From 8d5ff4e5d7bb53f6b9700dd71ffa3f37ec50e1f9 Mon Sep 17 00:00:00 2001
From: danielporterda <daniel.porter@digitalasset.com>
Date: Mon, 15 Jun 2026 12:02:37 -0400
Subject: [PATCH] Authenticate dashboard GitHub API requests

Signed-off-by: danielporterda <daniel.porter@digitalasset.com>
---
 .../generate_network_component_versions.py    | 13 +++++++++++-
 ...est_generate_network_component_versions.py | 20 +++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/scripts/generate_network_component_versions.py b/scripts/generate_network_component_versions.py
index 1612cb65..f15c7e15 100644
--- a/scripts/generate_network_component_versions.py
+++ b/scripts/generate_network_component_versions.py
@@ -5,11 +5,13 @@
 import argparse
 import html
 import json
+import os
 import re
 import subprocess
 import sys
 from datetime import datetime, timezone
 from pathlib import Path
+from urllib.parse import urlparse
 from urllib.request import Request, urlopen
 
 
@@ -119,8 +121,17 @@ def parse_args() -> argparse.Namespace:
     return parser.parse_args()
 
 
+def request_headers(url: str) -> dict[str, str]:
+    headers = {"User-Agent": USER_AGENT}
+    token = os.environ.get("GITHUB_TOKEN") or os.environ.get("GH_TOKEN")
+    if token and urlparse(url).netloc == "api.github.com":
+        headers["Authorization"] = f"Bearer {token}"
+        headers["X-GitHub-Api-Version"] = "2022-11-28"
+    return headers
+
+
 def request_url(url: str, timeout: float):
-    request = Request(url, headers={"User-Agent": USER_AGENT})
+    request = Request(url, headers=request_headers(url))
     return urlopen(request, timeout=timeout)
 
 
diff --git a/tests/test_generate_network_component_versions.py b/tests/test_generate_network_component_versions.py
index b766d59a..ce8916c2 100644
--- a/tests/test_generate_network_component_versions.py
+++ b/tests/test_generate_network_component_versions.py
@@ -171,6 +171,26 @@ def test_latest_stable_version_ignores_prerelease_and_debug_tags() -> None:
     )
 
 
+def test_request_headers_use_github_token_for_github_api(monkeypatch) -> None:
+    module = load_script_module()
+    monkeypatch.setenv("GITHUB_TOKEN", "test-token")
+
+    assert module.request_headers("https://api.github.com/repos/example/project/releases") == {
+        "User-Agent": module.USER_AGENT,
+        "Authorization": "Bearer test-token",
+        "X-GitHub-Api-Version": "2022-11-28",
+    }
+
+
+def test_request_headers_do_not_send_github_token_to_other_hosts(monkeypatch) -> None:
+    module = load_script_module()
+    monkeypatch.setenv("GITHUB_TOKEN", "test-token")
+
+    assert module.request_headers("https://registry.npmjs.org/example") == {
+        "User-Agent": module.USER_AGENT,
+    }
+
+
 def test_parse_dars_lock_selects_latest_dashboard_packages_only() -> None:
     module = load_script_module()
     dars_lock = """