The query over all changes/projects with a Limit of 1 is the best way forward, but unauthenticated requests to Gerrit are capped at 0.2 qps over a day, while authenticated requests are at 1 qps over a day. So, if unauthenticated, we could have a max of 12 clients hitting Gerrit at 1 query per minute. I think that would be fine for now, but it’d get bad as more things are moved/built using maintner.
Might as well look into authenticated requests, then we can reduce the poll interval.
As I told Andy privately, I strongly recommend setting up authentication. If you run over your quota, we can increase it, but only on a per-user basis. So you may find life easier if you're not scrambling to go from anonymous to authenticated while in the middle of an outage.
I'm slightly curious if you reduce the polling interval to 1 minute, how many intervals you will actually observe no updates to any changes. It might just be worth doing a "full" poll every 1 minute, not a "quick" poll to see if anything's changed, followed by a 100% chance of a full poll.
When Gerrit emails are not sent, maintner polls Gerrit every
15 minutes. We can safely reduce this to every 5 min given the
relatively small number of bots using maintner and the current
quota of 0.2 qps per day that Gerrit permits for unauthenticated
Reviewed-by: Sarah Adams <firstname.lastname@example.org>
I would not use gcompute-tools. Many of our Docker containers only have a single process and don't even contain a filesystem. Just use the GCE metadata service like we do already. In fact, Gerrit auth credentials are already in there and used by some Gerrit client usages. We just need to use it in more places.