add a retry to retrieve the CIRCLE_OIDC_TOKEN if it doesn't exist in … (#221)

* add a retry to retrieve the CIRCLE_OIDC_TOKEN if it doesn't exist in the job

* Update orbs and shellcheck for bash

---------

Co-authored-by: marboledacci <[email protected]>

Author: imlogang

.circleci/config.yml

@@ -1,8 +1,8 @@
 version: 2.1
 setup: true
 orbs:
-  orb-tools: circleci/orb-tools@12.2
-  shellcheck: circleci/shellcheck@3.2
+  orb-tools: circleci/orb-tools@12.3.1
+  shellcheck: circleci/shellcheck@3.4
 
 filters: &filters
   tags:
@@ -18,6 +18,7 @@ workflows:
       - orb-tools/review:
           filters: *filters
       - shellcheck/check:
+          shell: bash
           filters: *filters
       - orb-tools/continue:
           orb_name: aws-cli

.circleci/test-deploy.yml

@@ -1,6 +1,6 @@
 version: 2.1
 orbs:
-  orb-tools: circleci/orb-tools@12.0
+  orb-tools: circleci/orb-tools@12.3.1
   aws-cli: {}
 filters: &filters
   tags:

src/scripts/assume_role_with_web_identity.sh

@@ -14,8 +14,20 @@ if [ -z "${AWS_CLI_STR_ROLE_SESSION_NAME}" ]; then
     exit 1
 fi
 
-if [ -z "${CIRCLE_OIDC_TOKEN_V2}" ]; then
-    echo "OIDC Token cannot be found."
+if [ -z "${CIRCLE_OIDC_TOKEN_V2}" ] || [ -z "${CIRCLE_OIDC_TOKEN}" ]; then
+    for i in {1..3}; do
+        echo "Attempt $i: Checking OIDC tokens"
+        CIRCLE_OIDC_TOKEN=$(circleci run oidc get --claims "{\"aud\":\"${CIRCLE_ORGANIZATION_ID}\"}")
+        if [ -n "$CIRCLE_OIDC_TOKEN" ] || [ -n "$CIRCLE_OIDC_TOKEN_V2" ]; then
+            echo "Successfully set CIRCLE_OIDC_TOKEN"
+            echo 'export CIRCLE_OIDC_TOKEN="'"$CIRCLE_OIDC_TOKEN"'"' >> "$BASH_ENV"
+            echo 'export CIRCLE_OIDC_TOKEN_V2="'"$CIRCLE_OIDC_TOKEN"'"' >> "$BASH_ENV"
+            exit 0
+        fi
+        echo "Waiting 1 second before retry"
+        sleep 1
+    done
+    echo "Failed to set CIRCLE_OIDC_TOKEN_V2 after 3 attempts"
     exit 1
 fi