Authenticate GitHub API requests in CI workflows to avoid rate limiting#830
Merged
Merged
Conversation
test-cloud-api.yml and deploy-docs.yml run matbox.installRequirements, which resolves git dependencies via the GitHub API. Without a token these requests are unauthenticated and share the runner IP's 60 req/hr limit, surfacing as a 429 "Too Many Requests" from api.github.com (seen fetching the vhlab-toolbox-matlab commit hash). Set GITHUB_TOKEN at the job level, matching run-tests.yml, test-symmetry.yml, and test-cloud-prod.yml. Job-level env authenticates the Install MatBox step too, not just the in-MATLAB setenv, so every GitHub API call in the job uses the authenticated 5000 req/hr limit. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01GKuJhj4vynfKihfSo7Fgc7
…429) The job-level GITHUB_TOKEN raises the primary GitHub API rate limit, but CI still fails with HTTP 429 "Too Many Requests" when matbox resolves git dependencies. A 429 is GitHub's *secondary* rate limit (burst/abuse detection), which authentication does not prevent; it clears on its own within a minute. Add nditools.installRequirements, a thin wrapper around matbox.installRequirements that retries with exponential backoff (15/30/60/120s) on 429 and transient network errors, and route the test task entry points (testCloudApi, testCloudApiPart, testToolboxNoCloud, testToolbox) and the symmetry workflow through it. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01GKuJhj4vynfKihfSo7Fgc7
Contributor
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #830 +/- ##
=======================================
Coverage 23.83% 23.83%
=======================================
Files 695 695
Lines 31016 31016
=======================================
Hits 7393 7393
Misses 23623 23623 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
stevewds
approved these changes
Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Added GitHub token authentication to CI workflows to prevent unauthenticated rate limiting errors during dependency resolution.
Changes
GITHUB_TOKENenvironment variable at the job level to authenticate MatBox dependency resolution calls to the GitHub APIGITHUB_TOKENenvironment variable at the job level for the same purposeDetails
MatBox dependency resolution makes calls to the GitHub API during the install requirements step. Without authentication, these requests are subject to GitHub's unauthenticated rate limits, which can result in 429 "Too Many Requests" errors from api.github.com. By setting the
GITHUB_TOKENenvironment variable at the job level (usingsecrets.GITHUB_TOKEN), both the MatBox installation step and any subsequent authenticated requests benefit from the higher authenticated rate limits, preventing transient CI failures due to rate limiting.https://claude.ai/code/session_01GKuJhj4vynfKihfSo7Fgc7