From b4163eb8b20a9956c4b63eb88ca06da3e1dd7f86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Sat, 5 Feb 2022 15:24:16 +0100 Subject: [PATCH] Authenticate to the GitHub API in workflows (#425) --- .github/workflows/import-nixpkgs.yml | 2 ++ flake-info/src/data/source.rs | 32 ++++++++++++++++++---------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/.github/workflows/import-nixpkgs.yml b/.github/workflows/import-nixpkgs.yml index ff11ddf..16e69ba 100644 --- a/.github/workflows/import-nixpkgs.yml +++ b/.github/workflows/import-nixpkgs.yml @@ -50,6 +50,8 @@ jobs: nix -vL build .#flake-info - name: Import ${{ matrix.channel }} channel + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | ./result/bin/flake-info --push --elastic-schema-version=$(< VERSION) nixpkgs ${{ matrix.channel }} if: github.repository_owner == 'NixOS' diff --git a/flake-info/src/data/source.rs b/flake-info/src/data/source.rs index 15829f7..91d1233 100644 --- a/flake-info/src/data/source.rs +++ b/flake-info/src/data/source.rs @@ -99,23 +99,33 @@ impl Source { sha: String, } - let git_ref = reqwest::Client::builder() - .user_agent("curl") // thank you github + let request = reqwest::Client::builder() + .user_agent("nixos-search") .build()? .get(format!( "https://api.github.com/repos/nixos/nixpkgs/branches/nixos-{}", channel - )) - .send() - .await? - .json::() - .await? - .commit - .sha; + )); - let nixpkgs = Nixpkgs { channel, git_ref }; + let request = match std::env::var("GITHUB_TOKEN") { + Ok(token) => request.bearer_auth(token), + _ => request, + }; - Ok(nixpkgs) + let response = request.send().await?; + + if !response.status().is_success() { + Err(anyhow::anyhow!("GitHub returned {:?} {}", response.status(), response.text().await?)) + } else { + let git_ref = response.json::() + .await? + .commit + .sha; + + let nixpkgs = Nixpkgs { channel, git_ref }; + + Ok(nixpkgs) + } } }