Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Background API #971

Merged
merged 66 commits into from
Jan 27, 2022
Merged

Background API #971

merged 66 commits into from
Jan 27, 2022

Conversation

lbolla
Copy link
Contributor

@lbolla lbolla commented Aug 26, 2021

Various improvements implemented in Molior fork.
See https://github.com/molior-dbs/aptly/tree/molior

  • Asynchronous execution of various API tasks to avoid locking the web interface (mirroring, publishing, snapshotting, etc.)
  • Batch updates to the database to avoid locking with transactions
  • Allow renaming repos
  • Improved logging for debugging
  • More robust retry strategy

@lbolla lbolla mentioned this pull request Sep 15, 2021
Closed
@lbolla
Copy link
Contributor Author

lbolla commented Sep 22, 2021
edited
Loading

I ran "system" tests (the ones that used to run on TravisCI -- see #973 ) and fixed them to make them pass again (they were broken long time ago).

TESTS: 466 SUCCESS: 466 FAIL: 0 SKIP: 37

I'm attaching here the full logs for reference.
system-test-2021-09-22-12-36-29.log.gz

Note that I had to skip some tests which are using deprecated external systems or no-more-existing repositories. We'll have to update and fix those tests in another patch.

@lbolla lbolla mentioned this pull request Sep 22, 2021
Closed
@lbolla lbolla changed the title Molior rebase Background API Oct 11, 2021
r4co0n
r4co0n reviewed Oct 19, 2021
View reviewed changes
api/api.go Outdated Show resolved Hide resolved
r4co0n
r4co0n reviewed Oct 19, 2021
View reviewed changes
api/router.go
}

{
root.POST("/gpg/key", apiGPGAddKey)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is a getter on /gpg/key not yet implemented?

Also, regarding the path name, I think this is confusing. We are adding public keys for mirror synchronization here, yet a central part of aptly is signing Release files using GPG (private) keys. Maybe /gpg/publickey would be a better name? Afaics, those public keys are used by aptly to:

  • Validate Release files downloaded on mirror update
  • Verify imported packages on repo include

The current path could be mistaken for the (not yet present) private key upload endpoint.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a fair point. @neolynx do you see problems with renaming? Probably Molior will have to adapt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ping @neolynx

r4co0n
r4co0n reviewed Oct 19, 2021
View reviewed changes
api/gpg.go
)

// POST /api/gpg
func apiGPGAddKey(c *gin.Context) {
Copy link

@r4co0n r4co0n Oct 19, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would love this function to also be able to just import a key I throw at it via HTTP. Has this just been not a need of yours, or where there problems implementing this functionality?

Please disregard this, I overlooked the GpgKeyArmor string and the --import part.

However, I am still unsure what would happen if I specify GpgKeyArmor and GpgKeyID attributes. Ideally, I could specify the KeyIDs to be imported from my ASC-File.

I would expect an error if any keys not found, ideally there would be an informational message about present keys that were not specified.

@r4co0n
Copy link

r4co0n commented Oct 19, 2021
edited
Loading

Relevant documentation would need to be updated separately so folks can use these changes, at least before the (desperately awaited) next release, or did I miss it? (PR is huge)

There should be another MR against aptly-dev/www.aptly.info. If you would like some help with that, I can try to prepare something not too wrong for you. ;)

Thanks for the good work, btw.

lebauce
lebauce reviewed Oct 26, 2021
View reviewed changes
api/gpg.go Show resolved Hide resolved
@lbolla
Copy link
Contributor Author

lbolla commented Oct 27, 2021

Relevant documentation would need to be updated separately so folks can use these changes, at least before the (desperately awaited) next release, or did I miss it? (PR is huge)

There should be another MR against aptly-dev/www.aptly.info. If you would like some help with that, I can try to prepare something not too wrong for you. ;)

Thanks for the good work, btw.

Thanks! Definitely we need to document these changes properly. We are still in the process of getting credentials and operational knowledge from previous maintainers about how to do a release, how to update the website, etc. It's taking longer than we would have liked unfortunately.

