Description
the VCL used to invoke the actions with some headers:

also, it used to send those headers:

{
  'X-Openwhisk-Activation-Id': this._wskActivationId,
  'X-Request-Id': this._requestId,
  'X-Backend-Name': 'localhost--F_Petridish',
  'X-CDN-Request-ID': this._cdnRequestId,
  'X-Strain': this._strain.name,
  'X-Old-Url': this._url,
  'X-Repo-Root-Path': repoPath,
}

which are now missing....

While working on adobe/openwhisk-action-logger#3, I realised that the incoming __ow_headers are not transferred to the static action.

I am not sure if this is a design choice or just that we never needed them before.

@trieloff Idea ?

Instead of requesting the raw url, we should use https://github.com/adobe/helix-resolve-git-ref to resolve the head sha of the respective ref and pass this ref to the pipeline (or helix-static).

The dependency @adobe/helix-pingdom-status was updated from 2.0.0 to 2.0.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@adobe/helix-pingdom-status is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Description
The entry param for helix-static is no longer needed.
see adobe/helix-static#19

Description
if a fetcher.resolve throws an exception, it bubles up to openwhisk and returns a single application error with no logs or error message.

In order to prevent frequently visited pages from becoming unavailable due to errors, I'd like to use the stale-if-error cache directive to all responses as described here: https://www.fastly.com/blog/stale-while-revalidate-stale-if-error-available-today

I'd suggest a value of 43200 (=12 hours), which should give us enough recovery time for intermittent issues.

Question for @kptdobe and @davidnuescheler: should we do the same (or a lower) value for Helix-Pages when the X-Dispatch-NoCache request header is set?

Is your feature request related to a problem? Please describe.
in order to trace the action invocations in epsagon, the x-request-id header should be passed along to all actions.

see adobe/helix-pipeline#641

The devDependency snyk was updated from 1.184.0 to 1.185.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

snyk is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Description
If a fetcher-action returns 500, e.g. due to an error in a pre.js, or a gatewat timeout, the final response will be the 404 of the error page.

Expected behavior
it would probably be better to treat all non 404 responses as critical and abort the fetcher sequence.

The dependency @adobe/helix-pingdom-status was updated from 1.4.3 to 1.4.4.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@adobe/helix-pingdom-status is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Description
Using debug log level reveals secrets on the log streams.

Idea: at the same time as the normal invocations are running, look up lib-aio-state if a vanity URL has been registered. If no (in most cases) just proceed. If yes, restart the resolution with the new path.

As long as lib-aio-state is not slower than a runtime invocation itself, this should have negligible performance impact.

This issue might be better for Helix Static.

The dependency @adobe/openwhisk-action-builder was updated from 1.3.1 to 1.4.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@adobe/openwhisk-action-builder is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

also, there are a lot of unnecessary invocations, like requesting 404.html for the gazillions of time.
also note, that the actual action invocation might not be a problem, but for example executing the static concurrently, each activation still makes tcp requests (github, epsagon, coralogix) which are by default keep-alive and produce probably lingering sockets. especially, since the processes are long-lived. also, the ssh handshake is not for free, either.

• maybe adding a simple memory cache to dispatch for resolve-ref and the 404 statics could also remove some of the load.

Originally posted by @tripodsan in adobe/helix-home#87 (comment)

Increase the readability of the fetcher function by factoring out the individual steps

The repo name change should be quite simple, but I'd also change the package name (and thus the URL)

Description
90% of the action requests are 404 which are logged on error loglevel. since a 404 is expected, it should be logged in info.

The devDependency @semantic-release/exec was updated from 3.3.4 to 3.3.5.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@semantic-release/exec is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The params parameter with URL-encoded filtered list of parameters isn't supported.

{
   "level"  :  "error" ,
   "ow"  : {
     "actionName"  :  "/helix/helix-services-private/dispatch@ci1051" ,
    (...)
   },
   "message"  :  "Cannot read property '_logImpl' of undefined" ,
   "timestamp"  :  "2019-12-04T11:15:59.165319743Z" 
},
{
   "level"  :  "error" ,
   "ow"  : {
     "actionName"  :  "/helix/helix-services-private/dispatch@ci1051" ,
    (...)
    },
   "message"  :  "error while invoking fetchers: TypeError: Cannot read property '_logImpl' of undefined" ,
   "timestamp"  :  "2019-12-04T12:10:34.351011366Z" 
}

Maybe these are limited to CI builds, but I think it would still be good to find out why they are happening.

content.root

probably introduced with #59:

the backend request is:

/api/v1/web/helix-pages/helix-services/experimental-dispatch@v1?static.owner=adobe&static.repo=project-helix.io&static.ref=master&static.root=/htdocs&content.owner=adobe&content.repo=project-helix.io&content.ref=master&content.root=&content.package=bf8c6033dbc9a3581d5588e0e87a548be8fef7dd&content.index=index.html&path=/index.html&strain=default&params=

but it tries to invoke the html in the default action:

2019-07-31T01:18:38.185Z       stdout: ERROR - POST https://runtime.adobe.io:443/api/v1/namespaces/helix-pages/actions/default/html?blocking=true Returned HTTP 404 (Not Found) --> "The requested resource does not exist."

As defined in adobe/helix-pages#17, we need at the project level a way to control the cache headers from response of the dispatch method. This would allow a project to define the cache strategy if the default one is not satisfying.

I initially though that adding a request header to define the Cache-Control response would be a good strategy. But I spent half a day testing many combinations of the Cache-Control and Surrogate-Control and it turns out that both are needed and some cases do not work as expected:

Works and tells the browser that he can keep the file for a while:

resp.headers['Cache-Control'] = 'max-age=604800, private';
resp.headers['Surrogate-Control'] = 'max-age=0';

Works but browser will request the files each time:

resp.headers['Cache-Control'] = 'no-cache';
resp.headers['Surrogate-Control'] = 'max-age=0';

Followings do not work, Fastly still caches the response (based on the spec, I would assume this should work):

resp.headers['Cache-Control'] = 'no-store';
resp.headers['Surrogate-Control'] = 'max-age=0';

resp.headers['Cache-Control'] = 'no-cache';

Based on the complexity of this, I suggest to simply implement an on/off flag: if you add the X-Dispatch-NoCache request header (value does not matter), the response will set the appropriate headers so that it does not get cached by Fastly. Gives less control but at least it is easy to enable.

Process ESI here instead of Fastly, so that we can make use of compression (and advanced ESI features like fallbacks)

{
   "level"  :  "error" ,
   "ow"  : {
     "actionName"  :  "/helix/helix-services-private/[email protected]" ,
    (...)
  },
   "message"  :  "no valid response could be fetched: Error: Error invoking b698135bbce5397e27ee1766ad6ab789d295b26b/html(org/repo/5a16d09996358f059a79bd0dd03712ccd1a76aed/posts/2019/foo.md): 502" ,
   "timestamp"  :  "2019-12-03T15:32:03.579018220Z" 
}

This looks like a bubble up of https://github.com/adobe/helix-word2md/issues/72 i.e. a 404 - in which case it should not produce an ERROR in the log either.

Description
If a git-resolve-ref action is failing, the resulting ref is undefined and used as literal in the ref parameter when invoking the static or dynamic actions

In order to avoid naming confusion with Promise.race, rename race into … @koraa, what was your suggestion?

The devDependency @semantic-release/git was updated from 7.0.13 to 7.0.14.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@semantic-release/git is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

When requesting /authors/lars.html, dispatch should not just request /authors/lars.md, but also /authors/default.md, so that we can create a page that says "this author does not exist".

The devDependency @semantic-release/github was updated from 5.4.1 to 5.4.2.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@semantic-release/github is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

1. request to deployed site:

$ curl -D- https://www.99productrules.com/index.html
HTTP/2 404
x-backend-url: /api/v1/web/tripod/helix-services/dispatch@v2?static.owner=tripodsan&static.repo=hlxtest&static.ref=master&static.root=/htdocs&content.owner=tripodsan&content.repo=hlxtest&content.ref=master&content.root=&content.package=github-com--tripodsan--hlxtest--master-dirty&content.index=index.html&path=/index.html&strain=default&rootPath=&params=

2. logs of dispatch:

$ wsk activation logs 3fc1764942dd417d81764942ddd17d1a | sort
2019-10-03T01:48:56.499Z       stdout: configured coralogix logger.
2019-10-03T01:48:56.528Z       stdout: [INFO] instrumenting epsagon.
2019-10-03T01:48:57.476Z       stdout: [INFO] [0] Action: github-com--tripodsan--hlxtest--master-dirty/hlx--static
2019-10-03T01:48:57.478Z       stdout: [INFO] [1] Action: github-com--tripodsan--hlxtest--master-dirty/html
2019-10-03T01:48:57.479Z       stdout: [INFO] [3] Action: github-com--tripodsan--hlxtest--master-dirty/hlx--static
2019-10-03T01:48:57.480Z       stdout: [INFO] [2] Action: github-com--tripodsan--hlxtest--master-dirty/hlx--static
2019-10-03T01:48:57.481Z       stdout: [INFO] [4] Action: github-com--tripodsan--hlxtest--master-dirty/hlx--static
2019-10-03T01:48:58.659Z       stdout: [INFO] [4] 149e3a36337144f29e3a36337134f21c 404
2019-10-03T01:48:58.801Z       stdout: [INFO] [2] eee80e98f8284baaa80e98f8286baa31 404
2019-10-03T01:48:58.803Z       stdout: [INFO] [3] c5d1bd1802cb431691bd1802cb2316c0 404
2019-10-03T01:48:58.820Z       stdout: [INFO] [0] 08c3805636c6435683805636c6735664 404
2019-10-03T01:49:00.381Z       stdout: [INFO] [1] 96545de800524286945de80052f286e7 404 StatusCodeError: 404 - "404: Not Found\n"
2019-10-03T01:49:00.383Z       stdout: [ERROR] no valid response could be fetched
2019-10-03T01:49:00.384Z       stdout: [ERROR] Error invoking github-com--tripodsan--hlxtest--master-dirty/hlx--static(tripodsan/hlxtest/undefined/index.html): 404
2019-10-03T01:49:00.385Z       stdout: [ERROR] Error invoking github-com--tripodsan--hlxtest--master-dirty/hlx--static(tripodsan/hlxtest/undefined/index.html): 404
2019-10-03T01:49:00.385Z       stdout: [ERROR] Error invoking github-com--tripodsan--hlxtest--master-dirty/html(tripodsan/hlxtest/undefined/index.md): 404
2019-10-03T01:49:00.386Z       stdout: [ERROR] Error invoking github-com--tripodsan--hlxtest--master-dirty/hlx--static(tripodsan/hlxtest/undefined/404.html): 404
2019-10-03T01:49:00.387Z       stdout: [ERROR] Error invoking github-com--tripodsan--hlxtest--master-dirty/hlx--static(tripodsan/hlxtest/undefined/404.html): 404

3. request to resolve-ref:

$ wsk activation get 87fd19b8ff964a37bd19b8ff968a370c
ok: got activation 87fd19b8ff964a37bd19b8ff968a370c
{
    "response": {
        "status": "success",
        "statusCode": 0,
        "success": true,
        "result": {
            "body": "failed to fetch git repo info (statusCode: 401, statusMessage: Authorization Required)",
            "statusCode": 404
        }
    },
}

4. logs html action:

$ wsk activation logs 96545de800524286945de80052f286e7 | sort
2019-10-03T01:48:59.762Z       stdout: warn: Recoverable error: no ref given for hlxtest/tripodsan, falling back to master
2019-10-03T01:49:00.214Z       stdout: debug: resolved github-ref 'master' to 'd1143383eb41d12a883e404422dac47e26fbe0db'
2019-10-03T01:49:00.215Z       stdout: debug: fetching Markdown from https://raw.githubusercontent.com/tripodsan/hlxtest/d1143383eb41d12a883e404422dac47e26fbe0db/index.md
2019-10-03T01:49:00.381Z       stdout: error: Could not find Markdown at https://raw.githubusercontent.com/tripodsan/hlxtest/d1143383eb41d12a883e404422dac47e26fbe0db/index.md

5. activation of subsequence resolve-ref:

$ wsk activation get b2c9a2b1b7c94b6989a2b1b7c91b6927
ok: got activation b2c9a2b1b7c94b6989a2b1b7c91b6927
    "response": {
        "status": "success",
        "statusCode": 0,
        "success": true,
        "result": {
            "body": {
                "fqRef": "refs/heads/master",
                "sha": "d1143383eb41d12a883e404422dac47e26fbe0db"
            },

only a request to / or *.html should fallback to a 404.html.

The devDependency @adobe/helix-shared was updated from 2.0.0 to 2.1.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@adobe/helix-shared is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Description
the path parameter might contain multiple slashes, if the VCL logic didn't clean it up properly. the dispatcher should be more robust and sanitize it.

/cc @ryanbetts

The devDependency semantic-release was updated from 15.13.17 to 15.13.18.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

semantic-release is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

Description
the coralogix host should be filtered, but we see traces:

The devDependency @semantic-release/npm was updated from 5.1.12 to 5.1.13.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@semantic-release/npm is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The dependency snyk was updated from 1.192.0 to 1.192.1.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

snyk is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

The dependency epsagon was updated from 1.28.0 to 1.29.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

epsagon is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

Description
Requests with selectors are delegated wrongly to the action.

eg:

https://www.project-helix.io/SUMMARY.summary.html

invokes the action with:

