Rewrite Static Asset References?

[trieloff]

Triggered by a conversation here https://github.com/adobe/developer.adobe.com-planning/issues/137#issuecomment-476544754 about optimizing static asset performance, I've been wondering if we should employ tactics to introduce means to create cache-building URLs for static assets.

Problem:

Right now, serving both code and content from master seems to be the accepted usage pattern. When it comes to static, this leaves us in an odd position between two conflicting goals:

• we want long (forever) caching on the client and on the edge, so that we get good performance
• we want short caching (especially on the client), so that CSS/JS updates get reflected promptly
• we don't want a developer-triggered asset pipeline, as that would increase complexity and necessitate changing the HTL templates frequently

so we are stuck in the middle of unsatisfactory optimization and inadequate experience.

How could cache-building (the opposite of cache-busting) URLs look like?

Instead of having HTML that looks like this:

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="shortcut icon" type="image/x-icon" href="/dist/favicon.ico">
    <title>Helix - demo</title>
    <link rel="stylesheet" href="/css/bulma.css">
    <script src="index.js" type="module"></script>
</head>

Adjust the pipeline, so that every static asset will be referred to with an additional cache-key decoration:

<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="shortcut icon" type="image/x-icon" href="/dist/favicon.ico.b3b72293beb458aaf24353669b3b76130786cca5">
    <title>Helix - demo</title>
    <link rel="stylesheet" href="/css/bulma.css.b3b72293beb458aaf24353669b3b76130786cca5">
    <script src="index.js.b3b72293beb458aaf24353669b3b76130786cca5" type="module"></script>
</head>

b3b7229 would be the same as the current package name. In helix-static we'd strip out the cache-decorator from the URL, but remember to set generous Cache-Control headers that encourage long caching.

Downsides:

• This would not help with second-level assets (e.g. CSS or JS imports), but we might find a way to pass through the cache-decorator.
• a redeployment would invalidate all client-side caches, even for unchanged resources.

[tripodsan]

we could revisit the static asset rewrite in parcel. but this would result in a 2 stage build process again, where the referenced assets are renamed and copied to some Dist folder.
this could also happen during the build process, so that the assets in src get copied to htdocs. but then the htl need to updated again.

[trieloff]

I might have an idea how to solve this, but it involves a bit of Fastly magic:

1. In the HTML pipeline, we turn <link rel="stylesheet" href="./somewhere.css"> into <link rel="stylesheet" href="<esi:include src="./somewhere.css.esi">">, same for script
2. in our VCL, we add an Static-ESI request type that will go to helix--static, with an additional esi=true URL parameter
3. In helix--static?esi=true we make a HEAD request to the resource, look for the ETag header and return following URL./somewhere.css.${hash(etag)}, appending the ETag's hash, which will be resolved as in the HTML delivered from the edge.
4. requests to /somewhere.css.${hash(etag)} will go back to the helix--static action, which will respond with the actual content and a long Cache-Control header

The .esi requests are cached only edge-side, and only for a short time, so that static updates will result quickly in HTML changes.

For extra credit:

5. in helix--static, we scan CSS for relative @import url("foo.css"); and JavaScript for import * from "foo.js"; statements and turn them into @import url("<esi:include src="foo.css.esi">"; or import * from "<esi:include src="foo.js.esi">"; tags with the same logic as above.

I think the HTML/CSS/JS parser infrastructure we have available is robust enough to enable this.

[tripodsan]

somehow, I don't like that we have to do a separate request to static, just to figure out a hash, that we already know during build time.

the entire static handling (htdocs) is somewhat inconsistent anyways, since the state effective during the deployment, can change when someone updates the files in the htdocs repository later. so maybe would be better to update the static url with the commit sha of the static repository (similar to the package property). then, either in the scripts, or in the pipeline, we transform the static links accordingly. if the pipeline would know the static-ref, it should be easy.

4. requests to /somewhere.css.${hash(etag)} will go back to the helix--static action, which will respond with the actual content and a long Cache-Control header

what happens, if the etag doesn't match the etag responded from the actual content? i.e. if the content changed in the meantime?

[trieloff]

@tripodsan the POC I have in progress at adobe/helix-publish#61 and https://github.com/adobe/helix-cli/tree/static-esi solves this a bit more elegantly by taking step 2 and 3

2. in our VCL, we add an Static-ESI request type that will go to helix--static, with an additional esi=true URL parameter
3. In helix--static?esi=true we make a HEAD request to the resource, look for the ETag header and return following URL./somewhere.css.${hash(etag)}, appending the ETag's hash, which will be resolved as in the HTML delivered from the edge.

and implementing it entirely in VCL, i.e. Fastly will make the request to get the ETag.

---

The disadvantage of your approach is that it requires re-deployment whereas mine allows the static content to evolve separately from the normal content and code. I'd explain more, but I have to help retrieve an (actual) Easter egg that we've hidden too well.

[tripodsan]

and implementing it entirely in VCL, i.e. Fastly will make the request to get the ETag.

yes. I understand. but it requires 2 requests for the static.

The disadvantage of your approach is that it requires re-deployment whereas mine allows the static content to evolve separately from the normal content and code.

I don't think this a disadvantage. on the contrary. I think that static content should be frozen at the time of deployment. since scripts and style should be treated like code, hence have a very strong relationship to the templates.

[tripodsan]

@filmaj @stevengill WDYT? should the static content (especially javavscripts and css) be tied to a deployment or is it useful to be able to update it independently?

