Add hourly production e2e workflow with Sigma reconciliation (#311)

* e2e ci test

* run in ci

* add warning on non zero exit

Author: Yostra

.github/workflows/prod-e2e-test.yml

@@ -0,0 +1,159 @@
+name: Stripe Database Monitor
+
+on:
+  schedule:
+    - cron: '0 * * * *' # Every hour
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  monitor:
+    name: Create DB & monitor sync progress
+    runs-on: ubuntu-24.04-arm
+    timeout-minutes: 75
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+
+      - name: Install Stripe CLI
+        run: |
+          curl -s https://packages.stripe.dev/api/security/keypair/stripe-cli-gpg/public | gpg --dearmor -o /usr/share/keyrings/stripe.gpg
+          echo "deb [signed-by=/usr/share/keyrings/stripe.gpg] https://packages.stripe.dev/stripe-cli-debian-local stable main" \
+            | sudo tee /etc/apt/sources.list.d/stripe.list
+          sudo apt-get update -qq && sudo apt-get install -y -qq stripe
+
+      - name: Write Stripe CLI config
+        env:
+          STRIPE_CONFIG_TOML: ${{ secrets.STRIPE_CONFIG_TOML }}
+        run: |
+          mkdir -p ~/.config/stripe
+          echo "$STRIPE_CONFIG_TOML" > ~/.config/stripe/config.toml
+          chmod 600 ~/.config/stripe/config.toml
+          echo "Stripe CLI config written to ~/.config/stripe/config.toml"
+
+      - name: Stripe CLI login
+        env:
+          STRIPE_API_KEY: ${{ secrets.GOLDI_LIVE_KEY }}
+        run: echo "$STRIPE_API_KEY" | stripe login --interactive
+
+      - name: Create Stripe database
+        id: create-db
+        run: |
+          echo "Creating Stripe database..."
+          RESULT=$(stripe databases create)
+
+          DB_ID=$(echo "$RESULT" | grep -oE 'db_test_[A-Za-z0-9]+' | head -1)
+          DB_STRING=$(echo "$RESULT" | grep -oE 'postgresql://[^[:space:]]+')
+
+          if [ -z "$DB_ID" ]; then
+            echo "::error::Could not extract database ID from output (connection string redacted)"
+            exit 1
+          fi
+          if [ -z "$DB_STRING" ]; then
+            echo "::error::Could not extract connection string from output"
+            exit 1
+          fi
+
+          # Mask the full connection string and its password component before any further output.
+          echo "::add-mask::$DB_STRING"
+          DB_PASSWORD=$(printf '%s' "$DB_STRING" | sed -nE 's#^postgresql://[^:]+:([^@]+)@.*$#\1#p')
+          if [ -n "$DB_PASSWORD" ]; then
+            echo "::add-mask::$DB_PASSWORD"
+          fi
+
+          echo "db_id=$DB_ID" >> "$GITHUB_OUTPUT"
+          echo "db_string=$DB_STRING" >> "$GITHUB_OUTPUT"
+          echo "Database $DB_ID created successfully"
+
+      - name: Install psql
+        run: sudo apt-get install -y -qq postgresql-client
+
+      - name: Monitor sync progress
+        env:
+          DB_STRING: ${{ steps.create-db.outputs.db_string }}
+          DB_ID: ${{ steps.create-db.outputs.db_id }}
+        run: |
+          POLL_INTERVAL=15
+          MAX_POLLS=240
+          PREV_TOTAL=0
+          PREV_TIME=$(date +%s)
+          START_TIME=$PREV_TIME
+
+          for i in $(seq 1 $MAX_POLLS); do
+            STATUS=$(stripe databases retrieve "$DB_ID" 2>&1 | grep -oE 'backfilling|ready|error|failed' | head -1)
+
+            SUM_EXPR=$(psql "$DB_STRING" -t -A -c "
+              SELECT COALESCE(
+                string_agg('(SELECT count(*) FROM public.' || quote_ident(table_name) || ')', ' + '),
+                '0'
+              ) FROM information_schema.tables
+              WHERE table_schema = 'public' AND table_type = 'BASE TABLE'
+            " 2>/dev/null || echo "0")
+            TOTAL=$(psql "$DB_STRING" -t -A -c "SELECT $SUM_EXPR" 2>/dev/null || echo "0")
+
+            NOW=$(date +%s)
+            ELAPSED=$((NOW - PREV_TIME))
+            if [ "$ELAPSED" -gt 0 ] && [ "$PREV_TOTAL" -gt 0 ]; then
+              DELTA=$((TOTAL - PREV_TOTAL))
+              RPS=$((DELTA / ELAPSED))
+              echo "[poll $i] status=$STATUS  total_rows=$TOTAL  delta=$DELTA  rows_per_sec=$RPS"
+            else
+              echo "[poll $i] status=$STATUS  total_rows=$TOTAL  (baseline)"
+            fi
+
+            if [ "$STATUS" = "ready" ]; then
+              TOTAL_ELAPSED=$(( NOW - START_TIME ))
+              echo ""
+              echo "Sync complete in ${TOTAL_ELAPSED}s"
+              break
+            fi
+            if [ "$STATUS" = "error" ] || [ "$STATUS" = "failed" ]; then
+              echo "::error::Database entered $STATUS state"
+              exit 1
+            fi
+
+            PREV_TOTAL=$TOTAL
+            PREV_TIME=$NOW
+            sleep $POLL_INTERVAL
+          done
+
+          if [ "$STATUS" != "ready" ]; then
+            echo "::error::Timed out waiting for sync to complete"
+            exit 1
+          fi
+
+          echo ""
+          echo "=== Final table breakdown ==="
+          psql "$DB_STRING" -c "
+            SELECT relname AS table_name, n_live_tup AS row_count
+            FROM pg_stat_user_tables
+            WHERE schemaname = 'public'
+            ORDER BY n_live_tup DESC;
+          "
+
+      - name: Sigma validation
+        env:
+          STRIPE_API_KEY: ${{ secrets.GOLDI_LIVE_KEY }}
+          DATABASE_URL: ${{ steps.create-db.outputs.db_string }}
+        run: |
+          set +e
+          node scripts/reconcile-sigma-vs-postgres.js
+          STATUS=$?
+          if [ "$STATUS" -ne 0 ]; then
+            echo "::warning title=Sigma reconciliation::Postgres is missing rows that exist in Sigma. See the job log for the per-table diff and the list of missing IDs with their created timestamps."
+            exit "$STATUS"
+          fi
+
+      - name: Delete Stripe database
+        if: always() && steps.create-db.outputs.db_id
+        run: |
+          echo "Deleting database ${{ steps.create-db.outputs.db_id }}..."
+          echo "remove StripeDB" | stripe databases delete ${{ steps.create-db.outputs.db_id }}