Add moderate way to retry docker login failures

README.md

@@ -148,7 +148,7 @@ jobs:
 > Google Container Registry. As a fully-managed service with support for both
 > container images and non-container artifacts. If you currently use Google
 > Container Registry, use the information [on this page](https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr)
-> to learn about transitioning to Google Artifact Registry. 
+> to learn about transitioning to Google Artifact Registry.
 
 You can authenticate with workload identity federation or a service account.
 
@@ -421,7 +421,7 @@ must be placed in format `<tenancy>/<username>` (in case of federated tenancy us
 
 For password [create an auth token](https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/registry/index.html#GetanAuthToken).
 Save username and token [as a secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
-in your GitHub repo. 
+in your GitHub repo.
 
 ```yaml
 name: ci
@@ -500,13 +500,16 @@ jobs:
 
 The following inputs can be used as `step.with` keys:
 
-| Name       | Type   | Default | Description                                                                   |
-|------------|--------|---------|-------------------------------------------------------------------------------|
-| `registry` | String |         | Server address of Docker registry. If not set then will default to Docker Hub |
-| `username` | String |         | Username for authenticating to the Docker registry                            |
-| `password` | String |         | Password or personal access token for authenticating the Docker registry      |
-| `ecr`      | String | `auto`  | Specifies whether the given registry is ECR (`auto`, `true` or `false`)       |
-| `logout`   | Bool   | `true`  | Log out from the Docker registry at the end of a job                          |
+| Name                  | Type   | Default | Description                                                                   |
+|-----------------------|--------|---------|-------------------------------------------------------------------------------|
+| `registry`            | String |         | Server address of Docker registry. If not set then will default to Docker Hub |
+| `username`            | String |         | Username for authenticating to the Docker registry                            |
+| `password`            | String |         | Password or personal access token for authenticating the Docker registry      |
+| `ecr`                 | String | `auto`  | Specifies whether the given registry is ECR (`auto`, `true` or `false`)       |
+| `logout`              | Bool   | `true`  | Log out from the Docker registry at the end of a job                          |
+| `http-codes-to-retry` | String | `408,500,502,504` | Comma separated list of HTTP error codes we want to retry           |
+| `max-attempts`        | String | `1`     | Overall maximum number of attempts we could make (`1` means no retries)       |
+| `retry-timeout`       | String | `15`    | Timeout between retries, in seconds                                           |
 
 ## Contributing
 

__tests__/retries_fail.test.ts

@@ -0,0 +1,46 @@
+import {expect, jest, test} from '@jest/globals';
+
+import {login} from '../src/docker';
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
+
+test('login retries function', async () => {
+  let stderrStrings: string[] = [];
+  let callCount: number = -1;
+
+  // using spyOn() here isn't enough, as we alter the logic
+  // so use `jest.fn()` here for the `Docker.getExecOutput`
+  Docker.getExecOutput = jest.fn(async () => {
+    callCount++;
+    console.log(`Mock: ${callCount}, ${stderrStrings}`);
+    if (callCount >= stderrStrings.length) {
+      return {
+        exitCode: 0,
+        stdout: 'Mock success',
+        stderr: ''
+      };
+    }
+    return {
+      exitCode: 1,
+      stdout: '',
+      stderr: stderrStrings[callCount % stderrStrings.length]
+    };
+  });
+
+  const username = 'dbowie';
+  const password = 'groundcontrol';
+  const registry = 'https://ghcr.io';
+
+  stderrStrings = ['mock error, failed with status: 408 Request Timeout', 'mock error, failed with status: 502 Request Timeout', 'mock error, failed with status: 400 Request Timeout'];
+  callCount = -1;
+  await expect(async () => {
+    await login(registry, username, password, 'false', ['408', '400'], 5, 0.1);
+  }).rejects.toThrow('mock error, failed with status: 502 Request Timeout');
+  expect(Docker.getExecOutput).toHaveBeenCalledTimes(2);
+
+  stderrStrings = ['not matching error', 'mock error, failed with status: 502 Request Timeout', 'mock error, failed with status: 400 Request Timeout'];
+  callCount = -1;
+  await expect(async () => {
+    await login(registry, username, password, 'false', ['408', '400'], 5, 0.1);
+  }).rejects.toThrow('not matching error');
+  expect(Docker.getExecOutput).toHaveBeenCalledTimes(2 + 1);
+});

__tests__/retries_success.test.ts

@@ -0,0 +1,42 @@
+import {expect, jest, test} from '@jest/globals';
+
+import {login} from '../src/docker';
+import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
