CLI should pre-check rate limits before using the GitHub API
Opened this issue · 3 comments
The current CLI logic uses the GitHub API to try to get a Git tag, and if the API fails, it uses the git ls-remote
command.
readme-generator/src/utils/repository.ts
Lines 163 to 178 in 34ab95e
This behavior is dangerous; if a CLI user exceeds the rate limit of the GitHub API and then continues to attempt to retrieve the tag, GitHub may consider the user to be an abuser.
Best practices for integrators - GitHub Docs
To solve this problem, we propose the following changes:
- Use the
git ls-remote
command in preference to the GitHub API. - Before using the GitHub API, check the current rate limit status.
- Uses HTTP conditional requests and caches the response of the GitHub API
In some CIs (e.g. GitHub Actions), there is no way to maintain a cache file without additional configuration. Such a CI would not be able to make good use of HTTP conditional requests.
In GitHub Actions, users can use the private GITHUB_TOKEN
variable that can be used in GitHub API authenticated requests.
Authenticating with the GITHUB_TOKEN - GitHub Docs
So I propose the following:
- Add feature to specify the access token of the GitHub API with CLI arguments.
- The GitHub API without authentication will be discontinued due to the tight rate limit.