perf: stream proxied artifacts instead of buffering the full body in memory #66

Closed
opened 2026-07-02 00:20:15 +10:00 by unkinben · 0 comments
Owner

internal/proxy/engine.go:187 reads every upstream response with io.ReadAll, hashes it in memory, uploads from memory and serves from memory. Large immutable blobs (Docker layers, RPMs, tarballs, Go module zips) — or several concurrent ones — can OOM the process.

A streaming tempfile-backed CAS already exists (internal/storage/cas.go) and is used by local uploads, but the proxy path bypasses it; Engine.cas is even assigned in NewEngine and never used.

Fix: stream immutable fetches through the CAS (tee to sha256 + S3), only buffer mutable index files (small, need RewriteResponse).

`internal/proxy/engine.go:187` reads every upstream response with `io.ReadAll`, hashes it in memory, uploads from memory and serves from memory. Large immutable blobs (Docker layers, RPMs, tarballs, Go module zips) — or several concurrent ones — can OOM the process. A streaming tempfile-backed CAS already exists (`internal/storage/cas.go`) and is used by local uploads, but the proxy path bypasses it; `Engine.cas` is even assigned in `NewEngine` and never used. Fix: stream immutable fetches through the CAS (tee to sha256 + S3), only buffer mutable index files (small, need RewriteResponse).
Sign in to join this conversation.
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/artifactapi#66