Set default GitHub token #89
Conversation
|
Nice, I've added a corresponding README update. But on second thought, I'm thinking this is not only a breaking change, but also possibly a permanent one for a very small number of users. When running via GitHub Enterprise Server, it seems likely that the job tokens injected into Actions jobs are only accepted by that GHES instance, and not Then the question becomes, for GHES users, does setting an empty string for the token unset the default? It does sound like that's the case: As long as that's true I'll merge and cut a major release for this. But would appreciate a sanity check on my thinking. |
|
Interesting, I didn't know that it would break it for GHES. It's a pretty common pattern in GitHub actions as far as I can see. But is the GitHub token actually needed? If it's only to obtain release data from the TFLint repository, I think it should be pretty hard to hit the API rate limit 🤔 |
|
I don't use GHES, never have. Just trying to properly scrutinize this. If you believe this is commonly implemented, share links so we can vet the approach. This is an edge case but I'm sure someone's encountered/considered it before. Unauthenticated requests are rate limited by IP. On a shared host, you can be rate limited because you are making lots of requests or because another user is. In either case you are more susceptible to rate limiting the more requests you make but in the latter it's possible to be rate limited on a job that makes only one request. |
|
Thanks for this, going with a major release based on my expectation that this might break when called from GitHub Enterprise Server. I'm thinking the ID tokens issued there aren't accepted on |
secrets.GITHUB_TOKENcan't be used as a default input becausesecretscontext is not available in that part of the manifest, butgithubcontext is available, so it's possible to set a default token.