fix(rollback handler): convert to ts for safety

[kishore03109]

Now that there exists commits to 2 different branches, there needs to be a rollback handler to cater for the case of network failures that exist for a commit to 1 branch. else, we might have a scary situation whereby staging-lite updates, but staging doesnt, and this leads to a wrongly output production site. this effectively means that there should be any use of the writeroutehandler since any write can lead to deviation of staging and staging lite

Note that we dont need to do any thing with regards checking if a site is whitelisted for quickie since all sites have the staging lite branch infra already set up. the whitelisting only dictates whether or not the staging lite file gets updated or not.

Previously, we were not using the rollback properly, this pr converts the file to ts to allow for easier type checking.
there were also some weird errors that occured that could be avoided with the retry. however, staging lite needs to be pushed with a .push(gitOptions), which the retry mechanism does not have. as a bandage, retry twice with the options, check in with @harishv7 on why there exists a retry in GitFileSystemService in the first place.

Manual tests for rollback handler

[Testing for quickie whitelisted site that is GGs]

• use a email login site, ensure that that it is whitelisted for build time reduction in growthbook
• create a file, ensure that no error are obsevered
• go into the create function of GitFileSystemService and short circuit the function by adding a early // return errAsync(new ConflictError("this is a test failure")) eg.

create(
    repoName: string,
    userId: string,
    content: string,
    directoryName: string,
    fileName: string,
    encoding: "utf-8" | "base64" = "utf-8",
    branchName: string
  ): ResultAsync<
    GitCommitResult,
    ConflictError | GitFileSystemError | NotFoundError
  > {
    // short circuit for testing
    return errAsync(new ConflictError("this is a test failure"))
... // rest of code
}

• re-run the create operation, notice that all rollbacks occur for both staging + staging-lite.

[Testing for non-quickie whitelisted site that is GGs]

• do the same as above but not quickie should not be whitelisted

[Testing for GH sites for rollback handler] (all gh sites are NOT whitelisted for quickie)

• throw error in the create function for GithubService
• notice that rollback works as intended -> it goes back to the last known state sucessfully.

[Testing normal crud operations]

Tests

In staging environment,
kishore-test is quickie + zhongjun-test-amplify is NON-quickie + kishore-test-dev-gh on github (non qucikie)

• rename of folders with folder + pages inside
• changes made to any page should be persisted

[kishore03109]

Current dependencies on/for this PR:

• develop
  • PR hotfix(repair-form): set remote url correctly #1048
    • PR feat(quickie): only gitfile should have quickie #1042
      • PR chore(quickie): delete quickie for gh #1043
        • PR test(githubService): add tests #1045
          • PR feat(gitFileSystem): safer api #1046
            • PR test(gitCommitService): add test cases #1047
              • PR fix(rollback handler): convert to ts for safety #1044 👈

This stack of pull requests is managed by Graphite.

[harishv7]

how many times does this retry?

[kishore03109]

max default 10

[harishv7]

1st attempt
200ms
2nd
400ms
3rd
800ms
4th
1600ms
5th
3200ms
7th
6400ms

and so on right? is the above backoff sequence correct?

was just thinking in a worst case scenario the request will be open for quite long? will this timeout on client?

[kishore03109]

would need to dive into source code here to get the exact algo (https://github.com/coveooss/exponential-backoff), but based on their readme I would assume that would be the case

wait ah this backoff occurs when the call has an error bah, so the FE would have already gotten an error code that we try to fix via exponential backoff

[harishv7]

hmm this is a handler middleware right? so it will completed through the execution of all handlers before request completes right?

[harishv7]

follow up suggestion, option 1 + alarm if it fails for 5 times as failing 5 times signifies some deeper issue not resolvable with retry

[kishore03109]

sure option 1 implemented

[kishore03109]

hmm sure about alarm? worried about numberous false positives tho
What I can do is add logging for this, can review later if this occurs too freq with false positives. will add todo regardless in jira

[harishv7]

okay

[harishv7]

@kishore03109 pls test once on staging/local

[kishore03109]

@harishv7 ps should have been clearer, specificly here, why do we have a retry here ah? + why is it on the second retry we pass in diferent args?

[harishv7]

Oh this is just cos in case the first attempt fails, we have a backup to retry once more.

regarding the options, I think there may be a bug - we should be passing in the same options both for first & 2nd attempts

[kishore03109]

do you know why it (i think consistently) fails on file rename?

[kishore03109]

making all retries with same options. I am not too sure why we need retries anyways (kept hitting it during testing), so am keeping verbose code as is first for functionality first

[harishv7]

do you know why it (i think consistently) fails on file rename?

hmm, consistent failure on 1st try is not an expected behaviour

[seaerchin]

that bugfix :monkas:

[kishore03109]

this is copy-pasted code :sadge:

[harishv7]

@kishore03109 can add a follow up minor todo - add alarm if 5 retries all fail

[seaerchin]

focused mostly on ensuring no regression; can't be fully sure but kinda sure.

we should aim to fix low-hanging fruits here + checking the scope to see that the changes made on API are safe

[seaerchin]

i assume we add the true here because we wanna show the staging site right?

separately, i realised that earlier on in 1 of your PRs, we removed a default argument. the majority of callsites should then require the isStaging prop (probably set to true now); can i check if this has been done for all the call sites? (i think yes la but i lazy check)

[seaerchin]

also it's actually really difficult to tell when it's isStaging vs not, which opens us up to errors but that's out of scope.

[kishore03109]

//todo to self, check call sites for hasGitFileLock

[kishore03109]

done

[seaerchin]

style - we can just return !!isGitLocked but noted that this was taken as-is from existing code.

[seaerchin]

we don't necessarily have to do it here (this just maintains parity) but express does export a RouteHandler type and retaining the implicit any is harmful to our codebase as it encourages (or at least does not prevent) ppl from then using any as-is or having it bleed through our code.

[seaerchin]

this is taken as-is but there's a difference in behaviour between this method and the earlier one.

notably, earlier on, we only check isGitAvailable is IS_GGS_ENABLED - in here, we always check regardless of the flag.

within the handleGitFileLock method itself, i think it just returns false if result.isErr() so this should be safe but we might want to simplify this process if isGitAvailable is computed using IS_GGS_ENABLED and handleGitFileLock.

[kishore03109]

79cdf6a

[seaerchin]

i think we should set the type here (and above) - this is quite low effort as the method used to determine the sha is typed.

[kishore03109]

79cdf6a

[seaerchin]

tbvh this whole chunk is very jank and confusing but this PR doesn't focus on code clarity but migration from js -> ts so ok with it. we should, however, look into probably refactoring this into a sensible form.

[seaerchin]

shouldn't updating a repo's password be a write op?

[kishore03109]

79cdf6a

[seaerchin]

why the change here?

[kishore03109]

pushes are supposed to have the required options

[seaerchin]

in order for this to work, should we check that the previous failure was over the network (ie, github doesn't see the commit)? otherwise, we might have a failure from a non-github issue -> push -> dup commits or fail, isn't it?

[kishore03109]

after disc resolving this as an extreme edge case

[seaerchin]

does x._unsafeUnwrap work here?

[seaerchin]

just tried, the below snippet works!

  const res = await x
  return res._unsafeUnwrap()

[kishore03109]

done 097f1f4

[kishore03109]

Merge activity

• Dec 6, 5:51 AM: @kishore03109 started a stack merge that includes this pull request via Graphite.
• Dec 6, 6:01 AM: Graphite rebased this pull request as part of a merge.