Open
Conversation
Signed-off-by: Brian DeHamer <bdehamer@github.com>
There was a problem hiding this comment.
Pull request overview
Adds a TTL cache for image digests that have previously returned 404/NoArtifactError from the deployment record API, so the controller can avoid repeated GitHub API calls for third-party/unknown artifacts and expose cache-hit observability.
Changes:
- Add an
unknownArtifactsexpiring cache to suppress repeat posts for digests known to be missing (404), with a 1-hour TTL. - Add a Prometheus counter to track avoided API calls due to unknown-artifact cache hits.
- Add unit tests validating cache population, cache hits, expiry behavior, and cross-event behavior.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
internal/controller/controller.go |
Introduces unknownArtifacts TTL cache, checks it before posting, and populates it on NoArtifactError. |
pkg/dtmetrics/prom.go |
Adds a new Prometheus counter for unknown-artifact cache hits. |
internal/controller/controller_test.go |
Adds unit tests for unknown-artifact caching behavior in recordContainer(). |
Comments suppressed due to low confidence (3)
internal/controller/controller_test.go:124
- This test constructs
deploymentrecord.NoArtifactError{}with its internal wrapped error left nil.(*NoArtifactError).Error()dereferencesn.errand will panic if the error is ever logged/formatted, making the test setup fragile. Consider adding an exported constructor inpkg/deploymentrecord(or makingNoArtifactError.Error()nil-safe) and using that here so the mocked error is always well-formed.
poster := &mockPoster{
lastErr: &deploymentrecord.NoArtifactError{},
}
internal/controller/controller_test.go:144
- This test constructs
deploymentrecord.NoArtifactError{}with its internal wrapped error left nil.(*NoArtifactError).Error()dereferencesn.errand will panic if the error is ever logged/formatted, making the test setup fragile. Consider adding an exported constructor inpkg/deploymentrecord(or makingNoArtifactError.Error()nil-safe) and using that here so the mocked error is always well-formed.
poster := &mockPoster{
lastErr: &deploymentrecord.NoArtifactError{},
}
internal/controller/controller_test.go:85
- This test constructs
deploymentrecord.NoArtifactError{}with its internal wrapped error left nil.(*NoArtifactError).Error()dereferencesn.errand will panic if the error is ever logged/formatted, making the test setup fragile. Consider adding an exported constructor inpkg/deploymentrecord(or makingNoArtifactError.Error()nil-safe) and using that here so the mocked error is always well-formed.
poster := &mockPoster{
lastErr: &deploymentrecord.NoArtifactError{},
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
* Initial plan * Make NoArtifactError.Error() nil-safe Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/deployment-tracker/sessions/3eb7150d-f2e1-4ef9-8452-686a5ddb22f0 --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The deployment-tracker calls the GitHub deployment record API for every container it observes — including third-party containers that GitHub has no knowledge of. These always return a 404 (
NoArtifactError). For clusters running a lot of third-party workloads, this generates significant unnecessary API traffic.Approach
This adds a new
unknownArtifactsTTL cache to the controller that tracks image digests which have previously returned a 404 from the deployment record API. Before making an API call,recordContainer()checks this cache and skips the request if the digest is already known to be missing.Why a separate cache?
The existing
observedDeploymentscache serves a different purpose — it deduplicates successful posts during rapid pod churn. The two caches differ in key semantics and TTL:observedDeploymentsunknownArtifactsevent||deploymentName||digestdigestThe 404 cache is keyed by digest alone — if GitHub doesn't have an artifact for a given digest, that's true regardless of the deployment name or event type. The longer TTL reflects the fact that an unknown artifact is unlikely to become known in the near term.
Observability
A new Prometheus counter
deptracker_post_record_unknown_artifact_cache_hittracks how many API calls are being avoided by the cache.Changes
internal/controller/controller.go— AddunknownArtifactscache field, check it before API calls, populate it onNoArtifactErrorpkg/dtmetrics/prom.go— New cache hit counter metricinternal/controller/controller_test.go— Unit tests covering cache population, cache hits, expiry, and cross-event-type behavior