Use GHA's token #310
Use GHA's token #310
Conversation
|
Oh, the script needs a username. I'll think on this. |
|
Ok, so the GITHUB_TOKEN is for a builtin github app, not your own account, so that i.e., contributing to a project with extensive doesn't use up your personal rate. Thus, there's not a username associated with it. However, I think we don't need a username to make authenticated requests, do we? Could we make it optional? |
lishaduck
force-pushed
the
rate-limit-token
branch
from
4ab0b6d to
3cb829d
Compare
|
Hmm, looks like it's not picking up AUTH_GITHUB. |
|
It's worth noting that the workflow token is only 1000 requests per hour, whereas a pat is 5000, so this is only helpful if we've got over 5 pushers an hour. EDIT: So there's some useful stuff in here, but using gha's token doesn't help. |
lishaduck
force-pushed
the
rate-limit-token
branch
2 times, most recently
from
1f6fd01 to
993a0ed
Compare
|
I'll try to rebase this when I get a moment, I still think this should fix rate limiting (because secrets isn't injected into ENV), and still obsolete needing @jfmengels' token. |
lishaduck
force-pushed
the
rate-limit-token
branch
from
993a0ed to
6055c60
Compare
|
This looks to work promisingly. |
|
It passes CI now! |
GHA provides a token itself, we don't need to generate one. This is more-fine grained, easier to change if needed, and more secure. I think the existing `contents: read` is sufficient, but it might not be. We'll see.
* Don't tell authenticated users to log in. * Tell users when the rate limit expires.
lishaduck
force-pushed
the
rate-limit-token
branch
from
6055c60 to
9442d30
Compare
GHA provides a token itself, we don't need to generate one. This is more-fine grained, easier to change if needed, and more secure.
I think the existing
contents: readis sufficient, but it might not be. We'll see.Based on #309 (comment).
Closes #336.