actions/auth
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Enable default retries of 3 retry attempts at 250ms backoff (#294)

Browse Source 
This changes the default behavior to enable retries. Retry logic has
existed for awhile, but required direct user action to enable. This
enables 3 retries with a fibonacci backoff of 250ms by default to handle
transient communication errors with upstream APIs.
This commit is contained in:
Seth Vargo 2023-04-17 18:57:11 -04:00 committed by GitHub
parent 14b54cc192
commit 41d8fa4aaa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -199,6 +199,20 @@ generate any tokens.
will contain "email" and "email_verified" claims. This is only valid when
"token_format" is "id_token". The default value is false.
### Retry inputs
- `retries`: (Optional) Number of times to retry a failed authentication
attempt. This is useful for automated pipelines that may execute before IAM
permissions are fully propogated or intermittent connectivity failures. The
default value is "3".
- `backoff`: (Optional) Delay time before trying another authentication
attempt. This is implemented using a fibonacci backoff method (e.g.
1-1-2-3-5). This value defaults to 250 milliseconds.
- `backoff_limit`: (Optional) Limits the retry backoff to the specified value.
The default value is no limit.
### Other inputs
The following inputs are for controlling the behavior of this GitHub Actions,
@ -607,13 +621,13 @@ Terraform module to automate your infrastructure provisioning. See [examples](ht
--role="roles/iam.workloadIdentityUser" \
--member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}"
```
If you want to admit all repos of an owner (user or organization), map on `attribute.repository_owner`:
```sh
--member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository_owner/${OWNER}"
```
For this to work, you need to make sure that `attribute.repository_owner` is mapped in your attribute mapping (see previous step).
Note that `$WORKLOAD_IDENTITY_POOL_ID` should be the **full** Workload

12
action.yml
View File

@ -128,14 +128,16 @@ inputs:
retries:
description: |-
Number of times to retry a failed authentication attempt. This is useful
for automated pipelines that may execute before IAM permissions are fully propogated.
default: '0'
for automated pipelines that may execute before IAM permissions are fully
propogated.
default: '3'
required: false
backoff:
description: |-
Delay time before trying another authentication attempt. This
is implemented using a fibonacci backoff method (e.g. 1-1-2-3-5).
This value defaults to 100 milliseconds when retries are greater than 0.
Delay time before trying another authentication attempt. This is
implemented using a fibonacci backoff method (e.g. 1-1-2-3-5). The default
value is 250 milliseconds.
default: '250'
required: false
backoff_limit:
description: |-