Fix empty secret namespace issue in reconciler

[zakisk]

Fixed empty secret namespace issue in reconcile when git proivder is not github. added E2E tests for gitea as well to confirm this behavior.

What's happening?

Let's take a scenario that I got 5 PipelineRun and I set concurrency_limit to 3 so when PRs are acquired in queue_pipelinerun from semaphore (I got 3 PRs in acquired list) and looped, for first PipelineRun r.secretNS value is empty in the loop at this point when calling updatePipelineRunToInProgress and updatePipelineRunToInProgress returning error from this line saying "an empty namespace may not be set when a resource name is provided" and loop is ending on first PR leaving other two PRs (concurrency_limit - 1 PRs) in queued state and as they are removed from semaphore they aren't no more in acquired list when next time ReconcileKind is called. This PR addresses that bug.

https://issues.redhat.com/browse/SRVKP-5897

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 6 lines in your changes missing coverage. Please review.

Project coverage is 65.07%. Comparing base (5173774) to head (1f35118).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/reconciler/reconciler.go	0.00%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1753      +/-   ##
==========================================
- Coverage   65.11%   65.07%   -0.04%     
==========================================
  Files         174      174              
  Lines       13137    13142       +5     
==========================================
- Hits         8554     8552       -2     
- Misses       4018     4025       +7     
  Partials      565      565              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[enarha]

We have the same code in reportFinalStatus. Can we have it in a single place? I mean if we have it in updatePipelineRunToInProgress, is it really needed in reportFinalStatus as well? Is it possible that reportFinalStatus is called without updatePipelineRunToInProgress being called earlier?

[zakisk]

Is it possible that reportFinalStatus is called without updatePipelineRunToInProgress being called earlier?

@enarha yes it is possible that reportFinalStatus will be called without updatePipelineRunToInProgress if concurrency_limit is not set and all PipelineRuns are provisioned in STARTED state by controller.

[enarha]

Understood. Isn't there a common path (always executed) where we can move that code?

[zakisk]

Understood. Isn't there a common path (always executed) where we can move that code?

🤔 Yes, at the beginning of ReconcileKind it can be.

[zakisk]

But we don't have repo reference object there in ReconcileKind, should we fetch repo object there?

[zakisk]

should we fetch repo object there?

@enarha if yes then I will need to fetch repo in ReconcileKind and change queue_pipelineruns func signature to pass repo.

[piyush-garg]

Do we need to set this in reconciler field? can't we just pass the value while getting the secret, instead of setting it on reconciler?

[zakisk]

@piyush-garg I think r.secretNS is the field which is meant for fetching secret for PipelineRun, if you see its uses it is used only two times once in reportFinalStatus and in updatePipelineRunToInProgress.

[piyush-garg]

but in case of global repo and all, setting this param can may be have adverse affect on next event etc, i would rather skip it for now like setting in reconciler

[savitaashture]

I m not sure about the effect now but when i went through the code i see even r.secretNS is set either by repo.GetNamespace() or r.secretNS = r.globalRepo.GetNamespace() for globalRepo

@piyush-garg do you think it cause some issue 🤔

[chmouel]

I see the point of @piyush-garg even if i don't think it would cause problem but i think @zakisk you can remove that variable being on the struct and instead be scoped to the function that would be at least a saner code.

[chmouel]

can you explain a bit more the problem statement of what you are solving, i am guessing myself and other reviewers can guess it from your PR but neither the SRVKP or the PR description describe how this bugs occurring and how to replicate it.

[chmouel]

pr is fine, just a few cleaning comment that would be needed....

[chmouel]

I see the point of @piyush-garg even if i don't think it would cause problem but i think @zakisk you can remove that variable being on the struct and instead be scoped to the function that would be at least a saner code.

[zakisk]

how this bugs occurring?

@chmouel when PRs are acquired in queue_pipelinerun from semaphore and looped, (let assume that I got 5 PR and concurrency_limit is 3 so I got 3 PRs in acquired list), for first PipelineRun r.secretNS value is empty in the loop at this point when calling updatePipelineRunToInProgress and updatePipelineRunToInProgress returning error from this line saying "an empty namespace may not be set when a resource name is provided" and loop is ending on first PR leaving other two PRs (concurrency_limit - 1 PRs) in queued state and as they are removed from semaphore they aren't no more in acquired list when next time ReconcileKind is called.

[zakisk]

how to reproduce it?

I had encounter this while I was writing gitea tests for SRVKP-5560 (PR link), so if you run tests of this PR without that r.secretNS assigment code, or any other existing concurrency test with concurrency_limit greater than 1, you will get that bug e.g. TestGiteaConcurrencyExclusivenessMultiplePipelines.

[chmouel]

how this bugs occurring?

@chmouel when PRs are acquired in queue_pipelinerun from semaphore and looped, (let assume that I got 5 PR and concurrency_limit is 3 so I got 3 PRs in acquired list), for first PipelineRun r.secretNS value is empty in the loop at this point when calling updatePipelineRunToInProgress and updatePipelineRunToInProgress returning error from this line saying "an empty namespace may not be set when a resource name is provided" and loop is ending on first PR leaving other two PRs (concurrency_limit - 1 PRs) in queued state and as they are removed from semaphore they aren't no more in acquired list when next time ReconcileKind is called.

great but can you add this to the PR description, the git commit and the SRVKP ? that will makes easier for everyone to know what the code was doing..

[chmouel]

how to reproduce it?

I had encounter this while I was writing gitea tests for SRVKP-5560 (PR link), so if you run tests of this PR without that r.secretNS assigment code, or any other existing concurrency test with concurrency_limit greater than 1, you will get that bug e.g. TestGiteaConcurrencyExclusivenessMultiplePipelines.

yeah just wanted you add this to the PR description to explain to the reviewer like me (or qe engineers) when looking at the PR how to test your PR easily without having to read the code.....

[zakisk]

great but can you add this to the PR description, the git commit and the SRVKP ? that will makes easier for everyone to know what the code was doing..

@chmouel oh, ok I will, I missed that.

[zakisk]

yeah just wanted you add this to the PR description to explain to the reviewer like me (or qe engineers) when looking at the PR how to test your PR easily without having to read the code.....

Added reproduction steps to SRVKP.

[chmouel]

LGTM, good work @zakisk