Merge pull request #255 from matthewdavidrodgers/legacy-concurrent-secret-uploads

Stop racing secret uploads
This commit is contained in:
Rahul Sethi 2024-04-30 13:52:11 +01:00 committed by GitHub
commit b05934f581
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 25 additions and 14 deletions

View file

@ -0,0 +1,13 @@
---
"wrangler-action": minor
---
Stop racing secret uploads
For up to date versions of wrangler, secrets are uploaded via the 'secret:bulk' command, which batches updates in a single API call.
For versions of wrangler without that capability, the action falls back to the single 'secret put' command for each secret. It races all these with a Promise.all()
Unfortunately, the single secret API cannot handle concurrency - at best, these calls have to wait on one another, holding requests open all the while. Often it times out and errors.
This fixes the legacy secret upload errors by making these calls serially instead of concurrently.

View file

@ -152,24 +152,22 @@ function getEnvVar(envVar: string) {
return value; return value;
} }
function legacyUploadSecrets( async function legacyUploadSecrets(
secrets: string[], secrets: string[],
environment?: string, environment?: string,
workingDirectory?: string, workingDirectory?: string,
) { ) {
return Promise.all( for (const secret of secrets) {
secrets.map((secret) => {
const args = ["wrangler", "secret", "put", secret]; const args = ["wrangler", "secret", "put", secret];
if (environment) { if (environment) {
args.push("--env", environment); args.push("--env", environment);
} }
return exec(packageManager.exec, args, { await exec(packageManager.exec, args, {
cwd: workingDirectory, cwd: workingDirectory,
silent: config["QUIET_MODE"], silent: config["QUIET_MODE"],
input: Buffer.from(getSecret(secret)), input: Buffer.from(getSecret(secret)),
}); });
}), }
);
} }
async function uploadSecrets() { async function uploadSecrets() {