Unable to use built-in GitHub Token for avoiding rate limit issues on GHES

[mzwiesler]

Description:
For our enterprise we are facing "API rate limit exceeded ..." errors. I read the documentation how to avoid rate limit issues but for our enterprise using PAT is not feasible. I would like to use the GITHUB-TOKEN for authentication in my Github Workflow since this is the recommended way from GitHub. However, this is not possible at the moment resulting in a Bad Credentials error.

It seems that the AUTH variable variable is not usable in this case since only personal tokens are authenticated with Authorization: token <TOKEN> but for GITHUB-TOKEN one needs to use Authorization: <GITHUB_TOKEN> instead as can be seen in the workflow below in step read limit.

Action version:
4.6.1

Platform:

• Ubuntu

Runner type:

• Self-hosted

Tools version:

All

Repro steps:

On GHES, following this example I used the following workflow:

name: CI With GitHub Token

on: [workflow_dispatch]

jobs:
  sample_build:
    runs-on: [azure-runners]
    steps:
      - name: "rate limit"
        run: |
          curl \
            -H "Accept: application/vnd.github.v3+json" \
            -H "Authorization: $TOKEN" \
            https://api.github.com/rate_limit
        env:
          TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Clear the tool cache
        run: rm -rf /Users/runner/hostedtoolcache/Python/

      - name: Set up Python
        uses: actions/setup-python@v4.6.1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          python-version: 3.9.12

      - name: "rate limit"
        run: |
          curl \
            -H "Accept: application/vnd.github.v3+json" \
            -H "Authorization: $TOKEN" \
            https://api.github.com/rate_limit
        env:
          TOKEN: ${{ secrets.GITHUB_TOKEN }}

Expected behavior:
Installation of python version 3.9.12 and drop of rate limits from 60 to 58.

Actual behavior:
Failure with error Bad Credentials.

[dmitry-shibanov]

Hello @mzwiesler. Thank you for your report. I think it is an expected behaviour. Could you please take a look at these:

• https://github.com/actions/setup-python/blob/main/action.yml#L18-L20
• Only use github.token on github.com #443

[mzwiesler]

@dmitry-shibanov Yes you are correct. Thank you for the links and your assistance.

[priya-kinthali]

Hello @mzwiesler ,
Could you kindly verify if the issue related to the rate limit "API rate limit exceeded ..." has been resolved and confirm that no other issues have emerged while using the setup-actions-demo/setup-python@main branch.