alpha
Login
or
Join now
mitchellh.com
/
tack
Star
2
Fork
10
Atom
Configure Feed
Issues
Pull Requests
Commits
Tags
Feed URL
Select the types of activity you want to include in your feed.
Stitch any CI into Tangled
Star
2
Fork
10
Atom
Configure Feed
Issues
Pull Requests
Commits
Tags
Feed URL
Select the types of activity you want to include in your feed.
Overview
Issues
Pulls
Pipelines
tack
/
internal
/
at
4163dd9af9b5ac71ad202af2d6cea04386e9defb
4 folders
Mitchell Hashimoto
sourcehut: surface log fetch authorization failures
7w ago
4163dd9a
buildkite
sourcehut: surface log fetch authorization failures Previously the docs only required builds.sr.ht/JOBS:RW, but the log endpoints under /query/log/<id>[/<task>]/log require builds.sr.ht/LOGS:RO. A token with the documented scope would submit jobs and poll status correctly, then 403 on every log fetch. The provider's streamStep suppressed all non-404 errors at debug level and emitted empty steps, so operators following the docs got green builds whose logs were silently blank. Update the docs to require both scopes and explain why. Add an ErrUnauthorized sentinel to the sourcehut client and wrap 401/403 responses from GetTaskLog with it. In the provider, probe the master log up front in Logs() so a systemic auth failure surfaces as a Logs() error (5xx via the HTTP layer) rather than as an empty stream. As defense in depth, streamStep now aborts the stream and logs at error level on ErrUnauthorized instead of swallowing it.
1 month ago
jetstream
jetstream: extract reusable consumer into internal/jetstream The consumer code in jetstream.go mixed Tack-specific concerns (collections, applyCommit, store cursor) with generic firehose mechanics: configuring the upstream client, looping reconnects, rewinding time-based cursors, persisting cursor progress, and distinguishing permanent bad-record failures from transient handler failures. None of those are specific to Tack and they are the bits most likely to be reused for future jetstream consumers. Move the generic mechanics into a new internal/jetstream package.
1 month ago
k8s
provider/tekton: stream non-terminal pod logs with follow=true The Logs path for a still-running PipelineRun called StreamPodLogs without follow=true, so the apiserver returned a snapshot of the container log and EOF'd at the current tail. The provider then emitted StepStatusEnd and moved on, which made still-running steps look complete and dropped any subsequent log bytes unless the client reconnected. The same one-shot pass also took a single snapshot of TaskRuns, so any TaskRun spawned later in the PipelineRun (sequential runAfter, finally, retries) was silently ignored. StreamPodLogs now takes a LogOptions{Follow bool}. The non-terminal path uses Follow=true so the read only EOFs once the container actually terminates; the terminal path keeps the snapshot read since the log is already complete. The Logs goroutine is replaced with a poll loop that re-lists TaskRuns and re-checks the PipelineRun's terminal state each iteration, only closing the channel once the PipelineRun is terminal AND no new TaskRuns appeared in the last pass. The fake k8s client mirrors the apiserver's follow semantics by holding the reader open until ctx is cancelled.
1 month ago
sourcehut
sourcehut: surface log fetch authorization failures Previously the docs only required builds.sr.ht/JOBS:RW, but the log endpoints under /query/log/<id>[/<task>]/log require builds.sr.ht/LOGS:RO. A token with the documented scope would submit jobs and poll status correctly, then 403 on every log fetch. The provider's streamStep suppressed all non-404 errors at debug level and emitted empty steps, so operators following the docs got green builds whose logs were silently blank. Update the docs to require both scopes and explain why. Add an ErrUnauthorized sentinel to the sourcehut client and wrap 401/403 responses from GetTaskLog with it. In the provider, probe the master log up front in Logs() so a systemic auth failure surfaces as a Logs() error (5xx via the HTTP layer) rather than as an empty stream. As defense in depth, streamStep now aborts the stream and logs at error level on ErrUnauthorized instead of swallowing it.
1 month ago