I think for production, it is crucial, that the scripts and styles match the HTML created by the templates, thus are tied to them. I think for the static site deployments, people usually bundle those inside the webpack (or parcels).

[filmaj]

@tripodsan tricky question. For me as a developer of the devsite, I am OK with deploying every time I make a static asset update to my site. However, I don't think that is acceptable for the distributed nature of the future devsite content. That is, for e.g. product teams building their own product micro and docs sites on top of our site, I wouldn't want a static asset change in one of their content repos to be gated by a devsite deploy. Just to be clear, for a strain like this in the devsite:

  - name: launch-docs-helixdemo
    <<: *basestrain
    url: https://adobedevsite.helix-demo.xyz/launch/docs
    content: https://github.com/Adobe-Marketing-Cloud/reactor-user-docs.git#master
    directoryIndex: README.html

I do not want to have to do a deploy or publish every time content changes in the https://github.com/Adobe-Marketing-Cloud/reactor-user-docs repo.

[filmaj]

Wait a second, I am confusing static and content... argh, helix messes with my brain sometimes! 🙈

Since static files are only managed in the devsite, which I control, I am OK with requiring a deploy/publish for updating them. However, if static file control would at any point slip out of my control, I would not be OK with that.

[trieloff]

@tripodsan

I understand. but it requires 2 requests for the static.

That's the worst-case scenario. The best-case scenario is no requests at all because the asset is cached in the browser (with confidence it won't change).

The only other way I can see of achieving that would be to use a bundler like Webpack or Parcel for all client assets, which would rewrite the entire CSS and JS every time, forcing you not just to have compile targets committed back to git (which I find distasteful) but also to break the history of these compile targets.

Fastly making two requests over one is not a concern for me as Fastly is very efficient at making requests. Invoking runtime twice would be more of a concern.

[tripodsan]

the other idea would be to pass the sha of the static repo into the pipeline, which will do the rewriting. so you <link href="style.css"/> will become <link href="style.b1d7b28133e1e5926e2cb7bcf0765ac0cfcf3421.css"/>. then, if helix--static detects this, it will load the content from the correct and stable ref and can use a very long cache time.

[tripodsan]

Invoking runtime twice would be more of a concern.

but initially, it will make 2. first the HEAD request, and then the GET request.

[trieloff]

the other idea would be to pass the sha of the static repo into the pipeline, which will do the rewriting. so you will become

That's almost what I'd be doing except:

• I wouldn't pass the parameter into the pipeline (on Runtime), so that the cache of the runtime function stays valid even when the static SHA has changed
• We'd need to do the same for every static file we serve (happening in my helix-cli branch)

With my ESI-based approach we can still switch the implementation of the Static-ESI handler to use a different type of lookup behind the scenes. The options that I see are:

• going to raw and taking the ETag
• looking up a dictionary set at publish/deploy time (i.e. your suggestion)
• looking up a branch name set at publish time and resolving it against @stefan-guggisberg's https://github.com/stefan-guggisberg/git-resolve-branch service

[tripodsan]

hmm...ok. I see. the esi is more powerful :-)

so:

1. going to raw and taking the ETag

this would be done in the helix--static action which will make a request to github using the current static giturl+ref, calculate the etag based on github's response, and then return the new relative path.

2. looking up a dictionary set at publish/deploy time (i.e. your suggestion)

if possible, this should be done in fastly, by bypassing the helix--static request and just using the static giturl ref as cache key.

3. looking up a branch name set at publish time and resolving it against @stefan-guggisberg's https://github.com/stefan-guggisberg/git-resolve-branch service

this is similar to (1), just that it uses the sha of the current master (ref) instead of a content-hash. we could also implement this functionality into helix--static.

there is also

4. lookup the branch name or use the one from the dictionary, and resolve directly to a raw github url, instead of the redirect-ping-ping we do for large files. this could be done in helix--static, I guess.

[trieloff]

I think we can implement all three options in Fastly.

1. see https://github.com/adobe/helix-publish/pull/61/files#diff-879237844530beea65db3434a1074f66R397 - I'm just trusting GitHub's Etag here
2. we just have to make sure that X-GitHub-Static-Ref is a sha instead of a name. This could be done by introducing another property to the config and updating the config during hlx deploy (I like this the least, because it requires updating the config)
3. I'd add another step to the hlx_static_ref VCL subroutine that first calls the resolve-branch service if the ref does not look sha-like enough

[tripodsan]

updating the config during hlx deploy (I like this the least, because it requires updating the config)

but we update the package property anyways....

add a new package-static property or add a new section to the config (or in a separate file ?), that contains a the refs during deploy time:

strains:
   - name: default
     content: ...
     static: ...
     code: ....
     heads:
        - url: https://github.com/adobe/project-helix.io.git#master
          sha: 879237844530beea65db3434a1074f66R397
        - url: https://github.com/adobe/project-helix-content.io.git#stage
          sha: ...

[tripodsan]

@trieloff how are you going to decide, which strategy to use?

a) use whatever the current branch points to (deployment independent version)
b) calculate the static sha during deploy and provide via edge dict (deployment stable version)
c) calculate the static sha during publish time and provide via edgedict (publish stable version)

[adobe-bot]

🎉 This issue has been resolved in version 1.10.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[stefan-guggisberg]

related: https://github.com/adobe/git-resolve-ref