Authenticate to the GitHub API in workflows (#425)

.github/workflows/import-nixpkgs.yml

@@ -50,6 +50,8 @@ jobs:
         nix -vL build .#flake-info
 
     - name: Import ${{ matrix.channel }} channel
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: |
         ./result/bin/flake-info --push --elastic-schema-version=$(< VERSION) nixpkgs ${{ matrix.channel }}
       if: github.repository_owner == 'NixOS'

flake-info/src/data/source.rs

@@ -99,16 +99,25 @@ impl Source {
             sha: String,
         }
 
-        let git_ref = reqwest::Client::builder()
+        let request = reqwest::Client::builder()
-            .user_agent("curl") // thank you github
+            .user_agent("nixos-search")
             .build()?
             .get(format!(
                 "https://api.github.com/repos/nixos/nixpkgs/branches/nixos-{}",
                 channel
-            ))
+            ));
-            .send()
+
-            .await?
+        let request = match std::env::var("GITHUB_TOKEN") {
-            .json::<ApiResult>()
+            Ok(token) => request.bearer_auth(token),
+            _ => request,
+        };
+
+        let response = request.send().await?;
+
+        if !response.status().is_success() {
+            Err(anyhow::anyhow!("GitHub returned {:?} {}", response.status(), response.text().await?))
+        } else {
+            let git_ref = response.json::<ApiResult>()
                 .await?
                 .commit
                 .sha;
@@ -118,6 +127,7 @@ impl Source {
             Ok(nixpkgs)
         }
     }
+}
 
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub struct Nixpkgs {