Skip to content

feat(sign-cache): increase default concurrency and add configurability#277

Merged
leodido merged 1 commit into
mainfrom
improve-sign-cache-concurrency
Nov 14, 2025
Merged

feat(sign-cache): increase default concurrency and add configurability#277
leodido merged 1 commit into
mainfrom
improve-sign-cache-concurrency

Conversation

@leodido
Copy link
Copy Markdown
Member

@leodido leodido commented Nov 14, 2025
edited
Loading

Summary

Increases default signing concurrency from 5 to 20 concurrent operations to better utilize network I/O for Sigstore API calls, providing ~4x faster signing for typical workloads.

Fixes https://linear.app/ona-team/issue/CLC-2084/improve-the-performance-of-attestation-signing-with-configurable

Changes

  • Increase default concurrency: 5 → 20 (4x improvement)
  • Add --max-signing-concurrency flag: Runtime configuration (default: 20)
  • Add LEEWAY_MAX_SIGNING_CONCURRENCY env var: Environment-based configuration
  • Proper precedence: Env var sets default, explicit flag overrides (follows Leeway pattern)
  • Automatic validation: Bounds checking (1-100 range) with warning logs
  • Comprehensive tests: Env var/flag precedence and validation coverage
  • Enhanced documentation: Help text with concurrency section and examples
  • Code cleanup: Removed unused cmd parameter from runSignCache

Performance Impact

  • Current: 100 artifacts ÷ 5 = 20 batches × 3s = ~60 seconds
  • Optimized: 100 artifacts ÷ 20 = 5 batches × 3s = ~15 seconds
  • Gain: ~4x faster signing for typical workloads
  • Configurable: Can be tuned up to 100 for high-throughput scenarios

Implementation Details

Follows existing Leeway patterns:

  • Environment variable handling uses cmd.Flags().Changed() pattern (same as in-flight-checksums)
  • Naming convention follows LEEWAY_* pattern
  • Structured logging with log.WithField()
  • Test patterns match existing test suites

Testing

All tests pass:

  • TestMaxSigningConcurrencyEnvironmentVariable - 8 test cases for env var/flag precedence
  • TestMaxSigningConcurrencyValidation - 6 test cases for bounds validation
  • ✅ All existing sign-cache tests continue to pass
  • ✅ Full test suite: go test ./... -short

Examples

# Use default (20)
leeway plumbing sign-cache --from-manifest artifacts.txt

# Override with flag
leeway plumbing sign-cache --from-manifest artifacts.txt --max-signing-concurrency 30

# Override with env var
LEEWAY_MAX_SIGNING_CONCURRENCY=30 leeway plumbing sign-cache --from-manifest artifacts.txt

# Flag takes precedence over env var
LEEWAY_MAX_SIGNING_CONCURRENCY=10 leeway plumbing sign-cache --from-manifest artifacts.txt --max-signing-concurrency 40

@ona-agent
feat(sign-cache): increase default concurrency and add configurability
8a29f00 
Increase default signing concurrency from 5 to 20 concurrent operations
to better utilize network I/O for Sigstore API calls. This provides ~4x
faster signing for typical workloads.

Changes:
- Increase default maxConcurrency from 5 to 20
- Add --max-signing-concurrency flag for runtime configuration
- Add LEEWAY_MAX_SIGNING_CONCURRENCY environment variable support
- Implement proper flag/env var precedence (flag overrides env var)
- Add automatic bounds validation (1-100 range)
- Add comprehensive tests for env var/flag precedence and validation
- Update help text with concurrency documentation and examples
- Remove unused cmd parameter from runSignCache function

The implementation follows existing Leeway patterns for environment
variable handling (same as in-flight-checksums) and includes extensive
test coverage.

Co-authored-by: Ona <no-reply@ona.com>
@leodido leodido self-assigned this Nov 14, 2025
@leodido leodido merged commit 2ac4fac into main Nov 14, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@geropl geropl geropl approved these changes

@kylos101 kylos101 Awaiting requested review from kylos101

@csweichel csweichel Awaiting requested review from csweichel

@iQQBot iQQBot Awaiting requested review from iQQBot

@corneliusludmann corneliusludmann Awaiting requested review from corneliusludmann

Assignees

@leodido leodido

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@leodido @geropl