Github repo creation not using GITHUB_PAT? - Githubissues

lockedata / starters

R Package 📦 for initializing projects for various R activities :nut_and_bolt:

https://itsalocke.com/starters/

GNU General Public License v3.0

124 stars 16 forks source link

Github repo creation not using GITHUB_PAT? #106

Open stephlocke opened 5 years ago

stephlocke commented 5 years ago

Over on a Travis build of a PR, we're getting:

GitHub API error (403): 403 Forbidden API rate limit exceeded for 35.202.145.110. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)

https://travis-ci.org/lockedata/pRojects/jobs/476567120#L3872

I would have expected the GITHUB_PAT we've got in place on the repo to be enough to get around this - perhaps it's using a different mechanism or perhaps we don't have it hooked up to look for the PAT?

maelle commented 5 years ago

Does the branch have access to the environment variable?

maelle commented 5 years ago

We use gh functions directly so use the GITHUB_PAT when it's available so the best thing I could imagine is skipping this test when the environment variable is not available (which will always happen in PRs). What do you think?

stephlocke commented 5 years ago

I would expect the env var to be found as the environment variables are at the repo level in travis 🤔

maelle commented 5 years ago

I think someone once told me it'd be bad if the environment variables were accessible from external branches because mean people could output them to the log.

maelle commented 5 years ago

@stephlocke so should we skip tests involving the environment variable when it's not present i.e. external PRs?

maelle commented 5 years ago

In codemetar what we have is testthat::skip_if_not(nzchar(Sys.getenv("GITHUB_PAT")))

stephlocke commented 5 years ago

I'm not comfortable accepting code that hasn't done the full set of tests. Can you give some thought as to how we could achieve it? Perhaps we could use a pre-provided pat and make the variable if it doesn't exist at the beginning of tests for instnce?

maelle commented 5 years ago

the problem is that we need a pat that can create a repo for my account chibimaelle.

The only solution I can imagine is not hard-coding "chibimaelle" i.e. the tests would need a GITHUB_PAT with scope to create a project and we'd have

login <- gh::gh_whoami()$login
createBasicProject(
    name = "test",
    packagedeps = "none",
    external_setup = list(
      git_service = "GitHub",
      login = login,
      private = FALSE,
      protocol = "ssh",
      ci_activation = NULL
    ),
    folder = tmp
  )

  expect_true(repo_exists(login, "test"))
  gh::gh("DELETE /repos/:owner/:repo",
    owner = login, repo = "test"
  )

But the users submitting an external PR would need to set the GITHUB_PAT in their fork themselves. what do you think?

maelle commented 5 years ago

I'm not even sure one can create a GITHUB_PAT for a fork :thinking:

stephlocke commented 5 years ago

Here's one solution

https://blog.algolia.com/travis-encrypted-variables-external-contributions/ https://github.com/algolia/api-key-dealer

Essentially, have an API that you hit up with some info about the travis job. if master branch, do nothing, if from a legit travis job, return a value. Add value to env if returned.

maelle commented 5 years ago

Other points of view https://discuss.ropensci.org/t/github-pat-needed-in-tests-and-pull-requests-on-travis/1550/7 (no other solutions, the efficient but complicated solution you posted is the only one I've seen).