From 4bd7bd3fbc2ea72e118066fb7b695cf8ab2581b9 Mon Sep 17 00:00:00 2001 From: Saptarshi Sarkar Date: Sat, 21 Sep 2024 19:17:19 +0530 Subject: [PATCH 1/8] feat: Added `retry` option Signed-off-by: Saptarshi Sarkar --- action.yaml | 8 ++++++++ entrypoint.sh | 25 ++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/action.yaml b/action.yaml index 971536d..c530488 100644 --- a/action.yaml +++ b/action.yaml @@ -27,6 +27,14 @@ inputs: default: "openvex" custom-socket: description: "Custom socket address if setting up containerd image store" + retry_on_timeout: + description: "Retry on timeout error" + required: false + default: false + max_retries: + description: "Max retries on timeout error" + required: false + default: 3 outputs: patched-image: description: 'Image reference of patched image' diff --git a/entrypoint.sh b/entrypoint.sh index 35c4bef..d4d734e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,6 +9,8 @@ timeout=$4 connection_format=$5 format=$6 output_file=$7 +retry_on_timeout=$8 +max_retries=$9 # parse image into image name image_no_tag=$(echo "$image" | cut -d':' -f1) @@ -40,10 +42,31 @@ case "$connection_format" in esac # run copa to patch image -if copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" $connection --timeout $timeout $output; +OUTPUT_MESSAGE=$(copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" $connection --timeout $timeout $output) +if [ $? -eq 0 ] then patched_image="$image_no_tag:$patched_tag" echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" +elif echo "$OUTPUT_MESSAGE" | grep -q "exceeded timeout" +then + if [ "$retry_on_timeout" = "false" ] + then + echo "Error patching image $image with copa" + exit 1 + else + retries=0 + while [ $retries -lt $max_retries ] + do + if copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" $connection --timeout $timeout $output; + then + patched_image="$image_no_tag:$patched_tag" + echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" + break + else + retries=$((retries + 1)) + fi + done + fi else echo "Error patching image $image with copa" exit 1 From 95afc53e15faacf14e5e008502c580d5f7321c0b Mon Sep 17 00:00:00 2001 From: Saptarshi Sarkar Date: Fri, 18 Oct 2024 12:34:05 +0530 Subject: [PATCH 2/8] fix: Fixed broken retry support by replacing with a simple approach Signed-off-by: Saptarshi Sarkar --- entrypoint.sh | 49 +++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index d4d734e..affd625 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,8 +9,7 @@ timeout=$4 connection_format=$5 format=$6 output_file=$7 -retry_on_timeout=$8 -max_retries=$9 +max_retries=$8 # parse image into image name image_no_tag=$(echo "$image" | cut -d':' -f1) @@ -42,32 +41,34 @@ case "$connection_format" in esac # run copa to patch image -OUTPUT_MESSAGE=$(copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" $connection --timeout $timeout $output) -if [ $? -eq 0 ] +if [ "$max_retries" -eq 0 ] then - patched_image="$image_no_tag:$patched_tag" - echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" -elif echo "$OUTPUT_MESSAGE" | grep -q "exceeded timeout" -then - if [ "$retry_on_timeout" = "false" ] + if copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" "$connection" --timeout "$timeout" "$output" then + patched_image="$image_no_tag:$patched_tag" + echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" + else echo "Error patching image $image with copa" exit 1 - else - retries=0 - while [ $retries -lt $max_retries ] - do - if copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" $connection --timeout $timeout $output; + fi +else + retries=0 + while [ "$retries" -lt "$max_retries" ] + do + if copa patch -i "$image" -r "./data/$report" -t "$patched_tag" "$connection" --timeout "$timeout" "$output" + then + patched_image="$image_no_tag:$patched_tag" + echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" + break + else + retries=$((retries+1)) + if [ "$retries" -eq "$max_retries" ] then - patched_image="$image_no_tag:$patched_tag" - echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" - break + echo "Error patching image $image with copa" + exit 1 else - retries=$((retries + 1)) + echo "WARNING: Attempt $retries failed. Retrying..." fi - done - fi -else - echo "Error patching image $image with copa" - exit 1 -fi + fi + done +fi \ No newline at end of file From ba65fd04359f242482a1bbdb0eb862266dbf2124 Mon Sep 17 00:00:00 2001 From: Saptarshi Sarkar Date: Fri, 18 Oct 2024 12:39:55 +0530 Subject: [PATCH 3/8] test: Added new argument in test workflow to test if it works Signed-off-by: Saptarshi Sarkar --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 4436348..a5200fc 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -80,7 +80,7 @@ jobs: --mount=type=bind,source="$SOCKET",target=/var/run/docker.sock \ --mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT \ --name=copa-action \ - copa-action 'docker.io/openpolicyagent/opa:0.46.0' 'opa.0.46.0.json' '0.46.0-patched' '10m' "${{ matrix.test-type }}" 'openvex' 'output.json' + copa-action 'docker.io/openpolicyagent/opa:0.46.0' 'opa.0.46.0.json' '0.46.0-patched' '10m' "${{ matrix.test-type }}" 'openvex' 'output.json' '5' # saving patched image to give trivy access when using a custom socket docker -c "$CONTEXT" save -o patched.tar openpolicyagent/opa:0.46.0-patched From 844a18d3cc3876bf9a8700f17aba0aeff183d28a Mon Sep 17 00:00:00 2001 From: Saptarshi Sarkar Date: Fri, 18 Oct 2024 12:44:02 +0530 Subject: [PATCH 4/8] chore: Removed thee `retry_on_timeout` boolean input as `max_retries` would handle it from now onwards Signed-off-by: Saptarshi Sarkar --- action.