Skip to content

fix: Check if token is expired#49

Merged
aleksanderaleksic merged 2 commits into
mainfrom
check-if-token-is-expired
Oct 30, 2025
Merged

fix: Check if token is expired#49
aleksanderaleksic merged 2 commits into
mainfrom
check-if-token-is-expired

Conversation

@aleksanderaleksic
Copy link
Copy Markdown
Contributor

@aleksanderaleksic aleksanderaleksic commented Oct 30, 2025

No description provided.

Copilot AI review requested due to automatic review settings October 30, 2025 12:27
Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds logic to skip unnecessary GitHub token regeneration when the existing token is still valid. The controller now checks if a managed secret's token is still valid (based on expiry time and refresh interval) before generating a new installation token, improving efficiency by avoiding redundant API calls to GitHub.

Key Changes:

  • Added token validity check before regeneration in the reconciliation loop
  • Returns early with appropriate requeue timing when token is still valid
  • Added comprehensive test coverage for the new token validity check behavior

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
controllers/gitrepository_controller.go Implements token validity check logic to skip regeneration when token hasn't expired beyond refresh threshold
controllers/gitrepository_controller_test.go Adds test case verifying that reconciliation skips token regeneration when existing token is valid

Comment thread controllers/gitrepository_controller.go
Comment on lines +101 to +116
// Check if existing secret has a valid token
existingSecret, err := r.secretManager.GetSecret(ctx, secretNamespace, secretName)
if err == nil && r.secretManager.IsSecretManagedByController(existingSecret) {
expiry, err := r.secretManager.GetTokenExpiry(existingSecret)
if err == nil {
refreshThreshold := r.Config.TokenRefresh.RefreshInterval
if time.Until(expiry) > refreshThreshold {
logger.V(1).Info("Token still valid, skipping regeneration", "expiresAt", expiry)
// Schedule token refresh as usual
if err := r.refreshManager.ScheduleRefresh(ctx, secretNamespace, secretName, gitRepo.Spec.URL); err != nil {
logger.Error(err, "Failed to schedule token refresh")
}
return ctrl.Result{RequeueAfter: time.Until(expiry) - 5*time.Minute}, nil
}
}
}
Copy link

Copilot AI Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable name 'err' is shadowed three times in nested scopes (lines 102, 104, 110), which reduces code clarity and makes it harder to track which error is being referenced. Consider using distinct variable names like 'getSecretErr', 'expiryErr', and 'scheduleErr' for better readability.

Copilot uses AI. Check for mistakes.
@aleksanderaleksic aleksanderaleksic merged commit 6e14dfe into main Oct 30, 2025
3 checks passed
@aleksanderaleksic aleksanderaleksic deleted the check-if-token-is-expired branch October 30, 2025 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aleksanderaleksic