search

r-lib / remotes

Install R packages from GitHub, GitLab, Bitbucket, git, svn repositories, URLs
https://remotes.r-lib.org/
Other
331 stars 152 forks source link

Error using `install_github()` and `install_deps()`: Error: Failed to install 'unknown package' from GitHub. HTTP error 401. Bad credentials. #659

Closed isaactpetersen closed 2 years ago

isaactpetersen commented 2 years ago

This seems to be a recurrence of issue https://github.com/r-lib/remotes/issues/641. I'm trying to install an R package from a publicly available GitHub repo using install_github() from the {remotes} package, and am trying to install R packages from CRAN using install_deps(). I'm doing this in the context of a Docker image (rocker/geospatial) using a GitLab runner that that will output a book to GitLab Pages using {bookdown}. However, I receive an error when trying to install an R package ({uroc}) from a publicly available GitHub repo (https://github.com/evwalz/uroc) and when installing dependencies from CRAN. Note that I used to receive a similar error in {remotes} 2.4.0, but commit https://github.com/r-lib/remotes/commit/77966d45c67c4212eeeb0dc1b6bbc03a12b37043 in {remotes} 2.4.1 temporarily fixed it. It was working for me for a while when I upgraded to {remotes} 2.4.1. However, it stopped working for me again.

Using R 4.1.1 on a GitLab Runner and {remotes} 2.4.1, here's the error I receive:

> remotes::install_github('evwalz/uroc')
Using bundled GitHub PAT. Please add your own PAT to the env var `GITHUB_PAT`
Error: Failed to install 'unknown package' from GitHub:
  HTTP error 401.
  Bad credentials
  Rate limit remaining: 52/60
  Rate limit reset at: 2021-08-15 17:58:54 UTC

Note that I'm not also getting a similar error when trying to install R package dependencies from CRAN:

> remotes::install_deps(dependencies = TRUE)
Error: HTTP error 401.
  Bad credentials
  Rate limit remaining: 55/60
  Rate limit reset at: 2021-10-17 13:31:06 UTC

Interestingly, I can install these packages fine when running the code locally. And when I run the Docker container locally, the packages install fine, as well. So it appears to be some interaction of the Docker container with the GitLab runner.

For instance, in Issue https://github.com/r-lib/remotes/issues/638, the user was able to fix the HTTP error 401 on GitHub Actions by defining GITHUB_PAT with the job's token:

    env:
      GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}

The user in the other thread noted that it seems that relying on the bundled PAT is not robust. However, I'm not sure how to do that in the context of a GitLab runner (not GitHub Actions) in my .gitlab-ci.yml file. Also, please note that I'm trying to download an R package from a publicly available GitHub repo and packages from CRAN, so they shouldn't require a Personal Access Token (PAT).

Here is my .gitlab-ci.yml file:

variables:
  GIT_STRATEGY: clone

image: rocker/geospatial

.bookdown:
  stage: deploy
  script:
    - mkdir public
    - R -e "install.packages('remotes')"
    - R -e "remotes::install_github('evwalz/uroc')"
    - R -e "remotes::install_deps(dependencies = TRUE)"
    - Rscript -e "bookdown::render_book(input = 'index.Rmd', output_format = 'bookdown::gitbook', output_dir = 'public')"
    - apt-get install -y rsync
    - rsync -av --delete public/ /websites/bookdown/prod/
  tags:
    - bookdown #specify name of runner
  artifacts:
    paths:
      - public

pages:
  extends: .bookdown

mr-review:
  extends: .bookdown
  after_script:
    - echo "ENVIRONMENT_URL=https://$CI_PROJECT_NAMESPACE.$CI_PAGES_DOMAIN/-/$CI_PROJECT_NAME/-/jobs/$CI_JOB_ID/artifacts/public/index.html" >> deploy.env
  artifacts:
    reports:
      dotenv: deploy.env
  environment:
    name: review/$CI_COMMIT_REF_NAME
    url: $ENVIRONMENT_URL
  only:
    - merge_requests

Here's my sessionInfo():

> sessionInfo()
R version 4.1.1 (2021-08-10)
Platform: x86_64-pc-linux-gnu (64-bit)
Running under: Ubuntu 20.04.3 LTS
Matrix products: default
BLAS/LAPACK: /usr/lib/x86_64-linux-gnu/openblas-pthread/libopenblasp-r0.3.8.so
locale:
 [1] LC_CTYPE=en_US.UTF-8       LC_NUMERIC=C              
 [3] LC_TIME=en_US.UTF-8        LC_COLLATE=en_US.UTF-8    
 [5] LC_MONETARY=en_US.UTF-8    LC_MESSAGES=C             
 [7] LC_PAPER=en_US.UTF-8       LC_NAME=C                 
 [9] LC_ADDRESS=C               LC_TELEPHONE=C            
[11] LC_MEASUREMENT=en_US.UTF-8 LC_IDENTIFICATION=C       
attached base packages:
[1] stats     graphics  grDevices utils     datasets  methods   base     
other attached packages:
[1] remotes_2.4.1
loaded via a namespace (and not attached):
[1] compiler_4.1.1 tools_4.1.1
jimhester commented 2 years ago

The PAT is used to increase the rate limits, not for increased access. Unauthenticated access only allows for 60 API calls an hour, which can be easily exhausted in CI settings, particularly because CI systems often share IP addresses.

I would suggest you create a GitHub PAT without any scopes and use that in your GitLab CI, relying on the bundled PAT is fragile.

isaactpetersen commented 2 years ago

That's helpful, thanks. Setting the PAT manually now lets my install the package from the publicly available GitHub repo without an error:

> remotes::install_github('evwalz/uroc', auth_token = 'MY_TOKEN_HERE')

However, I'm still getting an error when trying to run install_deps():

> remotes::install_deps(dependencies = TRUE, auth_token = 'MY_TOKEN_HERE')
Error: HTTP error 401.
  Bad credentials
  Rate limit remaining: 59/60
  Rate limit reset at: 2021-10-18 17:53:27 UTC
jimhester commented 2 years ago

I would instead set the GITHUB_PAT environment variable, e.g. Sys.setenv(GITHUB_PAT = 'MY_TOKEN_HERE')

isaactpetersen commented 2 years ago

That solved the problem. Many thanks!