), run `dotrun`
+
+### 4. Generate traces
+
+Interact with the application by visiting various pages such as:
+
+- Homepage (list of charms)
+- Charm pages
+- Login page
+- Publisher pages
+
+These interactions will generate traces.
+
+### 5. View traces in Grafana
+
+Open Grafana in the browser at: http://localhost:3000
+
+Login using the default credentials:
+
+- Username: `admin`
+- Password: `admin`
+
+Then:
+1. Go to `Explore`
+2. The Tempo datasource should be selected
+3. Click `Search`
+4. You should see a list of trace IDs
+5. Click on a trace ID to view detailed nested spans
+
+### 6. Stop the observability stack
+Once you're done testing, you can shut down the containers:
+`cd observability`
+`docker compose down`
+

observability/docker-compose.yaml

@@ -0,0 +1,46 @@
+services:
+  grafana:
+    image: grafana/grafana:latest
+    ports:
+      - "3000:3000"
+    volumes:
+      - ./grafana/provisioning:/etc/grafana/provisioning
+    depends_on:
+      - tempo
+    networks:
+      - observability
+
+  prometheus:
+    image: prom/prometheus:latest
+    ports:
+      - "9090:9090"
+    volumes:
+      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+    networks:
+      - observability
+
+  tempo:
+    image: grafana/tempo:latest
+    ports:
+      - "3200:3200"  # Tempo UI/query
+    command: [ "-config.file=/etc/tempo.yaml" ]
+    volumes:
+      - ./tempo/tempo.yaml:/etc/tempo.yaml
+    networks:
+      - observability
+
+  otel-collector:
+    image: otel/opentelemetry-collector-contrib:latest
+    command: [ "--config=/etc/otel-collector-config.yaml" ]
+    ports:
+      - "4318:4318"  # OTLP HTTP - app on localhost sends traces here
+    volumes:
+      - ./otel-collector/otel-collector-config.yaml:/etc/otel-collector-config.yaml
+    depends_on:
+      - tempo
+    networks:
+      - observability
+
+networks:
+  observability:
+    driver: bridge

observability/grafana/provisioning/datasources/datasource.yaml

@@ -0,0 +1,13 @@
+apiVersion: 1
+
+datasources:
+  - name: Tempo
+    type: tempo
+    access: proxy
+    url: http://tempo:3200
+    isDefault: true
+  
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: http://prometheus:9090

observability/observability.gunicorn.conf.py

@@ -0,0 +1,10 @@
+from opentelemetry import trace
+from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter
+from opentelemetry.sdk.trace import TracerProvider
+from opentelemetry.sdk.trace.export import BatchSpanProcessor
+
+
+def post_fork(server, worker):
+    trace.set_tracer_provider(TracerProvider())
+    span_processor = BatchSpanProcessor(OTLPSpanExporter())
+    trace.get_tracer_provider().add_span_processor(span_processor)

observability/otel-collector/otel-collector-config.yaml

@@ -0,0 +1,17 @@
+receivers:
+  otlp:
+    protocols:
+      http:
+        endpoint: "0.0.0.0:4318"
+
+exporters:
+  otlp:
+    endpoint: tempo:4317
+    tls:
+      insecure: true
+
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      exporters: [otlp]

observability/prometheus/prometheus.yml

@@ -0,0 +1,8 @@
+global:
+  scrape_interval: 10s
+
+scrape_configs:
+  - job_name: 'snapcraft-io'
+    metrics_path: '/_status/metrics'
+    static_configs:
+      - targets: ['snapcraft.io']

observability/tempo/tempo.yaml

@@ -0,0 +1,25 @@
+auth_enabled: false
+
+server:
+  http_listen_port: 3200
+
+distributor:
+  receivers:
+    otlp:
+      protocols:
+        grpc:
+          endpoint: 0.0.0.0:4317
+ingester:
+  trace_idle_period: 10s
+  max_block_bytes: 5_000_000
+  max_block_duration: 5m
+
+compactor:
+  compaction:
+    block_retention: 1h
+
+storage:
+  trace:
+    backend: local
+    local:
+      path: /tmp/tempo/traces