feat: add retries (#181)
This commit is contained in:
Mike Verbanic
GitHub
parent
10d8e00a99
commit
95a6bc2a27
19
.github/workflows/test.yml
vendored
19
.github/workflows/test.yml
vendored
@ -34,7 +34,6 @@ jobs:
|
||||
- name: 'npm test'
|
||||
run: 'npm run test'
|
||||
|
||||
|
||||
credentials_json:
|
||||
if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name }}
|
||||
name: 'credentials_json'
|
||||
@ -99,6 +98,14 @@ jobs:
|
||||
id_token_audience: 'https://secretmanager.googleapis.com/'
|
||||
id_token_include_email: true
|
||||
|
||||
- id: 'auth-sa-retries'
|
||||
name: 'auth-sa-retries'
|
||||
uses: './'
|
||||
with:
|
||||
retries: '2'
|
||||
backoff: '200'
|
||||
backoff_limit: '1000'
|
||||
credentials_json: '${{ secrets.AUTH_SA_KEY_JSON }}'
|
||||
|
||||
workload_identity_federation:
|
||||
if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name }}
|
||||
@ -170,6 +177,16 @@ jobs:
|
||||
id_token_audience: 'https://secretmanager.googleapis.com/'
|
||||
id_token_include_email: true
|
||||
|
||||
- id: 'auth-wif-retries'
|
||||
name: 'auth-wif-retries'
|
||||
uses: './'
|
||||
with:
|
||||
retries: '2'
|
||||
backoff: '200'
|
||||
backoff_limit: '1000'
|
||||
workload_identity_provider: '${{ secrets.WIF_PROVIDER_NAME }}'
|
||||
service_account: '${{ secrets.OIDC_AUTH_SA_EMAIL }}'
|
||||
|
||||
# This test ensures that the GOOGLE_APPLICATION_CREDENTIALS environment
|
||||
# variable is shared with the container and that the path of the file is on
|
||||
# the shared filesystem with the container and that the USER for the container
|
||||
|
||||
18
action.yml
18
action.yml
@ -124,6 +124,24 @@ inputs:
|
||||
default: ''
|
||||
required: false
|
||||
|
||||
# retries
|
||||
retries:
|
||||
description: |-
|
||||
Number of times to retry a failed authentication attempt. This is useful
|
||||
for automated pipelines that may execute before IAM permissions are fully propogated.
|
||||
default: '0'
|
||||
required: false
|
||||
backoff:
|
||||
description: |-
|
||||
Delay time before trying another authentication attempt. This
|
||||
is implemented using a fibonacci backoff method (e.g. 1-1-2-3-5).
|
||||
This value defaults to 100 milliseconds when retries are greater than 0.
|
||||
required: false
|
||||
backoff_limit:
|
||||
description: |-
|
||||
Limits the retry backoff to the specified value.
|
||||
required: false
|
||||
|
||||
# id token params
|
||||
id_token_audience:
|
||||
description: |-
|
||||
|
||||
2
dist/main/index.js
vendored
2
dist/main/index.js
vendored
File diff suppressed because one or more lines are too long
2
dist/post/index.js
vendored
2
dist/post/index.js
vendored
File diff suppressed because one or more lines are too long
14
package-lock.json
generated
14
package-lock.json
generated
@ -10,7 +10,7 @@
|
||||
"license": "Apache-2.0",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.7.0",
|
||||
"@google-github-actions/actions-utils": "^0.3.0"
|
||||
"@google-github-actions/actions-utils": "^0.4.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/chai": "^4.3.1",
|
||||
@ -87,9 +87,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/@google-github-actions/actions-utils": {
|
||||
"version": "0.3.0",
|
||||
"resolved": "https://registry.npmjs.org/@google-github-actions/actions-utils/-/actions-utils-0.3.0.tgz",
|
||||
"integrity": "sha512-zl6/NDnxhB+22E5wZghMnzR0onUNqJFagGtA13wlaADzO1Cb3K1MgTk/U2mPiNlBtyaMlF5XkBGLLhwX+wS2qA==",
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/@google-github-actions/actions-utils/-/actions-utils-0.4.0.tgz",
|
||||
"integrity": "sha512-s2ev2a3WwLg0LWPIi5b9zcaf+jTUkVrQi/iGbQAwX+l0veYsPT1wu9mWV2pZxHfGfxenCjsTw4wSnl9RTJ7ytA==",
