feat(storage): add remote_startup_fetch_policy configuration option

Add configurable policy for handling remote git fetch failures during
startup. This allows Flipt to continue operating with stale local data
when the remote repository is temporarily unavailable.

Signed-off-by: Roman Dmytrenko <rdmytrenko@gmail.com>

Author: erka

config/flipt.schema.cue

@@ -200,6 +200,7 @@ JsonPath: string
 
 	#storage: [string]: {
 		remote?: string
+		remote_startup_policy?: *"required" | "optional"
 		backend?: {
 			type:  *"memory" | "local"
 			path?: string

config/flipt.schema.json

@@ -777,6 +777,10 @@
             "remote": {
               "type": "string"
             },
+            "remoteStartupPolicy": {
+              "type": "string",
+              "enum": ["required", "optional"]
+            },
             "backend": {
               "type": [
                 "object",

internal/config/storage.go

@@ -80,15 +80,16 @@ type StorageBackendConfig struct {
 // StorageConfig contains fields which will configure the type of backend in which Flipt will serve
 // flag state.
 type StorageConfig struct {
-	Remote          string               `json:"remote,omitempty" mapstructure:"remote" yaml:"remote,omitempty"`
-	Backend         StorageBackendConfig `json:"backend,omitempty" mapstructure:"backend" yaml:"backend,omitempty"`
-	Branch          string               `json:"branch,omitempty" mapstructure:"branch" yaml:"branch,omitempty"`
-	CaCertBytes     string               `json:"-" mapstructure:"ca_cert_bytes" yaml:"-"`
-	CaCertPath      string               `json:"-" mapstructure:"ca_cert_path" yaml:"-"`
-	PollInterval    time.Duration        `json:"pollInterval,omitempty" mapstructure:"poll_interval" yaml:"poll_interval,omitempty"`
-	InsecureSkipTLS bool                 `json:"-" mapstructure:"insecure_skip_tls" yaml:"-"`
-	Credentials     string               `json:"-" mapstructure:"credentials" yaml:"-"`
-	Signature       SignatureConfig      `json:"signature,omitempty" mapstructure:"signature,omitempty" yaml:"signature,omitempty"`
+	Remote                   string               `json:"remote,omitempty" mapstructure:"remote" yaml:"remote,omitempty"`
+	RemoteStartupFetchPolicy string               `json:"remote_startup_fetch_policy,omitempty" mapstructure:"remote_startup_fetch_policy" yaml:"remote_startup_fetch_policy,omitempty"`
+	Backend                  StorageBackendConfig `json:"backend,omitempty" mapstructure:"backend" yaml:"backend,omitempty"`
+	Branch                   string               `json:"branch,omitempty" mapstructure:"branch" yaml:"branch,omitempty"`
+	CaCertBytes              string               `json:"-" mapstructure:"ca_cert_bytes" yaml:"-"`
+	CaCertPath               string               `json:"-" mapstructure:"ca_cert_path" yaml:"-"`
+	PollInterval             time.Duration        `json:"pollInterval,omitempty" mapstructure:"poll_interval" yaml:"poll_interval,omitempty"`
+	InsecureSkipTLS          bool                 `json:"-" mapstructure:"insecure_skip_tls" yaml:"-"`
+	Credentials              string               `json:"-" mapstructure:"credentials" yaml:"-"`
+	Signature                SignatureConfig      `json:"signature,omitempty" mapstructure:"signature,omitempty" yaml:"signature,omitempty"`
 }
 
 func (c *StorageConfig) validate() error {

internal/storage/environments/environments.go

@@ -147,6 +147,9 @@ func (rm *RepositoryManager) GetOrCreate(ctx context.Context, envConf *config.En
 					zap.String("key_id", storage.Signature.KeyID))
 			}
 		}
+		if storage.RemoteStartupFetchPolicy != "" {
+			opts = append(opts, storagegit.WithRemoteStartupFetchPolicy(storage.RemoteStartupFetchPolicy))
+		}
 
 		newRepo, err := storagegit.NewRepository(ctx, logger, opts...)
 		if err != nil {
@@ -512,7 +515,14 @@ func NewStore(ctx context.Context, logger *zap.Logger, cfg *config.Config, secre
 	// branched environments have been added
 	for _, repo := range repoManager.repos {
 		if err := repo.Fetch(ctx); err != nil {
-			if !errors.Is(err, transport.ErrEmptyRemoteRepository) && !errors.Is(err, git.ErrRemoteRefNotFound) {
+			switch {
+			case errors.Is(err, transport.ErrEmptyRemoteRepository):
+				continue
+			case errors.Is(err, git.ErrRemoteRefNotFound):
+				continue
+			case repo.IsConnectionRefused(err) && repo.RemoteStartupFetchPolicy() == "optional":
+				continue
+			default:
 				return nil, err
 			}
 		}

internal/storage/git/repository.go

@@ -9,6 +9,7 @@ import (
 	"slices"
 	"strings"
 	"sync"
+	"syscall"
 	"time"
 
 	"github.com/go-git/go-billy/v6/osfs"
@@ -33,19 +34,20 @@ type Repository struct {
 
 	logger *zap.Logger
 
-	mu                 sync.RWMutex
-	remote             *config.RemoteConfig
-	defaultBranch      string
-	auth               transport.AuthMethod
-	insecureSkipTLS    bool
-	caBundle           []byte
-	localPath          string
-	readme             []byte
-	sigName            string
-	sigEmail           string
-	signer             signing.Signer
-	maxOpenDescriptors int
-	isNormalRepo       bool // true if opened with PlainOpen, false if bare repository
+	mu                       sync.RWMutex
+	remote                   *config.RemoteConfig
+	remoteStartupFetchPolicy string
+	defaultBranch            string
+	auth                     transport.AuthMethod
+	insecureSkipTLS          bool
+	caBundle                 []byte
+	localPath                string
+	readme                   []byte
+	sigName                  string
+	sigEmail                 string
+	signer                   signing.Signer
+	maxOpenDescriptors       int
+	isNormalRepo             bool // true if opened with PlainOpen, false if bare repository
 
 	subs []Subscriber
 
@@ -71,7 +73,7 @@ func NewRepository(ctx context.Context, logger *zap.Logger, opts ...containers.O
 		logger.Debug("repository empty, attempting to add and push a README")
 		// add initial readme if repo is empty
 		if _, err := repo.UpdateAndPush(ctx, repo.defaultBranch, func(fs envsfs.Filesystem) (string, error) {
-			fi, err := fs.OpenFile("README.md", os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0644)
+			fi, err := fs.OpenFile("README.md", os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0o644)
 			if err != nil {
 				return "", err
 			}
@@ -198,15 +200,28 @@ func newRepository(ctx context.Context, logger *zap.Logger, opts ...containers.O
 
 		// do an initial fetch to setup remote tracking branches
 		if err := r.Fetch(ctx); err != nil {
-			if !errors.Is(err, transport.ErrEmptyRemoteRepository) && !errors.Is(err, git.ErrRemoteRefNotFound) {
-				return nil, empty, fmt.Errorf("performing initial fetch: %w", err)
+			fetchErr := fmt.Errorf("performing initial fetch: %w", err)
+			switch {
+			case r.remoteStartupFetchPolicy == "optional" && r.IsConnectionRefused(err):
+				// if optional, we check if the error is connection refused
+				// and there is non-empty repo and flags could be evaluated
+				objs, rerr := r.CommitObjects()
+				if rerr != nil {
+					return nil, empty, fetchErr
+				}
+				_, rerr = objs.Next()
+				objs.Close()
+				if rerr != nil {
+					return nil, empty, fetchErr
+				}
+			case errors.Is(err, transport.ErrEmptyRemoteRepository) || errors.Is(err, git.ErrRemoteRefNotFound):
+				// the remote was reachable but either its contents was completely empty
+				// or our default branch doesn't exist and so we decide to seed it
+				empty = true
+				logger.Debug("initial fetch empty", zap.String("reference", r.defaultBranch), zap.Error(err))
+			default:
+				return nil, empty, fetchErr
 			}
-
-			// the remote was reachable but either its contents was completely empty
-			// or our default branch doesn't exist and so we decide to seed it
-			empty = true
-
-			logger.Debug("initial fetch empty", zap.String("reference", r.defaultBranch), zap.Error(err))
 		}
 	}
 
@@ -296,6 +311,17 @@ func (r *Repository) fetchHeads() []string {
 	return slices.Collect(maps.Keys(heads))
 }
 
+// IsConnectionRefused checks if the provided error is a connection refused error.
+func (r *Repository) IsConnectionRefused(err error) bool {
+	return errors.Is(err, syscall.ECONNREFUSED) || errors.Is(err, syscall.EHOSTUNREACH) ||
+		errors.Is(err, syscall.ENETUNREACH) || errors.Is(err, syscall.EHOSTDOWN)
+}
+
+// RemoteStartupFetchPolicy returns the fetch policy used when starting up with a remote configured.
+func (r *Repository) RemoteStartupFetchPolicy() string {
+	return r.remoteStartupFetchPolicy
+}
+
 // Fetch does a fetch for the requested head names on a configured remote.
 // If the remote is not defined, then it is a silent noop.
 // Iff specific is explicitly requested then only the heads in specific are fetched.
@@ -830,6 +856,13 @@ func WithMaxOpenDescriptors(n int) containers.Option[Repository] {
 	}
 }
 
+// withRemoteStartupFetchPolicy sets the fetch policy to use when starting up with a remote configured.
+func WithRemoteStartupFetchPolicy(policy string) containers.Option[Repository] {
+	return func(r *Repository) {
+		r.remoteStartupFetchPolicy = policy
+	}
+}
+
 const defaultReadmeContents = `Flipt Configuration Repository
 ==============================