Describe the bug
When SEARCH_QUERY matches more than 200 results (requiring more than 2 pages), the action fails with this misleading error:
You do not have permission to view a repository from: 'owner/repo '; Check your API Token.
This happens even when the token has correct permissions. The first 200+ results are printed successfully before the failure, which proves it's not a real permission issue.
The root cause is that GitHub's secondary rate limit returns HTTP 403 (not 429), and search.py catches all ForbiddenError exceptions as permission errors without checking whether it's actually a rate limit response:
except github3.exceptions.ForbiddenError as e:
print(f"You do not have permission to view a repository from: '{repos_and_owners_string}'; Check your API Token.")
sys.exit(1)
The existing wait_for_api_refresh() only handles the primary search rate limit (ratelimit_remaining < 5). Secondary rate limits from rapid successive page requests are not handled.
To Reproduce
- Use a private repository where the search query matches more than 200 PRs/issues in a given period
- Run the action with GITHUB_TOKEN (with contents: read and issues: write and pull-requests: read)
- Observe: the first two pages of results (200 items) are printed successfully, then the error appears when requesting the third page
Expected behavior
- When a secondary rate limit 403 is received, the action should read the Retry-After response header and retry after waiting, instead of exiting immediately
- The error message should distinguish between a real permissions error and a secondary rate limit
Screenshots
Additional context
Describe the bug
When SEARCH_QUERY matches more than 200 results (requiring more than 2 pages), the action fails with this misleading error:
You do not have permission to view a repository from: 'owner/repo '; Check your API Token.This happens even when the token has correct permissions. The first 200+ results are printed successfully before the failure, which proves it's not a real permission issue.
The root cause is that GitHub's secondary rate limit returns HTTP 403 (not 429), and search.py catches all ForbiddenError exceptions as permission errors without checking whether it's actually a rate limit response:
The existing wait_for_api_refresh() only handles the primary search rate limit (ratelimit_remaining < 5). Secondary rate limits from rapid successive page requests are not handled.
To Reproduce
Expected behavior
Screenshots
Additional context