codeberg.org blocks ci.codeberg.org with too many requests #223

Epsilon_02 commented 2025年02月14日 14:10:59 +01:00

codeberg.org blocks ci.codeberg.org with too many requests:
image
This error occurs on almost every page (e.g. branches tab).

Due to the recent events I understand there is some stricter approaches, but I think ci.codeberg.org should be whitelisted in some way or another.
Correct me if I am wrong.

codeberg.org blocks ci.codeberg.org with too many requests:  This error occurs on almost every page (e.g. branches tab). Due to the recent events I understand there is some stricter approaches, but I think ci.codeberg.org should be whitelisted in some way or another. Correct me if I am wrong.

pat-s commented 2025年02月14日 15:39:19 +01:00

@fnetX @Gusted @ashimokawa

@fnetX @Gusted @ashimokawa

Tahinli commented 2025年02月14日 18:10:26 +01:00

I don't understand woodpecker is down for nearly one day. It's strange that is not solved by now though.

I don't understand woodpecker is down for nearly one day. It's strange that is not solved by now though.

pat-s commented 2025年02月14日 18:17:17 +01:00

CI is working fine besides rate-limited corner cases and nothing is done for one day.

Proof: https://ci.codeberg.org/repos/12705

CI is working fine besides rate-limited corner cases and nothing is done for one day. Proof: https://ci.codeberg.org/repos/12705

Tahinli commented 2025年02月14日 18:38:55 +01:00

@pat-s wrote in #223 (comment):

CI is working fine besides rate-limited corner cases and nothing is done for one day.

Proof: https://ci.codeberg.org/repos/12705

Seems like my fault to couldn't initialize my workflow correctly.
I was checking here
https://status.codeberg.org/status/codeberg
image

After seeing this I thought problem is about server.

You guys know why I can't see anything:

https://codeberg.org/Tahinli/personality/src/branch/main/.woodpecker/deploy.yaml

https://ci.codeberg.org/repos/14212

Edit:

Somehow at least woodpecker get triggered but it can't detect pipeline file even though there is

image

@pat-s wrote in https://codeberg.org/Codeberg-CI/feedback/issues/223#issuecomment-2820542: > CI is working fine besides rate-limited corner cases and nothing is done for one day. > > Proof: https://ci.codeberg.org/repos/12705 Seems like my fault to couldn't initialize my workflow correctly. I was checking here https://status.codeberg.org/status/codeberg  After seeing this I thought problem is about server. You guys know why I can't see anything: https://codeberg.org/Tahinli/personality/src/branch/main/.woodpecker/deploy.yaml https://ci.codeberg.org/repos/14212 Edit: Somehow at least woodpecker get triggered but it can't detect pipeline file even though there is 

Epsilon_02 commented 2025年02月14日 23:05:25 +01:00

@Tahinli I am not sure what your broken pipeline config has to do with this issue but fine.
As woodpecker tells you your yaml is invalid.
My first guess is the indentation of your environment is not correct.
When you are using the optional name in steps I think you have to modify the indentation.
Check out the docs.

@Tahinli I am not sure what your broken pipeline config has to do with this issue but fine. As woodpecker tells you your yaml is invalid. My first guess is the indentation of your environment is not correct. When you are using the optional `name` in steps I think you have to modify the indentation. Check out the [docs](https://woodpecker-ci.org/docs/usage/environment).

Tahinli commented 2025年02月15日 05:33:14 +01:00

Finally works. This process made me remember my feelings about yaml files.

Finally works. This process made me remember my feelings about yaml files.

pat-s commented 2025年02月15日 09:58:38 +01:00

@Epsilon_02 The internal IPs making requests to CB are whitelisted.
During the recent attacks (including yesterday, especially evening) the DNS gets moved and altered and services like CI are temporarily taken out. I know this does not directly relate to a rate-limiting, but again, this is just what I know and it might play into it, at least.

There might be still some improvements which can be done, outside of the "attack bubble". Would you mind sharing in which way you're using outside requests from ci.codeberg to codeberg?

@Epsilon_02 The internal IPs making requests to CB are whitelisted. During the recent attacks (including yesterday, especially evening) the DNS gets moved and altered and services like CI are temporarily taken out. I know this does not directly relate to a rate-limiting, but again, this is just what I know and it might play into it, at least. There might be still some improvements which can be done, outside of the "attack bubble". Would you mind sharing in which way you're using outside requests from ci.codeberg to codeberg?

Epsilon_02 commented 2025年02月15日 13:16:14 +01:00

@pat-s thank you very much.

Nothing special. Just wanted to run a simple pipeline (first time yesterday since a few days) with the builtin clone, check formatting, testing and building. But even this was not possible, I got instantly the rate limiting issue.
I am part of a few projects which build their own docker images and push them to the codeberg registry but the last run of them were a week ago.

I hope I understood your question correctly.

@pat-s thank you very much. Nothing special. Just wanted to run a simple pipeline (first time yesterday since a few days) with the builtin clone, check formatting, testing and building. But even this was not possible, I got instantly the rate limiting issue. I am part of a few projects which build their own docker images and push them to the codeberg registry but the last run of them were a week ago. I hope I understood your question correctly.

pat-s commented 2025年02月15日 13:41:58 +01:00

Thanks.

Your logs seem to be from the clone step taking the public route for the API request. This usually shouldn't be an issue or result in rate-limiting, I very much think this was related to a stricter limit (or even a general block) during the attacks in the last days.
If so, in such cases everybody is affected since this is the route everyone is taking.

Does it work now again?
(I've also seen many builds in the last days which errored due to some connectivity issues, these can definitely be attributed to the attacks in the last days.)

Thanks. Your logs seem to be from the clone step taking the public route for the API request. This usually shouldn't be an issue or result in rate-limiting, I very much think this was related to a stricter limit (or even a general block) during the attacks in the last days. If so, in such cases everybody is affected since this is the route everyone is taking. Does it work now again? (I've also seen many builds in the last days which errored due to some connectivity issues, these can definitely be attributed to the attacks in the last days.)

Epsilon_02 commented 2025年02月15日 16:18:33 +01:00

Yes it works again (except a broken pipeline config on my side xD).
I understand that rate limiting is necessary in situations like the last days, but I thought perhaps rate limit the own CI is an oversight. This was the main reason why I opened this issue.

I would close this issue because the main reason is fixed.

Yes it works again (except a broken pipeline config on my side xD). I understand that rate limiting is necessary in situations like the last days, but I thought perhaps rate limit the own CI is an oversight. This was the main reason why I opened this issue. I would close this issue because the main reason is fixed.