-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Plugin upgrades #1543
Comments
I'm aligned with all of this. We will probably want to add this mini-SIP to the |
Also, I wonder whether we want to enable this for plugins that aren't from the |
I feel like we could get away with slightly more badgeriness, like renotifying for eligible updates every badger timeout. It could also be frustrating to miss out on updates because you weren't staring with rapt attention at a command completing. |
@kate-goldenring For checking upgrade availability, do you think it would be okay to effectively run
|
@itowlson, I don't see a downside to (1), since the local registry will still contain older versions of the manifests but now just also have the new ones. For (2), wouldn't updating one file with git require fetching all files? I am not sure in git how to just fetch one file but we could effectively curl the latest file at the expected path. I do feel concern in running update every time a plugin is executed. I wonder if we want an update interval along with a badger interval. IE if it has been over 12 hours since the last update, we do a |
@kate-goldenring Yeah curling the latest file was what I prototyped. The way I have prototyped it does things in a different order, so it would only check for updates if:
So that should keep the GH load down even without a separate update interval; plugins in the registry are unlikely to churn that fast enough for 1 to be a big issue (given that it's a PR and manual approval process to update the registry). |
Hmm, the downside of curling only the latest is that if latest is incompatible with the user's version of Spin, but an intermediate version is compatible, we would not prompt to upgrade to the intermediate version. So that might be a reason to do the full update. (I forgot about Spin compatibility above... for completeness, upgrades where the Spin version requirement does not match are, naturally, ineligible.) I am a bit concerned, though, that full update could be slow. For plugins that normally complete quickly, this could result in a lot of cancelled updates (because we don't want to unduly delay exiting just for the sake of the badger). |
Could fork a daemon to do the update, write the result to a file, and check the result file on plugin exit. If the update doesn't complete before the plugin exits this time you'll have the result ready for next time |
I considered spinning off a background process, but was a bit intimidated by the additional moving parts (particularly for error cases, and edge cases like multiple instances running at once / user running update at the same time as the daemon is trying to / etc.). It's definitely an option if we go the full update route though. I'm not sure why a full daemon rather than a background process - would you see that as serialising updates or something? It's probably worth aligning on perspective too. I have been thinking about this as an advisory feature, that isn't worth making too involved and doesn't need to be perfect. But if we regard it as a key servicing feature then it merits the extra level of robustness. |
Ah yeah I guess I mean "short-lived daemon". Sometimes "daemon" means "system service" and sometimes it just means "that one weird double-fork trick". |
This is a good point. I wonder if adding a subrepository to the plugins repository that just contains the manifests directory would reduce the fetch time. I agree with the point on this not needing to be perfect on the first run. it may make sense to do full updates for now without a separate daemon process and then get feedback and potentially iterate to something more robust |
The repo only contains about 60K of non-manifest data (which will update only infrequently) so I wouldn't worry too much about breaking out a sub-repository. It sounds like you are proposing that we do go for the update rather than curl, and accept that we will hit more cases where we don't get the update in time. Is that correct? (I'm not disagreeing, just making sure I've understood correctly.) |
I have an experimental branch using the "full update" strategy at https:/itowlson/spin/tree/plugins-badger-full-update. At the moment it looks like it needs about 750ms to complete an update when the working copy is already up to date. For a fast-running plugin (which completes in say 10ms), that means a perceptible wait after the plugin exits. The timeout I used in the curl branch was 250ms, which was barely noticeable (at least to me, though I am admittedly less sensitive to this stuff than many people). So it depends on whether realistic plugins are likely to take 500ms+. |
...on your particular uplink to wherever GH has it hosted. We should probably assume that some users will see consistently higher latency and consider whether this would mean they would never see notifications. |
Yep, sorry, should have made that explicit. |
Another option would be to add a |
Okay there is a background processy branch at https:/itowlson/spin/tree/plugins-badger-background-process-eek-eek-eek and it seems to work but I have no real idea how to evaluate it for correctness, especially in the face of errors or concurrency. @lann I don't know if this is what you were thinking of when you mentioned a daemon approach or a "weird double fork trick" - all it does at the moment is spawn a background process - were you proposing more than that? |
The "weird double fork trick" is about detaching the child process from the controlling terminal and process group, but now that I think about it I'm actually not sure whether you want the child to detach in this scenario... 🤔 |
Uhhhhhhhhhhhhhhhhh... well... with what I've done the child can continue to run after the parent exits... I have not tested what happens if I close the terminal... do we care? DON'T MAKE ME CARE LANN |
How do we want to take this forward? |
Okay it sounds like we had three options here:
|
Yes. I don't love any of them. The background process is probably the most robust in terms of getting updates in front of users, and I think avoids any UI speed bumps. But correctness is going to be hard to confirm, especially since pulled updates will often not be displayed until the next time the plugin runs. I am also not sure if there are any concurrency implications if two background checks kick off close together, or throttling implications since each plugin will trigger an update independently. We can address those latter two points but it will make it more complicated (like serialising update requests and/or or recording a last update time and not re-updating within a timeout). Which I guess is why large-scale servicing processes really do run as actual honest-to-goodness daemons... |
cloud we do something where the upgrade background process grabs an |
Yeah that was the sort of thing I was thinking of for concurrency (and throttling isn't really an issue, nobody will run that many different plugins frequently enough or for long enough and I should get over myself). We'd need some UI for "user tries to update while a background process is updating" but that's no biggie. And of course now I am going into agonies about the background process getting stuck or failing to clean up the lock. But correctness remains the big worry. |
Good point. I think we will have some nice troubleshooting docs for this. I think its fair to proceed with the background process approach and we can iterate based on the behavior people experience. |
The background process only needs to sync the repo right? Seems like that would use an "update state" file to track last update time for rate limiting, which it can flock during the update process (which will always unlock on process exit). Now you "just" have to worry about the background process hanging... |
Don't you have to reboot windows every few hours anyway? |
All right, Rust
So we are gold--
MUST WE MICROSOFT MUST WE Anyway yep I can take a look at this. I'll do it as a separate PR to |
This is a micro-SIP for informing Spin users when there are new versions of their favourite plugins. It is for discussion.
Principles:
Classification:
When to notify:
How to notify:
Privacy;
update
command exists" issues. So I want to leave this much wiggle room.)Future refinements:
The text was updated successfully, but these errors were encountered: