fix: Support private repositories#68
Conversation
Mrtenz
changed the title
Mrtenz
changed the title
|
@Mrtenz have you benchmarked how this affects speed? |
@HowardBraham I did a couple runs in a private repo with this branch and in a public repo with |
|
@Mrtenz can you run some tests in metamask-extension please and show me? That repo is a beast and really needs all the optimizations we can do. |
@HowardBraham The couple runs I did here seem to be within margin of error (some quicker, some slower) compared to other PRs: https://github.com/MetaMask/metamask-extension/actions/runs/27162320788/job/80183586844?pr=43342 |
HowardBraham
left a comment
HowardBraham
left a comment
There was a problem hiding this comment.
The timings and functionality look good
## Explanation PR #68 switched all `.nvmrc` and `yarn.lock` downloads to use `gh api` so the action would work for private repositories. However, `gh api` counts against the GitHub REST API rate limit, which is much lower than the unauthenticated CDN that serves `raw.githubusercontent.com`. Heavy users of this action started hitting the rate limit. This change reintroduces the raw URL path for public repositories. Private and internal repositories continue to use `gh api` to authenticate. The branch is selected based on `github.event.repository.visibility`, which returns `public`, `private`, or `internal` — anything other than `public` falls back to `gh api`. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > <sup>[Cursor Bugbot](https://cursor.com/bugbot) is generating a summary for commit 8229314. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY -->
2 participants
Summary
curlwithgh apiwhen downloading.nvmrcandyarn.lockfrom GitHub, so that downloads work for private repositories as well.GH_TOKEN: ${{ github.token }}to the relevant steps to authenticate theghCLI.Note
Low Risk
Scoped to how two files are downloaded during CI setup; uses the standard workflow token and does not change install or caching logic.
Overview
Fixes composite action setup when the repo is private by fetching
.nvmrcandyarn.lockthrough the GitHub Contents API withgh apiinstead of unauthenticatedraw.githubusercontent.comURLs.Both the compute-node-version and download-yarn-lock steps now set
GH_TOKEN: ${{ github.token }}soghcan read repo contents at the requested ref. Failure/warning messages were updated to referenceowner/repo@refinstead of the old raw URL.Reviewed by Cursor Bugbot for commit c3d0059. Bugbot is set up for automated code reviews on this repo. Configure here.