GitHub Token on GitHub Enterprise Server does not work

[mariusfilipowski]

When we use this action on GitHub Enterprise Server the default github token does not work (HttpError: Bad credentials) Can this action be fixed to be used without a token? Or is there any other approach?

But: We do not want to put GitHub.Com Tokens into our GitHub Enterprise Instance.

Thanks a lot.

[bendrucker]

I did anticipate this, so you can check my theories:

https://github.com/terraform-linters/setup-tflint/pull/89

Does github_token: '' work? If so I'll add that to the docs.

We do not want to put GitHub.Com Tokens into our GitHub Enterprise Instance

Just know that you'll be subject to as low as a 60 requests per hour rate limit, depending on how many public IPs are associated with your GHES install. You may not notice, since it becomes an obvious problem with shared Actions runners, which also execute jobs for other orgs.

[mariusfilipowski]

Thank you. I tried your suggestion. And it works :-)

Is it possible to completely avoid accessing the GitHub Api or minimize it to not run in such problems? Otherwise we can install tflint just in our image.

[bendrucker]

No, the GitHub API is used to discover releases. HashiCorp runs their own release infrastructure for both CLIs and plugins at a substantial cost.

If you want a fixed version rather than discovery, bundling will work. Keep in mind you need to do this for both TFLint itself and plugins. The internal mechanism in the CLI for loading plugins uses the same mechanics as this action, minus the ability to use "latest." Running tflint --init when building your image should take care of that, provided you configure the same version you'll use in your jobs.