Page MenuHomePhabricator

Composer update commands on Labs hit GitHub's anon API limit (60 requests per IP per hour)
Closed, InvalidPublic

Description

When I run > composer update on a recently installed labs instance I am prompted for a Github token. What if I don't have a Github account?

Updating dependencies (including require-dev)

  • Removing justinrainbow/json-schema (1.4.2)
  • Installing justinrainbow/json-schema (1.4.4) Downloading: Connecting...

Could not fetch https://api.github.com/repos/justinrainbow/json-schema/zipball/8dc9b9d85ab639ca60ab4608b34c1279d6ae7bce, please create a GitHub OAuth token to go over the API rate limit
Head to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+gather-browser-tests+2015-07-20+1753
to retrieve a token. It will be stored in "/home/jdlrobson/.composer/auth.json" for future use by Composer.
Token (hidden):
Token stored successfully.

Downloading: 100%

Event Timeline

Jdlrobson raised the priority of this task from to Needs Triage.
Jdlrobson updated the task description. (Show Details)
Jdlrobson added a project: Composer.
Jdlrobson subscribed.
Legoktm claimed this task.
Legoktm subscribed.

This means you went over the github API limit. Are you passing in --prefer-dist or something? Using --prefer-source will always use git clone and bypass github's API, but isn't ideal since it isn't cacheable.

I received this on a labs instance i only got setup less than a month ago so I'd rather we got to the bottom of this before dismissing as invalid.

It occurred when running composer update

(I should add I've not been knowably using the github api on this instance)

I received this on a labs instance i only got setup less than a month ago so I'd rather we got to the bottom of this before dismissing as invalid.

It's invalid because installing the justinrainbow/json-schema dev dependency through composer does not require a github account, which is the bug you filed.

It occurred when running composer update

What version of composer are you running? How often are you running it? In what repositories? But really, http://lmgtfy.com/?q=composer+github+api+rate+limit

(I should add I've not been knowably using the github api on this instance)

If you're running composer, you're most likely using the github API.

@Legoktm can you explain what's happening? does running composer update not need a Git API token by default, but need it from labs because we're over the limit because of NAT? is something else going on? That lmgtfy link wasn't very useful :P

@Legoktm can you explain what's happening? does running composer update not need a Git API token by default, but need it from labs because we're over the limit because of NAT? is something else going on? That lmgtfy link wasn't very useful :P

I'm pretty sure this is NAT/SNAT outbound from labs leading GitHub to see all of the various Composer requests from Jenkins slaves and other Labs hosts as the same IP (or a small range) which occasionally trips their rate limit for anonymous API actions.

Wow. The anon limit is apparently 60 requests per ip per hour. I bet this happens all the time in Labs.

Rate Limiting

For requests using Basic Authentication or OAuth, you can make up to 5,000 requests per hour. For unauthenticated requests, the rate limit allows you to make up to 60 requests per hour. Unauthenticated requests are associated with your IP address, and not the user making requests.
https://developer.github.com/v3/#rate-limiting

@bd808 thanks for clarifying this issue. I was a bit confused about how I had tripped the api limit with my meagre amount of composer update commands. Is there anything we can do about it? (I'm sure github would happily up the limit for us if we asked nicely).

Jdlrobson renamed this task from justinrainbow dependency needs Github account to composer update commands on labs hit api limit.Jul 21 2015, 11:32 PM
Jdlrobson updated the task description. (Show Details)
Jdlrobson set Security to None.
Aklapper renamed this task from composer update commands on labs hit api limit to Composer update commands on Labs hit GitHub's anon API limit (60 requests per IP per hour).Jul 22 2015, 4:27 PM