From 751a33b46ae3b2710ef85c9966199b37858afc2b Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Sun, 17 Mar 2024 09:30:51 -0400
Subject: [PATCH 1/7] add backoff and retry to fetches

Signed-off-by: Jason Hall <jason@chainguard.dev>
---
 .github/workflows/use-action.yaml |  2 +-
 index.js                          | 24 ++++++++++++++++++++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/use-action.yaml b/.github/workflows/use-action.yaml
index 1fa3d96..8fff84d 100644
--- a/.github/workflows/use-action.yaml
+++ b/.github/workflows/use-action.yaml
@@ -18,7 +18,7 @@ jobs:
         uses: octo-sts/action@main
         with:
           scope: octo-sts/action
-          identity: use-action
+          identity: use-action-this-should-fail
 
       - uses: actions/checkout@v4
       - env:
diff --git a/index.js b/index.js
index 15e76d7..8a62e1a 100644
--- a/index.js
+++ b/index.js
@@ -14,12 +14,32 @@ if (!scope || !identity) {
     process.exit(1);
 }
 
+async function fetchWithRetry(url, options = {}, retries = 3, initialDelay = 1000) {
+    let attempt = 1;
+    while (retries > 0) {
+        try {
+            const response = await fetch(url, options);
+            if (!response.ok) {
+                throw new Error(`HTTP error! status: ${response.status}`);
+            }
+            return response;
+        } catch (error) {
+            console.warn(`Attempt ${attempt} failed. Error: ${error.message}`);
+            const delay = Math.min(2 ** attempt * initialDelay, 10000); // Limit max delay to 10 seconds
+            await new Promise(resolve => setTimeout(resolve, delay));
+            attempt++;
+            retries--;
+        }
+    }
+    throw new Error(`Fetch failed after ${attempt} attempts.`);
+}
+
 (async function main() {
     // You can use await inside this function block
     try {
-        const res = await fetch(`${actionsUrl}&audience=octo-sts.dev`, { headers: { 'Authorization': `Bearer ${actionsToken}` } });
+        const res = await fetchWithRetry(`${actionsUrl}&audience=octo-sts.dev`, { headers: { 'Authorization': `Bearer ${actionsToken}` } }, 5);
         const json = await res.json();
-        const res2 = await fetch(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}`, { headers: { 'Authorization': `Bearer ${json.value}` } });
+        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
         const json2 = await res2.json();
 
         if (!json2.token) { console.log(`::error::${json2.message}`); process.exit(1); }

From 8630084e7d93b98d9c8fd86de9642587349cdd43 Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Sun, 17 Mar 2024 09:32:45 -0400
Subject: [PATCH 2/7] nvm we don't get presubmit tests

Signed-off-by: Jason Hall <jason@chainguard.dev>
---
 .github/workflows/use-action.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/use-action.yaml b/.github/workflows/use-action.yaml
index 8fff84d..1fa3d96 100644
--- a/.github/workflows/use-action.yaml
+++ b/.github/workflows/use-action.yaml
@@ -18,7 +18,7 @@ jobs:
         uses: octo-sts/action@main
         with:
           scope: octo-sts/action
-          identity: use-action-this-should-fail
+          identity: use-action
 
       - uses: actions/checkout@v4
       - env:

From 5e6d5ee74e21a0bdfd0c1fe1f773a7bccff4898f Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Mon, 18 Mar 2024 15:10:12 -0400
Subject: [PATCH 3/7] Update index.js

Signed-off-by: Jason Hall <jason@chainguard.dev>
---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 8a62e1a..c125b98 100644
--- a/index.js
+++ b/index.js
@@ -39,7 +39,7 @@ async function fetchWithRetry(url, options = {}, retries = 3, initialDelay = 100
     try {
         const res = await fetchWithRetry(`${actionsUrl}&audience=octo-sts.dev`, { headers: { 'Authorization': `Bearer ${actionsToken}` } }, 5);
         const json = await res.json();
-        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
+        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}-this-should-fail`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
         const json2 = await res2.json();
 
         if (!json2.token) { console.log(`::error::${json2.message}`); process.exit(1); }

From 9603657c72a8dbace7129b167a6dead989e4c85a Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Mon, 18 Mar 2024 15:11:44 -0400
Subject: [PATCH 4/7] Update index.js

