cdk-assets: Remove asset from staging bucket on failed deployment #14474
Comments
bgshacklett
added
feature-request
github-actions
bot
added
the
@aws-cdk/assets
|
Reassigning to @rix0rrr |
|
We seem to be experiencing the same issue. |
|
This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
github-actions
bot
added
the
closing-soon
|
Please do not auto-close this issue. |
github-actions
bot
removed
the
closing-soon
|
when you interrupt a deploy with Ctrl-C you also might end up with corrupted asset directories(*) for 3rd party layers. These asset directories will then be zipped, uploaded and cached. It is very hard to recover from that state. (*) in my case the 3rd party layer is created by 'pip' in a docker. |
|
Good find! If we can, we should try and switch to multipart uploads. Those are atomic by default, and the file will only appear if the upload completes. Depends on whether wr already have the correct s3 permissions on the asset role though... |
|
Multipart shouldn't need any additional permissions, so we should be good to deploy that. Does need an additional lifecycle rule on the bucket to remove old multiparts though. |
|
I don't think that we are exactly talking about the same issue here. I my case I hit Ctrl-C while the (*) |
|
Oh I see, this isn't about the upload but about the build. I misunderstood. We've fixed this for zipping (by building to a tempfile), but apparently not for bundling. That'll be the solution for bundling as well then. |
|
The root cause is being fixed in #33692
That last bit is not true yet, as |
|
After aws/aws-cdk-cli#197 is released, the above command |
#33692) When a bundling command is interrupted with Ctrl-C, the asset output directory has already been created. On the next synthesis, we assume the asset has already successfully been produced, don't do any bundling, and upload it. We will then have produced and uploaded a broken asset. Instead, the common pattern to handle this is: - Do the work into a temporary directory - Rename the temporary directory to the target directory only if the work succeeds. Closes #33201, closes #32869, relates to #14474. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The `cdk deploy --force` flag is intended to disable all smartness
around saving work. If set, it won't check whether assets already exist
in the cloud, and remove the build and publishing steps from the work
graph.
However, this by itself is not enough to make sure the asset truly gets
published again, because the `publish()` action has its own version of
short-circuiting again.
Rather than remove the short-circuiting behavior from `cdk-assets`, we
add another `{ force }` flag there as well, which gets its value from
the CLI's `--force` flag.
This will make it possible to recover from corrupted assets which were
accidentally published, as fixed in
aws/aws-cdk#33692, by running `rm -rf cdk.out &&
cdk deploy --force`.
Fixes aws/aws-cdk#14474.
---
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license
---------
Signed-off-by: github-actions <github-actions@github.com>
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Kaizen Conroy <36202692+kaizencc@users.noreply.github.com>
Co-authored-by: Momo Kornher <kornherm@amazon.co.uk>
|
Comments on closed issues and PRs are hard for our team to see. |
In #12536, it has been noted that part of the problem is that a corrupted zip file may be uploaded to the staging bucket. At this point, CDK will no-longer attempt to upload the asset, again, because it detects that an asset with the corresponding hash resides within the bucket. After reaching this state, it is necessary to manually remove the affected asset, or assets, from the staging bucket before a successful deployment can occur. In cases where the deployment of a given asset fails, the asset should be removed from the staging bucket to ensure that this "broken" state is not reached.
Use Case
This change would help ensure that CDK does not attempt to use a corrupt pre-existing asset from the staging bucket during deployment.
Alternatives
Provide a CLI flag to ensure that assets are overwritten in the staging bucket on every deployment.
Other
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: