feat: add retry logic pipeline

[mgreau]

Melange Pull Request Template

This PR is a copy of chainguard-dev#2300 for testing the code-reviewer CLI.

Functional Changes

• This change can build all of Wolfi without errors (describe results in notes)

Notes:

SCA Changes

• Examining several representative APKs show no regression / the desired effect (details in notes)

Notes:

Linter

• The new check is clean across Wolfi
• The new check is opt-in or a warning

Notes:

[mgreau]

The retry logic pipeline feature is well-implemented overall with good documentation and test coverage. However, there are a few issues that should be addressed: a potential integer overflow in the exponential backoff calculation for high attempt numbers, a missing context parameter in a logging call, and a minor inconsistency in validation behavior.

[mgreau]

The PR adds a well-documented retry logic feature for pipelines with configurable backoff strategies. However, there are a few issues that should be addressed:

1. Potential integer overflow in exponential backoff calculation - The bit shift operation can overflow with high attempt numbers.

2. Interactive debug mode triggers on every retry attempt - The documentation states debug prompts should only appear on final failure, but the current implementation will trigger debug on every failed attempt since maybeDebug is called inside runPipeline before retry logic can intercept it.

3. Missing context in clog.Warnf call - The warning for high retry attempts uses clog.Warnf without a context parameter.

The implementation includes good test coverage, comprehensive documentation, and proper validation of retry configuration.

[mgreau]

ERROR: Potential integer overflow in exponential backoff calculation. When attemptNum is >= 63 on 64-bit systems (or >= 31 on 32-bit), the bit shift 1 << attemptNum will overflow. While validation warns at 10 attempts, the function should protect against this edge case.

Suggested change

	multiplier := 1 << attemptNum
	delay = time.Duration(multiplier) * initialDelay
	default:
	// Default to exponential
	multiplier := 1 << attemptNum
	delay = time.Duration(multiplier) * initialDelay
	}
	return min(delay, maxDelay)
	}
	// calculateBackoff calculates the backoff delay for a given retry attempt.
	func calculateBackoff(strategy string, attemptNum int, initialDelay, maxDelay time.Duration) time.Duration {
	var delay time.Duration
	switch strategy {
	case "constant":
	delay = initialDelay
	case "linear":
	delay = time.Duration(attemptNum+1) * initialDelay
	case "exponential":
	// 2^attemptNum * initialDelay, with overflow protection
	if attemptNum >= 62 {
	delay = maxDelay
	} else {
	multiplier := 1 << attemptNum
	delay = time.Duration(multiplier) * initialDelay
	}
	default:
	// Default to exponential
	if attemptNum >= 62 {
	delay = maxDelay
	} else {
	multiplier := 1 << attemptNum
	delay = time.Duration(multiplier) * initialDelay
	}
	}
	return min(delay, maxDelay)
	}

[mgreau]

ERROR: The clog.Warnf function is called without a context parameter. This may not work correctly depending on how clog is configured. The function should either accept a context parameter or use a context-aware logging approach.

Suggested change

	clog.Warnf("retry attempts set to %d, which may cause long build times", retry.Attempts)
	}
	// Validate backoff strategy
	if retry.Attempts > 10 {
	// This is just a warning - validation still passes
	// Note: Using fmt.Printf as we don't have context here; consider passing ctx to this function
	fmt.Fprintf(os.Stderr, "warning: retry attempts set to %d, which may cause long build times\n", retry.Attempts)
	}