fix: GC has no grace period (TOCTOU with dedup uploads) #86

Merged
benvin merged 2 commits from benvin/gc-grace-period into master 2026-07-02 22:43:18 +10:00

2 Commits

Author SHA1 Message Date
benvin bf690dda54 Merge branch 'master' into benvin/gc-grace-period
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
2026-07-02 22:36:29 +10:00
unkinben c47daca1f1 fix: add a grace period before GC deletes orphaned blobs
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/test Pipeline failed
ci/woodpecker/pr/build Pipeline failed
FindOrphanedBlobs returned any unreferenced blob, so a concurrent dedup
upload (which inserts the blob row before its artifact/local_files row)
could have its S3 object deleted mid-flight. Restrict collection to blobs
older than a 1h grace period.

Refs #71
2026-07-02 22:26:19 +10:00