[Backport 7.80.x] [#incident-56663] Prefer DNS endpoint in CI for mirrored Go packages (#52499)#52698
Conversation
Gitlab CI Configuration Changes
|
| Removed | Modified | Added | Renamed |
|---|---|---|---|
| 1 | 463 | 5 | 0 |
Updated: .gitlab/distribution.yml
Changes Summary
| Removed | Modified | Added | Renamed |
|---|---|---|---|
| 1 | 71 | 1 | 0 |
ℹ️ Diff available in the job log.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e1eb4d5ee7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| variables: | ||
| GOPROXY: "https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/" | ||
| GOPROXY: "https://depot-read-api-go.rapid-dependency-management-depot.all-clusters.local-dc.fabric.dog:8443/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/magicmirror/@current/|https://depot-read-api-go.us1.ddbuild.io/magicmirror/testing/@current/" |
There was a problem hiding this comment.
Sanitize GOPROXY for DMG builds
This global GOPROXY now puts the .fabric.dog endpoint first for every CI job, but the macOS DMG packaging jobs in .gitlab/build/package_build/dmg.yml do not extend .macos_gitlab or .bazel:runner:macos-*; they run .macos_setup_go and dda inv omnibus.build directly without !reference [.sanitize_goproxy]. Since the same patch documents that this endpoint is not usable from macOS runners, agent_dmg-* will keep trying the unreachable proxy before falling back for Go/Bazel module fetches, which can make the release packaging jobs hang or fail on cache misses.
Useful? React with 👍 / 👎.
Files inventory check summaryFile checks results against ancestor d502ce1e: Results for datadog-agent_7.80.3.git.4.e413beb.pipeline.121028657-1_amd64.deb:No change detected |
Static quality checks✅ Please find below the results from static quality gates Successful checksInfo
31 successful checks with minimal change (< 2 KiB)
|
|
🎯 Code Coverage (details) 🔗 Commit SHA: e413beb | Docs | Datadog PR Page | Give us feedback! |
Service-to-service traffic is supposed to use internal DNS instead of the currently-prioritized gateway proxy, which intermittently throws 503s even though the underlying service is healthy. CI will pass when the build images have been updated, as seen here #52547 Co-authored-by: ofek.lev <ofek.lev@datadoghq.com> (cherry picked from commit ceea175)
74ad769 to
e413beb
Compare
| allow depot-read-api-go.us1.ddbuild.io | ||
| # Preferred first in GOPROXY (see .adms/go/gitlab.yaml); allow it here so Bazel's | ||
| # downloader doesn't block it. | ||
| allow depot-read-api-go.rapid-dependency-management-depot.all-clusters.local-dc.fabric.dog |
There was a problem hiding this comment.
That is one seriously long hostname.
| case "${GOPROXY-}" in | ||
| *.fabric.dog*) | ||
| if ! __sgp_usable; then | ||
| GOPROXY="$(printf '%s' "$GOPROXY" | tr '|' '\n' \ |
There was a problem hiding this comment.
Maybe $(echo $GOPROXY | tr ...)
| *.fabric.dog*) | ||
| if ! __sgp_usable; then | ||
| GOPROXY="$(printf '%s' "$GOPROXY" | tr '|' '\n' \ | ||
| | grep -vE '^https?://[^/]*\.fabric\.dog(:[0-9]+)?(/|$)' | paste -sd '|' -)" |
There was a problem hiding this comment.
Is the (/|$) more precise than needed? But I think the answer to that depends on the chance of the domain changing from "*.fabric.dog".
| # strip any unreachable entry once here and apply the result explicitly to each | ||
| # go step (an explicit assignment overrides the injected arg). Mirrors | ||
| # tools/ci/sanitize-goproxy.sh. | ||
| RUN printf '%s' "$GOPROXY" | tr '|' '\n' \ |
There was a problem hiding this comment.
I think this might work so you can share the code.
RUN ( bash tools/ci/santize-goproxy.sh ; echo "$GOPROXY") >/tmp/goproxy.sanitzed
aiuto
left a comment
There was a problem hiding this comment.
Your call on the suggestions.
@aiuto Thanks for the thorough review ! but as this is just a backport I think we'd better include them on |
7091f13
into
7.80.x
Backport of #52499