|
||||
"dependencies": {
|
||||
"yaml": "^2.0.1"
|
||||
}
|
||||
@ -2462,9 +2462,9 @@
|
||||
}
|
||||
},
|
||||
"@google-github-actions/actions-utils": {
|
||||
"version": "0.3.0",
|
||||
"resolved": "https://registry.npmjs.org/@google-github-actions/actions-utils/-/actions-utils-0.3.0.tgz",
|
||||
"integrity": "sha512-zl6/NDnxhB+22E5wZghMnzR0onUNqJFagGtA13wlaADzO1Cb3K1MgTk/U2mPiNlBtyaMlF5XkBGLLhwX+wS2qA==",
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/@google-github-actions/actions-utils/-/actions-utils-0.4.0.tgz",
|
||||
"integrity": "sha512-s2ev2a3WwLg0LWPIi5b9zcaf+jTUkVrQi/iGbQAwX+l0veYsPT1wu9mWV2pZxHfGfxenCjsTw4wSnl9RTJ7ytA==",
|
||||
"requires": {
|
||||
"yaml": "^2.0.1"
|
||||
}
|
||||
|
||||
@ -24,7 +24,7 @@
|
||||
"license": "Apache-2.0",
|
||||
"dependencies": {
|
||||
"@actions/core": "^1.7.0",
|
||||
"@google-github-actions/actions-utils": "^0.3.0"
|
||||
"@google-github-actions/actions-utils": "^0.4.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/chai": "^4.3.1",
|
||||
|
||||
33
src/main.ts
33
src/main.ts
@ -22,6 +22,7 @@ import {
|
||||
parseCSV,
|
||||
parseDuration,
|
||||
pinnedToHeadWarning,
|
||||
withRetries,
|
||||
} from '@google-github-actions/actions-utils';
|
||||
|
||||
import { WorkloadIdentityClient } from './client/workload_identity_client';
|
||||
@ -42,7 +43,7 @@ const oidcWarning =
|
||||
`run from a fork. For more information, please see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token`;
|
||||
|
||||
/**
|
||||
* Executes the main action, documented inline.
|
||||
* Executes the main action.
|
||||
*/
|
||||
async function run(): Promise<void> {
|
||||
// Warn if pinned to HEAD
|
||||
@ -50,13 +51,35 @@ async function run(): Promise<void> {
|
||||
logWarning(pinnedToHeadWarning('v0'));
|
||||
}
|
||||
|
||||
const retries = Number(getInput('retries'));
|
||||
|
||||
// set to undefined when not provided [avoids Number('') -> 0]
|
||||
const backoff = Number(getInput('backoff')) || undefined;
|
||||
const backoffLimit = Number(getInput('backoff_limit')) || undefined;
|
||||
|
||||
try {
|
||||
const mainWithRetries = withRetries(main, {
|
||||
retries: retries,
|
||||
backoff: backoff,
|
||||
backoffLimit: backoffLimit,
|
||||
});
|
||||
|
||||
await mainWithRetries();
|
||||
} catch (err) {
|
||||
const msg = errorMessage(err);
|
||||
setFailed(`google-github-actions/auth failed with: ${msg}`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Main wraps the main action logic into a function to be used as a parameter to the withRetries function.
|
||||
*/
|
||||
async function main() {
|
||||
// Load configuration.
|
||||
const projectID = getInput('project_id');
|
||||
const workloadIdentityProvider = getInput('workload_identity_provider');
|
||||
const serviceAccount = getInput('service_account');
|
||||
const audience =
|
||||
getInput('audience') || `https://iam.googleapis.com/${workloadIdentityProvider}`;
|
||||
const audience = getInput('audience') || `https://iam.googleapis.com/${workloadIdentityProvider}`;
|
||||
const credentialsJSON = getInput('credentials_json');
|
||||
const createCredentialsFile = getBooleanInput('create_credentials_file');
|
||||
const exportEnvironmentVariables = getBooleanInput('export_environment_variables');
|
||||
@ -264,10 +287,6 @@ async function run(): Promise<void> {
|
||||
throw new Error(`Unknown token format "${tokenFormat}"`);
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
const msg = errorMessage(err);
|
||||
setFailed(`google-github-actions/auth failed with: ${msg}`);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Loading…
Reference in New Issue
Block a user