didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Add explicit timeouts to subprocess and HTTP calls in git-gate paths #271

Merged
didericis merged 3 commits from add-subprocess-http-timeouts into main 2026-06-25 04:23:03 -04:00
Conversation 4 Commits 3 Files Changed 5
+105 -8
didericis-claude commented 2026-06-25 02:59:33 -04:00
Collaborator
Copy Link
Copy Source

Closes #255.

Summary

  • git_http_backend.py: adds GIT_HTTP_BACKEND_TIMEOUT_SECS = 30 and passes it to both subprocess.run calls (access-hook invocation and git http-backend CGI), mirroring the existing GIT_GATE_DAEMON_TIMEOUT_SECS on the daemon path.
  • contrib/gitea/deploy_key_provisioner.py: adds _API_TIMEOUT_SECS = 30 and _KEYGEN_TIMEOUT_SECS = 10; passes them to the two urllib.request.urlopen calls (create and delete deploy key) and the ssh-keygen subprocess.
  • Tests extended to assert the timeout value is forwarded at all four changed call sites.
Closes #255. ## Summary - `git_http_backend.py`: adds `GIT_HTTP_BACKEND_TIMEOUT_SECS = 30` and passes it to both `subprocess.run` calls (access-hook invocation and `git http-backend` CGI), mirroring the existing `GIT_GATE_DAEMON_TIMEOUT_SECS` on the daemon path. - `contrib/gitea/deploy_key_provisioner.py`: adds `_API_TIMEOUT_SECS = 30` and `_KEYGEN_TIMEOUT_SECS = 10`; passes them to the two `urllib.request.urlopen` calls (create and delete deploy key) and the `ssh-keygen` subprocess. - Tests extended to assert the timeout value is forwarded at all four changed call sites.
didericis reviewed 2026-06-25 03:02:03 -04:00
bot_bottle/git_http_backend.py Outdated
@@ -25,0 +25,4 @@
# Timeout for the access-hook subprocess and git http-backend CGI subprocess.
# Mirrors GIT_GATE_DAEMON_TIMEOUT_SECS so both HTTP and daemon paths share the
# same bound: a hung upstream fetch in the access-hook or a stalled CGI child
# cannot wedge the sidecar indefinitely.
didericis commented 2026-06-25 03:02:03 -04:00
Owner
Copy Link
Copy Source

@didericis-claude Should probably just import GIT_GATE_DAEMON_TIMEOUT_SECS and set this to that value if they should be equal.

@didericis-claude Should probably just import `GIT_GATE_DAEMON_TIMEOUT_SECS` and set this to that value if they should be equal.
didericis-claude commented 2026-06-25 03:03:38 -04:00
Author
Collaborator
Copy Link
Copy Source

Good call. Dropped GIT_HTTP_BACKEND_TIMEOUT_SECS entirely and now import GIT_GATE_DAEMON_TIMEOUT_SECS directly from git_gate. The test was updated to assert against the imported constant too, so the value is enforced at a single source. Pushed in db9857c.

Good call. Dropped `GIT_HTTP_BACKEND_TIMEOUT_SECS` entirely and now import `GIT_GATE_DAEMON_TIMEOUT_SECS` directly from `git_gate`. The test was updated to assert against the imported constant too, so the value is enforced at a single source. Pushed in db9857c.
didericis reviewed 2026-06-25 03:06:23 -04:00
bot_bottle/git_http_backend.py Outdated
@@ -16,6 +16,8 @@ from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
from pathlib import Path
from urllib.parse import urlsplit
from .git_gate import GIT_GATE_DAEMON_TIMEOUT_SECS
didericis commented 2026-06-25 03:06:23 -04:00
Owner
Copy Link
Copy Source

Given we're using this for two different purposes now, probably makes sense to rename it to GIT_GATE_TIMEOUT_SECS. Can add a comment about where it's currently used/fact that it's used in a multiple places.

Given we're using this for two different purposes now, probably makes sense to rename it to `GIT_GATE_TIMEOUT_SECS`. Can add a comment about where it's currently used/fact that it's used in a multiple places.
didericis-claude commented 2026-06-25 03:07:57 -04:00
Author
Collaborator
Copy Link
Copy Source

Done in 1077621. Renamed to GIT_GATE_TIMEOUT_SECS and updated the comment to enumerate all three current users (git daemon --timeout/--init-timeout, access-hook subprocess, git http-backend CGI).

Done in 1077621. Renamed to `GIT_GATE_TIMEOUT_SECS` and updated the comment to enumerate all three current users (git daemon `--timeout`/`--init-timeout`, access-hook subprocess, git http-backend CGI).
didericis force-pushed add-subprocess-http-timeouts from 1077621bea to 8e81b3b425 2026-06-25 03:28:51 -04:00 Compare
didericis added 3 commits 2026-06-25 04:12:48 -04:00
fix: add explicit timeouts to subprocess and HTTP calls in git-gate paths 508c537deb 
Closes #255. Without timeouts, a hung upstream during the access-hook
or git http-backend CGI call (git_http_backend.py) and a stalled Gitea
API during deploy-key provisioning (contrib/gitea/deploy_key_provisioner.py)
could wedge a sidecar indefinitely. Adds GIT_HTTP_BACKEND_TIMEOUT_SECS
(30s) to both subprocess.run calls in the HTTP backend, mirroring the
existing GIT_GATE_DAEMON_TIMEOUT_SECS on the daemon path. Adds
_API_TIMEOUT_SECS (30s) and _KEYGEN_TIMEOUT_SECS (10s) to the Gitea
provisioner's urlopen and ssh-keygen calls. Tests verify the timeout
values are forwarded in all four call sites.
refactor: import GIT_GATE_DAEMON_TIMEOUT_SECS instead of duplicating the value c0d3f16519
refactor: rename GIT_GATE_DAEMON_TIMEOUT_SECS to GIT_GATE_TIMEOUT_SECS
test / unit (pull_request) Successful in 33s
Details
test / integration (pull_request) Successful in 17s
Details
lint / lint (push) Successful in 1m48s
Details
test / unit (push) Successful in 35s
Details
test / integration (push) Successful in 17s
Details
Update Quality Badges / update-badges (push) Successful in 1m20s
Details
0bace7615a 
The constant now covers the daemon path, the HTTP backend access-hook,
and the git http-backend CGI subprocess, so 'daemon' in the name was
too narrow. Updated the comment to list all three current uses.
didericis force-pushed add-subprocess-http-timeouts from 8e81b3b425 to 0bace7615a 2026-06-25 04:12:48 -04:00 Compare
didericis merged commit 0bace7615a into main 2026-06-25 04:23:03 -04:00
didericis deleted branch add-subprocess-http-timeouts 2026-06-25 04:23:03 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
didericis
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#271
Delete Branch "add-subprocess-http-timeouts"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?