From 98c991d13f3149457a7c1ac4083885d0d9db98e1 Mon Sep 17 00:00:00 2001 From: ChristopherHX Date: Tue, 30 Aug 2022 21:02:20 +0200 Subject: [PATCH] Only use github.token on github.com (#443) * Only use github.token on github.com This expression evaluates to `''` if called from GHES hosted elsewhere You can still provide your token on both github.com and GHES * Enshure blank result of expression and not false * Revert "Revert "Pass the `token` input through on GHES (#427)" (#437)" This reverts commit cf86e08a31433e1dc61981fa0301f2adc9606f46. * fix typo * Add back the doc on the tool cache for self-hosted Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com> --- action.yml | 4 ++-- dist/setup/index.js | 2 +- docs/advanced-usage.md | 11 ++++++++++- src/install-python.ts | 4 ++-- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/action.yml b/action.yml index c0fd1d1..b8bb06b 100644 --- a/action.yml +++ b/action.yml @@ -16,8 +16,8 @@ inputs: description: "Set this option if you want the action to check for the latest available version that satisfies the version spec." default: false token: - description: "Used to pull python distributions from actions/python-versions. Since there's a default, this is typically not supplied by the user." - default: ${{ github.token }} + description: "The token used to authenticate when fetching Python distributions from https://github.com/actions/python-versions. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting." + default: ${{ github.server_url == 'https://github.com' && github.token || '' }} cache-dependency-path: description: "Used to specify the path to dependency files. Supports wildcards or a list of file names for caching multiple dependencies." update-environment: diff --git a/dist/setup/index.js b/dist/setup/index.js index f77bae2..0ae650d 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -65190,7 +65190,7 @@ const tc = __importStar(__nccwpck_require__(7784)); const exec = __importStar(__nccwpck_require__(1514)); const utils_1 = __nccwpck_require__(1314); const TOKEN = core.getInput('token'); -const AUTH = !TOKEN || utils_1.isGhes() ? undefined : `token ${TOKEN}`; +const AUTH = !TOKEN ? undefined : `token ${TOKEN}`; const MANIFEST_REPO_OWNER = 'actions'; const MANIFEST_REPO_NAME = 'python-versions'; const MANIFEST_REPO_BRANCH = 'main'; diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index d20ddaf..730bbd8 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -473,4 +473,13 @@ One quick way to grant access is to change the user and group of `/Users/runner/ `setup-python` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Python distributions, `setup-python` downloads distributions from [`actions/python-versions`](https://github.com/actions/python-versions) on github.com (outside of the appliance). These calls to `actions/python-versions` are made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks like: `##[error]API rate limit exceeded for...`. -To avoid hitting rate-limit problems, we recommend [setting up your own runner tool cache](https://docs.github.com/en/enterprise-server@2.22/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access#about-the-included-setup-actions-and-the-runner-tool-cache). +To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action: + +```yml +uses: actions/setup-python@v4 +with: + token: ${{ secrets.GH_DOTCOM_TOKEN }} + python-version: 3.11 +``` + +If the runner is not able to access github.com, any Python versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information. diff --git a/src/install-python.ts b/src/install-python.ts index 6e5c851..aa6ab2d 100644 --- a/src/install-python.ts +++ b/src/install-python.ts @@ -3,10 +3,10 @@ import * as core from '@actions/core'; import * as tc from '@actions/tool-cache'; import * as exec from '@actions/exec'; import {ExecOptions} from '@actions/exec/lib/interfaces'; -import {IS_WINDOWS, IS_LINUX, isGhes} from './utils'; +import {IS_WINDOWS, IS_LINUX} from './utils'; const TOKEN = core.getInput('token'); -const AUTH = !TOKEN || isGhes() ? undefined : `token ${TOKEN}`; +const AUTH = !TOKEN ? undefined : `token ${TOKEN}`; const MANIFEST_REPO_OWNER = 'actions'; const MANIFEST_REPO_NAME = 'python-versions'; const MANIFEST_REPO_BRANCH = 'main';