search

cachix / install-nix-action

Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.
Apache License 2.0
520 stars 80 forks source link

Default GitHub token is not valid for github.com when using GitHub Enterprise #196

Closed gdw2 closed 10 months ago

gdw2 commented 12 months ago

Expected

If I don't explicitly specify a github token, I would expect it to try to access github 'anonymously' (subject to rate limiting).

Actual

(From the nix-shell-action action which leverages the work done by install-nix-action. )

error:
       … while fetching the input 'github:NixOS/nixpkgs/nixpkgs-unstable'

       error: unable to download 'https://api.github.com/repos/NixOS/nixpkgs/commits/nixpkgs-unstable': HTTP error 401

       response body:

       {
         "message": "Bad credentials",
         "documentation_url": "https://docs.github.com/rest"
       }

Analysis

I'd like to be able to use install-nix-action without a github token, but I don't think it's possible to withhold the $GITHUB_TOKEN from the script. I tried passing GITHUB_TOKEN as an empty string, but I think github overrides it with my actual token.

Since I'm using Github Enterprise, my token isn't valid for github.com, so I get the "Bad credentials" error above.

My solution was to fork this repo, and comment out these lines and then it works fine for me.

sandydoo commented 11 months ago

We could check whether $GITHUB_SERVER_URL or {{ github.server_url }} is set to https://github.com. If it's not, then we don't use the default token. @gdw2 , would you be able to test this out for us if we roll out a fix?

gdw2 commented 11 months ago

Sure

On Thu, Nov 2, 2023 at 5:43 AM Sander @.***> wrote:

We could check whether $GITHUB_SERVER_URL or {{ github.server_url }} is set to https://github.com. If it's not, then we don't use the default token. @gdw2 https://github.com/gdw2 , would you be able to test this out for us if we roll out a fix?

— Reply to this email directly, view it on GitHub https://github.com/cachix/install-nix-action/issues/196#issuecomment-1790570346, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFCLQD6R4MBVQF7RYRFRA3YCOBOLAVCNFSM6AAAAAA54IPNLCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOJQGU3TAMZUGY . You are receiving this because you were mentioned.Message ID: @.***>

sandydoo commented 11 months ago

@gdw2, could you please test this branch when you have the chance?

- uses: cachix/install-nix-action@fix/196
domenkozar commented 10 months ago

@gdw2 ping :)

gdw2 commented 10 months ago

I think it worked. I'm getting the following message in a latter stage (using the nix-shell-action action), which means I may have to use a token after all, but that's my problem:

{"message":"API rate limit exceeded for XX.XX.XX.XXX. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)

I'd go ahead and merge this. Thanks.