From 31a6263ef3ec73ff2d03cb4c0260379f96f7598c Mon Sep 17 00:00:00 2001 From: Matthew Rodgers Date: Fri, 26 Apr 2024 15:44:18 -0700 Subject: [PATCH] Stop racing secret uploads For up to date versions of wrangler, secrets are uploaded via the 'secret:bulk' command, which batches updates in a single API call. For versions of wrangler without that capability, the action falls back to the single 'secret put' command for each secret. It races all these with a Promise.all() Unfortunately, the single secret API cannot handle concurrency - at best, these calls have to wait on one another, holding requests open all the while. Often it times out and errors. This fixes the legacy secret upload errors by making these calls serially instead of concurrently. --- .changeset/funny-boats-care.md | 13 +++++++++++++ src/index.ts | 26 ++++++++++++-------------- 2 files changed, 25 insertions(+), 14 deletions(-) create mode 100644 .changeset/funny-boats-care.md diff --git a/.changeset/funny-boats-care.md b/.changeset/funny-boats-care.md new file mode 100644 index 0000000..9500ede --- /dev/null +++ b/.changeset/funny-boats-care.md @@ -0,0 +1,13 @@ +--- +"wrangler-action": minor +--- + +Stop racing secret uploads + +For up to date versions of wrangler, secrets are uploaded via the 'secret:bulk' command, which batches updates in a single API call. + +For versions of wrangler without that capability, the action falls back to the single 'secret put' command for each secret. It races all these with a Promise.all() + +Unfortunately, the single secret API cannot handle concurrency - at best, these calls have to wait on one another, holding requests open all the while. Often it times out and errors. + +This fixes the legacy secret upload errors by making these calls serially instead of concurrently. diff --git a/src/index.ts b/src/index.ts index 576e3fd..405aa3b 100755 --- a/src/index.ts +++ b/src/index.ts @@ -152,24 +152,22 @@ function getEnvVar(envVar: string) { return value; } -function legacyUploadSecrets( +async function legacyUploadSecrets( secrets: string[], environment?: string, workingDirectory?: string, ) { - return Promise.all( - secrets.map((secret) => { - const args = ["wrangler", "secret", "put", secret]; - if (environment) { - args.push("--env", environment); - } - return exec(packageManager.exec, args, { - cwd: workingDirectory, - silent: config["QUIET_MODE"], - input: Buffer.from(getSecret(secret)), - }); - }), - ); + for (const secret of secrets) { + const args = ["wrangler", "secret", "put", secret]; + if (environment) { + args.push("--env", environment); + } + await exec(packageManager.exec, args, { + cwd: workingDirectory, + silent: config["QUIET_MODE"], + input: Buffer.from(getSecret(secret)), + }); + } } async function uploadSecrets() {