Fix CI regressions: OCSP TLS URI options and lint variant#3066
Open
comandeo-mongo wants to merge 6 commits into
Open
Fix CI regressions: OCSP TLS URI options and lint variant#3066comandeo-mongo wants to merge 6 commits into
comandeo-mongo wants to merge 6 commits into
Conversation
The legacy csfle/set-temp-creds.sh script is deprecated in drivers-evergreen-tools (DRIVERS-3433). The main run-tests.sh path already moved to setup-secrets.sh under RUBY-3886, and setup_secrets.py now produces the same CSFLE_AWS_TEMP_* credentials. The only remaining consumer was run-tests-serverless.sh, which is dead code: serverless testing was removed in RUBY-3652 and no Evergreen task references the script. Delete it, and fix the now-stale spec_config.rb comments that still pointed at set-temp-creds.sh.
MongoDB 4.2 is on the EOL track (RUBY-3811 deprecated it, RUBY-3819 covers the min-version bump to 4.4). Its CI variants are also currently broken at server bootstrap: drivers-evergreen-tools starts MongoDB >= 4.2 with mongodb-runner, which pins mongodb-runner but not its transitive bson dependency, so the recent bson 7.3.0 release crashes startup. Drop the 4.2 build variants: remove the 4.2 axis value and remove 4.2 from the mongo-4.x and "stress older" matrices. Regenerated config.yml via `rake eg:build`; `rake eg:validate` passes. 4.4 coverage is kept.
Change activate: false to patchable: false so the latest-server build variant runs automatically on mainline commits but is skipped on patches. This keeps PRs unblocked while still catching breakage from unreleased MongoDB builds on master.
The RUBY-3472 migration removed the mlaunch-based calculate_server_args() call, which had added tls=true, tlsCAFile, and tlsCertificateKeyFile to the URI when OCSP_ALGORITHM was set. The new drivers-tools orchestration writes a plain mongodb://127.0.0.1:27017 URI, but the server is started with sslOnNormalPorts:true via the OCSP orchestration file. The driver could not connect because the URI lacked TLS options. Add TLS URI options for OCSP variants that are not ocsp-connectivity (which already had them). This restores the pre-migration behavior for ocsp-must-staple and ocsp-unknown variants.
The #unpin double-call test was using pin_to_server(server) with a replica set primary, triggering the lint guard that requires a mongos. Use instance_variable_set to bypass the guard since we are testing unpin, not pin_to_server.
comandeo-mongo
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses CI regressions in the MongoDB Ruby driver’s Evergreen test runs by restoring missing OCSP TLS URI options after tooling migration and adjusting a session unpin spec to avoid triggering lint-only pinning checks.
Changes:
- Restore
tls=true,tlsCAFile, andtlsCertificateKeyFileURI options for non-connectivity OCSP variants in Evergreen. - Update
Mongo::Session#unpinspec to set@pinned_serverdirectly (avoidingpin_to_serverlint guard requiring a mongos). - Adjust Evergreen configuration/scripts (e.g., remove MongoDB 4.2 from axes/matrices, remove a serverless runner script, update buildvariant patch behavior).
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
spec/support/spec_config.rb |
Updates FLE AWS temp-credential comment references to current secret setup script. |
spec/mongo/session_spec.rb |
Avoids lint-only pin_to_server guard in the unpin idempotency test by setting @pinned_server directly. |
.evergreen/run-tests.sh |
Restores OCSP TLS-related URI options for additional OCSP variant paths. |
.evergreen/run-tests-serverless.sh |
Removes the serverless test runner script. |
.evergreen/config/standard.yml.erb |
Updates CI matrix entries (e.g., MongoDB 4.2 removal) and changes latest-server patch behavior. |
.evergreen/config/axes.yml.erb |
Removes MongoDB 4.2 from the axes definition. |
.evergreen/config.yml |
Applies the same Evergreen matrix/axes/buildvariant changes to the generated config. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
1126
to
1130
| - matrix_name: "mongo-4.x" | ||
| matrix_spec: | ||
| ruby: ["ruby-3.0", "ruby-2.7"] | ||
| mongodb-version: ['4.4', '4.2'] | ||
| mongodb-version: ['4.4'] | ||
| topology: ["standalone", "replica-set", "sharded-cluster"] |
jamis
approved these changes
Jun 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes two CI regressions on master.
RUBY-3472 — OCSP variants lost TLS URI options after the mlaunch→drivers-evergreen-tools migration. The fix restores
tls=true,tlsCAFile, andtlsCertificateKeyFilefor non-connectivity OCSP variants.RUBY-3824 — The
#unpintest introduced in RUBY-3824 calledpin_to_serverwith a replica set primary, triggering the lint guard that requires a mongos. Fixed by setting@pinned_serverviainstance_variable_setsince the test exercisesunpin, notpin_to_server.