Skip to content

Use AWS S3 SDK instead of Minio Client SDK #36118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
junoberryferry wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Use AWS S3 SDK instead of Minio Client SDK #36118

junoberryferry wants to merge 4 commits into from
+900 −449

Conversation

@junoberryferry
Copy link
Contributor

@junoberryferry junoberryferry commented Dec 9, 2025

No description provided.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Dec 9, 2025
@github-actions github-actions bot added modifies/go Pull requests that update Go code modifies/dependencies labels Dec 9, 2025
@lunny lunny added this to the 1.26.0 milestone Dec 9, 2025
@lunny lunny changed the title Use AWS S3 SDK instead of Minio Use AWS S3 SDK instead of Minio Client SDK Dec 9, 2025
@silverwind
Copy link
Member

silverwind commented Dec 11, 2025
edited
Loading

I think we should rename modules/storage/minio.* to modules/storage/s3.*. The PR diff for these two files should remain readable after such a rename.

@silverwind
Copy link
Member

silverwind commented Dec 12, 2025
edited
Loading

Seems like I was wrong and GitHub's (or git's) move heuristic has split the diff of modules/storage/s3.go into two files. The proper diff can still be reviewed at this link:

https://github.com/go-gitea/gitea/pull/36118/changes/BASE..7064923a7d27181e0a22df8cb3073bbeee4eaf57

@silverwind silverwind mentioned this pull request Dec 15, 2025
Open
@junoberryferry junoberryferry mentioned this pull request Dec 15, 2025
Open
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Dec 16, 2025
wxiaoguang
wxiaoguang requested changes Dec 16, 2025
View reviewed changes
Copy link
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry but there are still concerns needing to address.

  1. data, err := io.ReadAll(r) will cause OOM when uploading files with GB sizes
    • It will make the instance crash and lead to DoS attack
  2. Changed logic, need to review carefully (I haven't really looked into details)

And another question is: whether it's worth to use AWS SDK to replace MinIO SDK?

  • Server side:
    • AWS: closed source
    • MinIO: still open-source (althought only the core code)
  • SDK side:
    • AWS: Apache-2, actively maintained
    • MinIO: Apache-2, actively maintained

So I don't see necessity at the moment.

Feel free to dismiss the change request if these concerns get addressed.

modules/storage/s3.go
Comment on lines 532 to 533
// Buffer the content - required for proper Content-Length handling
data, err := io.ReadAll(r)
Copy link
Contributor

@wxiaoguang wxiaoguang Dec 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will cause OOM if the uploaded file is large.

@GiteaBot GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wxiaoguang wxiaoguang wxiaoguang requested changes

@silverwind silverwind silverwind approved these changes

Assignees

No one assigned

Labels

lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged modifies/dependencies modifies/go Pull requests that update Go code

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

5 participants

@junoberryferry @silverwind @wxiaoguang @lunny @GiteaBot