Page MenuHomePhabricator
Create Task
Maniphest T106339

Composer update commands on Labs hit GitHub's anon API limit (60 requests per IP per hour)
Closed, InvalidPublic
Actions

Description

When I run > composer update on a recently installed labs instance I am prompted for a Github token. What if I don't have a Github account?

Updating dependencies (including require-dev)

  • Removing justinrainbow/json-schema (1.4.2)
  • Installing justinrainbow/json-schema (1.4.4) Downloading: Connecting...

Could not fetch https://api.github.com/repos/justinrainbow/json-schema/zipball/8dc9b9d85ab639ca60ab4608b34c1279d6ae7bce, please create a GitHub OAuth token to go over the API rate limit
Head to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+gather-browser-tests+2015-07-20+1753
to retrieve a token. It will be stored in "/home/jdlrobson/.composer/auth.json" for future use by Composer.
Token (hidden):
Token stored successfully.

Downloading: 100%

Related Objects

Event Timeline

Jdlrobson created this task.Jul 20 2015, 5:57 PM
Jdlrobson raised the priority of this task from to Needs Triage.
Jdlrobson updated the task description. (Show Details)
Jdlrobson added a project: Composer.
Jdlrobson subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 20 2015, 5:57 PM
Legoktm closed this task as Invalid.Jul 21 2015, 3:41 AM
Legoktm claimed this task.
Legoktm subscribed.

This means you went over the github API limit. Are you passing in --prefer-dist or something? Using --prefer-source will always use git clone and bypass github's API, but isn't ideal since it isn't cacheable.

Jdlrobson reopened this task as Open.Jul 21 2015, 4:55 AM

I received this on a labs instance i only got setup less than a month ago so I'd rather we got to the bottom of this before dismissing as invalid.

It occurred when running composer update

Jdlrobson added a comment.Jul 21 2015, 4:56 AM

(I should add I've not been knowably using the github api on this instance)

Legoktm closed this task as Invalid.Jul 21 2015, 5:16 AM
In T106339#1466264, @Jdlrobson wrote:

I received this on a labs instance i only got setup less than a month ago so I'd rather we got to the bottom of this before dismissing as invalid.

It's invalid because installing the justinrainbow/json-schema dev dependency through composer does not require a github account, which is the bug you filed.

It occurred when running composer update

What version of composer are you running? How often are you running it? In what repositories? But really, http://lmgtfy.com/?q=composer+github+api+rate+limit

In T106339#1466266, @Jdlrobson wrote:

(I should add I've not been knowably using the github api on this instance)

If you're running composer, you're most likely using the github API.

yuvipanda subscribed.Jul 21 2015, 10:28 PM

@Legoktm can you explain what's happening? does running composer update not need a Git API token by default, but need it from labs because we're over the limit because of NAT? is something else going on? That lmgtfy link wasn't very useful :P

bd808 subscribed.Jul 21 2015, 11:24 PM
In T106339#1469154, @yuvipanda wrote:

@Legoktm can you explain what's happening? does running composer update not need a Git API token by default, but need it from labs because we're over the limit because of NAT? is something else going on? That lmgtfy link wasn't very useful :P

I'm pretty sure this is NAT/SNAT outbound from labs leading GitHub to see all of the various Composer requests from Jenkins slaves and other Labs hosts as the same IP (or a small range) which occasionally trips their rate limit for anonymous API actions.

bd808 added a comment.Jul 21 2015, 11:30 PM

Wow. The anon limit is apparently 60 requests per ip per hour. I bet this happens all the time in Labs.

Rate Limiting

For requests using Basic Authentication or OAuth, you can make up to 5,000 requests per hour. For unauthenticated requests, the rate limit allows you to make up to 60 requests per hour. Unauthenticated requests are associated with your IP address, and not the user making requests.
https://developer.github.com/v3/#rate-limiting

Jdlrobson added a comment.Jul 21 2015, 11:31 PM

@bd808 thanks for clarifying this issue. I was a bit confused about how I had tripped the api limit with my meagre amount of composer update commands. Is there anything we can do about it? (I'm sure github would happily up the limit for us if we asked nicely).

Jdlrobson renamed this task from justinrainbow dependency needs Github account to composer update commands on labs hit api limit.Jul 21 2015, 11:32 PM
Jdlrobson updated the task description. (Show Details)
Jdlrobson set Security to None.
bd808 mentioned this in T106452: Composer activity from Cloud VPS hosts can be rate limited by GitHub.Jul 22 2015, 12:09 AM
Aklapper renamed this task from composer update commands on labs hit api limit to Composer update commands on Labs hit GitHub's anon API limit (60 requests per IP per hour).Jul 22 2015, 4:27 PM
Phabricator_maintenance removed a subscriber: yuvipanda.Jun 7 2017, 6:48 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL