sounisi5011/readme-generator

CLI should pre-check rate limits before using the GitHub API

Opened this issue · 3 comments

sounisi5011 commented

The current CLI logic uses the GitHub API to try to get a Git tag, and if the API fails, it uses the git ls-remote command.

readme-generator/src/utils/repository.ts

Lines 163 to 178 in 34ab95e

export async function fetchReleasedVersions(gitInfo: GitHost): Promise<Versions> {
try {
// Note: I tried this on a repository on GitHub.
// Apparently, the REST API is faster to fetch than the "git ls-remote" command.
// Therefore, this code first tries to get at the REST API.
return gitLinesToRevs(await fetchTagsByApi(gitInfo)).versions;
} catch (error) {
if (/^HTTP 404$/m.test(error.message)) throw error;
try {
return (await gitRevs(gitInfo.sshurl())).versions;
} catch (error) {
throw npmcliGitErrorFixer(error);
}
}
}

This behavior is dangerous; if a CLI user exceeds the rate limit of the GitHub API and then continues to attempt to retrieve the tag, GitHub may consider the user to be an abuser.

Best practices for integrators - GitHub Docs

To solve this problem, we propose the following changes:

sounisi5011 commented

In some CIs (e.g. GitHub Actions), there is no way to maintain a cache file without additional configuration. Such a CI would not be able to make good use of HTTP conditional requests.

sounisi5011 commented

In GitHub Actions, users can use the private GITHUB_TOKEN variable that can be used in GitHub API authenticated requests.

Authenticating with the GITHUB_TOKEN - GitHub Docs

So I propose the following:

  • Add feature to specify the access token of the GitHub API with CLI arguments.
  • The GitHub API without authentication will be discontinued due to the tight rate limit.
sounisi5011 commented
  • Use the git ls-remote command in preference to the GitHub API.

resolved #70

  • The GitHub API without authentication will be discontinued due to the tight rate limit.

resolved #72