Skip to content

Yocto pipeline: error handling, gzip uploads, visibility flag#169

Merged
vpetersson merged 6 commits intomasterfrom
yocto-error-handling
Feb 23, 2026
Merged

Yocto pipeline: error handling, gzip uploads, visibility flag#169
vpetersson merged 6 commits intomasterfrom
yocto-error-handling

Conversation

@vpetersson
Copy link
Contributor

Summary

  • Plan limit early-stop: Detect 403 "maximum components" errors and stop the Yocto pipeline immediately instead of repeating the same error for every remaining package (10,000+ times)
  • Gzip-compressed uploads: Payloads over 1MB are automatically gzip-compressed (Content-Encoding: gzip), reducing a 50MB SPDX 3 file to ~2MB and avoiding Cloudflare 524 upstream timeouts
  • --visibility flag: Set visibility (public/private/gated) on newly created components via create-then-PATCH
  • --max-packages hidden flag: Debug/testing option to limit SPDX 2.2 package processing
  • Configurable upload timeout: SBOMIFY_UPLOAD_TIMEOUT env var overrides the default 120s

Test plan

  • SPDX 2.2 dry run (10,486 packages discovered, clean exit)
  • SPDX 3 dry run (62,129 elements, 325 packages, clean exit)
  • SPDX 3 live upload (50MB gzipped to 2.1MB, uploaded in 8s, release tagged)
  • SPDX 2.2 live upload with --augment --enrich --visibility public --max-packages 150 (119 components created, augmented, uploaded, release tagged, 0 errors)
  • Plan limit early-stop verified (clean stop with actionable message)
  • Scoped token verified (all components on correct team)
  • All 1700+ existing tests pass

🤖 Generated with Claude Code

vpetersson and others added 4 commits February 23, 2026 10:11
Detect 403 "maximum components" errors and stop the Yocto pipeline
immediately instead of repeating the same error for every remaining
package. Also make the upload timeout configurable via
SBOMIFY_UPLOAD_TIMEOUT env var for large SBOM files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Payloads over 1MB are automatically gzip-compressed before upload,
with Content-Encoding: gzip header. A 50MB SPDX 3 file compresses
to ~2MB, avoiding Cloudflare 524 upstream timeouts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Creates components then PATCHes visibility (public/private/gated)
since the create endpoint doesn't accept visibility directly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Limits SPDX 2.2 package processing to N packages. Hidden from
help output, intended for testing against staging environments
with component limits.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings February 23, 2026 13:59
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the Yocto pipeline with improved error handling, performance optimizations, and new configuration options. The changes focus on making the pipeline more resilient to plan limits, reducing upload timeouts through compression, and providing better control over component visibility.

Changes:

  • Added PlanLimitError exception to detect and handle plan limit errors (403 with "maximum" in detail), enabling early pipeline termination instead of repeating errors thousands of times
  • Implemented automatic gzip compression for uploads over 1MB to avoid Cloudflare timeouts, reducing a 50MB SPDX 3 file to ~2MB
  • Added --visibility CLI flag to set component visibility (public/private/gated) via PATCH after creation
  • Added hidden --max-packages flag for debugging/testing to limit SPDX 2.2 package processing
  • Made upload timeout configurable via SBOMIFY_UPLOAD_TIMEOUT environment variable

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
sbomify_action/exceptions.py Added PlanLimitError exception class extending APIError
sbomify_action/_yocto/api.py Added plan limit detection in create_component, new patch_component_visibility function
sbomify_action/_yocto/pipeline.py Added plan limit early-stop logic, visibility patching for new components, max-packages limiting
sbomify_action/_yocto/models.py Added visibility and max_packages fields to YoctoConfig
sbomify_action/cli/main.py Added --visibility and --max-packages CLI options to yocto command
sbomify_action/_upload/destinations/sbomify.py Changed file reading to binary mode, added gzip compression for large files, configurable timeout
tests/test_yocto_api.py Added tests for plan limit error detection and 403 error handling
tests/test_yocto_pipeline.py Added test for plan limit early-stop behavior

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

vpetersson and others added 2 commits February 23, 2026 14:13
- Fix ruff format issues in 4 files
- Fix docstring/behavior mismatch on patch_component_visibility
- Guard SBOMIFY_UPLOAD_TIMEOUT env var against invalid values

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ility pipeline

Addresses remaining review comments:
- 4 tests for patch_component_visibility API (success, failure warns, connection/timeout errors)
- 3 tests for gzip compression in upload (small file uncompressed, large file compressed, ratio check)
- 3 tests for visibility patching in pipeline (set on created only, not set when unconfigured, stops after plan limit)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings February 23, 2026 14:22
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated no new comments.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@vpetersson vpetersson merged commit 6b22d9d into master Feb 23, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants