Skip to content

refactor: simplify auth flow to avoid Github API calls as much as possible#106

Merged
samrocketman merged 1 commit into
jenkinsci:masterfrom
sgtcoolguy:clean-flow
Apr 12, 2019
Merged

refactor: simplify auth flow to avoid Github API calls as much as possible#106
samrocketman merged 1 commit into
jenkinsci:masterfrom
sgtcoolguy:clean-flow

Conversation

@sgtcoolguy

Copy link
Copy Markdown
Contributor

Follow on to #102

I apologize as this is a biggie. The goal here is to try and improve performance for typical users (non-admins) when making heavy use of github org folders/repos.

Attempts to handle use cases that don't require repository permission lookups first to avoid hitting the Github API at all when we can.
When we do need to look at repository permissions, still attempts to use a global cache of public/private flags for repos so if any user has pulled that repo's info and it's a public repo we can resolve read related permissions without hitting the API to grab the user's repos or the specific repo.
When we need to load the details for a repository, load the user's full listing of repositories en masse/batch first, and if not in that listing then load that repo.
Whenever we load any repo, store the public/private flag in the global/all-users cache.

  • Improve the test suite to handle many of the typical cases.
  • Lower visibility of a number of methods to private/package based on usage.

…sible

Attempts to handle use cases that don't require repository permission
lookups first to avoid hitting the Github API.
When we do need to look at repository permissions, still attempts to use
a global cache of public/private flags for repos so if any user has pulled
that repo's info, and it's a public repo we can resolve read related
permissions without hitting the API.
When we need to load the details for a repository, load the user's full
listing of repositories en masse/batch.
Whenever we load a repo store the public/private fag in global cache.
Improve the test suite to handle many of the typical cases.
@samrocketman

Copy link
Copy Markdown
Member

Thanks, I’ll take a look at this. In the process of moving but will look at it when I can.

@ojacques

ojacques commented Mar 6, 2019

Copy link
Copy Markdown

I think we are going to test this PR on large scale. Each user (not a Jenkins Admin) who authenticates to our Jenkins with this plugin consumes 2,500 GitHub API calls (❗). I suspect because of the sheer number of GitHub orgs & repos managed by our Jenkins.
@sgtcoolguy - do you use this already in your environment? Any update you want to make before we jump in?
On a side note, I wonder if GitHub's graphql wouldn't be a better fit to get all / most info in fewer API calls. But I do not know this plugin well enough nor the consequences.

@angegar

angegar commented Mar 6, 2019

Copy link
Copy Markdown

@ojacques let's try to build this PR and use it in our test env.

@samrocketman samrocketman left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great! Local testing went well I'll be merging this for next release.

@samrocketman samrocketman merged commit c5a53c3 into jenkinsci:master Apr 12, 2019
@samrocketman

Copy link
Copy Markdown
Member

This has been released in github-oauth 0.32

* @return githubServer
*/
public String getGithubServer() {
String getGithubServer() {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

breaks binary compabitility with plugins that already using this method

@KostyaSha KostyaSha left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR breaks binary compatibility by hiding methods

@samrocketman

Copy link
Copy Markdown
Member

Thanks for pointing out. I’ll update the method to restore the previous call for that method

usersByTokenCache.put(token, me);
// Also stick into usersByIdCache (to have latest copy)
String username = ghMyself.getLogin();
usersByIdCache.put(username, new GithubUser(ghMyself));

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it possible this code is throwing an exception that is causing https://issues.jenkins-ci.org/browse/JENKINS-56997
It seems like this method is returning UNKNOWN_TOKEN. I'm running into this issue when scanning my organization for a pipeline configuration if that helps.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the note I’ll investigate this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants