Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Retry mechanism for 403 errors agaist Github ID Token API #469

Closed
jkroepke opened this issue Jul 7, 2022 · 5 comments
Closed

Retry mechanism for 403 errors agaist Github ID Token API #469

jkroepke opened this issue Jul 7, 2022 · 5 comments
Labels
bug Something isn't working effort/medium This issue will take a few days of effort to fix p2

Comments

@jkroepke
Copy link

jkroepke commented Jul 7, 2022

If concurrency groups are enabled for tasks, jobs are getting in Pending state.

Since the aws-actions/configure-aws-credentials is one of the first actions, the action would instantly tries to call the Github ID Token Endpoint.

Sometimes, the Github API raises an error like

Error: Error message: Failed to get ID Token. 
        Error Code : 403
        Error Message: Can't issue ID_TOKEN for job in 'Pending' state.

which is not true.

It seems like a race condition on GitHub site. Retrying the request in 1 or 2 seconds would resolve this error until the error is fixed on GitHub site.
@peterwoodworth peterwoodworth added the needs-triage This issue still needs to be triaged label Oct 1, 2022
@neptune19821220
Copy link

We met the same issue.
We use matrix to create multiple similar jobs.
The job failed occasionally and got a error msg.
Error Message: Can't issue ID_TOKEN for job in 'Delayed' state.

@gustavovalverde gustavovalverde mentioned this issue Jan 17, 2023
Closed
@adamnoll
Copy link

Same issue here. We are occasionally getting this error as well.

@peterwoodworth peterwoodworth added p1 effort/medium This issue will take a few days of effort to fix bug Something isn't working and removed needs-triage This issue still needs to be triaged labels Feb 21, 2023
@nikkocampbell nikkocampbell mentioned this issue Apr 11, 2023
Merged
3 tasks
@peterwoodworth peterwoodworth added p2 and removed p1 labels May 11, 2023
@nsheaps
Copy link

nsheaps commented Jul 6, 2023
edited
Loading

We also get this from time to time in our CI workflows. AWS Support suggested retrying, but I would love to know if that retry mechanism could be built into the action itself until github addresses the instability on their side, since retrying at the workflow/job level is unnecessarily and increases costs.

For what it's worth, this was support's response (since it includes details that are not in this support thread, bolding added by me):

The aws-actions/configure-aws-credentials action first fetches a JWT from the GitHub OIDC provider, and then requests an access token from AWS. For the above error, it happens when the job tries to get JWT from GitHub OIDC provider but GitHub returns an error as the job status is Pending (viewed by GitHub). The configure-aws-credentials action receives the error and then fails the job.

It is the same as the open issue https://github.com/aws-actions/configure-aws-credentials/issues/469 but there is no formal solution yet. I think the followings can be considered:

  1. Retry the request when the job has failed.
  2. As the error is returned from the GitHub token endpoint, please reach out to GitHub support to see if there is a fix or workaround that can help to remediate the issue.

@peterwoodworth
Copy link
Contributor

v3 should now retry when the github token creation fails

@github-actions
Copy link

** Note **
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@klemmster klemmster mentioned this issue Feb 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working effort/medium This issue will take a few days of effort to fix p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nsheaps @jkroepke @adamnoll @peterwoodworth @neptune19821220