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/action.yaml b/action.yaml index c530488..df6079a 100644 --- a/action.yaml +++ b/action.yaml @@ -27,10 +27,6 @@ inputs: default: "openvex" custom-socket: description: "Custom socket address if setting up containerd image store" - retry_on_timeout: - description: "Retry on timeout error" - required: false - default: false max_retries: description: "Max retries on timeout error" required: false From 7ad396ba4016fed8419460376d099a1d659798a3 Mon Sep 17 00:00:00 2001 From: Saptarshi Sarkar Date: Sat, 26 Oct 2024 19:52:46 +0530 Subject: [PATCH 5/8] feat: Defined required action variable for max_retries Signed-off-by: Saptarshi Sarkar --- action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yaml b/action.yaml index df6079a..6882aab 100644 --- a/action.yaml +++ b/action.yaml @@ -64,4 +64,4 @@ runs: fi # run copa-action based on inputs - docker run --net=host --mount=type=bind,source=$(pwd),target=/data --mount=type=bind,source="$socket",target="/var/run/docker.sock" --mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT --name=copa-action "ghcr.io/project-copacetic/copa-action:v$version" ${{ inputs.image }} ${{ inputs.image-report }} ${{ inputs.patched-tag }} ${{ inputs.timeout }} ${connection} ${{ inputs.format }} ${{ inputs.output }} + docker run --net=host --mount=type=bind,source=$(pwd),target=/data --mount=type=bind,source="$socket",target="/var/run/docker.sock" --mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT --name=copa-action "ghcr.io/project-copacetic/copa-action:v$version" ${{ inputs.image }} ${{ inputs.image-report }} ${{ inputs.patched-tag }} ${{ inputs.timeout }} ${connection} ${{ inputs.format }} ${{ inputs.output }} ${{ inputs.max_retries }} From 208e181a1bbf7b6cdef6f9258913967c6141ba93 Mon Sep 17 00:00:00 2001 From: Saptarshi Sarkar Date: Sat, 26 Oct 2024 20:01:37 +0530 Subject: [PATCH 6/8] fix: Removed redundancy by introducing bash functions in entrypoint script Signed-off-by: Saptarshi Sarkar --- entrypoint.sh | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index affd625..177b703 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -40,14 +40,22 @@ case "$connection_format" in ;; esac -# run copa to patch image -if [ "$max_retries" -eq 0 ] -then +patch_image() { if copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" "$connection" --timeout "$timeout" "$output" then patched_image="$image_no_tag:$patched_tag" echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" + return 0 else + return 1 + fi +} + +# run copa to patch image +if [ "$max_retries" -eq 0 ] +then + if ! patch_image + then echo "Error patching image $image with copa" exit 1 fi @@ -55,13 +63,11 @@ else retries=0 while [ "$retries" -lt "$max_retries" ] do - if copa patch -i "$image" -r "./data/$report" -t "$patched_tag" "$connection" --timeout "$timeout" "$output" + if patch_image then - patched_image="$image_no_tag:$patched_tag" - echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT" break else - retries=$((retries+1)) + retries=$((retries + 1)) if [ "$retries" -eq "$max_retries" ] then echo "Error patching image $image with copa" From 1e86df67b31a7ba72f6dd608966fc6d718939074 Mon Sep 17 00:00:00 2001 From: Saptarshi Sarkar Date: Sat, 26 Oct 2024 20:03:34 +0530 Subject: [PATCH 7/8] chore: Added newline to entrypoint.sh Signed-off-by: Saptarshi Sarkar --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 177b703..0d93801 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -77,4 +77,4 @@ else fi fi done -fi \ No newline at end of file +fi From bc4042693c07144d3b037717468b703ef8285182 Mon Sep 17 00:00:00 2001 From: Saptarshi Sarkar Date: Sat, 7 Dec 2024 11:43:51 +0530 Subject: [PATCH 8/8] fix: Added default value for max_retries Signed-off-by: Saptarshi Sarkar --- action.yaml | 2 +- entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yaml b/action.yaml index 6882aab..c9a3f87 100644 --- a/action.yaml +++ b/action.yaml @@ -30,7 +30,7 @@ inputs: max_retries: description: "Max retries on timeout error" required: false - default: 3 + default: 0 outputs: patched-image: description: 'Image reference of patched image' diff --git a/entrypoint.sh b/entrypoint.sh index 0d93801..5c71394 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,7 +9,7 @@ timeout=$4 connection_format=$5 format=$6 output_file=$7 -max_retries=$8 +max_retries=${8:-0} # parse image into image name image_no_tag=$(echo "$image" | cut -d':' -f1)