Only use github.token on github.com (#443)

* Only use github.token on github.com

This expression evaluates to `''` if called from GHES hosted elsewhere
You can still provide your token on both github.com and GHES

* Enshure blank result of expression and not false

* Revert "Revert "Pass the `token` input through on GHES (#427)" (#437)"

This reverts commit cf86e08a31.

* fix typo

* Add back the doc on the tool cache for self-hosted

Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com>
This commit is contained in:
ChristopherHX 2022-08-30 21:02:20 +02:00 committed by GitHub
parent 397a35f988
commit 98c991d13f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 6 deletions

View file

@ -16,8 +16,8 @@ inputs:
description: "Set this option if you want the action to check for the latest available version that satisfies the version spec." description: "Set this option if you want the action to check for the latest available version that satisfies the version spec."
default: false default: false
token: token:
description: "Used to pull python distributions from actions/python-versions. Since there's a default, this is typically not supplied by the user." description: "The token used to authenticate when fetching Python distributions from https://github.com/actions/python-versions. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting."
default: ${{ github.token }} default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
cache-dependency-path: cache-dependency-path:
description: "Used to specify the path to dependency files. Supports wildcards or a list of file names for caching multiple dependencies." description: "Used to specify the path to dependency files. Supports wildcards or a list of file names for caching multiple dependencies."
update-environment: update-environment:

2
dist/setup/index.js vendored
View file

@ -65190,7 +65190,7 @@ const tc = __importStar(__nccwpck_require__(7784));
const exec = __importStar(__nccwpck_require__(1514)); const exec = __importStar(__nccwpck_require__(1514));
const utils_1 = __nccwpck_require__(1314); const utils_1 = __nccwpck_require__(1314);
const TOKEN = core.getInput('token'); const TOKEN = core.getInput('token');
const AUTH = !TOKEN || utils_1.isGhes() ? undefined : `token ${TOKEN}`; const AUTH = !TOKEN ? undefined : `token ${TOKEN}`;
const MANIFEST_REPO_OWNER = 'actions'; const MANIFEST_REPO_OWNER = 'actions';
const MANIFEST_REPO_NAME = 'python-versions'; const MANIFEST_REPO_NAME = 'python-versions';
const MANIFEST_REPO_BRANCH = 'main'; const MANIFEST_REPO_BRANCH = 'main';

View file

@ -473,4 +473,13 @@ One quick way to grant access is to change the user and group of `/Users/runner/
`setup-python` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Python distributions, `setup-python` downloads distributions from [`actions/python-versions`](https://github.com/actions/python-versions) on github.com (outside of the appliance). These calls to `actions/python-versions` are made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks like: `##[error]API rate limit exceeded for...`. `setup-python` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Python distributions, `setup-python` downloads distributions from [`actions/python-versions`](https://github.com/actions/python-versions) on github.com (outside of the appliance). These calls to `actions/python-versions` are made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then you will start to see rate-limit errors during downloading that looks like: `##[error]API rate limit exceeded for...`.
To avoid hitting rate-limit problems, we recommend [setting up your own runner tool cache](https://docs.github.com/en/enterprise-server@2.22/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access#about-the-included-setup-actions-and-the-runner-tool-cache). To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action:
```yml
uses: actions/setup-python@v4
with:
token: ${{ secrets.GH_DOTCOM_TOKEN }}
python-version: 3.11
```
If the runner is not able to access github.com, any Python versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information.

View file

@ -3,10 +3,10 @@ import * as core from '@actions/core';
import * as tc from '@actions/tool-cache'; import * as tc from '@actions/tool-cache';
import * as exec from '@actions/exec'; import * as exec from '@actions/exec';
import {ExecOptions} from '@actions/exec/lib/interfaces'; import {ExecOptions} from '@actions/exec/lib/interfaces';
import {IS_WINDOWS, IS_LINUX, isGhes} from './utils'; import {IS_WINDOWS, IS_LINUX} from './utils';
const TOKEN = core.getInput('token'); const TOKEN = core.getInput('token');
const AUTH = !TOKEN || isGhes() ? undefined : `token ${TOKEN}`; const AUTH = !TOKEN ? undefined : `token ${TOKEN}`;
const MANIFEST_REPO_OWNER = 'actions'; const MANIFEST_REPO_OWNER = 'actions';
const MANIFEST_REPO_NAME = 'python-versions'; const MANIFEST_REPO_NAME = 'python-versions';
const MANIFEST_REPO_BRANCH = 'main'; const MANIFEST_REPO_BRANCH = 'main';