Signed-off-by: Jason Hall <jason@chainguard.dev>
---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index c125b98..8a62e1a 100644
--- a/index.js
+++ b/index.js
@@ -39,7 +39,7 @@ async function fetchWithRetry(url, options = {}, retries = 3, initialDelay = 100
     try {
         const res = await fetchWithRetry(`${actionsUrl}&audience=octo-sts.dev`, { headers: { 'Authorization': `Bearer ${actionsToken}` } }, 5);
         const json = await res.json();
-        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}-this-should-fail`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
+        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
         const json2 = await res2.json();
 
         if (!json2.token) { console.log(`::error::${json2.message}`); process.exit(1); }

From c88f61daad420f9ec53aa450e2bf9eae7b6b057b Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Mon, 18 Mar 2024 15:52:28 -0400
Subject: [PATCH 5/7] Update index.js

Signed-off-by: Jason Hall <jason@chainguard.dev>
---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 8a62e1a..c125b98 100644
--- a/index.js
+++ b/index.js
@@ -39,7 +39,7 @@ async function fetchWithRetry(url, options = {}, retries = 3, initialDelay = 100
     try {
         const res = await fetchWithRetry(`${actionsUrl}&audience=octo-sts.dev`, { headers: { 'Authorization': `Bearer ${actionsToken}` } }, 5);
         const json = await res.json();
-        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
+        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}-this-should-fail`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
         const json2 = await res2.json();
 
         if (!json2.token) { console.log(`::error::${json2.message}`); process.exit(1); }

From e13054f5af69139477ea8f84fa50c3e1cb00327b Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Mon, 18 Mar 2024 16:02:15 -0400
Subject: [PATCH 6/7] Update index.js

Signed-off-by: Jason Hall <jason@chainguard.dev>
---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index c125b98..bd25dae 100644
--- a/index.js
+++ b/index.js
@@ -39,7 +39,7 @@ async function fetchWithRetry(url, options = {}, retries = 3, initialDelay = 100
     try {
         const res = await fetchWithRetry(`${actionsUrl}&audience=octo-sts.dev`, { headers: { 'Authorization': `Bearer ${actionsToken}` } }, 5);
         const json = await res.json();
-        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}-this-should-fail`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
+        const res2 = await fetchWithRetry(`this-should-fail`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
         const json2 = await res2.json();
 
         if (!json2.token) { console.log(`::error::${json2.message}`); process.exit(1); }

From 982e7f5e0803c16173051e38d529001742433fd4 Mon Sep 17 00:00:00 2001
From: Jason Hall <jason@chainguard.dev>
Date: Mon, 18 Mar 2024 16:31:50 -0400
Subject: [PATCH 7/7] Update index.js

Signed-off-by: Jason Hall <jason@chainguard.dev>
---
 index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.js b/index.js
index bd25dae..f98527e 100644
--- a/index.js
+++ b/index.js
@@ -39,7 +39,7 @@ async function fetchWithRetry(url, options = {}, retries = 3, initialDelay = 100
     try {
         const res = await fetchWithRetry(`${actionsUrl}&audience=octo-sts.dev`, { headers: { 'Authorization': `Bearer ${actionsToken}` } }, 5);
         const json = await res.json();
-        const res2 = await fetchWithRetry(`this-should-fail`, { headers: { 'Authorization': `Bearer ${json.value}` } }, 5);
+        const res2 = await fetchWithRetry(`https://octo-sts.dev/sts/exchange?scope=${scope}&identity=${identity}`, { headers: { 'Authorization': `Bearer ${json.value}` } });
         const json2 = await res2.json();
 
         if (!json2.token) { console.log(`::error::${json2.message}`); process.exit(1); }