Enable default retries of 3 retry attempts at 250ms backoff (#294)

This changes the default behavior to enable retries. Retry logic has existed for awhile, but required direct user action to enable. This enables 3 retries with a fibonacci backoff of 250ms by default to handle transient communication errors with upstream APIs.
google-github-actions · Apr 17, 2023 · 41d8fa4 · 41d8fa4
1 parent 14b54cc
commit 41d8fa4
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -199,6 +199,20 @@ generate any tokens.
  will contain "email" and "email_verified" claims. This is only valid when
  "token_format" is "id_token". The default value is false.
 
+### Retry inputs
+
+- `retries`: (Optional) Number of times to retry a failed authentication
+ attempt. This is useful for automated pipelines that may execute before IAM
+ permissions are fully propogated or intermittent connectivity failures. The
+ default value is "3".
+
+- `backoff`: (Optional) Delay time before trying another authentication
+ attempt. This is implemented using a fibonacci backoff method (e.g.
+ 1-1-2-3-5). This value defaults to 250 milliseconds.
+
+- `backoff_limit`: (Optional) Limits the retry backoff to the specified value.
+ The default value is no limit.
+
 ### Other inputs
 
 The following inputs are for controlling the behavior of this GitHub Actions,
@@ -607,13 +621,13 @@ Terraform module to automate your infrastructure provisioning. See [examples](ht
  --role="roles/iam.workloadIdentityUser" \
  --member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository/${REPO}"
  ```
- 
+
  If you want to admit all repos of an owner (user or organization), map on `attribute.repository_owner`:
- 
+
  ```sh
  --member="principalSet://iam.googleapis.com/${WORKLOAD_IDENTITY_POOL_ID}/attribute.repository_owner/${OWNER}"
  ```
- 
+
  For this to work, you need to make sure that `attribute.repository_owner` is mapped in your attribute mapping (see previous step).
 
  Note that `$WORKLOAD_IDENTITY_POOL_ID` should be the **full** Workload

diff --git a/action.yml b/action.yml
@@ -128,14 +128,16 @@ inputs:
  retries:
  description: |-
  Number of times to retry a failed authentication attempt. This is useful
- for automated pipelines that may execute before IAM permissions are fully propogated.
- default: '0'
+ for automated pipelines that may execute before IAM permissions are fully
+ propogated.
+ default: '3'
  required: false
  backoff:
  description: |-
- Delay time before trying another authentication attempt. This
- is implemented using a fibonacci backoff method (e.g. 1-1-2-3-5).
- This value defaults to 100 milliseconds when retries are greater than 0.
+ Delay time before trying another authentication attempt. This is
+ implemented using a fibonacci backoff method (e.g. 1-1-2-3-5). The default
+ value is 250 milliseconds.
+ default: '250'
  required: false
  backoff_limit:
  description: |-