fix(install): retry download body stream, verification, and extraction#1719
Merged
Conversation
CI intermittently failed with three different errors that share one root cause: the HTTP retry logic wrapped only the request setup (`send().await?.error_for_status()`), which returns as soon as the response headers arrive. The body streaming to disk, hash verification, and tar/archive extraction all happened *after* the retry closure returned, so a truncated or corrupt download surfaced immediately as `UnexpectedEof` (tar extraction), `HashMismatch` (verification), or a failed node download — none of which triggered a retry. Affected flaky tests: - vite_install: test_detect_package_manager_with_yarn_config_cjs (UnexpectedEof) - vite_install: test_download_success_package_manager_with_sha1_and_sha224 (HashMismatch) - vite_js_runtime: test_execute_node_version (download failed) Fix: - request.rs: `download_file` now retries the request + body stream as a single unit and detects truncation (bytes written != advertised Content-Length). `download_and_extract_tgz_with_hash` retries the full download → verify → extract pipeline on transient content-integrity errors (Io / HashMismatch), resetting the target dir each attempt. Network errors stay inside `download_file`'s retry and the 404 -> PackageManagerVersionNotFound mapping is preserved. - download.rs (node): `download_file` retries request + body stream with the same Content-Length truncation check. - runtime.rs (node): wraps download → verify → extract in a content-integrity retry mirroring the install path, so a complete-but-corrupt node archive is re-downloaded instead of aborting. Adds deterministic httpmock regression tests proving a corrupt archive and a hash mismatch are retried by the full pipeline.
✅ Deploy Preview for viteplus-preview canceled.
|
Member
Author
|
@cursor review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Cursor Bugbot flagged retry multiplication: a truncated download surfaced as `Error::Io` from `download_file`'s own retry, and the outer `download_and_extract_tgz_with_hash` retry also matched `Error::Io`, so a persistent failure could trigger up to 4×4 = 16 download attempts. Collapse to a single retry layer: `_once` now downloads with a no-retry client (`HttpClient::with_config(0, 0)`), and the pipeline retry owns all resilience. The predicate (`is_retryable_download_error`) retries transient network/HTTP errors (except 404), truncated downloads, corrupt-archive extraction, and hash mismatches; a 404 and permanent config errors fail fast and propagate unchanged so the caller still maps 404 → PackageManagerVersionNotFound (now without wasted retries).
Member
Author
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 0183c8f. Configure here.
fengmk2
added
test: e2e
cpojer
approved these changes
Jun 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
CI intermittently failed with three different errors that share one root cause: the HTTP retry logic wrapped only the request setup (
send().await?.error_for_status()), which returns as soon as the response headers arrive. The body streaming to disk, hash verification, and tar/archive extraction all happened after the retry closure returned, so a truncated or corrupt download surfaced immediately and was never retried.Flaky tests observed across recent runs:
test_detect_package_manager_with_yarn_config_cjsTarError UnexpectedEoftest_download_success_package_manager_with_sha1_and_sha224HashMismatchtest_execute_node_versionFix
crates/vite_install/src/request.rsdownload_file: the request and the body stream are now a single retried unit, plus a Content-Length truncation check (bytes written != advertised length → error → re-download).download_and_extract_tgz_with_hash: wraps download → verify → extract in a content-integrity retry (is_retryable_extract_errorretries onlyIo/HashMismatch; it deliberately excludesReqwest— already retried insidedownload_file— so the caller's404 → PackageManagerVersionNotFoundmapping is preserved). Each attempt resets the target dir.crates/vite_js_runtime/src/download.rs(node)download_file: same network-layer fix — request + body stream as one retried unit with the Content-Length truncation check.crates/vite_js_runtime/src/runtime.rs(node)download_filesurfaces an exhausted download asDownloadFailed, which the predicate excludes, so there's no retry multiplication.)Tests
httpmockregression tests proving a corrupt archive and a hash mismatch are retried by the full pipeline (they assert the server receives >1 hit; both failed before the fix with "only attempted 1 time(s)").cargo clippy -p vite_install -p vite_js_runtime --all-targets -- -D warnings→ clean.vite_js_runtimelib → 104 passed (incl. the realtest_download_node_integration).test_download_failed_package_manager_with_hashstill returnsHashMismatch.Follow-ups (not in this PR)
vite_shareddownload helper, which would also coverget_bytes/vp upgradeand prevent the next download site from regressing.Content-Length); the hash/extract retry is the backstop there.Note
Medium Risk
Touches core download/install paths for package managers and Node with layered retries; behavior changes (404 handling preserved) but wrong predicates could over-retry or skip needed retries.
Overview
Fixes intermittent install/CI failures where HTTP retries only covered headers (
send+error_for_status), so truncated bodies, hash mismatches, and bad archives failed once with no retry.Network layer:
download_fileinvite_installandvite_js_runtimenow retries request + body write as one unit and errors when bytes written ≠ advertisedContent-Length(Node downloads also reset the progress bar each attempt).Integrity layer: Package-manager tarballs use a single pipeline retry (download → hash → extract) via
download_and_extract_tgz_with_hash_once, withis_retryable_download_error(retries I/O/hash/transient HTTP; not 404). Inner downloads useHttpClient::with_config(0, 0)to avoid nested retries. Node runtime install gets the same pattern withis_retryable_runtime_errorafter SHASUMS are resolved once.Adds httpmock tests asserting corrupt archives and hash mismatches trigger more than one download attempt.
Reviewed by Cursor Bugbot for commit 0183c8f. Configure here.