Migrated secret webhook and replication to postgres #4285
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR migrates secret webhook and replication functionality from Redis-based queues to PostgreSQL-based queues using PgBoss. The migration involves significant architectural changes while maintaining backward compatibility.
Key Changes:
- Queue Migration: Webhooks and secret replication now use
queueService.queuePg()instead ofqueueService.queue(), with updated configuration options (retryLimit,retryBackoff,retentionHoursinstead of Redis-specific options) - Service Initialization: Added
init()methods to secret replication and queue services for PostgreSQL queue setup, with proper initialization calls in the server bootstrap process - Type System Improvements: Consolidated
TSecretQueueFactorytype definition insecret-types.tsand improved type safety withTOrmify<TableName.SecretVersion>for the replication DAL - Batch Processing: Implemented batch processing for webhook jobs (
batchSize: 5) and single-item processing for replication jobs (batchSize: 1) with proper error isolation usingPromise.allSettled() - Deduplication Strategy: Replaced
jobIdwithsingletonKeyfor better deduplication semantics in PostgreSQL - Dual Queue Support: The secret replication service now supports both Redis and PostgreSQL queues during the transition period by extracting core logic into reusable functions
The changes align with Infisical's broader strategy to consolidate on PostgreSQL as the single source of truth, eliminating Redis dependency for queue management while providing better durability guarantees and ACID compliance for critical operations like webhooks and secret replication.
PR Description Notes:
- The PR description is incomplete - no actual description, type selection, or test details are provided
- Missing information about the motivation, context, and testing approach for this significant architectural change
Confidence score: 4/5
- This is a significant but well-structured migration that maintains backward compatibility during transition
- The main risk is the initialization order and potential race conditions in service startup
- Files that need attention:
backend/src/server/routes/index.ts(service initialization order),backend/src/services/secret/secret-queue.ts(complex queue migration logic), andbackend/src/ee/services/secret-replication/secret-replication-service.ts(dual queue support implementation)
14 files reviewed, no comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description 📣
Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets