action consumes github anonymous rest api rate limit #223

kduret · 2024-11-08T09:37:40Z

Describe the bug

the action uses anonymous request instead of github_token provided by the worklow
github rest api rate limit (60) can be quickly reached.

this happens only when using custom jfrog url

Current behavior

1 anonymous request is consumed when using setup-jfrog-cli

Reproduction steps

name: test-jfrog

on:
  pull_request:

jobs:
  test-jfrog:
    runs-on: ubuntu-24.04
    steps:
      - name: Check workflow statuses and display token usage before setup-jfrog-cli
        run: |
          echo ""
          echo ""
          echo "current rest api rate usage using github token:"
          curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq .rate.used
          echo ""
          echo ""
          echo "current rest api rate usage for anonymous:"
          curl -s -H "Accept: application/vnd.github+json" https://api.github.com/rate_limit | jq .rate.used
          echo ""
          echo ""

      - uses: jfrog/setup-jfrog-cli@9fe0f98bd45b19e6e931d457f4e98f8f84461fb5 # v4.4.1
        env:
          JF_URL: <custom_jfrog_url>
          JF_ACCESS_TOKEN: <access_token>

      - name: Check workflow statuses and display token usage after setup-jfrog-cli
        run: |
          echo "current rest api rate usage using github token:"
          curl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/rate_limit | jq .rate.used
          echo ""
          echo ""
          echo "current rest api rate usage for anonymous:"
          curl -s -H "Accept: application/vnd.github+json" https://api.github.com/rate_limit | jq .rate.used
          echo ""
          echo ""

Expected behavior

0 anonymous request is consumed when using setup-jfrog-cli

Setup JFrog CLI version

4.4.1

JFrog CLI version

2.67.0

Workflow operating system type and version

ubuntu-24.04

JFrog Artifactory version (if relevant)

JFrog Cloud

JFrog Xray version (if relevant)

No response

The text was updated successfully, but these errors were encountered:

sverdlov93 · 2024-11-10T09:07:01Z

Hi @kduret, Thanks for reaching out
Can you provide the logs frog the WF run?

kduret · 2024-11-19T14:09:46Z

Hi @kduret, Thanks for reaching out Can you provide the logs frog the WF run?

Hi, here are the logs :

