Add retry logic for transient login failures

Adds configurable retry mechanism with basic exponential backoff to handle intermittent failures when authenticating to container registries, particularly GCP (GAR/GCR) where I'm seeing errors intermittently. - Add retry-attempts input (default: 0 for backward compatibility, making it opt in) - Add retry-delay input (default: 5000ms) - Implement exponential backoff retry logic in docker login - Chose to just write a simple retry function vs. going with a library - Retry all errors except 5xxs - I'm seeing intermittent 401 failures - Add tests for retry behavior - Update README with new input parameters Signed-off-by: Naush Korai <naush.korai@mixpanel.com>
2026-03-19 20:20:27 +08:00 · 2026-01-30 13:32:24 -05:00 · 2026-01-30 13:32:24 -05:00 · 47690b2d19
commit 47690b2d19
parent 3227f5311c
7 changed files with 201 additions and 32 deletions
--- a/README.md
+++ b/README.md
@ -618,15 +618,17 @@ credentials, while authenticated access is used only to push `myorg/myimage`.

 The following inputs can be used as `step.with` keys:

-| Name            | Type   | Default     | Description                                                                   |
-|-----------------|--------|-------------|-------------------------------------------------------------------------------|
-| `registry`      | String | `docker.io` | Server address of Docker registry. If not set then will default to Docker Hub |
-| `username`      | String |             | Username for authenticating to the Docker registry                            |
-| `password`      | String |             | Password or personal access token for authenticating the Docker registry      |
-| `scope`         | String |             | Scope for the authentication token                                            |
-| `ecr`           | String | `auto`      | Specifies whether the given registry is ECR (`auto`, `true` or `false`)       |
-| `logout`        | Bool   | `true`      | Log out from the Docker registry at the end of a job                          |
-| `registry-auth` | YAML   |             | Raw authentication to registries, defined as YAML objects                     |
+| Name             | Type   | Default     | Description                                                                   |
+|------------------|--------|-------------|-------------------------------------------------------------------------------|
+| `registry`       | String | `docker.io` | Server address of Docker registry. If not set then will default to Docker Hub |
+| `username`       | String |             | Username for authenticating to the Docker registry                            |
+| `password`       | String |             | Password or personal access token for authenticating the Docker registry      |
+| `scope`          | String |             | Scope for the authentication token                                            |
+| `ecr`            | String | `auto`      | Specifies whether the given registry is ECR (`auto`, `true` or `false`)       |
+| `logout`         | Bool   | `true`      | Log out from the Docker registry at the end of a job                          |
+| `registry-auth`  | YAML   |             | Raw authentication to registries, defined as YAML objects                     |
+| `retry-attempts` | Number | `0`         | Number of retry attempts for transient failures                               |
+| `retry-delay`    | Number | `5000`      | Delay between retries in milliseconds (uses exponential backoff)              |

 > [!NOTE]
 > The `registry-auth` input cannot be used with other inputs except `logout`.