Has anyone had an automatic build fail because for...
# box-productsj
Jordan Clark
11/22/2022, 4:46 PMHas anyone had an automatic build fail because forgebox install fails because github blocked the download with a "too many requests" error? Any ways we can make our build more reliable by packaging forgebox dependancies into our local repo?
b
bdw429s
11/22/2022, 4:52 PMI've never seen that one, but to be clear, it's Github blocking you, not forgebox.
bdw429s
11/22/2022, 4:52 PMI would recommend the package maintainer use forgebox storage for their package artifacts, which comes from S3 and has no limit on requests
bdw429s
11/22/2022, 4:53 PMThere's nothing we can do if a package maintainer decides to store their binaries on a server that restricts requests.
bdw429s
11/22/2022, 4:53 PMCommandBox could re-try failed requests 3 times or something
bdw429s
11/22/2022, 4:53 PMCan you put in a ticket for that idea?
j
Jordan Clark
11/22/2022, 4:54 PMYes its github blocking, now our builds can't deploy. Is it possible to download the package zip directly and install it ourselves through box? like an offline type install?
Jordan Clark
11/22/2022, 4:54 PMI will raise an issue on the maintainer's github page
Jordan Clark
11/22/2022, 5:06 PM@bdw429s I think you should consider making forgebox cache external binaries for packages or provide a way users can do an offline install to make box install a more resilient process
b
bdw429s
11/22/2022, 5:07 PM@Jordan Clark The problem here is that forgebox doesn't ever touch or even see those binaries!
bdw429s
11/22/2022, 5:07 PMWhen you install this package, your PC directly makes the call to github (or whatever server) and forgebox is not involved
bdw429s
11/22/2022, 5:08 PMIt's also not safe to assume forgebox even has access to them. A private package could have a location of
Copy code
<http://totalInternalSecretDomain.gov:1234/package.zip>j
Jordan Clark
11/22/2022, 5:08 PMwhen someone publishes the package to forgebox, in this case the box.json provided:
Copy code
"location" : "<https://github.com/cfsimplicity/spreadsheet-cfml/archive/v3.7.2.zip>",b
bdw429s
11/22/2022, 5:09 PMThat is already possible today đ
https://commandbox.ortusbooks.com/package-management/code-endpoints/http-s#cached-urls
bdw429s
11/22/2022, 5:09 PMBut, again, the package maintainer must use it ÂŻ\_(ă)_/ÂŻ
bdw429s
11/22/2022, 5:10 PMIt is not a safe assumption for CommandBox to think the same URL will always yield the same binary
bdw429s
11/22/2022, 5:10 PMWhat about something like
Copy code
<http://s3-url.com/package/latest-bleeding-edge-snapshot.zip>bdw429s
11/22/2022, 5:11 PMThat zip file could change several times a day
bdw429s
11/22/2022, 5:11 PMwhich is why the cached-http endpoint is opt-in
j
Jordan Clark
11/22/2022, 5:12 PMI see your point
Jordan Clark
11/22/2022, 5:14 PMFlip side is packages should be consistent, so if zip files are changing randomly that could also affect builds, so a unique cache for each version of a package would prevent that
b
bdw429s
11/22/2022, 5:17 PMNot neccessarily
bdw429s
11/22/2022, 5:17 PMIt's pretty common to have a snapshot or BE (bleeding edge) version that simply points to the latest code
bdw429s
11/22/2022, 5:18 PMWhich I prefer much more than having 1 billion different snapshot builds (like Lucee does)
bdw429s
11/22/2022, 5:18 PMSo if you want your build to not change between runs, the onus is on you not to use a BE or snapshot version
j
Jordan Clark
11/22/2022, 5:20 PMMy workaround for now is I've downloaded the zip file, put in my own s3 bucket, and reinstalled so my box.json points our copy of the file:
Copy code
box install id="<https://hs-docker-assets.s3.us-east-1.amazonaws.com/cfmodules/spreadsheet-cfml-3.7.2.zip>" save=truec
cfsimplicity
11/22/2022, 5:21 PM@bdw429s As the maintainer of this repo I'm happy to help here if I can, as long as the authoritative binaries remain on Github. The artifact caching sounds like it would easily sort things, but I'm not clear from the link you posted what I need to do. My box.json has this:
Copy code
"location" : "<https://github.com/cfsimplicity/spreadsheet-cfml/archive/v3.7.2.zip>",+cachedb
bdw429s
11/22/2022, 5:22 PMYeah, that should do it
đ 1
bdw429s
11/22/2022, 5:22 PM Copy code
"location" : "<https+cached://github.com/cfsimplicity/spreadsheet-cfml/archive/v3.7.2.zip>",bdw429s
11/22/2022, 5:23 PMSo, as long as Jordan has the file in his local artifacts cache, it won't actually download on subsequent installs
j
Jordan Clark
11/22/2022, 5:23 PMbut this is happening in a clean pipeline build process, its never going to have the file in a local cache
b
bdw429s
11/22/2022, 5:23 PMWell, that's one of the many issues with builds pipelines, lol
bdw429s
11/22/2022, 5:24 PMThere are ways to seed your artifacts. People do it a lot for this exact reason
j
Jordan Clark
11/22/2022, 5:24 PMSo then I'm back to the same position, I'd have to download my own copy of the file from my s3 bucket and seed the cache
b
bdw429s
11/22/2022, 5:25 PMas long as the authoritative binaries remain on Github@cfsimplicity Given you've chosen a place to host your artifacts that throttles traffic, is there a compelling reason not to use ForgeBox storage, which places the artifacts on S3?
bdw429s
11/22/2022, 5:25 PMThat's not the _on_ly solution. Given your cloud pipeline, many of them have features to cache certain directories across builds
bdw429s
11/22/2022, 5:26 PMCommandBox also allows the artifact folder to be configured anywhere you like.
https://commandbox.ortusbooks.com/package-management/artifacts#custom-artifacts-directory
j
Jordan Clark
11/22/2022, 5:28 PM@bdw429s can the artifacts directory read directly off an S3 location?
c
cfsimplicity
11/22/2022, 5:30 PMI'm hosting on Github coz that's where the repo is (and that's a fairly popular choice!) How would I go about hosting the binaries on Forgebox?
b
bdw429s
11/22/2022, 5:40 PMIt depends a little on how your build works. If you manually public to forgebox via the web UI, you can just provide a zip file. Or if just using the
Copy code
publishbdw429s
11/22/2022, 5:41 PMcan the artifacts directory read directly off an S3 location?CommandBox needs a local folder. Now, if you have some trick to create a folder on Linux or whatever that points to S3, then that would work too.
c
cfsimplicity
11/22/2022, 5:45 PMI use commandbox to publish releases to FB. So I instead need to make this change in
box.json Copy code
"location" : "forgeboxStorage",b
bdw429s
11/22/2022, 6:13 PMYes, by default, all the files in the project root will be zipped and sent to forgebox minus your gitignores and box.json ignores
đ 1
c
cfsimplicity
11/22/2022, 6:23 PMOK, @Jordan Clark I've followed Brad's instructions and published a new 3.7.3 release which will hopefully now be hosted on Forgebox.
b
bdw429s
11/22/2022, 6:28 PMLooks like it's working
bdw429s
11/22/2022, 6:29 PM Copy code
⯠install spreadsheet-cfml --verbose
â | Installing package [forgebox:spreadsheet-cfml]
|-------------------------------------------------------------
| Verifying package 'spreadsheet-cfml' in forgebox, please wait...
| Installing version [3.7.3].
| Verified entry in forgebox: 'spreadsheet-cfml'
| Downloading entry from forgebox.
| Deferring to [https] endpoint for forgebox entry [spreadsheet-cfml]...
| Downloading [<HTTPS://ortus-forgebox-private.s3.us-east-1.amazonaws.com/cfsimplicity/spreadsheet-cfml/3.7.3.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJMDMWUSW7FUVMSFQ%2F2022112>
| 2%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20221122T182747Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=bf17618725ed755590a5829d9861e2aa4a631bae9ec98970b6637457b3f5864a
| Decompressing...
| Storing download in artifact cache...
| Done.
| C:\Users\Brad\Desktop\sandbox\spreadsheet-test\/box.json updated with dependency.
| Installing to: C:\Users\Brad\Desktop\sandbox\spreadsheet-test\/modules/spreadsheet-cfml
| -> 75 File(s) Installed
| -> 0 File(s) ignored
| Eureka, 'spreadsheet-cfml' has been installed!
|-------------------------------------------------------------
î° 4sec 783ms î° â î° CLI v1.2.3 î° 12:27 PM î° ~/Desktop/sandbox/spreadsheet-test/ î° (1.0.0) î°
⯠ll
Nov 22,2022 12:11:51 <DIR> modules/
Nov 22,2022 12:11:51 0.2 KB box.json
î° â î° CLI v1.2.3 î° 12:28 PM î° ~/Desktop/sandbox/spreadsheet-test/ î° (1.0.0) î°
⯠package show
{
"dependencies":{
"spreadsheet-cfml":"^3.7.3"
},
"installPaths":{
"spreadsheet-cfml":"modules/spreadsheet-cfml/"
}
}
î° â î° CLI v1.2.3 î° 12:28 PM î° ~/Desktop/sandbox/spreadsheet-test/ î° (1.0.0) î°
⯠ll modules/spreadsheet-cfml/
Nov 22,2022 12:11:51 <DIR> .github/
Nov 22,2022 12:11:51 <DIR> helpers/
Nov 22,2022 12:11:51 <DIR> javaLoader/
Nov 22,2022 12:11:51 <DIR> lib/
Nov 22,2022 12:11:51 <DIR> objects/
May 14,2021 17:05:22 0.2 KB .gitattributes
Nov 22,2022 18:11:14 23.8 KB CHANGELOG.md
Jan 15,2022 17:01:22 1.1 KB LICENSE
Nov 22,2022 18:11:14 0.5 KB ModuleConfig.cfc
Oct 12,2022 14:10:20 16.5 KB README.md
Nov 22,2022 18:11:14 83.8 KB Spreadsheet.cfc
Nov 22,2022 12:11:49 1.5 KB box.json
Nov 14,2022 17:11:54 20.1 MB lib-osgi.jar
Jan 20,2021 12:01:28 2.0 KB osgiLoader.cfcbdw429s
11/22/2022, 6:29 PMâď¸ I asume those are the files expected when the package is installed
c
cfsimplicity
11/22/2022, 6:32 PMYes, that looks fine.đ Good work as always Brad on making this easy simple smile
đ 2
j
Jordan Clark
11/22/2022, 6:38 PM@bdw429s @cfsimplicity thanks so much guys for your attention and help!
đ 1
2 Views