Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: github API rate-limiting can occur in garden self-update #4893

Closed
stefreak opened this issue Jul 26, 2023 · 1 comment · Fixed by #5229
Closed

[Bug]: github API rate-limiting can occur in garden self-update #4893

stefreak opened this issue Jul 26, 2023 · 1 comment · Fixed by #5229
Assignees
@mkhq
Labels
0.13 devex Developer experience and ease of use.

Comments

@stefreak
Copy link
Member

Garden Bonsai (0.13) Bug

Current Behavior

If github is seeing too many requests to the API from your IP address, for example if you're working in an office or using a company VPN with NAT, it'll rate limit your API calls.

In garden self-update this can look like this:

% garden self-update
Update Garden 🗞️

No installation directory specified via --install-dir option. Garden will be re-installed to the current installation directory: /opt/homebrew/Cellar/garden-cli/0.13.9/libexec
Checking for target and latest versions...

Response code 403 (rate limit exceeded)

Expected behavior

I would expect garden self-update to "just work" even when using IP addresses that GitHub is rate limiting, or alternatively the error message should contain instructions how to update Garden manually or how to supply Github access token to work around the rate limit.

Reproducible example

Not easy to reproduce, but we know this can happen with unauthenticated requests to the GitHub api, e.g. https://github.com/garden-io/garden/blob/main/core/src/commands/self-update.ts#L98

Use the following example at your own risk (successfully reproduces the issue for me :))

#!/bin/bash
while true; do
  garden self-update &
  sleep 0.1
done

Workaround

You can use the methods described in https://docs.garden.io/guides/installation to install the latest version of garden manually as a workaround.

Suggested solution(s)

  • Use the version-check service that we host server side, to provide latest version information to users. This service can cache the version information to reduce calls to the GitHub API and use an auth token to authenticate requests.
  • Alternativels, improve the error message to instruct users how to update manually or allow users to specify their own github auth token (But I'd strongly vote for the first option instead of this)

Additional context

Your environment

  • OS: all OSes (I'm using macos)
  • How I'm running Kubernetes: irrelevant

garden version 0.13.9
@vvagaytsev vvagaytsev added the devex Developer experience and ease of use. label Jul 31, 2023
@stefreak
Copy link
Member Author

One first step to fix this could also be to change the install script to not rely on the github API. then they could potentially update by running the install script (curl -sL https://get.garden.io/install.sh)
Also, may it be a good idea to simply update a file on Amazon S3 with the latest version number, instead of updating the version-check API?

@vvagaytsev vvagaytsev mentioned this issue Oct 11, 2023
Merged
@mkhq mkhq mentioned this issue Oct 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mkhq mkhq

Labels
0.13 devex Developer experience and ease of use.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

improvement: using a new release endpoint for self-update garden-io/garden
3 participants
@mkhq @stefreak @vvagaytsev