Skip to content

Update fork base to v0.7.8 to add RateLimitLinearJitterBackoff #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
liorschach merged 19 commits into from
Jan 5, 2026
Merged

Update fork base to v0.7.8 to add RateLimitLinearJitterBackoff #6

liorschach merged 19 commits into from
Jan 5, 2026

Conversation

@liorschach
Copy link

@liorschach liorschach commented Jan 5, 2026
edited
Loading

Summary

  • Updates the fork base from v0.7.8 (upstream) to include RateLimitLinearJitterBackoff function
  • Cherry-picks all existing wiz-specific changes on top of v0.7.8

Motivation

vault/api@v1.22.0 (pulled transitively by sigstore/fulcio@v1.8.3) requires RateLimitLinearJitterBackoff from go-retryablehttp v0.7.8. This function was missing in our fork based on v0.7.7, causing build failures when using go.work:

../../../go/pkg/mod/github.com/hashicorp/vault/api@v1.22.0/client.go:264:31: undefined: retryablehttp.RateLimitLinearJitterBackoff

Changes

Rebased wiz-specific commits onto upstream v0.7.8:

  • WZ-42693 - Add last status code to error message
  • WZ-42693 - Use retry after only if lower than max
  • Don't wait if needed to wait more than max time
  • PRSEC-2439 - Remove URL query when logging

What we did?

  # Add upstream remote (hashicorp's original repo)
  git remote add upstream https://github.com/hashicorp/go-retryablehttp.git

  # Fetch upstream tags
  git fetch upstream --tags

  # Create new branch from v0.7.8
  git checkout -b liroschach/WZ-64179/udpate-v0.7.8 v0.7.8

  # Cherry-pick wiz-specific commits (in order)
  git cherry-pick e6acd96  # WZ-42693 - Add last status code to error message
  git cherry-pick ad73a27  # WZ-42693 - Use retry after only if lower than max
  git cherry-pick 95c4cad  # Don't wait if needed to wait more than max time
  git cherry-pick b7c5303  # PRSEC-2439 - Remove URL query when logging

  # Verify build and tests
  go build ./...
  go test ./...

After Merge

Tag as v0.7.8-wiz-1 and update replace directives in the monorepo.

KaushikiAnand and others added 19 commits February 20, 2025 16:37
@KaushikiAnand
few changes
57872b0
@KaushikiAnand
IND-2338 workflows updated with unit test coverage and linting
df099af
@KaushikiAnand
IND-2338 few necessary changes made
cf4213f
@KaushikiAnand
IND-2338 build added to workflow
4016ddd
@KaushikiAnand
IND-2338 .golangci.yml added, file name change as suggested
a75949c
@KaushikiAnand
resolved comments
e3867e3
@KaushikiAnand
go-version matrix updated
9c1b40b
@KaushikiAnand
Merge pull request hashicorp#251 from hashicorp/build-test
a881d6c 
Build test
@hashicorp-copywrite @github-actions
[COMPLIANCE] Add Copyright and License Headers
f4d7325
@mukeshjc
Merge pull request hashicorp#254 from hashicorp/compliance/add-headers
390c1d8 
[COMPLIANCE] Add Copyright and License Headers
@Yiming1997
add comment for bodyType param in client.Post
eeac125
@KaushikiAnand
IND-3836 additions of new parameters to dependabot.yml
25b39e6
@KaushikiAnand
few new parameters added to dependabot.yml
66c110b
@KaushikiAnand
Merge pull request hashicorp#262 from hashicorp/dependabot-intge
b0cac1e 
IND-3836 additions of new parameters to dependabot.yml
@miagilepner
Add a new RateLimitLinearJitterBackoff policy
e1f5485
@dany74q @liorschach
WZ-42693 - Add last status code to error message
dbeaa31 
- Add last status code to error message
@dany74q @liorschach
WZ-42693 - Use retry after only if lower than max
73607c1 
- Use retry after only if lower than max
@AdallomRoy @liorschach
Don't wait if needed to wait more than max time
9fa3680
@adi-benz @liorschach
PRSEC-2439 Remove URL query when logging (#5)
f70c4ff 
Remove secrets from URLs when logging

We use go-retryablehttp when uploading data to presigned
URLs and retries/errors are logging the URLs.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 5, 2026
View reviewed changes
.github/workflows/pr-unit-tests.yaml
Comment on lines +8 to +37
runs-on: ubuntu-latest
strategy:
matrix:
go-version: ['1.23', '1.22']
steps:
- name: Checkout Code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Setup Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: ${{matrix.go-version}}

- name: Run golangci-lint
uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5

- name: Run unit tests and generate coverage report
run: make test

- name: Upload coverage report
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
path: coverage.out
name: Coverage-report-${{matrix.go-version}}

- name: Display coverage test
run: go tool cover -func=coverage.out

- name: Build Go
run: go build ./...

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 1 month ago

To fix the problem, the workflow should explicitly declare least-privilege GITHUB_TOKEN permissions. Since this job only checks out code, runs Go tooling, and uploads artifacts, it needs only read access to repository contents, and does not need write access to any scopes.

The best fix with no functional change is to add a permissions block with contents: read. This can be done at the workflow root (applies to all jobs) or for the specific job. Here, we will add it at the root level right after the name line to clearly restrict permissions for the entire workflow. Concretely, in .github/workflows/pr-unit-tests.yaml, insert:

permissions:
  contents: read

between the existing name: Unit tests and the on: block. No imports or additional methods are required; this is purely a YAML configuration change.

Suggested changeset 1
.github/workflows/pr-unit-tests.yaml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/pr-unit-tests.yaml b/.github/workflows/pr-unit-tests.yaml
--- a/.github/workflows/pr-unit-tests.yaml
+++ b/.github/workflows/pr-unit-tests.yaml
@@ -1,4 +1,6 @@
 name: Unit tests 
+permissions:
+  contents: read
 on:
   pull_request:
     types: ['opened', 'synchronize']
EOF
@@ -1,4 +1,6 @@
name: Unit tests
permissions:
contents: read
on:
pull_request:
types: ['opened', 'synchronize']
Copilot is powered by AI and may make mistakes. Always verify output.
@liorschach liorschach merged commit adef0b8 into master Jan 5, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dany74q dany74q dany74q approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@liorschach @dany74q @KaushikiAnand @mukeshjc @Yiming1997 @miagilepner @AdallomRoy @adi-benz