[terraform] Update retry logic to handle DNS-related errors more grac…

…efully (#713) * [terraform] Update retry logic - Add `dnsutils` package to dependencies - Update retry logic to handle DNS-related errors more gracefully * Update install.sh * Bump version
devcontainers · Oct 4, 2023 · 90a9b1d · 90a9b1d
1 parent c3f9105
commit 90a9b1d
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/src/terraform/devcontainer-feature.json b/src/terraform/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "terraform",
-    "version": "1.3.4",
+    "version": "1.3.5",
     "name": "Terraform, tflint, and TFGrunt",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/terraform",
     "description": "Installs the Terraform CLI and optionally TFLint and Terragrunt. Auto-detects latest version and installs needed dependencies.",

diff --git a/src/terraform/install.sh b/src/terraform/install.sh
@@ -77,6 +77,25 @@ receive_gpg_keys() {
             sleep 10s
         fi
     done
+
+    # If all attempts fail, try getting the keyserver IP address and explicitly passing it to gpg
+    if [ "${gpg_ok}" = "false" ]; then
+        retry_count=0;
+        echo "(*) Resolving GPG keyserver IP address..."
+        local keyserver_ip_address=$( dig +short keyserver.ubuntu.com | head -n1 )
+        echo "(*) GPG keyserver IP address $keyserver_ip_address"
+
+        until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "3" ]; 
+        do
+            echo "(*) Downloading GPG key..."
+            ( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys --keyserver ${keyserver_ip_address}) 2>&1 && gpg_ok="true"
+            if [ "${gpg_ok}" != "true" ]; then
+                echo "(*) Failed getting key, retring in 10s..."
+                (( retry_count++ ))
+                sleep 10s
+            fi
+        done
+    fi
     set -e
     if [ "${gpg_ok}" = "false" ]; then
         echo "(!) Failed to get gpg key."
@@ -183,7 +202,7 @@ ensure_cosign() {
 export DEBIAN_FRONTEND=noninteractive
 
 # Install dependencies if missing
-check_packages curl ca-certificates gnupg2 dirmngr coreutils unzip
+check_packages curl ca-certificates gnupg2 dirmngr coreutils unzip dnsutils
 if ! type git > /dev/null 2>&1; then
     check_packages git
 fi