Skip to content

fix: Uses GITHUB_TOKEN to authenticate the GH action to stop Ratelimits #3471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
perkinsjr merged 4 commits into from
Jul 7, 2025
Merged

fix: Uses GITHUB_TOKEN to authenticate the GH action to stop Ratelimits #3471

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
03ab229
AUTHENTICATE ME
perkinsjr Jul 7, 2025
90f96b8
minor fixes
perkinsjr Jul 7, 2025
6733e68
Merge branch 'main' into ci-fix-ratelimits
perkinsjr Jul 7, 2025
cd89d67
Merge branch 'main' into ci-fix-ratelimits
perkinsjr Jul 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/actions/install/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ inputs:
description: Whether to install Go and dependencies
ts:
description: Whether to install Node.js and dependencies
github_token:
Copy link
Collaborator

@chronark chronark Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be a secret, not an input

Copy link
Collaborator

@chronark chronark Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see .github/workflows/job_deploy_workflows.yaml as an example for passing secrets

Copy link
Member Author

@perkinsjr perkinsjr Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is exactly how that works? WYM use a secret.

Copy link
Collaborator

@chronark chronark Jul 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you're passing it in as an input which might not get redacted in logs properly, use a secretinstead like in the workflow above

description: GitHub token for authentication
required: false

runs:
using: "composite"
Expand All @@ -21,20 +24,28 @@ runs:
if: ${{ inputs.go == 'true' }}
shell: bash
working-directory: ./go
env:
GITHUB_TOKEN: ${{ inputs.github_token }}

- name: Install tparse
run: go install github.com/mfridman/tparse@latest
if: ${{ inputs.go == 'true' }}
shell: bash
working-directory: ./apps/agent
env:
GITHUB_TOKEN: ${{ inputs.github_token }}

- name: Install goose
run: go install github.com/pressly/goose/v3/cmd/goose@latest
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.github_token }}

- name: Install Task
uses: arduino/setup-task@v2
if: ${{ inputs.go == 'true' }}
env:
GITHUB_TOKEN: ${{ inputs.github_token }}

- name: Setup Node
if: ${{ inputs.ts == 'true' }}
Expand All @@ -46,6 +57,8 @@ runs:
if: ${{ inputs.ts == 'true' }}
with:
run_install: false
env:
GITHUB_TOKEN: ${{ inputs.github_token }}
- name: Enable corepack
if: ${{ inputs.ts == 'true' }}
shell: bash
Expand All @@ -57,6 +70,8 @@ runs:
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
env:
GITHUB_TOKEN: ${{ inputs.github_token }}

- uses: actions/cache@v3
if: ${{ inputs.ts == 'true' }}
Expand All @@ -73,3 +88,6 @@ runs:
run: |
pnpm install --recursive
npm i -g wrangler@latest
env:
GITHUB_TOKEN: ${{ inputs.github_token }}
NPM_TOKEN: ${{ inputs.github_token }}
3 changes: 2 additions & 1 deletion .github/workflows/autofix.ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,13 @@ jobs:
- uses: actions/setup-node@v4
with:
node-version: 22

token: ${{ secrets.GITHUB_TOKEN }}
- name: Install
uses: ./.github/actions/install
with:
ts: true
go: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- run: pnpm biome format . --write && pnpm biome check . --write

Expand Down
11 changes: 4 additions & 7 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ name: Build
on:
workflow_call:

permissions:
contents: read

jobs:
build:
name: Build
Expand All @@ -16,12 +19,11 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: pnpm turbo run build --filter=./apps/api



- name: Create .dev.vars
run: |
cat <<EOF > .dev.vars
Expand All @@ -34,17 +36,12 @@ jobs:
run: pnpm dev & sleep 15
working-directory: apps/api




- name: Load Schema into MySQL
run: pnpm drizzle-kit push
working-directory: internal/db
env:
DRIZZLE_DATABASE_URL: "mysql://unkey:password@localhost:3306/unkey"



- name: Build
run: pnpm build
env:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/changesets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ on:

concurrency: ${{ github.workflow }}-${{ github.ref }}

permissions:
contents: write # allow pushing commit & tags
pull-requests: write # allow opening the version PR

jobs:
pr:
name: Release Packages
Expand All @@ -20,6 +24,7 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build packages
run: pnpm turbo run build --filter='./packages/*'
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/check_quotas.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ jobs:
uses: ./.github/actions/install
with:
go: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build CLI
working-directory: ./go
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/deploy_trigger.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@ jobs:
- uses: actions/checkout@v4
- name: Install
uses: ./.github/actions/install
with:
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Deploy Trigger.dev
env:
TRIGGER_ACCESS_TOKEN: ${{ secrets.TRIGGER_ACCESS_TOKEN }}
run: pnpx trigger.dev@3.0.0-beta.23 deploy
working-directory: apps/billing
working-directory: apps/billing
9 changes: 4 additions & 5 deletions .github/workflows/job_clickhouse_migration_preview.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,6 @@ on:
required: true
workflow_dispatch:




