dockersrc/go
1
0
Fork 0
mirror of https://github.com/dockersrc/go synced 2026-06-24 14:01:08 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

🐛 Retry GitHub API calls on rate-limit 403s during build 🐛

Browse Source 
Parallel multi-platform builds (amd64 + arm64) fire ~14 unauthenticated
GitHub API calls concurrently — well over the 60 req/hr limit — causing
05-custom.sh to fail with a 403 on dominikh/go-tools (staticcheck).
Fix: _gh_latest now retries up to 3 times with a 60-second delay on
failure before giving up. A GITHUB_TOKEN build arg is also wired through
to the build stage ENV so callers can pass --build-arg GITHUB_TOKEN=$(gh
auth token) to raise the limit to 5000 req/hr and avoid the delay.
- Dockerfile: add ARG GITHUB_TOKEN="" and ENV GITHUB_TOKEN in build stage
- rootfs/root/docker/setup/05-custom.sh: retry loop (3 attempts, 60s backoff) in _gh_latest

Dockerfile
rootfs/root/docker/setup/05-custom.sh
This commit is contained in:
Jason Hempstead
2026-06-21 19:07:39 -04:00
parent db16b0807b
commit 0da1792871
2 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rootfs/root/docker/setup/05-custom.sh
+18 -9
View File
@@ -41,20 +41,29 @@ GOCACHE_BUILD="/tmp/go-build-cache"
# - - - - - - - - - - - - - - - - - - - - - - - - -
# Helpers
# Return the latest release tag from GitHub; exits 1 if the version cannot be resolved
# Return the latest release tag from GitHub; retries up to 3 times on transient errors
# (rate-limit 403s are common in parallel multi-platform builds without a token).
# Set GITHUB_TOKEN to raise the authenticated rate limit (5000 req/hr vs 60 req/hr).
_gh_latest() {
local repo="$1"
local filter="${2:-.tag_name}"
local auth_header=""
[ -n "${GITHUB_TOKEN:-}" ] && auth_header="-H Authorization: token ${GITHUB_TOKEN}"
# shellcheck disable=SC2206
local ver
ver="$(curl -fsSL ${auth_header:+$auth_header} "https://api.github.com/repos/${repo}/releases/latest" | jq -r "${filter}")"
if [ -z "$ver" ] || [ "$ver" = "null" ]; then
echo "ERROR: could not resolve latest version for ${repo}" >&2
exit 1
fi
echo "$ver"
local ver attempt
for attempt in 1 2 3; do
# shellcheck disable=SC2206
ver="$(curl -fsSL ${auth_header:+$auth_header} "https://api.github.com/repos/${repo}/releases/latest" | jq -r "${filter}")"
if [ -n "$ver" ] && [ "$ver" != "null" ]; then
echo "$ver"
return 0
fi
if [ "$attempt" -lt 3 ]; then
echo " rate-limited on ${repo} (attempt ${attempt}/3) — retrying in 60s..." >&2
sleep 60
fi
done
echo "ERROR: could not resolve latest version for ${repo} after 3 attempts" >&2
exit 1
}
# Download a tar.gz asset, find a named binary anywhere inside, install to GOBIN_DIR