add retries for ephemeral instance api calls #61
Conversation
|
The ephemeral instance for the application preview has been shut down |
steffyP
force-pushed
the
fix-ephemeral
branch
from
2224b31 to
3ba8a36
Compare
steffyP
changed the title
| pull_request: | ||
| paths-ignore: | ||
| - ./*.md | ||
| - LICENSE |
There was a problem hiding this comment.
removing the workflow_dispatch that I added in a previous PR, as it doesn't make sense with the logic that the ephemeral instances are currently following (e.g. searching for the PR number and adding comment to the PR)
| description: 'LocalStack API key used to access the platform api' | ||
| required: true | ||
| description: 'LocalStack Auth Token used to access the platform api' | ||
| required: false |
There was a problem hiding this comment.
the localstack-api-key is not documented, neither is it required or currently used in our own CI test. It is a fallback in case the LOCALSTACK_AUTH_TOKEN and LOCALSTACK_API_KEY are not set
There was a problem hiding this comment.
Thanks, that's a good point! That's maybe something to revisit in the future. The term is outdated (we only have auth tokens now) and it seems a bit confusing to configure...
There was a problem hiding this comment.
Just to add some more context here:
When someone tries to call the ephemeral instance API we require them to be authenticated.
Since the CI integration cannot provide email/password, we instead authenticate through an auth token.
The easiest way to do that is to use a ls-api-key auth header in combination with a auth token.
We could also switch to the Authorization: header in combination with an auth token, but on the backend we do not expect a plain text token in combination with that header. Happy to share more details here offline.
We could also rename the input variable and still rely on the ls-api-key header FWIW, since we have backwards compatibility.
There was a problem hiding this comment.
following our offline discussion to have a paper-trail here:
there was a misunderstanding: we are not questioning the ls-api-key usage and we know we need to provide a auth-token/key for the request.
The initial comment is really just about the input parameter localstack-api-key for this workflow, that is used for setting the ls-api-key but only as a "last resort fallback" e.g. when the ENVs are not set.
e.g.
AUTH_HEADER="ls-api-key: ${LOCALSTACK_AUTH_TOKEN:-${LOCALSTACK_API_KEY:-${{ inputs.localstack-api-key }}}}"
Therefore, I changed the input to required: false for the workflow.
alexrashed
left a comment
alexrashed
left a comment
There was a problem hiding this comment.
Thanks a lot for fixing the usage of ephemeral instances by implementing the retry logic!
From my perspective this is looking great. I think there is potential to move this to the CLI and reuse it here in the future, but that would definitely be out of scope for this PR!
Given that @lukqw is the expert on ephemeral instances and also has contributed to this feature in the action in the past, I think it might be good to maybe also get a quick review from you as well? 🙏🏽
| description: 'LocalStack API key used to access the platform api' | ||
| required: true | ||
| description: 'LocalStack Auth Token used to access the platform api' | ||
| required: false |
There was a problem hiding this comment.
Thanks, that's a good point! That's maybe something to revisit in the future. The term is outdated (we only have auth tokens now) and it seems a bit confusing to configure...
| # retry() function: Retries a given command up to 'retries' times with a 'wait' interval. | ||
| # Usage: retry <command> | ||
| # Example: retry my_api_call_function | ||
| retry() { |
There was a problem hiding this comment.
@lukqw I think this is where your input would really be valuable. Is this retry mechanism what you would expect a client to do if they get a failure response from the ephemeral instance API?
This effectively would be a classic retry machanism, 5 retries, 5 seconds constant backoff.
There was a problem hiding this comment.
Thanks for the ping! I believe the approach here would be good enough to bridge the problem we currently have in our backend integration. 👌
I suppose an even safer approach would be to roll with some exponential back-off mechanism, but that could also be overkill / not necessary at the current stage.
Thanks a lot for diving into this @steffyP! 🙏 🚀
lukqw
left a comment
lukqw
left a comment
There was a problem hiding this comment.
Sorry for the late review folks! I was wrapped up in other topics unfortunately 🦥
Praise: Thanks a lot @steffyP for providing such a neat abstract retry function we can use to make our CI integration with ephemeral instances stabler 💪 🚀
| # retry() function: Retries a given command up to 'retries' times with a 'wait' interval. | ||
| # Usage: retry <command> | ||
| # Example: retry my_api_call_function | ||
| retry() { |
There was a problem hiding this comment.
Thanks for the ping! I believe the approach here would be good enough to bridge the problem we currently have in our backend integration. 👌
I suppose an even safer approach would be to roll with some exponential back-off mechanism, but that could also be overkill / not necessary at the current stage.
Thanks a lot for diving into this @steffyP! 🙏 🚀
| description: 'LocalStack API key used to access the platform api' | ||
| required: true | ||
| description: 'LocalStack Auth Token used to access the platform api' | ||
| required: false |
There was a problem hiding this comment.
Just to add some more context here:
When someone tries to call the ephemeral instance API we require them to be authenticated.
Since the CI integration cannot provide email/password, we instead authenticate through an auth token.
The easiest way to do that is to use a ls-api-key auth header in combination with a auth token.
We could also switch to the Authorization: header in combination with an auth token, but on the backend we do not expect a plain text token in combination with that header. Happy to share more details here offline.
We could also rename the input variable and still rely on the ls-api-key header FWIW, since we have backwards compatibility.
As currently the API for ephemeral instances is known to be unstable, this PR aims to make to retry failing API calls and to capture additional logs in case of failure cases.
This way it will be easier to pinpoint issues in the future.
Example logs:
changes:
Suggested future work (once the API is stable):
auto-load-pod,ci-project