Errors with large number of multiple workflows on GitHub (rate limits and timeouts) #4052
Comments
fernandrone
changed the title
fernandrone
changed the title
|
So I'm thinking about this. This https://github.com/quintoandar/woodpecker/pull/20/files seems to fix the secondary rate limit issue (tested this in our test servers; should have it rolled out and validated on production by Monday). However the timeout issue is indeed trickier. Looking at https://github.com/woodpecker-ci/woodpecker/blob/main/server/api/hook.go#L244-L246 I see that Woodpecker creates the pipeline synchronously and then returns the result to the forge. It also performs error handling https://github.com/woodpecker-ci/woodpecker/blob/main/server/api/helper.go#L32-L45. The only way I can see to bypass github timeouts (which we are sure to hit sporadically when cloning 20+ workflows) is making this asynchronous, but that would be a breaking change. Another issue with timeouts and rate limits is that so far I have considered only one repository in isolation (i.e. the secondary rate limit is triggered because one repo has dozens of workflows that are downloaded instantly). But the secondary rate limit could also happen if dozens of builds from different repos are triggered in a short interval. So in a large enough installation we can have rate limits causing timeouts even if not using multiple workflow files. |
Should be 202.
That's totally fine for 202. |
|
Good, I may try to make webhook processing assync next week then 👍🏻 |
qwerty287
added
enhancement
Component
server
Describe the bug
We've been experience two issues with repositories that have a "large" number of workflows: I have a repository with 41 workflows and another with 61. They're certainly outliers... but they exist.
There's also a variation
could not get folder from forge.If this is resolved in a timely manner (in less than 10 seconds) then the server replies with a 400 and a "failure to parse hook" message. We have observed that this is a relatively common occurrence, repositories with 20 or so workflows will receive "a few" of those daily.
From what I've seem both issues are often correlated. A secondary rate limit will likely cause the webhook to timeout. That said it seems that a timeout alone is possible and itself not destructive. If a webhook timeout happens but the Woodpecker server does manage to parse all workflows (even if it takes more than 10 seconds) and process them, the job is created, picked up by an agent and even updates the github UI.
However when secondary rate limits happens, its worse. The server code doesn't handle rate limits. If it's
could not get folder from forgeerror, then the pipeline job is not created. From the user's perspective this is a silent error. They make a push but no pipeline is started, so it can be very hard to debug without access to the server logs. There's alsoerror setting commit status; in this case it seems to be implied (didn't get to track one down) that the success/failure/running status wouldn't be updated on the commit which could cause issues with pull request validation.FWIW I'm testing this internally quintoandar#20 which uses a github secondary rate limit library to try and fix the first issue. Looks promising.
Fixing timeouts seems more complex. Arguably it might just be a hard limit on Woodpecker, maybe it makes no sense to support 40+ workflows. Or it'd need to process them asynchronously through an internal queue (but then there's the scenario where Woodpecker replies 200 to GitHub and later asynchronously finds ou some of the workflows are invalid).
Steps to reproduce
Expected behavior
No response
System Info
Additional context
No response
Validations
nextversion already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]The text was updated successfully, but these errors were encountered: