migrate token pooling to postgres #8922
Conversation
chris48s
added
the
operations
Socket Security Pull Request Report👍 No new dependency issues detected in pull request Pull request report summary
Bot CommandsTo ignore an alert, reply with a comment starting with Powered by socket.dev |
chris48s
force-pushed
the
8921-postgres
branch
from
20e284d
to
169a6aa
Compare
| @@ -54,8 +54,10 @@ | |||
| "lodash.groupby": "^4.6.0", | |||
| "lodash.times": "^4.3.2", | |||
| "node-env-flag": "^0.1.0", | |||
| "node-pg-migrate": "^6.2.2", | |||
There was a problem hiding this comment.
Even though we don't expect to change our DB schema super often, I think its worth having a migration package to make it easier to evolve this over time. Ideally we should also look at running npm run migrate up on deploy. For the first deploy I think it can live with doing it manually.
There was a problem hiding this comment.
Does this need to be a prod dep or can it still be utilized as a dev dep?
There was a problem hiding this comment.
In order to create the DB (in the first instance) or modify it (later) we need to be able to run npm run migrate up in the production environment so it has to be a prod dependency.
| beforeEach('Create temporary table', async function () { | ||
| await pool.query( | ||
| `CREATE TEMPORARY TABLE ${tableName} (LIKE github_user_tokens INCLUDING ALL);` | ||
| ) | ||
| }) | ||
| afterEach('Drop temporary table', async function () { | ||
| await pool.query(`DROP TABLE IF EXISTS pg_temp.${tableName};`) | ||
| }) |
There was a problem hiding this comment.
This copies our table to a temp schema for the purposes of running the tests then clears it up again after. This means we can run the tests against a local DB with real data in it and not break our local data. We don't need a separate test DB. It also means the tests will keep step with schema changes from the migrations. We do need to migrate up before running the tests though.
There was a problem hiding this comment.
This means we can run the tests against a local DB with real data in it and not break our local data. We don't need a separate test DB. It also means the tests will keep step with schema changes from the migrations. We do need to migrate up before running the tests though
No objections to this in the local/inner dev loop (nor CI) context, and agree the benefits outweigh the tradeoffs. Would be nervous abut this in the context of the real DB though (whether connected to deliberately or accidentally)
There was a problem hiding this comment.
In principle it should be safe but I agree - I wouldn't want to run the tests while connected to the prod DB. Tbh that would be fairly unusual thing to do for any application. I think the fact that the dev dependencies (e.g: mocha, etc) aren't installed in the prod container is enough of a guard rail to stop this from happening.
Personally I'd tend to avoid connecting my dev environment up to a prod database for any application.
| if (config.private.redis_url != null) { | ||
| console.warning( | ||
| 'RedisTokenPersistence is deprecated for token pooling and will be removed in a future release. Migrate to SqlTokenPersistence' | ||
| ) | ||
| } | ||
|
|
There was a problem hiding this comment.
I decided that it is useful to keep both backends around for some length of time because it allows us to switch between them just by changing an env var - no code changes needed. Doing this means we can:
- deploy this code with
REDIS_URLset (so we're still using the redis backend) - migrate our data to postgres with
scripts/migrate-token-pool.js - set
POSTGRES_URLto switch to the postgres backend - if it all goes wrong, we can easily just unset
POSTGRES_URLto go back to redis - unset
REDIS_URLonce we're happy everything is fine - delete the redis code at a later date
This both makes the migration super low-risk/easy to back out of and means we can provide a migration path for self-hosting users with basically no effort.
There was a problem hiding this comment.
Might be worth extending the warning message to include a link to #8921 (or some pertinent issue/discussion)
There was a problem hiding this comment.
Yes. I'll call this out at the top of the changelog for the next server release and write it with a bit more of a focus on self-hosting users than the discussion in #8921 (which is quite shields.io-specific). I'm going to set myself a reminder to ping me so I remember to do this when I do the changelog.
chris48s
changed the title
| @@ -0,0 +1,14 @@ | |||
| /* eslint-disable camelcase */ | |||
|
|
|||
| exports.shorthands = undefined | |||
There was a problem hiding this comment.
|
LGTM, happy to 👍 once merge conflicts are sorted |
|
@SnoozeThis wait until Feb 28 2023 TODO: update |
|
(https://snoozeth.is/0ky67I-_i6g) I will wait until Tue, 28 Feb 2023 00:00:00 UTC and then add a comment. |
|
Should be good to go, I think. I can look at setting up a postgres instance on fly and getting the actual data migration done in the week. |
|
Resolved. |
This PR implements the suggestion from issue #8921 allowing us to migrate the token pool from redis to fly.io postgres.