fix: deadlock and improve debugging experience #3570
Conversation
jul-sh
requested review from
laurentsimon,
joshuagl,
kpk47 and
ramonpetgrave64
as code owners
jul-sh
force-pushed
the
main
branch
6 times, most recently
from
6413dfa to
8eb9d32
Compare
|
cc @tiziano88 also |
jul-sh
changed the title
|
Turns out this PR also fixes another where action deadlocks if the builder outputs significant amounts of logs over stdio. This is due to the version on the main branch reading stdout and stderr sequentially, thus encountering this deadlock: golang/go#16787 |
jul-sh
changed the title
jblebrun
force-pushed
the
main
branch
2 times, most recently
from
1667306 to
8489e8a
Compare
|
cc @timonvo & @thmsbinder also, I mentioned this PR in our sync earlier. It unblocks signed provenances for some of the remaining Oak components. |
laurentsimon
changed the title
laurentsimon
changed the title
|
I'm going to so some final testing with our pipeline after the changes, just to make sure I haven't made any mistakes with the changes. |
|
@laurentsimon Thanks for the review! BTW, it looks like the workflows need to be approved again. |
|
@laurentsimon fixed the linter failure caught in the checks that ran after approval. Sorry, but I think you need to approve again. |
…olang/go#16787 Also improve developer experience by outputting logs incrementally. Signed-off-by: Juliette Pretot <julsh@google.com> Co-authored-by: Jason LeBrun <jibbl@google.com>
|
@laurentsimon Sorry, one more question! We were trying to use a version including this fix... referencing a specific digest didn't work (detect-env fails), but even using a named ref like After some digging I found https://github.com/slsa-framework/slsa-github-generator/blob/main/README.md#referencing-slsa-builders-and-generators which seems to indicate that everything only works if we use a specific tag formed like Is our only solution to wait for a properly tagged version to include this fix? Is there any other workaround? |
|
You're correct, we need to release with the patch |
Is there any specific time table that the org prefers to follow for releases? We could follow the process in RELEASES.md to get the next release moving, if that's invited. |
|
@ramonpetgrave64 is looking into releasing. Appreciate the offer, but one needs to be a maintainer to go thru process REALEASE (need to have certain permissions, etc) |
|
We have a pre-release that you can start using to build and generate provenances, but verifying won't yet work. https://github.com/slsa-framework/slsa-github-generator/releases/tag/v2.0.0-rc.0 tracking in |
Per the SLSA team this should unlock provenance generation, though verification won't work yet: slsa-framework/slsa-github-generator#3570 (comment) Change-Id: Ia572af830c11e2733a1c0e96906a5264c9f7c62d
Per the SLSA team this should unlock provenance generation, though verification won't work yet: slsa-framework/slsa-github-generator#3570 (comment) Change-Id: Ia572af830c11e2733a1c0e96906a5264c9f7c62d
|
We've released v2.0.0 today. |
thank you so much for the quick release! we updated our repo to v2 and it's working beautifully. cc @tiziano88 @jblebrun @tiziano88 |
Summary
Fixes #3571. Fixes #3569. Shoutout to @jblebrun who wrote most of the code in this PR and debugged this issue together with me.
Testing Process
...
Checklist