+
+test('login retries success function', async () => {
+  let stderrStrings: string[] = [];
+  let callCount: number = -1;
+
+  // using spyOn() here isn't enough, as we alter the logic
+  // so use `jest.fn()` here for the `Docker.getExecOutput`
+  Docker.getExecOutput = jest.fn(async () => {
+    callCount++;
+    console.log(`Mock: ${callCount}, ${stderrStrings}`);
+    if (callCount >= stderrStrings.length) {
+      return {
+        exitCode: 0,
+        stdout: 'Mock success',
+        stderr: ''
+      };
+    }
+    return {
+      exitCode: 1,
+      stdout: '',
+      stderr: stderrStrings[callCount % stderrStrings.length]
+    };
+  });
+
+  const username = 'dbowie';
+  const password = 'groundcontrol';
+  const registry = 'https://ghcr.io';
+
+  stderrStrings = [];
+  callCount = -1;
+  await login(registry, username, password, 'false', ['408', '502', '400'], 5, 0.1);
+  expect(Docker.getExecOutput).toHaveBeenCalledTimes(1);
+
+  stderrStrings = ['mock error, failed with status: 408 Request Timeout', 'mock error, failed with status: 502 Request Timeout', 'mock error, failed with status: 400 Request Timeout'];
+  callCount = -1;
+  await login(registry, username, password, 'false', ['408', '502', '400'], 5, 0.1);
+  expect(Docker.getExecOutput).toHaveBeenCalledTimes(1 + 4);
+});

action.yml

@@ -24,6 +24,17 @@ inputs:
     description: 'Log out from the Docker registry at the end of a job'
     default: 'true'
     required: false
+  http-codes-to-retry:
+    description: 'Comma separated list of HTTP error codes we want to retry'
+    default: '408,500,502,504'
+  max-attempts:
+    description: 'Overall maximum number of attempts we will make trying to login'
+    default: '1'
+    required: false
+  retry-timeout:
+    description: 'Timeout between retries, in seconds'
+    default: '15'
+    required: false
 
 runs:
   using: 'node20'

src/context.ts

@@ -6,6 +6,9 @@ export interface Inputs {
   password: string;
   ecr: string;
   logout: boolean;
+  httpCodesToRetry: string[];
+  maxAttempts: number;
+  retryTimeout: number;
 }
 
 export function getInputs(): Inputs {
@@ -14,6 +17,9 @@ export function getInputs(): Inputs {
     username: core.getInput('username'),
     password: core.getInput('password'),
     ecr: core.getInput('ecr'),
-    logout: core.getBooleanInput('logout')
+    logout: core.getBooleanInput('logout'),
+    httpCodesToRetry: core.getInput('http-codes-to-retry').split(','),
+    maxAttempts: Number.parseInt(core.getInput('max-attempts')),
+    retryTimeout: Number.parseInt(core.getInput('retry-timeout'))
   };
 }

src/docker.ts

@@ -3,11 +3,24 @@ import * as core from '@actions/core';
 
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker';
 
-export async function login(registry: string, username: string, password: string, ecr: string): Promise<void> {
-  if (/true/i.test(ecr) || (ecr == 'auto' && aws.isECR(registry))) {
-    await loginECR(registry, username, password);
-  } else {
-    await loginStandard(registry, username, password);
+export async function login(registry: string, username: string, password: string, ecr: string, httpCodesToRetry: string[], maxAttempts: number, retryTimeout: number): Promise<void> {
+  let succeeded: boolean = false;
+  for (let attempt = 1; attempt <= maxAttempts && !succeeded; attempt++) {
+    try {
+      if (/true/i.test(ecr) || (ecr == 'auto' && aws.isECR(registry))) {
+        await loginECR(registry, username, password);
+      } else {
+        await loginStandard(registry, username, password);
+      }
+      succeeded = true;
+    } catch (error) {
+      if (attempt < maxAttempts && isRetriableError(error.message, httpCodesToRetry)) {
+        core.info(`Attempt ${attempt} out of ${maxAttempts} failed, retrying after ${retryTimeout} seconds`);
+        await new Promise(r => setTimeout(r, retryTimeout * 1000));
+      } else {
+        throw error;
+      }
+    }
   }
 }
 
@@ -21,6 +34,17 @@ export async function logout(registry: string): Promise<void> {
   });
 }
 
+function isRetriableError(errorMessage: string, httpCodesToRetry: string[]): boolean {
+  for (const errCode of httpCodesToRetry) {
+    if (errorMessage.includes('failed with status: ' + errCode)) {
+      core.info(`Retryable match found in ${errorMessage} for retryable code: ${errCode}`);
+      return true;
+    }
+  }
+  core.info(`No matches in ${errorMessage} when lookging for retryable codes: ${httpCodesToRetry}`);
+  return false;
+}
+
 export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
   if (!username && !password) {
     throw new Error('Username and password required');

src/main.ts

@@ -8,7 +8,7 @@ export async function main(): Promise<void> {
   const input: context.Inputs = context.getInputs();
   stateHelper.setRegistry(input.registry);
   stateHelper.setLogout(input.logout);
-  await docker.login(input.registry, input.username, input.password, input.ecr);
+  await docker.login(input.registry, input.username, input.password, input.ecr, input.httpCodesToRetry, input.maxAttempts, input.retryTimeout);
 }
 
 async function post(): Promise<void> {