search

enterprise-contract / ec-cli

Enterprise Contract command line interface
https://enterprisecontract.dev/docs/ec-cli/main/index.html
Apache License 2.0
26 stars 23 forks source link

[BUG] context deadline exceeded #1730

Open ralphbean opened 3 days ago

ralphbean commented 3 days ago

Describe the Bug

When trying to validate an artifact at release time, ec-cli failed with violations that indicate that it timed out trying to talk to quay. This happened 3 or 4 times to me in the last week.

I suspect quay configuration changes may be causing the increase in frequency, but I cannot prove it.

Steps to Reproduce

I cannot reproduce. :(

Expected Behavior

Successful ec validation.

Actual Behavior

ec reports:

violations:
- metadata:
    code: builtin.attestation.signature_check
    description: The attestation signature matches available signing materials.
    title: Attestation signature check passed
  msg: 'Image attestation check failed: Get "https://quay.io/v2/": context deadline exceeded'
- metadata:
    code: builtin.image.signature_check
    description: The image signature matches available signing materials.
    title: Image signature check passed
  msg: 'Image signature check failed: Get "https://quay.io/v2/": context deadline exceeded'

Screenshots or Terminal Output

N/A.

Environment Details

This happened in the konflux release-serivce pipelines.

Possible Solution

If quay is down, you can't help it. But, you can retry! Can you evaluate your retry mechanism to improve resilience of the end to end process?

zregvart commented 3 days ago

The current retry strategy is to retry three times with exponential backoff at 1sec, 2sec and 4sec with a bit of random jitter.

The overall execution of the CLI has a default timeout of 5min, that can be configured using the --timeout parameter.

@ralphbean do you have a suggestion as to how we can tweak this defaults?

ralphbean commented 3 days ago

No, no suggestion yet. That strategy looks reasonable.