Open holly-cummins opened 3 days ago
Attention: Patch coverage is 25.00000%
with 3 lines
in your changes missing coverage. Please review.
Project coverage is 81.03%. Comparing base (
cab9bbb
) to head (7a6cc42
).
Files | Patch % | Lines |
---|---|---|
...va/org/kohsuke/github/GitHubAbuseLimitHandler.java | 33.33% | 0 Missing and 2 partials :warning: |
...ain/java/org/kohsuke/github/AbuseLimitHandler.java | 0.00% | 1 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Resolves #1842. Resolves #1805.
Description
If a user uses this library to drive the GitHub API hard, there will quite often be failures caused by secondary rate limits being breached (#1842 and #1805). There’s been some discussion of headers on #1842, and also of pluggable 'handle the rate limit' modules, but I think there’s a more fundamental problem with the handling of rate limits. (The good news is this means there's a simpler solution, too.)
The
AbuseLimitHandler
checks for a rate limit violation by looking for a 403 header and some headers:HTTP_FORBIDDEN
is a 403. The GitHub docs indicate that limits from GitHub are signalled with either 403 orTOO_MANY_REQUESTS
responses (429). In my experience, I've only seen 429s.What about headers?
The GitHub docs docs suggest that any headers are optional, and that in the absence of headers the code should just wait a minute (which, luckily, is what the current implementation already does):
Based on these docs, I think it's sufficient to count a 429 as a rate limit response, even if headers are missing. Semantically, a 429 is an indication of an abuse detection/rate limit scenario, and should be handled as such.
What about the rate limit handler?
GitHubRateLimitHandler
also requires a 403 to 'count' a response as rate limited:I didn't update this one, since the secondary rate limit checks are now correctly being handled on the abuse path with my changes. It might be worth updating it, or also even considering whether the distinction between the abuse and rate limit paths is so fuzzy that having both is just maintenance overhead. But that’s a different discussion.
Before submitting a PR:
@link
JavaDoc entries to the relevant documentation on https://docs.github.com/en/rest .mvn -D enable-ci clean install site
locally. If this command doesn't succeed, your change will not pass CI.main
. You will create your PR from that branch.When creating a PR: