Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use GHA's token #310

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Use GHA's token #310

wants to merge 3 commits into from

Conversation

lishaduck
Copy link
Contributor

GHA provides a token itself, we don't need to generate one. This is more-fine grained, easier to change if needed, and more secure.

I think the existing contents: read is sufficient, but it might not be. We'll see.

Based on #309 (comment).

@lishaduck
Copy link
Contributor Author

lishaduck commented Nov 11, 2024
edited
Loading

Oh, the script needs a username. I'll think on this.

@lishaduck lishaduck marked this pull request as draft November 11, 2024 02:14
@lishaduck
Copy link
Contributor Author

Ok, so the GITHUB_TOKEN is for a builtin github app, not your own account, so that i.e., contributing to a project with extensive doesn't use up your personal rate. Thus, there's not a username associated with it. However, I think we don't need a username to make authenticated requests, do we? Could we make it optional?

@lishaduck lishaduck changed the title ci: use actions' token Use GHA token Nov 11, 2024
@lishaduck lishaduck changed the title Use GHA token Use GHA's token Nov 11, 2024
@lishaduck
ci: use actions' token
2bd79f1 
GHA provides a token itself, we don't need to generate one.
This is more-fine grained, easier to change if needed, and more secure.

I think the existing `contents: read` is sufficient, but it might not be.
We'll see.
@lishaduck
fix: update github auth to not require a username
3cb829d
@lishaduck
Copy link
Contributor Author

Hmm, looks like it's not picking up AUTH_GITHUB.

@lishaduck
Copy link
Contributor Author

lishaduck commented Dec 5, 2024
edited
Loading

It's worth noting that the workflow token is only 1000 requests per hour, whereas a pat is 5000, so this is only helpful if we've got over 5 pushers an hour.

EDIT: So there's some useful stuff in here, but using gha's token doesn't help.

@lishaduck
feat: enhance rate limit error
993a0ed 
* Don't tell authenticated users to log in.
* Tell users when the rate limit expires.
@lishaduck
Copy link
Contributor Author

lishaduck commented Dec 5, 2024
edited
Loading

Hit #313/#324, blocking on #325.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lishaduck