search

conda-forge / conda-smithy

The tool for managing conda-forge feedstocks.
https://conda-forge.org/
BSD 3-Clause "New" or "Revised" License
151 stars 176 forks source link

feat: add timeout to get_most_recent_version to prevent hang/deadlock #1972

Open corneliusroemer opened 3 months ago

corneliusroemer commented 3 months ago

Mitigates #1973

Checklist

Conda smithy makes an HTTP request without timeout. This can cause a hang/deadlock - in my case for longer than 1 minute. Nothing was happening, no CPU in htop, no logs.

When I hit ctrl+c the traceback showed the program got stuck in:

def get_most_recent_version(name, include_broken=False):
    request = requests.get(
        "https://api.anaconda.org/package/conda-forge/" + name
    )

which lacks a timeout.

This PR adds a timeout of 60 seconds which should be reasonable and prevent deadlocks. As smithy runs in CI, it's probably a good idea to have it fail rather than stall indefinitely.

jaimergp commented 3 months ago

Ah, btw, please add a news/ file with a brief description of the changes and the PR number. Something like:

* Add a 60s timeout in Anaconda.org API calls to prevent hangs. (#1972)