fix: update checker doesn't require server connection to work

[frrist]

• and liberally decorate the code with TODOs so we can make this better in the future where someone has some spare cycles
• fixes bacalhau authenication via token CLI borken #3773

[coderabbitai]

Important

Auto Review Skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This set of changes primarily focuses on enhancing the software's version checking and update mechanisms, improving error handling, and refining the user authentication experience. A notable part of the update seeks to streamline how the application checks for its own updates and interacts with the user for authentication, specifically addressing issues in the CLI token authentication process.

Changes

File(s)	Change Summary
cmd/util/hook/version.go	Refactored to use version.Get() for update checks instead of direct API calls.
pkg/node/node.go	Added commentary questioning the logic behind returning nil in certain cases.
pkg/version/update.go	Enhanced error handling, logging, and suggested efficiency improvements.

Assessment against linked issues

Objective	Addressed	Explanation
bacalhau authentication via token CLI broken (#3773)	❓	The changes suggest improvements in CLI interactions, but specifics on token authentication handling are not clearly outlined.

🐰✨
In the realm of code, where changes abound,
A rabbit hopped in, with insights profound.
"Refactor, enhance," it said with a cheer,
"For better auth flows and updates are near."
With each line of code, meticulously sown,
A garden of progress, together, we've grown.
🌟🐾

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[frrist]

This is the fix for: #3773:

This is because the update check runs async on every command and incorrectly required a client, which prompted for a token to ask the server what version is was**. The actual command being run (e.g. job run) also created a client and asked for a token which is why the CLI asked for a token twice until and update.json file existed. The fix here is to simply return the version of the binary running the update checker.

** no idea why we do this, update checker should tell you the binary you are using is out of date, not the server you are talking to. Server operators will become aware their server is out of date via log message the update server prints when its update checker runs

[wdbaruni]

maybe we need to understand the purpose of the update checker better. Is it to tell that the client is outdated compared to the orchestrator's version? or outdated compared to latest releases from bacalhau?

As a user, I might expect the following:

1. If I am running a compute node, I would like the cli to compare my version with the orchestrator's version. I don't want the cli to ask me to update to a version that is beyond the orchestrator's
2. If I am running client commands, such as bacalhau job run, I would like the cli to also compare my version with the orchestrator's
3. If I a m running an orchestrator node, then I would like the cli to compare my version with the latest release from bacalhau

@aronchick @MichaelHoepler what do you think the right behaviour here?

[frrist]

I'd propose we reduce the responsibility of the UpdateChecker to only retrieve the latest version of bacalhau from the update server. This will remove the dependency on a bacalhau client - and thus authentication - from the UpdateChecker service - which will fix this bug.

The UpdateChecker may then persist the value it retrieves from the update server to some "system configuration field" (will be very easy to do when #3959 lands). From there we can make the following changes:

1. Clients and Compute nodes can compare their version, the orchestrator's version, and the latest version notifying accordingly in stderr or log messages.
2. Orchestrator nodes can compare their version with the latest version notifying accordingly in log messages.

---

Alternatively, and this would be my preference:

1. Only Servers (Compute and Requester Nodes) use the update checker (as we already do now) to retrieve the latest version. If they are behind it they produce a log message stating so.
2. Clients are only notified when the server they are communicating with is on a version different than theirs. Clients commands do not run the UpdateChecked.

In this flow, clients are only notified they need to update when their server operator updates.

[wdbaruni]

Yeah those are valid points. I've approved the PR as figuring out the right behaviour of the update checker is a bigger task, and you are not changing the behaviour with this PR
#3980

[aronchick]

LGTM

[frrist]

@coderabbitai /review

[coderabbitai]

Based on the provided code snippets from the pull request, here are the observations and recommendations:

1. Update Checker Independence: The update checker's functionality, as seen in pkg/version/update.go, does not explicitly require a server connection to initiate the update check process. It performs an HTTP request to a predefined endpoint (http://update.bacalhau.org/version) to check for updates. This design allows for flexibility in the update process, but it's worth noting that it still relies on an external server for update information. If the goal is to eliminate any server dependency, consider implementing a mechanism to fetch update information from a local source or include update metadata within the application itself, which can be updated periodically.

2. TODO Comments: Several TODO comments have been added throughout the modified files, particularly in pkg/node/node.go and pkg/version/update.go. These comments highlight areas for future improvement, such as adding more validations, addressing correctness concerns, and optimizing efficiency. It's important to ensure that these TODOs are tracked in a project management tool or issue tracker to ensure they are addressed in a timely manner.

3. Code Quality and Maintainability: The code introduces several complex functions, especially in pkg/node/node.go, which could benefit from further decomposition into smaller, more manageable functions. This would improve readability and maintainability. Additionally, there are several instances where error handling could be streamlined or improved to provide clearer insights into the nature of errors.

4. Testing: There is no direct indication of new tests being added to cover the changes introduced in this pull request. Given the critical nature of the update checking functionality and the modifications to the node configuration and initialization process, it's recommended to include unit and integration tests to ensure the changes work as expected and do not introduce regressions.

5. Documentation: Consider updating the project's documentation to reflect the changes made in this pull request, especially regarding how the update checker works and any new configurations introduced.

In summary, the pull request appears to align with the stated objectives of making the update checker function without requiring a server connection and preparing the codebase for future improvements. However, careful consideration should be given to the points raised above to ensure the changes are robust, maintainable, and well-documented.

@frrist, I've reviewed the changes and provided some observations and recommendations. Let me know if you need further details on any specific point or if there are additional aspects of the PR you'd like me to look into.

Analysis chain

---

Scripts executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# List the files changed in the PR.
git diff --name-only HEAD~1

Length of output: 93

---

---

Script:

#!/bin/bash
# Display the contents of the modified files.
cat cmd/util/hook/version.go
cat pkg/node/node.go
cat pkg/version/update.go

Length of output: 28806

Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 4

[coderabbitai]

Evaluate the feasibility and thread-safety of caching update check times.

[coderabbitai]

Ensure the proposed caching mechanism for update checks is implemented carefully.

[coderabbitai]

Simplify the update check scheduling logic to avoid potential timing issues.

[coderabbitai]

Investigate the rationale behind returning nil in the update check context.