x/vgo: avoid github rate limits? #23955
Comments
|
Now that the tool is public, I will try to find out from GitHub if there's anything we can do about this. I don't really understand how things like OAuth2 apply to command-line binaries that ship to users and therefore can't hold their own secrets. I agree it's annoying. |
rsc
changed the title
rsc
changed the title
|
Setting an env var with a personal access token will likely be their response: https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/ |
|
I believe it should not be mandatory to have a github account at all to use vgo. |
|
For just getting a tag list, implementing |
|
How does homebrew do it? Their entire model is pulling from GitHub, right? |
|
brew gives you instructions for getting and using a github app token when you hit rate limits. |
|
I've been using githubs graphql api to avoid ratelimits while checking repo freshness for my caching git proxy... It's not universal across all hosts, but it works on github :D |
Totally agree. Unless you have private repositories in github, there should be no reason to have a github account to use vgo.
The limits are different. But they are still there. |
True enough, but using graphql I can query every single repo we cache in one request for one API call. Just putting it out there :) |
|
Many other tools seem to be able to use github-hosted files and repos for dependency fetching without hitting the rate limits. I've personally never experienced a GH rate limit error, so it's surely possible. But now I've hit one with my very first vgo command. So either vgo is doing something very inefficient or its design is such that it requires far too many calls. Hopefully it's fixable! |
|
Just FYI the 403 resulted in a panic during a downgrade call. I could not reproduce it a second time: |
|
There definitely needs to be a better long term solution that doesn't include requiring users to create a GitHub token just to build their code. As @drewblas mentioned, this is the first time I've ever hit a GitHub access limit, and it was on my second However when I went to build the application in a Docker container, I ran into the same issue within the container. So at this point, not only would using While doable, it's certainly not scalable. On the positive side of the access token - |
|
Not sure whether it's worth filing this here or in an separate issue; but one change introduced here by is now effectively ignored (because explicit HTTP calls are used as opposed to delegating to the This was previously my preferred approach to avoiding hitting rate limits. Not saying this is a preference per se, just adding a data point to this conversation. |
It is associated with golang/go#23955.
|
I'm not having any luck with the netrc workaround. I'm on Windows, so I've defined a HOME env var pointing to my user directory, and in that directory I have a Any idea what I'm doing wrong? |
|
The My token (which I use for other things and already had in my
I suspect that no permissions are needed, since it is only reading information. This is the page to manage your OAuth tokens. |
GitHub applies fairly small rate limits to unauthenticated users, and
you appear to be hitting them. To authenticate, please visit
https://github.com/settings/tokens and click "Generate New Token" to
create a Personal Access Token. The token only needs "public_repo"
scope, but you can add "repo" if you want to access private
repositories too.
Add the token to your $HOME/.netrc:
machine api.github.com login YOU password TOKEN
Sorry for the interruption.
vgo: import "github.com/henjue/note_api" ->
import "github.com/henjue/note_api/api" ->
import "github.com/henjue/note_api/sessions" ->
import "github.com/kataras/iris/sessions/sessiondb/redis/service": unexpected status (https://api.github.com/repos/kataras/iris): 403 Forbiddengithub.com/kataras/iris/sessions/sessiondb/redis/service is Multilevel directory |
|
@docwhat I tried that as well -- didn't work. Does the netrc method work on Windows? |
|
@doxxx I’m not sure. I think the file name is different ( I would have to search the source to be sure. |
|
The netrc is $HOME/.netrc on Windows too. That's a bug. If someone can tell me what the canonical netrc location is on Windows, we can fix that. It really should be working. |
|
Anybody else having trouble with this on Windows, I got it working. See #24606 (comment). |
|
This hinders us to use It would be really nice if I mean, it has to work for self hosted git repositories as well, doesn't it? |
|
Change https://golang.org/cl/107657 mentions this issue: |
|
Change https://golang.org/cl/107656 mentions this issue: |
A goal of introducing modules was to move away from invoking version control tools directly, but it has become clear that we're not ready to do that today. GitHub in particular imposes draconian limits on HTTPS API access that they don't impose on ordinary Git access. And we can avoid for now breaking company setups using private Git servers. Because GitHub Enterprise now serves ?go-get=1 queries in a way that is compatible with old go get, dropping back to version control tools makes that compatible with vgo too. The next CL hooks this code into the rest of vgo. For golang/go#24915. For golang/go#23955. For golang/go#24076. Change-Id: I76bea30081047ab68286a5d095a0d55872c5a1a3 Reviewed-on: https://go-review.googlesource.com/107656 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Bryan C. Mills <bcmills@google.com>
What version of Go are you using (
go version)?go version go1.10 linux/amd64 vgo:2018-02-20.1
What did you do?
vgo build with more than 6 dependencies
What did you see instead?
vgo: 403 response from api.github.com
GitHub applies fairly small rate limits to unauthenticated users, and
you appear to be hitting them....
solution
create a token and put it in .netrc
it can be annoying for new user.
The text was updated successfully, but these errors were encountered: