Retry core.getIDToken for JWT Auth Method (#574)

* adding generic async retry function and retry core.getIDToken * adding test and build
2026-04-08 05:00:05 +00:00 · 2025-03-03 12:02:57 -06:00 · 2025-03-03 12:02:57 -06:00 · 5d06ce836f
commit 5d06ce836f
parent a1b77a0929
3 changed files with 79 additions and 2 deletions
--- a/dist/index.js
+++ b/dist/index.js
@ -18817,6 +18817,8 @@ const fs = __nccwpck_require__(7147);
 const { default: got } = __nccwpck_require__(3061);

 const defaultKubernetesTokenPath = '/var/run/secrets/kubernetes.io/serviceaccount/token'
+const retries = 5
+const retries_delay = 3000
 /***
 * Authenticate with Vault and retrieve a Vault token that can be used for requests.
 * @param {string} method
@ -18847,7 +18849,10 @@ async function retrieveToken(method, client) {
            const githubAudience = core.getInput('jwtGithubAudience', { required: false });

            if (!privateKey) {
-                jwt = await core.getIDToken(githubAudience)
+                jwt = await retryAsyncFunction(retries, retries_delay, core.getIDToken, githubAudience)
+                  .then((result) => {
+                    return result;
+                });
            } else {
                jwt = generateJwt(privateKey, keyPassword, Number(tokenTtl));
            }
@ -18954,6 +18959,30 @@ async function getClientToken(client, method, path, payload) {
    }
 }

+/***
+ * Generic function for retrying an async function
+ * @param {number} retries
+ * @param {number} delay
+ * @param {Function} func
+ * @param {any[]} args
+ */
+async function retryAsyncFunction(retries, delay, func, ...args) {
+  let attempt = 0;
+  while (attempt < retries) {
+    try {
+      const result = await func(...args);
+      return result;
+    } catch (error) {
+      attempt++;
+      if (attempt < retries) {
+        await new Promise(resolve => setTimeout(resolve, delay));
+      } else {
+        throw error;
+      }
+    }
+  }
+}
+
 /***
 * @typedef {Object} VaultLoginResponse
 * @property {{