Conversation
gabyx
left a comment
gabyx
left a comment
There was a problem hiding this comment.
Thanks: Looks good to me.
Can you rebase so I can merge.
| | `GITHOOKS_LOG_LEVEL` | A value `debug`, `info`, `warn`, `error` or `disable` sets the log level during <br>Githooks runner execution. | | ||
| | `GITHOOKS_SKIP_NON_EXISTING_SHARED_HOOKS=true` | Skips on `true` and fails on `false` (or empty) for non-existing shared hooks. <br>See [Trusting Hooks](#trusting-hooks). | | ||
| | `GITHOOKS_SKIP_UNTRUSTED_HOOKS=true` | Skips on `true` and fails on `false` (or empty) for untrusted hooks. <br>See [Trusting Hooks](#trusting-hooks). | | ||
| | `GH_TOKEN` | Authentication token for GitHub/Gitea API requests during updates and installs. <br>Avoids rate limits on API calls. | |
There was a problem hiding this comment.
suggestion: Can we only use one env var. GITHUB_TOKEN.
More explicit is better. Or is GH_TOKEN a common thing in other tools?
There was a problem hiding this comment.
Good point.
https://cli.github.com/manual/gh_help_environment
It seems to be that both are common env vars.
One environment I'm trying to make use of your Githooks is Warp Oz. And they only set GH_TOKEN, not GITHUB_TOKEN.
jaeyeom
dismissed
gabyx’s stale review
The merge-base changed after approval.
jaeyeom
force-pushed
the
fix-authenticate-github-api-v2
branch
from
61a4c15 to
7d987f6
Compare
Thank you. I've fixed two issues and rebase.
One challenge I'm facing is that it's difficult to test in my environment, likely due to the nix specific checks and hooks. The Docker instructions look promising, but I haven't been able to figure them out just yet. So at this moment, I have no choice but to rely on the Github workflow and your side for testing. I'm thinking of proposing a |
Unauthenticated GitHub API requests are limited to 60 req/hr per IP, which causes "403 API rate limit exceeded" errors during installation. Authenticated requests get 5,000 req/hr. This change uses the GH_TOKEN environment variable (when set) to add an Authorization header to all GitHub API requests made during install and update. GITHUB_TOKEN is used as a fallback when GH_TOKEN is not set. The token is read once at the application boundary (ghToken() in the installer package) and threaded through the download library as an explicit parameter, keeping library functions pure and testable. Two mechanisms inject the token: 1. GetFile() in download.go: accepts a token parameter and sets the Authorization header on the request. This covers all asset and checksum downloads (used by github.go, gitea.go, and checksums.go). 2. go-github client in github.go: uses WithAuthToken() to authenticate all API requests. When token is empty, an unauthenticated client is used, preserving the existing default behavior. The IDeploySettings.Download() interface gains a token parameter so all implementations (Github, Gitea, HTTP, Local) receive it uniformly. Documentation for the token parameter is added to all Download methods, and GH_TOKEN/GITHUB_TOKEN are documented in the README environment variables table.
jaeyeom
force-pushed
the
fix-authenticate-github-api-v2
branch
from
7d987f6 to
5d696c4
Compare
2 participants
Unauthenticated GitHub API requests are limited to 60 req/hr per IP, which causes "403 API rate limit exceeded" errors during installation. Authenticated requests get 5,000 req/hr. This change uses the GH_TOKEN environment variable (when set) to add an Authorization header to all GitHub API requests made during install and update. GITHUB_TOKEN is used as a fallback when GH_TOKEN is not set.
The token is read once at the application boundary (ghToken() in the installer package) and threaded through the download library as an explicit parameter, keeping library functions pure and testable.
Two mechanisms inject the token:
GetFile() in download.go: accepts a token parameter and sets the Authorization header on the request. This covers all asset and checksum downloads (used by github.go, gitea.go, and checksums.go).
go-github client in github.go: uses WithAuthToken() to authenticate all API requests. When token is empty, an unauthenticated client is used, preserving the existing default behavior.
The IDeploySettings.Download() interface gains a token parameter so all implementations (Github, Gitea, HTTP, Local) receive it uniformly. Documentation for the token parameter is added to all Download methods, and GH_TOKEN/GITHUB_TOKEN are documented in the README environment variables table.