actions/auth
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Enable default retries of 3 retry attempts at 250ms backoff (#294)

Browse Source 
This changes the default behavior to enable retries. Retry logic has
existed for awhile, but required direct user action to enable. This
enables 3 retries with a fibonacci backoff of 250ms by default to handle
transient communication errors with upstream APIs.
This commit is contained in:
Seth Vargo 2023-04-17 18:57:11 -04:00 committed by GitHub
parent 14b54cc192
commit 41d8fa4aaa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -199,6 +199,20 @@ generate any tokens.
will contain "email" and "email_verified" claims. This is only valid when will contain "email" and "email_verified" claims. This is only valid when
"token_format" is "id_token". The default value is false. "token_format" is "id_token". The default value is false.
### Retry inputs
- `retries`: (Optional) Number of times to retry a failed authentication
attempt. This is useful for automated pipelines that may execute before IAM
permissions are fully propogated or intermittent connectivity failures. The
default value is "3".
- `backoff`: (Optional) Delay time before trying another authentication
attempt. This is implemented using a fibonacci backoff method (e.g.
1-1-2-3-5). This value defaults to 250 milliseconds.
- `backoff_limit`: (Optional) Limits the retry backoff to the specified value.
The default value is no limit.
### Other inputs ### Other inputs
The following inputs are for controlling the behavior of this GitHub Actions, The following inputs are for controlling the behavior of this GitHub Actions,
@ -607,13 +621,13 @@ Terraform module to automate your infrastructure provisioning. See [examples](ht
--role="roles/iam.workloadIdentityUser" \ --role="roles/iam.workloadIdentityUser" \
--member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}" --member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}"
``` ```
If you want to admit all repos of an owner (user or organization), map on `attribute.repository_owner`: If you want to admit all repos of an owner (user or organization), map on `attribute.repository_owner`:
```sh ```sh
--member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository_owner/${OWNER}" --member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository_owner/${OWNER}"
``` ```
For this to work, you need to make sure that `attribute.repository_owner` is mapped in your attribute mapping (see previous step). For this to work, you need to make sure that `attribute.repository_owner` is mapped in your attribute mapping (see previous step).
Note that `$WORKLOAD_IDENTITY_POOL_ID` should be the **full** Workload Note that `$WORKLOAD_IDENTITY_POOL_ID` should be the **full** Workload

12
action.yml
View File

@ -128,14 +128,16 @@ inputs:
retries: retries:
description: |- description: |-
Number of times to retry a failed authentication attempt. This is useful Number of times to retry a failed authentication attempt. This is useful
for automated pipelines that may execute before IAM permissions are fully propogated. for automated pipelines that may execute before IAM permissions are fully
default: '0' propogated.
default: '3'
required: false required: false
backoff: backoff:
description: |- description: |-
Delay time before trying another authentication attempt. This Delay time before trying another authentication attempt. This is
is implemented using a fibonacci backoff method (e.g. 1-1-2-3-5). implemented using a fibonacci backoff method (e.g. 1-1-2-3-5). The default
This value defaults to 100 milliseconds when retries are greater than 0. value is 250 milliseconds.
default: '250'
required: false required: false
backoff_limit: backoff_limit:
description: |- description: |-