Skip to content

Fix local spec regression when running secret detection in parallel

Ahmed Hemdan requested to merge fix-local-spec-regression-when-running-secret-detection-scans-in-parallel into master

What does this MR do and why?

This merge request fixes a local regression that happened in the secrets push check specs after !139053 (merged) was merged.

This only happened locally and therefore wasn't picked up in CI due to how gitaly/praefect is configured and spawned on CI vs. locally.

  • When running tests on CI, gitaly/praefect is spawned outside the rspec process, so it’s available all while the test suite runs.
  • When running tests locally, gitaly is spawned as a separate process, and has this Kernel.at_exit hook which stops gitaly/praefect processes when called.

It seems that Parallel gem calls the Kernel.at_exit hook at some point during scanning (probably when killing sub-processes), resulting in connection refused errors as the one below:

GRPC::Unavailable:
        14:connections to all backends failing; last error: UNKNOWN: unix:tmp/tests/gitaly/praefect.socket: Connection refused. debug_error_string:{UNKNOWN:connections to all backends failing; last error: UNKNOWN: unix:tmp/tests/gitaly/praefect.socket: Connection refused {grpc_status:14, created_time:"2024-01-06T01:06:45.58332+01:00"}}

To fix the issue, we disable scanning in subprocesses by introducing a new constant RUN_IN_SUBPROCESS, and then we stub that constant to equal false in the secrets push check spec, essentially ensuring that scanning in the spec is not done in subprocesses, therefore, not triggering Kernet.at_exit hook.

For more information, please refer to this thread (slack, internal, only available for 90 days).

MR acceptance checklist

I evaluated this MR against the MR acceptance checklist.

Merge request reports