From 41d8fa4aaad5b21acb962af3a5112b0d1bd9cb1d Mon Sep 17 00:00:00 2001
From: Seth Vargo <seth@sethvargo.com>
Date: Mon, 17 Apr 2023 18:57:11 -0400
Subject: [PATCH] Enable default retries of 3 retry attempts at 250ms backoff
 (#294)

This changes the default behavior to enable retries. Retry logic has
existed for awhile, but required direct user action to enable. This
enables 3 retries with a fibonacci backoff of 250ms by default to handle
transient communication errors with upstream APIs.
---
 README.md  | 20 +++++++++++++++++---
 action.yml | 12 +++++++-----
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index b8ae3af..b122b28 100644
--- a/README.md
+++ b/README.md
@@ -199,6 +199,20 @@ generate any tokens.
     will contain "email" and "email_verified" claims. This is only valid when
     "token_format" is "id_token". The default value is false.
 
+### Retry inputs
+
+-   `retries`: (Optional) Number of times to retry a failed authentication
+    attempt. This is useful for automated pipelines that may execute before IAM
+    permissions are fully propogated or intermittent connectivity failures. The
+    default value is "3".
+
+-   `backoff`: (Optional) Delay time before trying another authentication
+    attempt. This is implemented using a fibonacci backoff method (e.g.
+    1-1-2-3-5). This value defaults to 250 milliseconds.
+
+-   `backoff_limit`: (Optional) Limits the retry backoff to the specified value.
+    The default value is no limit.
+
 ### Other inputs
 
 The following inputs are for controlling the behavior of this GitHub Actions,
@@ -607,13 +621,13 @@ Terraform module to automate your infrastructure provisioning. See [examples](ht
       --role="roles/iam.workloadIdentityUser" \
       --member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}"
     ```
-    
+
     If you want to admit all repos of an owner (user or organization), map on `attribute.repository_owner`:
-    
+
     ```sh
     --member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository_owner/${OWNER}"
     ```
-    
+
     For this to work, you need to make sure that `attribute.repository_owner` is mapped in your attribute mapping (see previous step).
 
     Note that `$WORKLOAD_IDENTITY_POOL_ID` should be the **full** Workload
diff --git a/action.yml b/action.yml
index 6b3c9a8..7afd769 100644
--- a/action.yml
+++ b/action.yml
@@ -128,14 +128,16 @@ inputs:
   retries:
     description: |-
       Number of times to retry a failed authentication attempt. This is useful
-      for automated pipelines that may execute before IAM permissions are fully propogated.
-    default: '0'
+      for automated pipelines that may execute before IAM permissions are fully
+      propogated.
+    default: '3'
     required: false
   backoff:
     description: |-
-      Delay time before trying another authentication attempt. This
-      is implemented using a fibonacci backoff method (e.g. 1-1-2-3-5).
-      This value defaults to 100 milliseconds when retries are greater than 0.
+      Delay time before trying another authentication attempt. This is
+      implemented using a fibonacci backoff method (e.g. 1-1-2-3-5). The default
+      value is 250 milliseconds.
+    default: '250'
     required: false
   backoff_limit:
     description: |-