If you have time for a documentation PR I would gladly accept it!

@lbolla
Copy link
Contributor Author

lbolla commented Oct 27, 2021

Note to self: rebase this massive branch against master to fix conflicts.

@lbolla
Copy link
Contributor Author

lbolla commented Nov 2, 2021

Just rebased this branch to master.

@lbolla lbolla force-pushed the molior-rebase branch 2 times, most recently from 15c10ff to d23b78a Compare November 2, 2021 10:51
@r4co0n
Copy link

r4co0n commented Nov 9, 2021

@lbolla, thanks for the additional information about what currently hinders a release, I was wondering. This is relevant for all the folks following #920.

@r4co0n
Copy link

r4co0n commented Nov 9, 2021

If you have time for a documentation PR I would gladly accept it!

I definitely have time for this starting from the weekend of 2021-11-27, before that point I am uncertain, just so you know. :)

Oliver Sauder added 5 commits January 26, 2022 09:13
@lbolla
every go routine needs to have its own collection factory
caf1cf1 
this is needed so concurrent reads and writes are possible.
@lbolla
Removed obsolete RWMutexes
af48597
@lbolla
Database changes of resources need to be atomic
ae8910d
@lbolla
db batch may not be a global resource
483beef 
This way db usage is safe.
@lbolla
Solving progress not safe issue for api
7476937 
Progress is not safe so for api its always nil and
code needs to take care of this
@lbolla
Copy link
Contributor Author

lbolla commented Jan 26, 2022

@ximon18 As you can see, the CI is not running once I merged your GHA PR. Shall we maybe change the "branch" key in the on: pull_requests? Or just have on: pull_requests without further specification of the target branch?

@ximon18
Copy link
Contributor

ximon18 commented Jan 26, 2022

@ximon18 As you can see, the CI is not running once I merged your GHA PR. Shall we maybe change the "branch" key in the on: pull_requests? Or just have on: pull_requests without further specification of the target branch?

Hi @lbolla, yes I mentioned this here.

It depends on the branching policy for development in this repository and when you want the checks to be run:

  • If development is sometimes or always done via direct pushes to main then on: pull_requests will either not be a good match or will not be insufficient.
  • If all development is done via pull requests from feature branches to main, or if you only care about catching issues just before they hit the main branch but not earlier, then you can specify the main branch as the target of the pull_requests event
  • If you use a two level deep branching strategy, e.g. all development is done via pull requests from feature branches into a dev branch then you would also need to specify the dev branch as a target of the pull_requests event.
  • If the number and depth of branches used is even deeper and/or varies and you always want changes to be tested then don't specify a target branch for the pull_requests event, the workflow will then run for all PRs.

@ximon18
Copy link
Contributor

ximon18 commented Jan 26, 2022
edited
Loading

Related to this discussion, on PR #1011 @randombenj just said:

I would strongly suggest going for on: push as not only main and PRs are tested but every single push so you immediately notice when something breaks ;)

The downside to this is when the PR is a work-in-progress and pushes are used as a sort of status update for collaborators and/or as a sort of backup, a lot of notifications can be annoying. It may also not make sense to keep running a workflow that takes a long time if not every result is going to be considered important/interesting, but instead only the final state of the branch prior to merge is interesting. I also don't know how many GH Actions credits this project has and if running very often will consume them.

@lbolla lbolla merged commit a40cfc6 into master Jan 27, 2022
@randombenj randombenj added this to the 1.5.0 milestone Jun 23, 2022
@randombenj randombenj mentioned this pull request Nov 30, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lebauce lebauce lebauce left review comments

@r4co0n r4co0n r4co0n left review comments

@neolynx neolynx neolynx approved these changes

@dario-gallucci dario-gallucci dario-gallucci approved these changes

@szakalboss szakalboss Awaiting requested review from szakalboss

@smira smira Awaiting requested review from smira

@sliverc sliverc Awaiting requested review from sliverc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@lbolla @r4co0n @ximon18 @lebauce @neolynx @dario-gallucci @randombenj