{
  "name": "bf8c6033dbc9a3581d5588e0e87a548be8fef7dd/summary_html",
  "blocking": true,
  "result": true,
  "params": {
    "path": "/SUMMARY.summary.md",
    "owner": "adobe",
    "repo": "project-helix.io",
    "ref": "master",
    "package": "bf8c6033dbc9a3581d5588e0e87a548be8fef7dd",
    "params": ""
  }
}

the path is wrong, and should only be /SUMMARY.md

Description
since the recent changes in openwhisk package layout, the invocation of resolve-git-ref gives an authentication error:

 OpenWhiskError: POST https://runtime.adobe.io:443/api/v1/namespaces/helix-pages/actions/helix-services/resolve-git-ref@v1?blocking=true Returned HTTP 403 (Forbidden) --> "The supplied authentication is not authorized to access 'helix/helix-services-private'.

It seems that the sequence invoker tries to load the component from /helix/helix-services/resolve-git-ref@v1 with the namespace credentials of the client. note, that invoking the action via curl works (even on the helix-pages namespace):

$ curl -sD- https://adobeioruntime.net/api/v1/web/helix-pages/helix-services/resolve-git-ref@v1/_status_check/healthcheck.json
HTTP/1.1 200 OK

but not via action invoke:

$ wsk action invoke -b helix-services/resolve-git-ref@v1
error: Unable to invoke action 'helix-services/resolve-git-ref@v1': The supplied authentication is not authorized to access 'helix/helix-services-private'. (code tPuUbpppmmTQ773H0ErtMonQDY0aeLsn)

Solutions

use http in dispatch

A simple solution would be to just use the http request via gateway to invoke the resolve-ref.

drawback:

• major rewrite of the code to work with non-action-invoke tasks
• probably extra latency to do the extra resolution

use 2nd sequence

It shows, that using a 2nd sequence will cause the invoker to use the helix namespace for authentication:

@helix
$ wsk action create --sequence /helix/helix-services/resolve-git-ref@v1_link /helix/helix-services/resolve-git-ref@v1
ok: created action helix-services/resolve-git-ref@v1_link

@helix-pages
$ wsk action invoke -b /helix-pages/helix-services/resolve-git-ref@v1_link
ok: invoked /helix-pages/helix-services/resolve-git-ref@v1_link with id 3c5ce8a0555c4a579ce8a0555cea5738

this seems imo best solution, as it doesn't require any major code change.

drawback:

• the extra sequence step is probably a bit slower

While thinking about the new architecture, I realised that the new dispatch function could be opened to extension points: the really cool thing could be that we could offer the exact same type of extensions points than for the pipeline (before, after) for each of the dispatching fetcher and a pre like function where you could do whatever you want there to completely take control of the dispatching. The first step of the dispatching function would then need to be to check if there is some extensions in the code repo.
This is just the start point of an idea, we definitively need use cases to validate that this is needed.

While working on adobe/helix-publish#378, I found out that the 403 error status reported by the html action (my example of https://alex.helix-demo.xyz/e.403.html) "does not win the fetcher race" and the static action will report a 404 which will be the one reported. I did not try with other error status but the same should certainly apply for all 400+ error messages.
The use case can be: for a specific path / file, you want to report a 403 in your pre.js. In that case, dispatch will always respond 404.

Description
If helix-dispatch is called with an non-existing branch/ref name, it will log an error level log message upon getting a 404 from helix-services/resolve-git-ref:

https://github.com/adobe/helix-dispatch/blob/master/src/fetchers.js#L307

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://unknown--myrepo--myuser.project-helix.page/'
2. Log into Coralogix and observe error:

{
  "level": " error", 
  "message": "Unable to resolve branch name 404 ref not found", 
  "ow": {
    "actionName": " /helix/helix-services-private/[email protected]", 
    (...)
  }, 
  "timestamp": " 2020-02-12T00:29:02.168896173Z"
}

Expected behavior
An info level log message would be more appropriate for errors with status codes below 500.

Additional context
Other Helix services have been changed to behave this way, see e.g.
https://github.com/adobe/helix-word2md/commit/6a0001ed42c781c0fe305698416662c8b4b9e81e

Currently content is fetched via unauthenticated GitHub raw requests. As a result private GitHub repos are not accessible. Furthermore unauthenticated GitHub raw requests might become subject to potential rate limiting/throttling.

This issue covers making Github requests using the provided GITHUB_TOKEN.

Related issues

• adobe/helix-cli#901 (hlx publish --github-token)
• adobe/helix-publish#165
• adobe/helix-pipeline#72
• #71
• adobe/helix-resolve-git-ref#1
• adobe/helix-static#46

Description
having a strain conditioned to a specific url, would remove the mount root from the path. this is not longer done in VCL or the dispatcher.