From 3f287d8237bbe151fe6f3e4248d5958d4498e578 Mon Sep 17 00:00:00 2001 From: priya-kinthali Date: Mon, 25 Mar 2024 17:58:44 +0530 Subject: [PATCH 1/3] initial commit for documentation changes related to rawapi --- docs/advanced-usage.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 6ac80deb6..81e894a53 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -594,6 +594,14 @@ Here are the steps you need to follow to avoid the rate limit: Requests should now be authenticated. To verify that you are getting the higher rate limit, you can call GitHub's [rate limit API](https://docs.github.com/en/rest/rate-limit) from within your workflow ([example](https://github.com/actions/setup-python/pull/443#issuecomment-1206776401)). +**Fallback Mechanism - Leverage the Raw API:** + +In addition to using a Personal Access Token (PAT), the action now leverages the [raw API](https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json) to retrieve the version-manifest.This approach does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token. + +This is particularly beneficial for GHES runners, which often share the same IP due to Network Address Translation (NAT), to avoid the quick exhaustion of the unauthenticated rate limit. + + + ### No access to github.com If the runner is not able to access github.com, any Python versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information. From 405e74c56187fa3f54e8ff0fb812ac78cc1ef70a Mon Sep 17 00:00:00 2001 From: priya-kinthali Date: Tue, 26 Mar 2024 11:00:57 +0530 Subject: [PATCH 2/3] documentation changes and added check for validating raw api --- .github/workflows/e2e-tests.yml | 4 ++++ docs/advanced-usage.md | 31 ++----------------------------- 2 files changed, 6 insertions(+), 29 deletions(-) diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 2d5fb55db..d1f4b446e 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -93,3 +93,7 @@ jobs: python-version: '<3.11' - name: Verify <3.11 run: python __tests__/verify-python.py 3.10 + - name: Test Raw Endpoint Access + run: | + curl -L https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json | jq empty + shell: bash diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 81e894a53..c52ab025c 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -572,37 +572,10 @@ One quick way to grant access is to change the user and group of `/Users/runner/ ### Avoiding rate limit issues -`setup-python` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Python distributions, `setup-python` downloads distributions from [`actions/python-versions`](https://github.com/actions/python-versions) on github.com (outside of the appliance). These calls to `actions/python-versions` are by default made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then you will start to see rate-limit errors during downloading that look like this: - - ##[error]API rate limit exceeded for YOUR_IP. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) - -To get a higher rate limit, you can [generate a personal access token (PAT) on github.com](https://github.com/settings/tokens/new) and pass it as the `token` input for the action. It is important to understand that this needs to be a token from github.com and _not_ from your GHES instance. If you or your colleagues do not yet have a github.com account, you might need to create one. - -Here are the steps you need to follow to avoid the rate limit: - -1. Create a PAT on any github.com account by using [this link](https://github.com/settings/tokens/new) after logging into github.com (not your Enterprise instance). This PAT does _not_ need any rights, so make sure all the boxes are unchecked. -2. Store this PAT in the repository / organization where you run your workflow, e.g. as `GH_GITHUB_COM_TOKEN`. You can do this by navigating to your repository -> **Settings** -> **Secrets** -> **Actions** -> **New repository secret**. -3. To use this functionality, you need to use any version newer than `v4.3`. Also, change _python-version_ as needed. - -```yml -- name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: 3.8 - token: ${{ secrets.GH_GITHUB_COM_TOKEN }} -``` - -Requests should now be authenticated. To verify that you are getting the higher rate limit, you can call GitHub's [rate limit API](https://docs.github.com/en/rest/rate-limit) from within your workflow ([example](https://github.com/actions/setup-python/pull/443#issuecomment-1206776401)). - -**Fallback Mechanism - Leverage the Raw API:** - -In addition to using a Personal Access Token (PAT), the action now leverages the [raw API](https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json) to retrieve the version-manifest.This approach does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token. - -This is particularly beneficial for GHES runners, which often share the same IP due to Network Address Translation (NAT), to avoid the quick exhaustion of the unauthenticated rate limit. - - +`setup-python` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Python distributions, `setup-python` downloads distributions from [`actions/python-versions`](https://github.com/actions/python-versions) on github.com (outside of the appliance). These calls to `actions/python-versions` are by default made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then the action leverages the `raw API` to retrieve the version-manifest. This approach does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token. This is particularly beneficial for GHES runners, which often share the same IP due to Network Address Translation (NAT), to avoid the quick exhaustion of the unauthenticated rate limit. ### No access to github.com + If the runner is not able to access github.com, any Python versions requested during a workflow run must come from the runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)" for more information. From a55392ab1874f6aa25b8974d71eeaf5f6e552433 Mon Sep 17 00:00:00 2001 From: priya-kinthali Date: Tue, 26 Mar 2024 11:04:05 +0530 Subject: [PATCH 3/3] documenation changes for pr --- docs/advanced-usage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index c52ab025c..501c8fd49 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -572,7 +572,7 @@ One quick way to grant access is to change the user and group of `/Users/runner/ ### Avoiding rate limit issues -`setup-python` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Python distributions, `setup-python` downloads distributions from [`actions/python-versions`](https://github.com/actions/python-versions) on github.com (outside of the appliance). These calls to `actions/python-versions` are by default made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then the action leverages the `raw API` to retrieve the version-manifest. This approach does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token. This is particularly beneficial for GHES runners, which often share the same IP due to Network Address Translation (NAT), to avoid the quick exhaustion of the unauthenticated rate limit. +`setup-python` comes pre-installed on the appliance with GHES if Actions is enabled. When dynamically downloading Python distributions, `setup-python` downloads distributions from [`actions/python-versions`](https://github.com/actions/python-versions) on github.com (outside of the appliance). These calls to `actions/python-versions` are by default made via unauthenticated requests, which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting). If more requests are made within the time frame, then the action leverages the `raw API` to retrieve the version-manifest. This approach does not impose a rate limit and hence facilitates unrestricted consumption. This is particularly beneficial for GHES runners, which often share the same IP due to Network Address Translation (NAT), to avoid the quick exhaustion of the unauthenticated rate limit. ### No access to github.com