feat: fallback to "raw" endpoint for manifest when rate limit is reached

[Shegox]

Description:
This PR leverages the raw endpoint (https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json) to retrieve the golang manifest as a fallback mechanism. This allows GitHub Actions Runners, which have no API token and exceed the anonymous rate limit of 60 requests/hour/IP to still retrieve the manifest list without needing credentials.
This is especially helpful for GitHub Enterprise Server and self-hosted runners, as there multiple runners might share the same IP-address and quickly exceed the available rate limit. Supplying an access token for github.com is cumbersome, as it requires another technical user and the secret isn't exposed to forks, preventing builds from forks.
The implementation as a fallback mechanism minimizes the risk of breaking current workflows, as they will still use the normal API to retrieve the manifest.

Related issue:

This is similar to the implementation setup-python uses:

• Pull Request: feat: fallback to "raw" endpoint for manifest when rate limit is reached setup-python#766
• Issue: Enhance setup-python Action in GitHub Enterprise Server with Raw API Fallback Mechanism setup-python#756

Check list:

• Mark if documentation changes are required.
• Mark if tests were added or updated to cover the changes.

I have tested this on our GitHub Enterprise Server with success:

Attempting to download 1.20.0...
##[debug]No manifest cached
##[debug]Getting manifest from actions/go-versions@main
##[debug]Fetching the manifest via the API failed.
##[debug]API rate limit exceeded for xx.xx.xx.xx. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)
##[debug]Falling back to fetching the manifest using raw URL.
matching 1.20.0...
...
##[debug]matched 1.20.0
Acquiring 1.20.0 from https://github.com/actions/go-versions/releases/download/1.20.0-40721327[86](https://github.enterprise.com/xxxx/setup-go-test/actions/runs/7672571/job/29795181#step:4:87)/go-1.20.0-linux-x64.tar.gz

[priyagupta108]

Hi @Shegox 👋,
Thank you for your contribution.
The fallback mechanism to download directly from Go is already implemented in this repository. Here is a screenshot showing the existing fallback mechanism.

Could you please share the logs where you encountered a rate limit issue? This will help us better understand the need for the changes you've proposed.

[Shegox]

I observed when running the actions with go-version: "stable" seems to not fallback to the direct go versions and rather fails:

2024-11-11T06:17:44.9844323Z Download action repository 'actions/setup-go@v5' (SHA:41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed)
...
2024-11-11T06:18:06.6559386Z ##[group]Run actions/setup-go@v5
2024-11-11T06:18:06.6559977Z with:
2024-11-11T06:18:06.6560397Z   go-version: stable
2024-11-11T06:18:06.6560884Z   check-latest: false
2024-11-11T06:18:06.6561414Z   cache: true
2024-11-11T06:18:06.6564022Z ##[endgroup]
2024-11-11T06:18:07.1680967Z Setup go version spec stable
2024-11-11T06:18:07.5151665Z ##[error]API rate limit exceeded for xx.xx.xx.xx. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)
2024-11-11T06:18:07.5192312Z ##[debug]Node Action run completed with exit code 1
2024-11-11T06:18:07.5202438Z ##[debug]Finishing: Set up Golang (v5)

[priyagupta108]

@Shegox, Thank you for your response!
To keep the documentation up-to-date, could you please add the necessary details? For reference, you can check the documentation updates in setup-python PR #835.

Thanks for your effort!

[priyagupta108]

@Shegox, Basic validation checks are failing. Please review your changes and address these issues.
You can find the details of the failing job here: Job Details.

[priyagupta108]

@Shegox, the Basic validation is still failing. Please take a look at the job details and fix the issues.

[Kristianko666]

Description: This PR leverages the raw endpoint (https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json) to retrieve the golang manifest as a fallback mechanism. This allows GitHub Actions Runners, which have no API token and exceed the anonymous rate limit of 60 requests/hour/IP to still retrieve the manifest list without needing credentials. This is especially helpful for GitHub Enterprise Server and self-hosted runners, as there multiple runners might share the same IP-address and quickly exceed the available rate limit. Supplying an access token for github.com is cumbersome, as it requires another technical user and the secret isn't exposed to forks, preventing builds from forks. The implementation as a fallback mechanism minimizes the risk of breaking current workflows, as they will still use the normal API to retrieve the manifest.

Related issue:

This is similar to the implementation setup-python uses:

• Pull Request: feat: fallback to "raw" endpoint for manifest when rate limit is reached setup-python#766
• Issue: Enhance setup-python Action in GitHub Enterprise Server with Raw API Fallback Mechanism setup-python#756

Check list:

• Mark if documentation changes are required.
• Mark if tests were added or updated to cover the changes.

I have tested this on our GitHub Enterprise Server with success:

Attempting to download 1.20.0...
##[debug]No manifest cached
##[debug]Getting manifest from actions/go-versions@main
##[debug]Fetching the manifest via the API failed.
##[debug]API rate limit exceeded for xx.xx.xx.xx. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)
##[debug]Falling back to fetching the manifest using raw URL.
matching 1.20.0...
...
##[debug]matched 1.20.0
Acquiring 1.20.0 from https://github.com/actions/go-versions/releases/download/1.20.0-40721327[86](https://github.enterprise.com/xxxx/setup-go-test/actions/runs/7672571/job/29795181#step:4:87)/go-1.20.0-linux-x64.tar.gz