Skip to content

Commit 7c92949

Browse files
stefanprodanstefanprodan
committed
Retry failed verifications with exponential backoff
Signed-off-by: Stefan Prodan <[email protected]>
1 parent 082028e commit 7c92949

File tree

2 files changed

+11
-7
lines changed

2 files changed

+11
-7
lines changed

Makefile

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Image URL to use all building/pushing image targets
2-
IMG ?= localhost:5050/source-controller
3-
TAG ?= test1
2+
IMG ?= fluxcd/source-controller
3+
TAG ?= latest
44

55
# Base image used to build the Go binary
66
LIBGIT2_IMG ?= ghcr.io/fluxcd/golang-with-libgit2-only
@@ -14,9 +14,9 @@ GO_TEST_PREFIX ?=
1414

1515
# Allows for defining additional Docker buildx arguments,
1616
# e.g. '--push'.
17-
BUILD_ARGS ?= --load
17+
BUILD_ARGS ?=
1818
# Architectures to build images for
19-
BUILD_PLATFORMS ?= linux/arm64
19+
BUILD_PLATFORMS ?= linux/amd64,linux/arm64,linux/arm/v7
2020

2121
# Go additional tag arguments, e.g. 'integration',
2222
# this is append to the tag arguments required for static builds

controllers/ocirepository_controller.go

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -409,11 +409,16 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, obj *sour
409409
}
410410
}()
411411

412-
// Verify artifact
412+
// Verify artifact if:
413+
// - the upstream digest differs from the one in storage (revision drift)
414+
// - the OCIRepository spec has changed (generation drift)
415+
// - the previous reconciliation resulted in a failed artifact verification (retry with exponential backoff)
413416
if obj.Spec.Verify == nil {
414417
// Remove old observations if verification was disabled
415418
conditions.Delete(obj, sourcev1.SourceVerifiedCondition)
416-
} else if !obj.GetArtifact().HasRevision(revision) || conditions.GetObservedGeneration(obj, sourcev1.SourceVerifiedCondition) != obj.Generation {
419+
} else if !obj.GetArtifact().HasRevision(revision) ||
420+
conditions.GetObservedGeneration(obj, sourcev1.SourceVerifiedCondition) != obj.Generation ||
421+
conditions.IsFalse(obj, sourcev1.SourceVerifiedCondition) {
417422
provider := obj.Spec.Verify.Provider
418423
err := r.verifyOCISourceSignature(ctx, obj, url, keychain)
419424
if err != nil {
@@ -422,7 +427,6 @@ func (r *OCIRepositoryReconciler) reconcileSource(ctx context.Context, obj *sour
422427
sourcev1.VerificationError,
423428
)
424429
conditions.MarkFalse(obj, sourcev1.SourceVerifiedCondition, e.Reason, e.Err.Error())
425-
conditions.MarkFalse(obj, meta.ReconcilingCondition, e.Reason, e.Err.Error())
426430
return sreconcile.ResultEmpty, e
427431
}
428432

0 commit comments

Comments
 (0)