-
Notifications
You must be signed in to change notification settings - Fork 726
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate limit for web3signer_tests on CI #3812
Comments
This is still an issue despite my fix. More debugging required Maybe @antondlr could be tempted? 😏 Recent failure here: https://github.com/sigp/lighthouse/actions/runs/4180285702/jobs/7241123847 |
I recall Anton saying that even authenticated requests are subject to a rate limit |
ah ok looks like with authenticated request, you raised the limit from 60 per hour to 1000 per hour. |
Pushed a fix in #4163 to only download the web3signer binary when need ( |
## Issue Addressed Attempt to fix #3812 ## Proposed Changes Move web3signer binary download script out of build script to avoid downloading unless necessary. If this works, it should also reduce the build time for all jobs that runs compilation.
Resolved via #4163 |
## Issue Addressed Attempt to fix sigp#3812 ## Proposed Changes Move web3signer binary download script out of build script to avoid downloading unless necessary. If this works, it should also reduce the build time for all jobs that runs compilation.
## Issue Addressed Attempt to fix sigp#3812 ## Proposed Changes Move web3signer binary download script out of build script to avoid downloading unless necessary. If this works, it should also reduce the build time for all jobs that runs compilation.
Description
We're occasionally getting rate-limited calling the Github API to download the
web3signer_tests
. E.g. https://github.com/sigp/lighthouse/actions/runs/3708544134/jobs/6286220721The code triggering the rate limit is:
lighthouse/testing/web3signer_tests/build.rs
Lines 35 to 45 in bf533c8
Running that API call in a loop in my terminal I can trigger a 403 response by making more than 60 requests/second:
Steps to resolve
I think the best option would be to plumb the
GITHUB_TOKEN
into that build script so that it can use it to bypass the rate limit. The build script could read an optional secret from its env when it runs and add this to the request headers (when running locally the header would not be added).I think if we do something like
echo ${{ secrets.GITHUB_TOKEN }} >> $GITHUB_ENV
that might be OK, as long as Github scrubs the token from the logs. Tokens are unique to each CI run and have very limitedread
permissions on pull requests. See: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_tokenThe text was updated successfully, but these errors were encountered: