diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index f0002fe486..12db62315a 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -4,4 +4,4 @@ Thank you for contributing to `sentry-python`! Please add tests to validate your changes, and lint your code using `tox -e linters`. -Running the test suite on your PR might require maintainer approval. The AWS Lambda tests additionally require a maintainer to add a special label, and they will fail until this label is added. +Running the test suite on your PR might require maintainer approval. \ No newline at end of file diff --git a/.github/workflows/scripts/trigger_tests_on_label.py b/.github/workflows/scripts/trigger_tests_on_label.py deleted file mode 100644 index f6039fd16a..0000000000 --- a/.github/workflows/scripts/trigger_tests_on_label.py +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/env python3 -import argparse -import json -import os -from urllib.parse import quote -from urllib.request import Request, urlopen - -LABEL = "Trigger: tests using secrets" - - -def _has_write(repo_id: int, username: str, *, token: str) -> bool: - req = Request( - f"https://api.github.com/repositories/{repo_id}/collaborators/{username}/permission", - headers={"Authorization": f"token {token}"}, - ) - contents = json.load(urlopen(req, timeout=10)) - - return contents["permission"] in {"admin", "write"} - - -def _remove_label(repo_id: int, pr: int, label: str, *, token: str) -> None: - quoted_label = quote(label) - req = Request( - f"https://api.github.com/repositories/{repo_id}/issues/{pr}/labels/{quoted_label}", - method="DELETE", - headers={"Authorization": f"token {token}"}, - ) - urlopen(req) - - -def main() -> int: - parser = argparse.ArgumentParser() - parser.add_argument("--repo-id", type=int, required=True) - parser.add_argument("--pr", type=int, required=True) - parser.add_argument("--event", required=True) - parser.add_argument("--username", required=True) - parser.add_argument("--label-names", type=json.loads, required=True) - args = parser.parse_args() - - token = os.environ["GITHUB_TOKEN"] - - write_permission = _has_write(args.repo_id, args.username, token=token) - - if ( - not write_permission - # `reopened` is included here due to close => push => reopen - and args.event in {"synchronize", "reopened"} - and LABEL in args.label_names - ): - print(f"Invalidating label [{LABEL}] due to code change...") - _remove_label(args.repo_id, args.pr, LABEL, token=token) - args.label_names.remove(LABEL) - - if write_permission or LABEL in args.label_names: - print("Permissions passed!") - print(f"- has write permission: {write_permission}") - print(f"- has [{LABEL}] label: {LABEL in args.label_names}") - return 0 - else: - print("Permissions failed!") - print(f"- has write permission: {write_permission}") - print(f"- has [{LABEL}] label: {LABEL in args.label_names}") - print(f"- args.label_names: {args.label_names}") - print( - f"Please have a collaborator add the [{LABEL}] label once they " - f"have reviewed the code to trigger tests." - ) - return 1 - - -if __name__ == "__main__": - raise SystemExit(main()) diff --git a/.github/workflows/test-integrations-aws.yml b/.github/workflows/test-integrations-aws.yml deleted file mode 100644 index 7eff1fee5c..0000000000 --- a/.github/workflows/test-integrations-aws.yml +++ /dev/null @@ -1,125 +0,0 @@ -# Do not edit this YAML file. This file is generated automatically by executing -# python scripts/split_tox_gh_actions/split_tox_gh_actions.py -# The template responsible for it is in -# scripts/split_tox_gh_actions/templates/base.jinja -name: Test AWS -on: - push: - branches: - - master - - release/** - - potel-base - # XXX: We are using `pull_request_target` instead of `pull_request` because we want - # this to run on forks with access to the secrets necessary to run the test suite. - # Prefer to use `pull_request` when possible. - pull_request: -# Cancel in progress workflows on pull_requests. -# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true -permissions: - contents: read - # `write` is needed to remove the `Trigger: tests using secrets` label - pull-requests: write -env: - SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID: ${{ secrets.SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID }} - SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY: ${{ secrets.SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY }} - BUILD_CACHE_KEY: ${{ github.sha }} - CACHED_BUILD_PATHS: | - ${{ github.workspace }}/dist-serverless -jobs: - check-permissions: - name: permissions check - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v4.2.2 - with: - persist-credentials: false - - name: Check permissions on PR - if: github.event_name == 'pull_request_target' - run: | - python3 -uS .github/workflows/scripts/trigger_tests_on_label.py \ - --repo-id ${{ github.event.repository.id }} \ - --pr ${{ github.event.number }} \ - --event ${{ github.event.action }} \ - --username "$ARG_USERNAME" \ - --label-names "$ARG_LABEL_NAMES" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # these can contain special characters - ARG_USERNAME: ${{ github.event.pull_request.user.login }} - ARG_LABEL_NAMES: ${{ toJSON(github.event.pull_request.labels.*.name) }} - - name: Check permissions on repo branch - if: github.event_name == 'push' - run: true - test-aws-pinned: - name: AWS (pinned) - timeout-minutes: 30 - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - python-version: ["3.8","3.9","3.11","3.13"] - # python3.6 reached EOL and is no longer being supported on - # new versions of hosted runners on Github Actions - # ubuntu-20.04 is the last version that supported python3.6 - # see https://github.com/actions/setup-python/issues/544#issuecomment-1332535877 - os: [ubuntu-20.04] - needs: check-permissions - steps: - - uses: actions/checkout@v4.2.2 - with: - ref: ${{ github.event.pull_request.head.sha || github.ref }} - - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} - allow-prereleases: true - - name: Setup Test Env - run: | - pip install "coverage[toml]" tox - - name: Erase coverage - run: | - coverage erase - - name: Test aws_lambda pinned - run: | - set -x # print commands that are executed - ./scripts/runtox.sh --exclude-latest "py${{ matrix.python-version }}-aws_lambda" - - name: Generate coverage XML (Python 3.6) - if: ${{ !cancelled() && matrix.python-version == '3.6' }} - run: | - export COVERAGE_RCFILE=.coveragerc36 - coverage combine .coverage-sentry-* - coverage xml --ignore-errors - - name: Generate coverage XML - if: ${{ !cancelled() && matrix.python-version != '3.6' }} - run: | - coverage combine .coverage-sentry-* - coverage xml - - name: Upload coverage to Codecov - if: ${{ !cancelled() }} - uses: codecov/codecov-action@v5.3.1 - with: - token: ${{ secrets.CODECOV_TOKEN }} - files: coverage.xml - # make sure no plugins alter our coverage reports - plugin: noop - verbose: true - - name: Upload test results to Codecov - if: ${{ !cancelled() }} - uses: codecov/test-results-action@v1 - with: - token: ${{ secrets.CODECOV_TOKEN }} - files: .junitxml - verbose: true - check_required_tests: - name: All pinned AWS tests passed - needs: test-aws-pinned - # Always run this, even if a dependent job failed - if: always() - runs-on: ubuntu-20.04 - steps: - - name: Check for failures - if: contains(needs.test-aws-pinned.result, 'failure') || contains(needs.test-aws-pinned.result, 'skipped') - run: | - echo "One of the dependent jobs has failed. You may need to re-run it." && exit 1 diff --git a/.github/workflows/test-integrations-cloud.yml b/.github/workflows/test-integrations-cloud.yml index b929b8d899..efa71c8e0c 100644 --- a/.github/workflows/test-integrations-cloud.yml +++ b/.github/workflows/test-integrations-cloud.yml @@ -35,6 +35,10 @@ jobs: # ubuntu-20.04 is the last version that supported python3.6 # see https://github.com/actions/setup-python/issues/544#issuecomment-1332535877 os: [ubuntu-20.04] + services: + docker: + image: docker:dind # Required for Docker network management + options: --privileged # Required for Docker-in-Docker operations steps: - uses: actions/checkout@v4.2.2 - uses: actions/setup-python@v5 @@ -47,6 +51,10 @@ jobs: - name: Erase coverage run: | coverage erase + - name: Test aws_lambda latest + run: | + set -x # print commands that are executed + ./scripts/runtox.sh "py${{ matrix.python-version }}-aws_lambda-latest" - name: Test boto3 latest run: | set -x # print commands that are executed @@ -97,12 +105,16 @@ jobs: strategy: fail-fast: false matrix: - python-version: ["3.6","3.7","3.9","3.11","3.12","3.13"] + python-version: ["3.6","3.7","3.8","3.9","3.11","3.12","3.13"] # python3.6 reached EOL and is no longer being supported on # new versions of hosted runners on Github Actions # ubuntu-20.04 is the last version that supported python3.6 # see https://github.com/actions/setup-python/issues/544#issuecomment-1332535877 os: [ubuntu-20.04] + services: + docker: + image: docker:dind # Required for Docker network management + options: --privileged # Required for Docker-in-Docker operations steps: - uses: actions/checkout@v4.2.2 - uses: actions/setup-python@v5 @@ -115,6 +127,10 @@ jobs: - name: Erase coverage run: | coverage erase + - name: Test aws_lambda pinned + run: | + set -x # print commands that are executed + ./scripts/runtox.sh --exclude-latest "py${{ matrix.python-version }}-aws_lambda" - name: Test boto3 pinned run: | set -x # print commands that are executed diff --git a/scripts/aws-cleanup.sh b/scripts/aws-cleanup.sh deleted file mode 100755 index 982835c283..0000000000 --- a/scripts/aws-cleanup.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# -# Helper script to clean up AWS Lambda functions created -# by the test suite (tests/integrations/aws_lambda/test_aws.py). -# -# This will delete all Lambda functions named `test_function_*`. -# - -export AWS_DEFAULT_REGION="us-east-1" -export AWS_ACCESS_KEY_ID="$SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID" -export AWS_SECRET_ACCESS_KEY="$SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY" - -for func in $(aws lambda list-functions --output text --query 'Functions[?starts_with(FunctionName, `test_`) == `true`].FunctionName'); do - echo "Deleting $func" - aws lambda delete-function --function-name "$func" -done - -echo "All done! Have a nice day!" diff --git a/scripts/aws-attach-layer-to-lambda-function.sh b/scripts/aws/aws-attach-layer-to-lambda-function.sh similarity index 100% rename from scripts/aws-attach-layer-to-lambda-function.sh rename to scripts/aws/aws-attach-layer-to-lambda-function.sh diff --git a/scripts/aws-delete-lambda-layer-versions.sh b/scripts/aws/aws-delete-lambda-layer-versions.sh similarity index 95% rename from scripts/aws-delete-lambda-layer-versions.sh rename to scripts/aws/aws-delete-lambda-layer-versions.sh index f467f9398b..dcbd2f9c65 100755 --- a/scripts/aws-delete-lambda-layer-versions.sh +++ b/scripts/aws/aws-delete-lambda-layer-versions.