feat: Added retry option and max_retries

.github/workflows/build.yaml

@@ -80,7 +80,7 @@ jobs:
             --mount=type=bind,source="$SOCKET",target=/var/run/docker.sock \
             --mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT \
             --name=copa-action \
-            copa-action 'docker.io/openpolicyagent/opa:0.46.0' 'opa.0.46.0.json' '0.46.0-patched' '10m' "${{ matrix.test-type }}" 'openvex' 'output.json'
+            copa-action 'docker.io/openpolicyagent/opa:0.46.0' 'opa.0.46.0.json' '0.46.0-patched' '10m' "${{ matrix.test-type }}" 'openvex' 'output.json' '5'
 
           # saving patched image to give trivy access when using a custom socket
           docker -c "$CONTEXT" save -o patched.tar openpolicyagent/opa:0.46.0-patched

action.yaml

@@ -27,6 +27,10 @@ inputs:
     default: "openvex"
   custom-socket:
     description: "Custom socket address if setting up containerd image store"
+  max_retries:
+    description: "Max retries on timeout error"
+    required: false
+    default: 0
 outputs:
   patched-image:
     description: 'Image reference of patched image'
@@ -60,4 +64,4 @@ runs:
         fi
 
         # run copa-action based on inputs
-        docker run --net=host --mount=type=bind,source=$(pwd),target=/data --mount=type=bind,source="$socket",target="/var/run/docker.sock" --mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT --name=copa-action "ghcr.io/project-copacetic/copa-action:v$version" ${{ inputs.image }} ${{ inputs.image-report }} ${{ inputs.patched-tag }} ${{ inputs.timeout }} ${connection} ${{ inputs.format }} ${{ inputs.output }}
+        docker run --net=host --mount=type=bind,source=$(pwd),target=/data --mount=type=bind,source="$socket",target="/var/run/docker.sock" --mount=type=bind,source=$GITHUB_OUTPUT,target=$GITHUB_OUTPUT -e GITHUB_OUTPUT --name=copa-action "ghcr.io/project-copacetic/copa-action:v$version" ${{ inputs.image }} ${{ inputs.image-report }} ${{ inputs.patched-tag }} ${{ inputs.timeout }} ${connection} ${{ inputs.format }} ${{ inputs.output }} ${{ inputs.max_retries }}

entrypoint.sh

@@ -9,6 +9,7 @@ timeout=$4
 connection_format=$5
 format=$6
 output_file=$7
+max_retries=${8:-0}
 
 # parse image into image name
 image_no_tag=$(echo "$image" | cut -d':' -f1)
@@ -39,12 +40,41 @@ case "$connection_format" in
     ;;
 esac
 
+patch_image() {
+    if copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" "$connection" --timeout "$timeout" "$output"
+    then
+        patched_image="$image_no_tag:$patched_tag"
+        echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT"
+        return 0
+    else
+        return 1
+    fi
+}
+
 # run copa to patch image
-if copa patch -i "$image" -r ./data/"$report" -t "$patched_tag" $connection --timeout $timeout $output;
+if [ "$max_retries" -eq 0 ]
 then
-    patched_image="$image_no_tag:$patched_tag"
-    echo "patched-image=$patched_image" >> "$GITHUB_OUTPUT"
+    if ! patch_image
+    then
+        echo "Error patching image $image with copa"
+        exit 1
+    fi
 else
-    echo "Error patching image $image with copa"
-    exit 1
+    retries=0
+    while [ "$retries" -lt "$max_retries" ]
+    do
+        if patch_image
+        then
+            break
+        else
+            retries=$((retries + 1))
+            if [ "$retries" -eq "$max_retries" ]
+            then
+                echo "Error patching image $image with copa"
+                exit 1
+            else
+                echo "WARNING: Attempt $retries failed. Retrying..."
+            fi
+        fi
+    done
 fi