2024-11-08T13:36:38.4157055Z Current runner version: '2.320.0'
2024-11-08T13:36:38.4322478Z ##[group]Operating System
2024-11-08T13:36:38.4323647Z Ubuntu
2024-11-08T13:36:38.4324115Z 24.04.1
2024-11-08T13:36:38.4324572Z LTS
2024-11-08T13:36:38.4325026Z ##[endgroup]
2024-11-08T13:36:38.4325544Z ##[group]Runner Image
2024-11-08T13:36:38.4326179Z Image: ubuntu-24.04
2024-11-08T13:36:38.4326749Z Version: 20241103.1.0
2024-11-08T13:36:38.4328379Z Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20241103.1/images/ubuntu/Ubuntu2404-Readme.md
2024-11-08T13:36:38.4330938Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20241103.1
2024-11-08T13:36:38.4332431Z ##[endgroup]
2024-11-08T13:36:38.4333016Z ##[group]Runner Image Provisioner
2024-11-08T13:36:38.4334089Z 2.0.384.1
2024-11-08T13:36:38.4334607Z ##[endgroup]
2024-11-08T13:36:38.4363846Z ##[group]GITHUB_TOKEN Permissions
2024-11-08T13:36:38.4366199Z Actions: write
2024-11-08T13:36:38.4367017Z Attestations: write
2024-11-08T13:36:38.4367685Z Checks: write
2024-11-08T13:36:38.4368216Z Contents: write
2024-11-08T13:36:38.4368778Z Deployments: write
2024-11-08T13:36:38.4369361Z Discussions: write
2024-11-08T13:36:38.4369923Z Issues: write
2024-11-08T13:36:38.4370478Z Metadata: read
2024-11-08T13:36:38.4371056Z Packages: write
2024-11-08T13:36:38.4371619Z Pages: write
2024-11-08T13:36:38.4372162Z PullRequests: write
2024-11-08T13:36:38.4372844Z RepositoryProjects: write
2024-11-08T13:36:38.4373944Z SecurityEvents: write
2024-11-08T13:36:38.4374635Z Statuses: write
2024-11-08T13:36:38.4375211Z ##[endgroup]
2024-11-08T13:36:38.4378192Z Secret source: Actions
2024-11-08T13:36:38.4379052Z Prepare workflow directory
2024-11-08T13:36:38.5350681Z Prepare all required actions
2024-11-08T13:36:38.5578796Z Getting action download info
2024-11-08T13:36:38.7399067Z Download action repository 'jfrog/setup-jfrog-cli@9fe0f98bd45b19e6e931d457f4e98f8f84461fb5' (SHA:9fe0f98bd45b19e6e931d457f4e98f8f84461fb5)
2024-11-08T13:36:39.3224974Z Complete job name: test-jfrog
2024-11-08T13:36:39.4216124Z ##[group]Run echo ""
2024-11-08T13:36:39.4216608Z �[36;1mecho ""�[0m
2024-11-08T13:36:39.4216934Z �[36;1mecho ""�[0m
2024-11-08T13:36:39.4217432Z �[36;1mecho "current rest api rate usage using github token:"�[0m
2024-11-08T13:36:39.4219172Z �[36;1mcurl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ***" https://api.github.com/rate_limit | jq .rate.used�[0m
2024-11-08T13:36:39.4220250Z �[36;1mecho ""�[0m
2024-11-08T13:36:39.4220557Z �[36;1mecho ""�[0m
2024-11-08T13:36:39.4220995Z �[36;1mecho "current rest api rate usage for anonymous:"�[0m
2024-11-08T13:36:39.4222025Z �[36;1mcurl -s -H "Accept: application/vnd.github+json" https://api.github.com/rate_limit | jq .rate.used�[0m
2024-11-08T13:36:39.4222902Z �[36;1mecho ""�[0m
2024-11-08T13:36:39.4223198Z �[36;1mecho ""�[0m
2024-11-08T13:36:39.4259279Z shell: /usr/bin/bash -e {0}
2024-11-08T13:36:39.4259708Z ##[endgroup]
2024-11-08T13:36:39.4554032Z 
2024-11-08T13:36:39.4554803Z 
2024-11-08T13:36:39.4556392Z current rest api rate usage using github token:
2024-11-08T13:36:39.6461133Z 0
2024-11-08T13:36:39.6461982Z 
2024-11-08T13:36:39.6462949Z 
2024-11-08T13:36:39.6464118Z current rest api rate usage for anonymous:
2024-11-08T13:36:39.6908287Z 0
2024-11-08T13:36:39.6917117Z 
2024-11-08T13:36:39.6917130Z 
2024-11-08T13:36:39.7176546Z ##[group]Run jfrog/setup-jfrog-cli@9fe0f98bd45b19e6e931d457f4e98f8f84461fb5
2024-11-08T13:36:39.7177432Z with:
2024-11-08T13:36:39.7177891Z   version: 2.67.0
2024-11-08T13:36:39.7178351Z   disable-job-summary: false
2024-11-08T13:36:39.7178846Z   disable-auto-build-publish: false
2024-11-08T13:36:39.7179454Z env:
2024-11-08T13:36:39.7179842Z   JF_URL: https://centreon.jfrog.io
2024-11-08T13:36:39.7180949Z   JF_ACCESS_TOKEN: ***
2024-11-08T13:36:39.7181434Z ##[endgroup]
2024-11-08T13:36:39.9654195Z ##[group]Setup JFrog CLI
2024-11-08T13:36:39.9680216Z Downloading JFrog CLI from https://releases.jfrog.io/artifactory/jfrog-cli/v2/2.67.0/jfrog-cli-linux-amd64/jfrog
2024-11-08T13:36:40.6573215Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf config add setup-jfrog-cli-server --url https://centreon.jfrog.io --interactive=false --overwrite=true --access-token ***
2024-11-08T13:36:40.7958428Z 13:36:40 [Warn] You are using JFrog CLI version 2.67.0, however version 2.71.3 is available.
2024-11-08T13:36:40.8076969Z To install the latest version, visit: https://jfrog.com/getcli
2024-11-08T13:36:40.8078357Z To see the release notes, visit: https://github.com/jfrog/jfrog-cli/releases
2024-11-08T13:36:40.8079608Z To avoid this message, set the JFROG_CLI_AVOID_NEW_VERSION_WARNING variable to TRUE
2024-11-08T13:36:40.8080827Z 13:36:40 [Warn] couldn't extract payload from Access Token.
2024-11-08T13:36:40.8081878Z The provided access token is not a valid JWT, probably a reference token.