jobs:
deploy:
environment: Preview
Expand All @@ -20,10 +17,12 @@ jobs:
uses: ./.github/actions/install
with:
go: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Install gooes
- name: Install goose
run: go install github.com/pressly/goose/v3/cmd/goose@latest

env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Migrate
run: goose clickhouse "${{ secrets.CLICKHOUSE_URL }}" up
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/job_clickhouse_migration_production.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ on:
required: true
workflow_dispatch:



jobs:
deploy:
environment: ClickHouse Production Migration
Expand All @@ -19,10 +17,12 @@ jobs:
uses: ./.github/actions/install
with:
go: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Install goose
run: go install github.com/pressly/goose/v3/cmd/goose@latest

env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Migrate
run: goose clickhouse "${{ secrets.CLICKHOUSE_URL }}" up
Expand Down
9 changes: 4 additions & 5 deletions .github/workflows/job_deploy_api_canary.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
name: Deploy API Canary
on:
workflow_call:
secrets:
CLOUDFLARE_API_TOKEN:
secrets:
CLOUDFLARE_API_TOKEN:
required: true



jobs:
deploy:
environment: Canary
Expand All @@ -18,6 +16,7 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: pnpm turbo run build --filter='./apps/api'
Expand All @@ -26,4 +25,4 @@ jobs:
run: wrangler deploy --env=canary --var VERSION:$(git rev-parse --short HEAD)
working-directory: apps/api
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
5 changes: 3 additions & 2 deletions .github/workflows/job_deploy_api_enterprise.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
name: Deploy API Enterprise
on:
workflow_call:
secrets:
CLOUDFLARE_API_TOKEN:
secrets:
CLOUDFLARE_API_TOKEN:
required: true
description: "Cloudflare API Token"

Expand All @@ -25,6 +25,7 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: pnpm turbo run build --filter='./apps/api'
Expand Down
3 changes: 1 addition & 2 deletions .github/workflows/job_deploy_api_production.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ on:
CLOUDFLARE_API_TOKEN:
required: true



jobs:
deploy:
environment: Production
Expand All @@ -18,6 +16,7 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: pnpm turbo run build --filter='./apps/api'
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/job_deploy_api_staging.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
name: Deploy API Staging
on:
workflow_call:
secrets:
CLOUDFLARE_API_TOKEN:
secrets:
CLOUDFLARE_API_TOKEN:
required: true

jobs:
Expand All @@ -16,6 +16,7 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: pnpm turbo run build --filter='./apps/api'
Expand All @@ -24,4 +25,4 @@ jobs:
run: wrangler deploy --env=preview --var VERSION:$(git rev-parse --short HEAD)
working-directory: apps/api
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
3 changes: 1 addition & 2 deletions .github/workflows/job_deploy_logdrain_production.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ on:
CLOUDFLARE_API_TOKEN:
required: true



jobs:
deploy:
environment: Production
Expand All @@ -18,6 +16,7 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: pnpm turbo run build --filter='./apps/logdrain'
Expand Down
15 changes: 7 additions & 8 deletions .github/workflows/job_deploy_workflows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
name: Deploy Logdrain Production
name: Deploy Workflows Production
on:
workflow_call:
secrets:
CLOUDFLARE_API_TOKEN:
secrets:
CLOUDFLARE_API_TOKEN:
required: true



jobs:
deploy:
environment: Production
Expand All @@ -18,12 +16,13 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: pnpm turbo run build --filter='./apps/logdrain'
run: pnpm turbo run build --filter='./apps/workflows'

- name: Deploy
run: wrangler deploy
working-directory: apps/logdrain
working-directory: apps/workflows
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
3 changes: 1 addition & 2 deletions .github/workflows/job_test_agent_integration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ on:
required: true
type: string


jobs:
test_agent_integration:
runs-on: ubuntu-latest
Expand All @@ -17,7 +16,7 @@ jobs:
uses: ./.github/actions/install
with:
go: true

github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: task build
Expand Down
4 changes: 1 addition & 3 deletions .github/workflows/job_test_agent_local.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@ name: Test Agent Local
on:
workflow_call:



jobs:
test_agent_local:
runs-on: ubuntu-latest
Expand All @@ -14,7 +12,7 @@ jobs:
uses: ./.github/actions/install
with:
go: true

github_token: ${{ secrets.GITHUB_TOKEN }}

- name: Build
run: task build
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/job_test_api_canary.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ jobs:
uses: ./.github/actions/install
with:
ts: true
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Build
run: pnpm turbo run build --filter=./apps/api

Expand Down
Loading
Loading