Currently, a request to delete a repository is blocked until the
repository is completely removed from the filesystem. When CephFS is
under load and a user deletes a large-ish repo, this can cause signicant
request latency, making the user abort the request or even timing out
completely. The context gets canceled, causing the transaction to roll
back, even though the data is eventually wiped completely from storage,
leaving users with broken repositories on their profile.
Instead, simply do the deletion from storage asynchronously, so that the
user gets instant feedback. Even though the deletion itself blocks for
potentially a long time, experience has shown that it finishes even in
case of cancellation. As such, I expect that the deletion will go
through even if the go-routine were to be aborted (e.g. by a restart of
the API).
According to PEP8[1]:
> A bare `except:` clause will catch SystemExit and KeyboardInterrupt
> exceptions, making it harder to interrupt a program with Control-C,
> and can disguise other problems.
Use more specific exceptions or `contextlib.suppress()` in case of
`try: ... except: pass`.
[1]: https://peps.python.org/pep-0008/#programming-recommendations
Ensure secrets are enabled for all builds. This disables the
auto-detection done by default by builds.sr.ht when the secrets arg
is left unspecified.
While at it, remove the unbound $execute variable.
`ResponseError` is currently undefined. It manifests when an exception
is raised in the `try` block.
`ResponseError` was renamed[1] to `S3Error` in minio 7.0.0.
[1]: b81883a98e
This replaces occurrences of inline CSS that can be replaced directly
(equivalent style) with Bootstrap classes.
Inline styles are generally longer, are not cached, make implementing
CSP policies harder, etc.
During the upgrade to `gqlgen` version 1.17.42 a breaking change was
introduced, as `map[string]interface{}` values were changed to be type
checked in 1.17.40 (commit 74e918f9, PR
https://github.com/99designs/gqlgen/pull/2830). As Emersion noted,
changing `OptionalString` to `Optional` fixes this.
Additionally, I replaced the "placeholder" error message with something
a bit more descriptive as a stopgap measure.
Right now the postUpdate function exits early when it fails to submit
the build manifests. This prevents the function from other tasks like
delivering webhooks.
This meant that for a repository with
LICENSES/
0BSD
GPL-2.0
only 0BSD was detected.
So keep allowing LICENSES/0BSD.jpeg,
but also don't break LICENSES/GPL-2.0.
We linked to and served .tar.asc but the archive link both said
.tar.gz and /linked/ to .tar.gz. We never linked to .tar, or even
exposed the possibility.
If you give a user read/write access to a repository, in theory he would
be able to leak the repo owner's secrets by adding them to the build
manifest. Instead submit the build under the account of the one who
initiated the push.
As lists of repositories are sorted and paginated by their "updated"
timestamp, a cursor carries such a timestamp, so that the next query can
pick up where the last one left off. However, the passing of this
timestamp is broken on systems that do not run on UTC.
Go translates time values to the system's timezone, but this timezone
information gets lost when handing the value to postgres, presumably
because the column type is "timestamp without time zone".
Avoid the issue by converting the parsed timestamp back to UTC right
away.
Lists of repositories are sorted and paginated based on their "updated"
timestamp. However, fractional seconds are discarded. This can cause
issues with repositories that have been updated in the same second (e.g.
by running a script).
This commit leverages the micro-second resolution of the timestamp in
postgres to make this case not impossible, yet highly unlikely.
The left join used for listing repositories has a curious issue: if you
grant access to a private repo to x people, where x > 1, this repo will
show up x times if you list your own repos via GraphQL.
To fix, add an additional join restriction: we are only interested in
ACLs for the calling user. This makes sure that at most one ACL will be
returned, hence avoiding duplicate repositories.
Links with /item/ result in 404s for the root directory. Remove /item/
so that links to the root directory work properly.
For example, this link on godocs.io is broken:
https://godocs.io/git.sr.ht/~sircmpwn/getopt#pkg-files