feat(github): implement GitHub API client foundation #101
@@ -190,6 +190,9 @@ func (c *Client) doRequest(ctx context.Context, method, reqURL string, accept st
|
||||
const maxAttempts = 3
|
||||
const maxRetryAfter = 120 * time.Second
|
||||
|
||||
// backoff holds per-attempt delays: backoff[i] is the delay before attempt i+1.
|
||||
// Length must be maxAttempts-1 (one entry per retry gap). Panic early on misconfiguration
|
||||
|
|
||||
// so a maxAttempts change without a matching backoff update is caught in tests, not production.
|
||||
var backoff []time.Duration
|
||||
if c.retryBackoff != nil {
|
||||
sonnet-review-bot
commented
[MINOR] The panic on backoff length mismatch is a deliberate 'catch misconfiguration in tests' guard, but panicking in a library function violates the repo convention ('Return errors; never panic'). The comment justifies it as a programming error caught early, but it means any test that calls SetRetryBackoff with the wrong length (e.g., during future refactoring that changes maxAttempts) will panic rather than getting a useful error. Consider returning an error from doRequest or validating at SetRetryBackoff time instead. **[MINOR]** The panic on backoff length mismatch is a deliberate 'catch misconfiguration in tests' guard, but panicking in a library function violates the repo convention ('Return errors; never panic'). The comment justifies it as a programming error caught early, but it means any test that calls SetRetryBackoff with the wrong length (e.g., during future refactoring that changes maxAttempts) will panic rather than getting a useful error. Consider returning an error from doRequest or validating at SetRetryBackoff time instead.
|
||||
backoff = make([]time.Duration, len(c.retryBackoff))
|
||||
@@ -197,6 +200,9 @@ func (c *Client) doRequest(ctx context.Context, method, reqURL string, accept st
|
||||
} else {
|
||||
|
sonnet-review-bot
commented
[NIT] The **[NIT]** The `defaultBackoff` local variable is declared but serves only as a template for the else branch. The variable name and the copy-pattern are fine, but it could be simplified slightly: the `if c.retryBackoff != nil && len(c.retryBackoff) == maxRetryAttempts-1` guard duplicates the invariant already enforced by `SetRetryBackoff`. A comment noting that the length check here is a defensive guard against direct struct construction (bypassing the setter) would clarify the intent.
|
||||
backoff = []time.Duration{1 * time.Second, 2 * time.Second}
|
||||
}
|
||||
if len(backoff) != maxAttempts-1 {
|
||||
rodin
commented
Fixed. Added a panic guard ensuring Fixed. Added a panic guard ensuring `len(backoff) == maxAttempts-1`. If someone changes `maxAttempts` without updating the default backoff, this fires immediately in tests rather than silently producing incorrect retry behavior.
|
||||
panic(fmt.Sprintf("github: backoff length %d does not match maxAttempts-1 (%d)", len(backoff), maxAttempts-1))
|
||||
|
security-review-bot marked this conversation as resolved
Outdated
[MINOR] doRequest panics if the computed backoff length doesn't match maxAttempts-1. While intended to catch misconfiguration in tests, panics can crash the process and create a denial-of-service if this method is misused in production. Prefer returning an error or falling back to a safe default to avoid process termination. **[MINOR]** doRequest panics if the computed backoff length doesn't match maxAttempts-1. While intended to catch misconfiguration in tests, panics can crash the process and create a denial-of-service if this method is misused in production. Prefer returning an error or falling back to a safe default to avoid process termination.
|
||||
}
|
||||
|
||||
// maxErrorBodyBytes limits how much of an error response body is stored.
|
||||
// Kept small (4 KiB) to reduce the risk of sensitive data leakage if callers
|
||||
@@ -255,6 +261,10 @@ func (c *Client) doRequest(ctx context.Context, method, reqURL string, accept st
|
||||
return nil, fmt.Errorf("do request: %w", err)
|
||||
}
|
||||
|
||||
// Capture response metadata before handleResponse takes body ownership.
|
||||
|
rodin
commented
Fixed. Now capturing Fixed. Now capturing `resp.StatusCode` and `Retry-After` header into local variables *before* calling `handleResponse`, making the ownership transfer explicit. The caller no longer touches `resp` after handing it off.
|
||||
respStatus := resp.StatusCode
|
||||
retryAfterHeader := resp.Header.Get("Retry-After")
|
||||
|
||||
body, done, err := c.handleResponse(resp, maxResponseBytes, maxErrorBodyBytes)
|
||||
if done {
|
||||
return body, err
|
||||
@@ -262,10 +272,10 @@ func (c *Client) doRequest(ctx context.Context, method, reqURL string, accept st
|
||||
lastErr = err
|
||||
|
||||
// Retry on 429 rate limit
|
||||
if resp.StatusCode == http.StatusTooManyRequests && attempt < maxAttempts-1 {
|
||||
if respStatus == http.StatusTooManyRequests && attempt < maxAttempts-1 {
|
||||
// Check for Retry-After header and override backoff if present.
|
||||
// Supports both integer seconds (common) and HTTP-date format (RFC 7231).
|
||||
gpt-review-bot
commented
[MINOR] The error message references "(truncated)" for oversized success responses, but the function returns an error without returning a truncated body. Consider rewording to avoid implying truncated data was returned. **[MINOR]** The error message references "(truncated)" for oversized success responses, but the function returns an error without returning a truncated body. Consider rewording to avoid implying truncated data was returned.
|
||||
if ra := resp.Header.Get("Retry-After"); ra != "" {
|
||||
if ra := retryAfterHeader; ra != "" {
|
||||
if seconds, err := strconv.Atoi(ra); err == nil && seconds > 0 {
|
||||
delay := time.Duration(seconds) * time.Second
|
||||
if delay > maxRetryAfter {
|
||||
|
||||
[NIT] Calling timer.Stop after the timer has already fired is unnecessary. It’s harmless but can be removed for clarity.