fluxcd
/
source-controller
mirror of https://github.com/fluxcd/source-controller.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Retry failed verifications with exponential backoff 

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan 2022-09-20 19:15:45 +03:00
parent 082028e115
commit 7c92949d17
No known key found for this signature in database
GPG Key ID: 3299AEB0E4085BAF
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile
View File

@ -1,6 +1,6 @@
# Image URL to use all building/pushing image targets # Image URL to use all building/pushing image targets
IMG ?= localhost:5050/source-controller IMG ?= fluxcd/source-controller
TAG ?= test1 TAG ?= latest
# Base image used to build the Go binary # Base image used to build the Go binary
LIBGIT2_IMG ?= ghcr.io/fluxcd/golang-with-libgit2-only LIBGIT2_IMG ?= ghcr.io/fluxcd/golang-with-libgit2-only
@ -14,9 +14,9 @@ GO_TEST_PREFIX ?=
# Allows for defining additional Docker buildx arguments, # Allows for defining additional Docker buildx arguments,
# e.g. '--push'. # e.g. '--push'.
BUILD_ARGS ?= --load BUILD_ARGS ?=
# Architectures to build images for # Architectures to build images for
BUILD_PLATFORMS ?= linux/arm64 BUILD_PLATFORMS ?= linux/amd64,linux/arm64,linux/arm/v7
# Go additional tag arguments, e.g. 'integration', # Go additional tag arguments, e.g. 'integration',
# this is append to the tag arguments required for static builds # this is append to the tag arguments required for static builds

10
controllers/ocirepository_controller.go
View File

@ -409,11 +409,16 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, obj *sour
} }
}() }()
// Verify artifact // Verify artifact if:
// - the upstream digest differs from the one in storage (revision drift)
// - the OCIRepository spec has changed (generation drift)
// - the previous reconciliation resulted in a failed artifact verification (retry with exponential backoff)
if obj.Spec.Verify == nil { if obj.Spec.Verify == nil {
// Remove old observations if verification was disabled // Remove old observations if verification was disabled
conditions.Delete(obj, sourcev1.SourceVerifiedCondition) conditions.Delete(obj, sourcev1.SourceVerifiedCondition)
} else if !obj.GetArtifact().HasRevision(revision) || conditions.GetObservedGeneration(obj, sourcev1.SourceVerifiedCondition) != obj.Generation { } else if !obj.GetArtifact().HasRevision(revision) ||
conditions.GetObservedGeneration(obj, sourcev1.SourceVerifiedCondition) != obj.Generation ||
conditions.IsFalse(obj, sourcev1.SourceVerifiedCondition) {
provider := obj.Spec.Verify.Provider provider := obj.Spec.Verify.Provider
err := r.verifyOCISourceSignature(ctx, obj, url, keychain) err := r.verifyOCISourceSignature(ctx, obj, url, keychain)
if err != nil { if err != nil {
@ -422,7 +427,6 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, obj *sour
sourcev1.VerificationError, sourcev1.VerificationError,
) )
conditions.MarkFalse(obj, sourcev1.SourceVerifiedCondition, e.Reason, e.Err.Error()) conditions.MarkFalse(obj, sourcev1.SourceVerifiedCondition, e.Reason, e.Err.Error())
conditions.MarkFalse(obj, meta.ReconcilingCondition, e.Reason, e.Err.Error())
return sreconcile.ResultEmpty, e return sreconcile.ResultEmpty, e
} }