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash # # Deletes all versions of the layer specified in LAYER_NAME in one region. +# Use with caution! # set -euo pipefail diff --git a/scripts/aws-deploy-local-layer.sh b/scripts/aws/aws-deploy-local-layer.sh similarity index 81% rename from scripts/aws-deploy-local-layer.sh rename to scripts/aws/aws-deploy-local-layer.sh index 56f2087596..ee7b3e45c0 100755 --- a/scripts/aws-deploy-local-layer.sh +++ b/scripts/aws/aws-deploy-local-layer.sh @@ -1,9 +1,8 @@ #!/usr/bin/env bash # -# Builds and deploys the Sentry AWS Lambda layer (including the Sentry SDK and the Sentry Lambda Extension) +# Builds and deploys the `SentryPythonServerlessSDK-local-dev` AWS Lambda layer (containing the Sentry SDK) # # The currently checked out version of the SDK in your local directory is used. -# The latest version of the Lambda Extension is fetched from the Sentry Release Registry. # set -euo pipefail diff --git a/scripts/aws_lambda_functions/README.md b/scripts/aws_lambda_functions/README.md deleted file mode 100644 index e07b445d5b..0000000000 --- a/scripts/aws_lambda_functions/README.md +++ /dev/null @@ -1,4 +0,0 @@ -aws_lambda_functions -==================== - -In this directory you can place AWS Lambda functions that are used for administrative tasks (or whatever) \ No newline at end of file diff --git a/scripts/aws_lambda_functions/sentryPythonDeleteTestFunctions/README.md b/scripts/aws_lambda_functions/sentryPythonDeleteTestFunctions/README.md deleted file mode 100644 index de1120a026..0000000000 --- a/scripts/aws_lambda_functions/sentryPythonDeleteTestFunctions/README.md +++ /dev/null @@ -1,13 +0,0 @@ -sentryPythonDeleteTestFunctions -=============================== - -This AWS Lambda function deletes all AWS Lambda functions in the current AWS account that are prefixed with `test_`. -The functions that are deleted are created by the Google Actions CI checks running on every PR of the `sentry-python` repository. - -The Lambda function has been deployed here: -- AWS Account ID: `943013980633` -- Region: `us-east-1` -- Function ARN: `arn:aws:lambda:us-east-1:943013980633:function:sentryPythonDeleteTestFunctions` - -This function also emits Sentry Metrics and Sentry Crons checkins to the `sentry-python` project in the `Sentry SDKs` organisation on Sentry.io: -https://sentry-sdks.sentry.io/projects/sentry-python/?project=5461230 \ No newline at end of file diff --git a/scripts/aws_lambda_functions/sentryPythonDeleteTestFunctions/lambda_function.py b/scripts/aws_lambda_functions/sentryPythonDeleteTestFunctions/lambda_function.py deleted file mode 100644 index ce7afb6aa4..0000000000 --- a/scripts/aws_lambda_functions/sentryPythonDeleteTestFunctions/lambda_function.py +++ /dev/null @@ -1,55 +0,0 @@ -import boto3 -import sentry_sdk - - -monitor_slug = "python-sdk-aws-lambda-tests-cleanup" -monitor_config = { - "schedule": { - "type": "crontab", - "value": "0 12 * * 0", # 12 o'clock on Sunday - }, - "timezone": "UTC", - "checkin_margin": 2, - "max_runtime": 20, - "failure_issue_threshold": 1, - "recovery_threshold": 1, -} - - -@sentry_sdk.crons.monitor(monitor_slug=monitor_slug) -def delete_lambda_functions(prefix="test_"): - """ - Delete all AWS Lambda functions in the current account - where the function name matches the prefix - """ - client = boto3.client("lambda", region_name="us-east-1") - functions_deleted = 0 - - functions_paginator = client.get_paginator("list_functions") - for functions_page in functions_paginator.paginate(): - for func in functions_page["Functions"]: - function_name = func["FunctionName"] - if function_name.startswith(prefix): - try: - response = client.delete_function( - FunctionName=func["FunctionArn"], - ) - functions_deleted += 1 - except Exception as ex: - print(f"Got exception: {ex}") - - return functions_deleted - - -def lambda_handler(event, context): - functions_deleted = delete_lambda_functions() - - sentry_sdk.metrics.gauge( - key="num_aws_functions_deleted", - value=functions_deleted, - ) - - return { - "statusCode": 200, - "body": f"{functions_deleted} AWS Lambda functions deleted successfully.", - } diff --git a/scripts/populate_tox/tox.jinja b/scripts/populate_tox/tox.jinja index cf91895aad..9da986a35a 100644 --- a/scripts/populate_tox/tox.jinja +++ b/scripts/populate_tox/tox.jinja @@ -57,9 +57,6 @@ envlist = {py3.8,py3.11,py3.12}-asyncpg-latest # AWS Lambda - # The aws_lambda tests deploy to the real AWS and have their own - # matrix of Python versions to run the test lambda function in. - # see `lambda_runtime` fixture in tests/integrations/aws_lambda.py {py3.8,py3.9,py3.11,py3.13}-aws_lambda # Beam @@ -533,8 +530,6 @@ setenv = socket: TESTPATH=tests/integrations/socket passenv = - SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID - SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY SENTRY_PYTHON_TEST_POSTGRES_HOST SENTRY_PYTHON_TEST_POSTGRES_USER SENTRY_PYTHON_TEST_POSTGRES_PASSWORD diff --git a/scripts/split_tox_gh_actions/split_tox_gh_actions.py b/scripts/split_tox_gh_actions/split_tox_gh_actions.py index 5218b0675f..293af897c9 100755 --- a/scripts/split_tox_gh_actions/split_tox_gh_actions.py +++ b/scripts/split_tox_gh_actions/split_tox_gh_actions.py @@ -43,11 +43,7 @@ "clickhouse_driver", } -FRAMEWORKS_NEEDING_AWS = { - "aws_lambda", -} - -FRAMEWORKS_NEEDING_GITHUB_SECRETS = { +FRAMEWORKS_NEEDING_DOCKER = { "aws_lambda", } @@ -65,12 +61,8 @@ "openai", "huggingface_hub", ], - "AWS": [ - # this is separate from Cloud Computing because only this one test suite - # needs to run with access to GitHub secrets - "aws_lambda", - ], "Cloud": [ + "aws_lambda", "boto3", "chalice", "cloud_resource_context", @@ -292,13 +284,10 @@ def render_template(group, frameworks, py_versions_pinned, py_versions_latest): "group": group, "frameworks": frameworks, "categories": sorted(categories), - "needs_aws_credentials": bool(set(frameworks) & FRAMEWORKS_NEEDING_AWS), "needs_clickhouse": bool(set(frameworks) & FRAMEWORKS_NEEDING_CLICKHOUSE), + "needs_docker": bool(set(frameworks) & FRAMEWORKS_NEEDING_DOCKER), "needs_postgres": bool(set(frameworks) & FRAMEWORKS_NEEDING_POSTGRES), "needs_redis": bool(set(frameworks) & FRAMEWORKS_NEEDING_REDIS), - "needs_github_secrets": bool( - set(frameworks) & FRAMEWORKS_NEEDING_GITHUB_SECRETS - ), "py_versions": { category: [f'"{version}"' for version in _normalize_py_versions(versions)] for category, versions in py_versions.items() diff --git a/scripts/split_tox_gh_actions/templates/base.jinja b/scripts/split_tox_gh_actions/templates/base.jinja index e69b6f9134..75c988e32a 100644 --- a/scripts/split_tox_gh_actions/templates/base.jinja +++ b/scripts/split_tox_gh_actions/templates/base.jinja @@ -13,15 +13,7 @@ on: - release/** - potel-base - {% if needs_github_secrets %} - # XXX: We are using `pull_request_target` instead of `pull_request` because we want - # this to run on forks with access to the secrets necessary to run the test suite. - # Prefer to use `pull_request` when possible. - pull_request_target: - types: [labeled, opened, reopened, synchronize] - {% else %} pull_request: - {% endif %} # Cancel in progress workflows on pull_requests. # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value @@ -31,27 +23,13 @@ concurrency: permissions: contents: read - {% if needs_github_secrets %} - # `write` is needed to remove the `Trigger: tests using secrets` label - pull-requests: write - {% endif %} env: -{% if needs_aws_credentials %} -{% raw %} - SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID: ${{ secrets.SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID }} - SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY: ${{ secrets.SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY }} -{% endraw %} -{% endif %} BUILD_CACHE_KEY: {% raw %}${{ github.sha }}{% endraw %} CACHED_BUILD_PATHS: | {% raw %}${{ github.workspace }}/dist-serverless{% endraw %} jobs: -{% if needs_github_secrets %} -{% include "check_permissions.jinja" %} -{% endif %} - {% for category in categories %} {% include "test_group.jinja" %} {% endfor %} diff --git a/scripts/split_tox_gh_actions/templates/check_permissions.jinja b/scripts/split_tox_gh_actions/templates/check_permissions.jinja deleted file mode 100644 index 390f447856..0000000000 --- a/scripts/split_tox_gh_actions/templates/check_permissions.jinja +++ /dev/null @@ -1,30 +0,0 @@ - check-permissions: - name: permissions check - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@v4.2.2 - with: - persist-credentials: false - - - name: Check permissions on PR - if: github.event_name == 'pull_request_target' - run: | - {% raw %} - python3 -uS .github/workflows/scripts/trigger_tests_on_label.py \ - --repo-id ${{ github.event.repository.id }} \ - --pr ${{ github.event.number }} \ - --event ${{ github.event.action }} \ - --username "$ARG_USERNAME" \ - --label-names "$ARG_LABEL_NAMES" - {% endraw %} - env: - {% raw %} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # these can contain special characters - ARG_USERNAME: ${{ github.event.pull_request.user.login }} - ARG_LABEL_NAMES: ${{ toJSON(github.event.pull_request.labels.*.name) }} - {% endraw %} - - - name: Check permissions on repo branch - if: github.event_name == 'push' - run: true diff --git a/scripts/split_tox_gh_actions/templates/test_group.jinja b/scripts/split_tox_gh_actions/templates/test_group.jinja index 01f9cd56ec..9fcc0b1527 100644 --- a/scripts/split_tox_gh_actions/templates/test_group.jinja +++ b/scripts/split_tox_gh_actions/templates/test_group.jinja @@ -12,10 +12,12 @@ # see https://github.com/actions/setup-python/issues/544#issuecomment-1332535877 os: [ubuntu-20.04] - {% if needs_github_secrets %} - needs: check-permissions + {% if needs_docker %} + services: + docker: + image: docker:dind # Required for Docker network management + options: --privileged # Required for Docker-in-Docker operations {% endif %} - {% if needs_postgres %} services: postgres: @@ -40,12 +42,6 @@ steps: - uses: actions/checkout@v4.2.2 - {% if needs_github_secrets %} - {% raw %} - with: - ref: ${{ github.event.pull_request.head.sha || github.ref }} - {% endraw %} - {% endif %} - uses: actions/setup-python@v5 with: python-version: {% raw %}${{ matrix.python-version }}{% endraw %} diff --git a/tox.ini b/tox.ini index f220b96520..99e75fbe5c 100644 --- a/tox.ini +++ b/tox.ini @@ -10,7 +10,7 @@ # The file (and all resulting CI YAMLs) then need to be regenerated via # "scripts/generate-test-files.sh". # -# Last generated: 2025-02-19T12:41:15.689786+00:00 +# Last generated: 2025-02-19T13:16:21.819887+00:00 [tox] requires = @@ -57,9 +57,6 @@ envlist = {py3.8,py3.11,py3.12}-asyncpg-latest # AWS Lambda - # The aws_lambda tests deploy to the real AWS and have their own - # matrix of Python versions to run the test lambda function in. - # see `lambda_runtime` fixture in tests/integrations/aws_lambda.py {py3.8,py3.9,py3.11,py3.13}-aws_lambda # Beam @@ -802,8 +799,6 @@ setenv = socket: TESTPATH=tests/integrations/socket passenv = - SENTRY_PYTHON_TEST_AWS_ACCESS_KEY_ID - SENTRY_PYTHON_TEST_AWS_SECRET_ACCESS_KEY SENTRY_PYTHON_TEST_POSTGRES_HOST SENTRY_PYTHON_TEST_POSTGRES_USER SENTRY_PYTHON_TEST_POSTGRES_PASSWORD