Bot will sometime attempt to merge PRs too quickly

[megawac]

If prs are merged to quickly github will reject the request with a error saying ref is out of date.

I think a simple solution would be to setup a cron job to revalidate open prs every 2 hour or so (though this might get us rate limited)

[codewithtyler]

I've been following this project for a a while. How many requests do you expect the bot will be making against the GitHub API to do this? According to the GitHub API

"For requests using Basic Authentication or OAuth, you can make up to 5,000 requests per hour. For unauthenticated requests, the rate limit allows you to make up to 60 requests per hour. Unauthenticated requests are associated with your IP address, and not the user making requests."

I haven't delved deep into the code yet but unless unless you're merging 20-30 PRs a day (non authenticated requests) I don't see how you'd exceed the rate limit.

[megawac]

There are a couple things to consider:

• The bot can perform multiple requests per pull request (based on the number of commits, comments, and files). These resources are paginated so we have to perform n/page size requests for each pull request. We then read several files (1 request each)
• We revalidate pull requests whenever a new commit is added
• we preform multiple other requests per validation (refresh repo state, get issue, check if user is collab, set pr status (twice), couple other things
• We preform some meta checks if info.ini lists a github repository (we check repo exists and look at its tagged released)

This can end up taking a large number of requests on some pull requests.

We also share are oauth login with libgrabber which eats a ton of our request quota; this can obviously be addressed by creating a new github account for bot.

Anyway all that said, we haven't hit the quota often but it can happen; adding a step which checks multiple prs on an interval could be suspect in our current configuration

[megawac]

Mostly fixed in https://github.com/jsdelivr/bot/commit/f96af0925e335e7d08ea42478c0832e176b16e29 though this still requires a bit more tuning