Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: fallback to "raw" endpoint for manifest when rate limit is reached #496

Merged
merged 5 commits into from
Nov 25, 2024

Conversation

Shegox
Copy link
Contributor

@Shegox Shegox commented Aug 20, 2024

Description:
This PR leverages the raw endpoint (https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json) to retrieve the golang manifest as a fallback mechanism. This allows GitHub Actions Runners, which have no API token and exceed the anonymous rate limit of 60 requests/hour/IP to still retrieve the manifest list without needing credentials.
This is especially helpful for GitHub Enterprise Server and self-hosted runners, as there multiple runners might share the same IP-address and quickly exceed the available rate limit. Supplying an access token for github.com is cumbersome, as it requires another technical user and the secret isn't exposed to forks, preventing builds from forks.
The implementation as a fallback mechanism minimizes the risk of breaking current workflows, as they will still use the normal API to retrieve the manifest.

Related issue:

This is similar to the implementation setup-python uses:

Check list:

  • Mark if documentation changes are required.
  • Mark if tests were added or updated to cover the changes.

I have tested this on our GitHub Enterprise Server with success:

Attempting to download 1.20.0...
##[debug]No manifest cached
##[debug]Getting manifest from actions/go-versions@main
##[debug]Fetching the manifest via the API failed.
##[debug]API rate limit exceeded for xx.xx.xx.xx. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)
##[debug]Falling back to fetching the manifest using raw URL.
matching 1.20.0...
...
##[debug]matched 1.20.0
Acquiring 1.20.0 from https://github.com/actions/go-versions/releases/download/1.20.0-40721327[86](https://github.enterprise.com/xxxx/setup-go-test/actions/runs/7672571/job/29795181#step:4:87)/go-1.20.0-linux-x64.tar.gz

@priyagupta108 priyagupta108 self-assigned this Nov 5, 2024
@priyagupta108
Copy link
Contributor

Hi @Shegox 👋,
Thank you for your contribution.
The fallback mechanism to download directly from Go is already implemented in this repository. Here is a screenshot showing the existing fallback mechanism.

Screenshot 2024-11-07 at 4 36 00 PM

Could you please share the logs where you encountered a rate limit issue? This will help us better understand the need for the changes you've proposed.

@Shegox
Copy link
Contributor Author

Shegox commented Nov 11, 2024

I observed when running the actions with go-version: "stable" seems to not fallback to the direct go versions and rather fails:

2024-11-11T06:17:44.9844323Z Download action repository 'actions/setup-go@v5' (SHA:41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed)
...
2024-11-11T06:18:06.6559386Z ##[group]Run actions/setup-go@v5
2024-11-11T06:18:06.6559977Z with:
2024-11-11T06:18:06.6560397Z   go-version: stable
2024-11-11T06:18:06.6560884Z   check-latest: false
2024-11-11T06:18:06.6561414Z   cache: true
2024-11-11T06:18:06.6564022Z ##[endgroup]
2024-11-11T06:18:07.1680967Z Setup go version spec stable
2024-11-11T06:18:07.5151665Z ##[error]API rate limit exceeded for xx.xx.xx.xx. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)
2024-11-11T06:18:07.5192312Z ##[debug]Node Action run completed with exit code 1
2024-11-11T06:18:07.5202438Z ##[debug]Finishing: Set up Golang (v5)

@priyagupta108
Copy link
Contributor

@Shegox, Thank you for your response!
To keep the documentation up-to-date, could you please add the necessary details? For reference, you can check the documentation updates in setup-python PR #835.

Thanks for your effort!

@Shegox Shegox force-pushed the raw-manifest-access branch from aad4c33 to db66857 Compare November 14, 2024 07:26
@priyagupta108
Copy link
Contributor

@Shegox, Basic validation checks are failing. Please review your changes and address these issues.
You can find the details of the failing job here: Job Details.

@priyagupta108
Copy link
Contributor

@Shegox, the Basic validation is still failing. Please take a look at the job details and fix the issues.

@HarithaVattikuti HarithaVattikuti merged commit 3041bf5 into actions:main Nov 25, 2024
104 checks passed
@Kristianko666
Copy link

Description: This PR leverages the raw endpoint (https://raw.githubusercontent.com/actions/go-versions/main/versions-manifest.json) to retrieve the golang manifest as a fallback mechanism. This allows GitHub Actions Runners, which have no API token and exceed the anonymous rate limit of 60 requests/hour/IP to still retrieve the manifest list without needing credentials. This is especially helpful for GitHub Enterprise Server and self-hosted runners, as there multiple runners might share the same IP-address and quickly exceed the available rate limit. Supplying an access token for github.com is cumbersome, as it requires another technical user and the secret isn't exposed to forks, preventing builds from forks. The implementation as a fallback mechanism minimizes the risk of breaking current workflows, as they will still use the normal API to retrieve the manifest.

Related issue:

This is similar to the implementation setup-python uses:

Check list:

  • Mark if documentation changes are required.
  • Mark if tests were added or updated to cover the changes.

I have tested this on our GitHub Enterprise Server with success:

Attempting to download 1.20.0...
##[debug]No manifest cached
##[debug]Getting manifest from actions/go-versions@main
##[debug]Fetching the manifest via the API failed.
##[debug]API rate limit exceeded for xx.xx.xx.xx. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)
##[debug]Falling back to fetching the manifest using raw URL.
matching 1.20.0...
...
##[debug]matched 1.20.0
Acquiring 1.20.0 from https://github.com/actions/go-versions/releases/download/1.20.0-40721327[86](https://github.enterprise.com/xxxx/setup-go-test/actions/runs/7672571/job/29795181#step:4:87)/go-1.20.0-linux-x64.tar.gz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants