Open maorfr opened 2 years ago
when using the org-list feature of the plugin, each PR author will be checked if they are members of the organizations in that list. given that jenkins is defined as an authenticated user, the returned status will be 404 (according to https://docs.github.com/en/rest/reference/orgs#check-organization-membership-for-a-user)
org-list
this poses a problem related to github rate limit.
assuming a user like dependabot creates a lot of PRs, and for each PR we check if the user is a member of an org on the list - we will exhaust the rate limit.
even when using the conditional requests feature (for reference, we make ~100k requests to the github api per hour), this will still cause us to hit rate limit, as only a 304 return status will not count against the rate limit.
essentially this causes organizations with multiple repos to be "attacked" by simply having too many open PRs from dependabot :smile:
internal reference: https://issues.redhat.com/browse/APPSRE-4423
when using the
org-list
feature of the plugin, each PR author will be checked if they are members of the organizations in that list. given that jenkins is defined as an authenticated user, the returned status will be 404 (according to https://docs.github.com/en/rest/reference/orgs#check-organization-membership-for-a-user)this poses a problem related to github rate limit.
assuming a user like dependabot creates a lot of PRs, and for each PR we check if the user is a member of an org on the list - we will exhaust the rate limit.
even when using the conditional requests feature (for reference, we make ~100k requests to the github api per hour), this will still cause us to hit rate limit, as only a 304 return status will not count against the rate limit.
essentially this causes organizations with multiple repos to be "attacked" by simply having too many open PRs from dependabot :smile:
internal reference: https://issues.redhat.com/browse/APPSRE-4423