Make Amplify GitHub app more robust with the use of installation access tokens #4080
Description
Before opening, please confirm:
- I have checked to see if my question is addressed in the FAQ.
- I have searched for duplicate or closed issues.
- I have removed any sensitive information from my code snippets and submission.
Amplify Hosting feature
Git providers, Access control
Is your feature request related to a problem? Please describe:
We are experiencing intermittent authentication failures when AWS Amplify attempts to clone our repository using the AWS Amplify GitHub App. The builds fail with: remote: Repository not found. CustomerError: Unable to clone repository due to user error code: 128
This issue is transient; a failed build is often followed by a successful build minutes later with no configuration changes.
After opening an AWS support case the conclusion was:
Token Generation: Amplify successfully generates a new installation access token from the GitHub App for every build. docs
After opening a GitHub support case the conclusion was:
When you create a token, this needs to be replicated to all of our edge cache sites to be usable on them. As we've been expanding our network of edge caches to improve performance and support more users, we've seen more traffic served from edge caches than previously, which would explain why this is a new error. Our engineering teams are investigating options to return the current replication delay when creating a token, but this isn't generally available yet and I can't promise if or when it will be.
Describe how you'd like this feature to work
GitHub's support recommendation:
I recommend waiting a few seconds after creating a new token, then implementing retry logic so if you receive an error, you retry once or twice after an increasing timeframe (I've seen three seconds initially, then retrying after ten work well for some customers – an additional retry at 30 seconds would catch the very rare case where the token wasn't yet replicated at ten seconds).