refactor: extract shared OIDC refresh/sleep utilities#2811
Merged
Conversation
Extract duplicated _scheduleRefresh() and _sleep() methods from AwsOidcTokenProvider and GcpOidcTokenProvider into shared oidc-refresh-utils.js module. The shared scheduleRefresh() function accepts a provider prefix parameter to preserve provider-specific log event names (aws_oidc_refresh_success vs gcp_oidc_refresh_success). Both providers now delegate to the shared implementation while keeping thin wrapper methods for backward compatibility. Closes #2787 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
✅ Coverage Check PassedOverall Coverage
📁 Per-file Coverage Changes (1 files)
Coverage comparison generated by |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors the api-proxy OIDC token providers by extracting duplicated refresh scheduling and sleep logic from the AWS and GCP OIDC providers into a shared utility module, while preserving provider-specific log event names.
Changes:
- Added
containers/api-proxy/oidc-refresh-utils.jswith sharedscheduleRefresh()andsleep()utilities. - Updated
AwsOidcTokenProviderandGcpOidcTokenProviderto delegate_scheduleRefresh()and_sleep()to the shared utilities. - Kept provider-specific logging semantics via a
providerPrefixparameter.
Show a summary per file
| File | Description |
|---|---|
| containers/api-proxy/oidc-refresh-utils.js | Introduces shared refresh timer scheduling + sleep helper, including provider-prefixed logging. |
| containers/api-proxy/aws-oidc-token-provider.js | Replaces inline refresh scheduling/sleep with shared utility calls. |
| containers/api-proxy/gcp-oidc-token-provider.js | Replaces inline refresh scheduling/sleep with shared utility calls. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 3/3 changed files
- Comments generated: 0
Contributor
Smoke Test Results ✅Last 2 Merged PRs:
Tests:
Status: PASS
|
Contributor
🔥 Smoke Test: Copilot BYOK (Offline) Mode
Running in BYOK offline mode ( PR author: @lpcox | Reviewers: Overall: PARTIAL — BYOK inference ✅, pre-step outputs not injected (template vars unexpanded)
|
Closed
Contributor
🔍 Smoke Test Results
PR: refactor: extract shared OIDC refresh/sleep utilities Overall:
|
Contributor
Smoke Test: FAIL
Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "registry.npmjs.org"See Network Configuration for more information.
|
Contributor
Chroot Smoke Test Results
Overall: ❌ Not all versions match. Go versions are aligned, but Python and Node.js differ between host and chroot. This may indicate the chroot environment is using system-installed runtimes (Ubuntu 22.04 defaults) rather than the host's newer versions.
|
Contributor
🏗️ Build Test Suite Results
Overall: 8/8 ecosystems passed — ✅ PASS
|
Contributor
Smoke Test: GitHub Actions Services Connectivity
Overall: FAIL —
|
lpcox
added a commit
that referenced
this pull request
May 11, 2026
The OIDC refactoring PRs (#2811, #2772, #2887) added new JS modules (github-oidc.js, aws-oidc-token-provider.js, gcp-oidc-token-provider.js, oidc-refresh-utils.js) but did not update the Dockerfile COPY command. This caused the api-proxy container to crash immediately on startup with exit code 1 (Cannot find module './github-oidc'), breaking all integration tests since commit 7c25298. Fixes the api-proxy container startup crash that has been failing all integration test runs on main since 2026-05-11T15:45Z. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
lpcox
added a commit
that referenced
this pull request
May 11, 2026
… retry handling (#2895) * Initial plan * fix: reduce pid-tracker public API surface * docs: fix stale pid tracker jsdoc * fix: retry api-proxy startup when compose reports exited (1) Agent-Logs-Url: https://github.com/github/gh-aw-firewall/sessions/fcf2b573-5256-4c69-8f65-0a79431bd838 * fix(api-proxy): add missing JS modules to Dockerfile COPY The OIDC refactoring PRs (#2811, #2772, #2887) added new JS modules (github-oidc.js, aws-oidc-token-provider.js, gcp-oidc-token-provider.js, oidc-refresh-utils.js) but did not update the Dockerfile COPY command. This caused the api-proxy container to crash immediately on startup with exit code 1 (Cannot find module './github-oidc'), breaking all integration tests since commit 7c25298. Fixes the api-proxy container startup crash that has been failing all integration test runs on main since 2026-05-11T15:45Z. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * test: restore missing pid-tracker test cases for coverage Add back tests for malformed /proc/net/tcp rows and non-symlink file descriptors that were removed when the async trackPidForPort was dropped. These paths are still exercised in production via trackPidForPortSync and need coverage. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Landon Cox <landon.cox@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extracts duplicated
_scheduleRefresh()and_sleep()methods fromAwsOidcTokenProviderandGcpOidcTokenProviderinto a sharedoidc-refresh-utils.jsmodule.Problem
Both OIDC token providers had identical 20-line
_scheduleRefresh()methods and 2-line_sleep()helpers, differing only in provider-specific log event names.Solution
New
containers/api-proxy/oidc-refresh-utils.jsexports:scheduleRefresh(state, delayMs, refreshFn, providerPrefix)— shared scheduling with provider-specific log eventssleep(ms)— shared sleep helperBoth providers now delegate to the shared implementation through thin wrapper methods.
Verification
Closes #2787