Fix git clone/fetch hanging indefinitely on unreachable repos #875
+279
−11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add timeout support to server-side pygit2 clone and fetch operations via asyncio.wait_for. Wire existing POLICY_REPO_CLONE_TIMEOUT config into GitPolicyFetcher. Re-raise errors from _clone() instead of silently swallowing them so callers can handle failures properly. Co-Authored-By: Claude Opus 4.5 <[email protected]>
✅ Deploy Preview for opal-docs canceled.
|
danyi1212
requested changes
Feb 5, 2026
| ) | ||
| try: | ||
| repo: Repository = await run_sync( | ||
| repo: Repository = await run_sync_with_timeout( |
Collaborator
There was a problem hiding this comment.
We need to make sure that in case of a timeout, we actually terminate the Git subprocess
| datetime.datetime.now() | ||
| ) | ||
| try: | ||
| await run_sync_with_timeout( |
Collaborator
There was a problem hiding this comment.
Timeout should be for the entire sync procedure, not individually fetch and clone. That would naturally double the actual timeout
| return False | ||
| return last_fetched > t | ||
|
|
||
| async def fetch_and_notify_on_changes( |
Collaborator
There was a problem hiding this comment.
We should instrument this function
omer9564
reviewed
Feb 5, 2026
| async def run_sync_with_timeout( | ||
| func: Callable[P_args, T_result], | ||
| *args: P_args.args, | ||
| timeout: Optional[float] = None, |
Contributor
There was a problem hiding this comment.
if the upstream function have "timeout" kwarg then you can't pass it to it, make it more unique
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
asyncio.wait_fortimeout to pygit2clone_repositoryandfetchoperations inGitPolicyFetcher, preventing indefinite hangs when a git repo is unreachablePOLICY_REPO_CLONE_TIMEOUTconfig (previously unused for scoped repos) intoGitPolicyFetcherviaScopesServicepygit2.GitErrorandasyncio.TimeoutErrorfrom_clone()instead of silently swallowing errors, sosync_scopecan handle failures properlyLinear Issue
https://linear.app/permit/issue/PER-13817/fix-git-clonefetch-operations-hanging-indefinitely-on
Tests
run_sync_with_timeout(5 tests)GitPolicyFetcherclone/fetch timeout and error handling (5 tests)Test plan
POLICY_REPO_CLONE_TIMEOUT=0(default) preserves existing behavior — no timeout appliedPOLICY_REPO_CLONE_TIMEOUT=30causes clone/fetch to abort after 30s on unreachable repos🤖 Generated with Claude Code