Skip to content

[8.19] (backport #8670) [testing] validate artifact hashes in artifact fetcher #8687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 26, 2025
Merged

[8.19] (backport #8670) [testing] validate artifact hashes in artifact fetcher #8687

merged 1 commit into from
Jun 26, 2025

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Jun 26, 2025

What does this PR do?

This PR improves the robustness of the test artifact fetcher by validating the integrity of downloaded packages and introducing retry logic for both corrupted downloads and snapshot metadata fetch failures. Specifically, it:

  • Validates the .sha512 checksum of each downloaded artifact to detect corruption.
    • Automatically retries corrupted downloads, up to 3 attempts, using a constant backoff of 3 seconds.
  • Applies retry logic to snapshot metadata resolution (e.g., .json file for snapshot build IDs), which previously failed with transient errors.

Why is it important?

This PR addresses two known failure cases in upgrade test pipelines:

  • Corrupted downloads: Previously, corrupted .tar.gz artifacts would not be detected, leading to tar extraction errors such as flate: corrupt input before offset.... This caused test flakiness and debugging overhead.
  • Transient 502 errors during metadata fetch: Snapshot builds occasionally return 502 errors when fetching the latest snapshot manifest. Without retry logic, these tests fail unnecessarily.

By introducing checksum validation and retry logic, this PR makes upgrade tests more reliable and deterministic.

Checklist

  • I have read and understood the pull request guidelines of this project.
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • I have added an integration test or an E2E test

Disruptive User Impact

None. This change only affects internal test infrastructure and does not impact users of the Elastic Agent or its public APIs.

How to test this PR locally

mage unitTest

Related issues

This is an automatic backport of pull request #8670 done by [Mergify](https://mergify.com).

@pkoutsovasilis @mergify
[testing] validate artifact hashes in artifact fetcher (#8670)
41c6aa0 
* feat: validate artifact hashes in artifact fetcher

* fix: do not load the whole file in memory

* fix: reuse existing VerifySHA512Hash to verify package hash

(cherry picked from commit 707c63f)
@mergify mergify bot added the backport label Jun 26, 2025
@mergify mergify bot requested a review from a team as a code owner June 26, 2025 07:07
@mergify mergify bot requested review from blakerouse and michalpristas and removed request for a team June 26, 2025 07:07
@mergify mergify bot mentioned this pull request Jun 26, 2025
Merged
8 tasks
@github-actions github-actions bot added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team skip-changelog labels Jun 26, 2025
@elasticmachine
Copy link
Contributor

elasticmachine commented Jun 26, 2025

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Jun 26, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@pkoutsovasilis pkoutsovasilis merged commit b3edb4e into 8.19 Jun 26, 2025
21 checks passed
@pkoutsovasilis pkoutsovasilis deleted the mergify/bp/8.19/pr-8670 branch June 26, 2025 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michalpristas michalpristas Awaiting requested review from michalpristas michalpristas is a code owner automatically assigned from elastic/elastic-agent-control-plane

@blakerouse blakerouse Awaiting requested review from blakerouse blakerouse is a code owner automatically assigned from elastic/elastic-agent-control-plane

1 more reviewer

@pkoutsovasilis pkoutsovasilis pkoutsovasilis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pkoutsovasilis pkoutsovasilis

Labels

backport skip-changelog Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elasticmachine @pkoutsovasilis