Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply default rate limits for hosts/registries with known rate limit needs #27802

Open
rarkins opened this issue Mar 8, 2024 · 5 comments · Fixed by #30207
Open

Apply default rate limits for hosts/registries with known rate limit needs #27802

rarkins opened this issue Mar 8, 2024 · 5 comments · Fixed by #30207
Assignees
@zharinov
Labels
priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality)

Comments

@rarkins
Copy link
Collaborator

rarkins commented Mar 8, 2024

Describe the proposed change(s).

For example, the npmjs registry or GOPROXY does not need rate limiting applied, while the following are known to need:

  • Repology
  • crates.io
  • Rubygems API

Let's identify all such hosts in a single file/location, in a file like lib/data/host-limits.ts. I think we can reuse matchHost syntax, it can maybe even be hostRules format but is not necessary (the matchHost value can be a key for the Record).

Importantly, if a host has a default limit in this file then we should make sure that users cannot increase the rate limit using hostRules. Ideally we can catch and warn if such an attempt is made. This protects fragile registries from falling victim to flooding from Renovate users unless they really go out of their way to overcome this.
@rarkins rarkins added type:feature Feature (new functionality) priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others labels Mar 8, 2024
@denis-rossati denis-rossati mentioned this issue Mar 11, 2024
Closed
@HonkingGoose
Copy link
Collaborator

If the file is only about rate limits, we could name it: lib/data/host-rate-limits.ts. That way the name explains what the file does.

Or do you intend to cover other kinds of limits in the same file?

@HonkingGoose
Copy link
Collaborator

We may want to add these hosts/registries to the list:

@rarkins
Copy link
Collaborator Author

rarkins commented Aug 14, 2024

Gradle plugins especially

This was referenced Aug 14, 2024
Merged
Merged
Merged
Merged
@zharinov
Copy link
Collaborator

With regard to JFrog, it's not clear which host to match, but my guess it's jfrog.io. But the problem is I don't know the exact limits to apply, and probably we have to separate path by the ecosystem.

@HonkingGoose
Copy link
Collaborator

With regard to JFrog, it's not clear which host to match, but my guess it's jfrog.io. But the problem is I don't know the exact limits to apply, and probably we have to separate path by the ecosystem.

The best thing is to find a official answer on the correct rate-limit. If we can't find that info, we could try this:

  1. Start with a low limit.
  2. No rate-limit problems reported? Increase limit.
  3. Keep increasing the limit gradually.
  4. Go back to previous limit when we get reports of rate-limits.

That gets us close to the correct limit, at the cost of some trial and error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zharinov zharinov

Labels
priority-3-medium Default priority, "should be done" but isn't prioritised ahead of others type:feature Feature (new functionality)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(http): Force default rate limits for some known hosts zharinov/renovate
3 participants
@zharinov @rarkins @HonkingGoose