2024-11-08T13:36:40.8083163Z Some package managers only support basic authentication which requires also a username.
2024-11-08T13:36:40.8084922Z If you plan to work with one of those package managers, please provide a username.
2024-11-08T13:36:40.8086430Z ##[endgroup]
2024-11-08T13:36:40.8146750Z ##[group]Run echo "current rest api rate usage using github token:"
2024-11-08T13:36:40.8147844Z �[36;1mecho "current rest api rate usage using github token:"�[0m
2024-11-08T13:36:40.8149935Z �[36;1mcurl -s -H "Accept: application/vnd.github+json" -H "Authorization: token ***" https://api.github.com/rate_limit | jq .rate.used�[0m
2024-11-08T13:36:40.8151273Z �[36;1mecho ""�[0m
2024-11-08T13:36:40.8151689Z �[36;1mecho ""�[0m
2024-11-08T13:36:40.8152267Z �[36;1mecho "current rest api rate usage for anonymous:"�[0m
2024-11-08T13:36:40.8153789Z �[36;1mcurl -s -H "Accept: application/vnd.github+json" https://api.github.com/rate_limit | jq .rate.used�[0m
2024-11-08T13:36:40.8154887Z �[36;1mecho ""�[0m
2024-11-08T13:36:40.8155296Z �[36;1mecho ""�[0m
2024-11-08T13:36:40.8206149Z shell: /usr/bin/bash -e {0}
2024-11-08T13:36:40.8206669Z env:
2024-11-08T13:36:40.8207723Z   JFROG_CLI_ENV_EXCLUDE: *password*;*secret*;*key*;*token*;*auth*;JF_ARTIFACTORY_*;JF_ENV_*;JF_URL;JF_USER;JF_PASSWORD;JF_ACCESS_TOKEN
2024-11-08T13:36:40.8208966Z   JFROG_CLI_OFFER_CONFIG: false
2024-11-08T13:36:40.8209538Z   JFROG_CLI_BUILD_NAME: test-jfrog
2024-11-08T13:36:40.8210099Z   JFROG_CLI_BUILD_NUMBER: 5
2024-11-08T13:36:40.8211067Z   JFROG_CLI_BUILD_URL: https://github.com/************/actions/runs/11743141754
2024-11-08T13:36:40.8212275Z   JFROG_CLI_USER_AGENT: setup-jfrog-cli-github-action/4.4.1
2024-11-08T13:36:40.8213195Z   JFROG_CLI_COMMAND_SUMMARY_OUTPUT_DIR: /home/runner/work/_temp
2024-11-08T13:36:40.8214263Z ##[endgroup]
2024-11-08T13:36:40.8298105Z current rest api rate usage using github token:
2024-11-08T13:36:40.9592090Z 0
2024-11-08T13:36:40.9614531Z 
2024-11-08T13:36:40.9614861Z 
2024-11-08T13:36:40.9615560Z current rest api rate usage for anonymous:
2024-11-08T13:36:41.0095429Z 1
2024-11-08T13:36:41.0099181Z 
2024-11-08T13:36:41.0099265Z 
2024-11-08T13:36:41.0170227Z Post job cleanup.
2024-11-08T13:36:41.1594187Z ##[group]Checking connection to JFrog Artifactory
2024-11-08T13:36:41.1634022Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf rt ping
2024-11-08T13:36:41.8884745Z OK
2024-11-08T13:36:41.8915221Z ##[endgroup]
2024-11-08T13:36:41.8919106Z ##[group]Check for unpublished modules
2024-11-08T13:36:41.8942130Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf rt build-publish --dry-run
2024-11-08T13:36:41.9133198Z 13:36:41 [Info] [Dry run] Logging Build info preview...
2024-11-08T13:36:41.9137727Z {
2024-11-08T13:36:41.9140084Z   "name": "test-jfrog",
2024-11-08T13:36:41.9140531Z   "number": "5",
2024-11-08T13:36:41.9140959Z   "agent": {
2024-11-08T13:36:41.9141521Z     "name": "setup-jfrog-cli-github-action",
2024-11-08T13:36:41.9142132Z     "version": "4.4.1"
2024-11-08T13:36:41.9142528Z   },
2024-11-08T13:36:41.9142867Z   "buildAgent": {
2024-11-08T13:36:41.9143251Z     "name": "GENERIC",
2024-11-08T13:36:41.9143866Z     "version": "2.67.0"
2024-11-08T13:36:41.9144415Z   },
2024-11-08T13:36:41.9144897Z   "started": "2024-11-08T13:36:41.912+0000",
2024-11-08T13:36:41.9146243Z   "url": "https://github.com/centreon/centreon-plugin-packs/actions/runs/11743141754"
2024-11-08T13:36:41.9147095Z }
2024-11-08T13:36:42.5984954Z ##[endgroup]
2024-11-08T13:36:42.5986339Z ##[group]Generating Job Summary
2024-11-08T13:36:42.6006375Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf generate-summary-markdown
2024-11-08T13:36:43.3517335Z No code scanning sarif file was found.
2024-11-08T13:36:43.3539946Z ##[endgroup]
2024-11-08T13:36:43.3541287Z ##[group]Cleanup JFrog CLI servers configuration
2024-11-08T13:36:43.3567386Z [command]/opt/hostedtoolcache/jf/2.67.0/x64/jf c rm --quiet
2024-11-08T13:36:43.3685725Z ##[endgroup]
2024-11-08T13:36:43.3877751Z Cleaning up orphan processes

kduret · 2024-12-13T14:11:25Z

Hi,

Do you think it comes from library @actions/tool-cache ?

kduret added the bug Something isn't working label Nov 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

action consumes github anonymous rest api rate limit #223

action consumes github anonymous rest api rate limit #223

kduret commented Nov 8, 2024

sverdlov93 commented Nov 10, 2024

kduret commented Nov 19, 2024

kduret commented Dec 13, 2024

action consumes github anonymous rest api rate limit #223

action consumes github anonymous rest api rate limit #223

Comments

kduret commented Nov 8, 2024

Describe the bug

Current behavior

Reproduction steps

Expected behavior

Setup JFrog CLI version

JFrog CLI version

Workflow operating system type and version

JFrog Artifactory version (if relevant)

JFrog Xray version (if relevant)

sverdlov93 commented Nov 10, 2024

kduret commented Nov 19, 2024

kduret commented Dec 13, 2024