GitHub rate limiting

[joshka]

Is there an existing issue for this?

• I have searched the existing issues

Description of the bug

After running git-cliff once for ratatui, and then doing it again shortly after I hit a rate limit. I suspect (but haven't checked) that the github integration parts are not using the logged in github user's context.

▹▹▹▸▹ Retrieving data from GitHub... (ratatui/ratatui)                                                   ERROR git_cliff_core::remote    > Request error: {"message":"API rate limit exceeded for 216.243.56.14. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}

Steps To Reproduce

On ratatui main I ran:

git cliff
git cliff -u -t 0.30.0-alpha.1

Expected behavior

Should not rate limit

Screenshots / Logs

No response

Software information

macos
rust latest
git-cliff 2.7.0

Additional context

No response

[orhun]

Yup, git-cliff does not use the GitHub CLI's auth in any way yet. As of now you need to provide a GITHUB_TOKEN manually.

But I'm wondering about a possible integration, maybe simply invoking gh auth token and retrieving the token that way might be sufficient, but probably not too secure.

What do you think?

[joshka]

Ah, I thought gh auth set the env var. It doesn't - TIL

Probably the best would be to do the same thing as gh auth does - grab an oauth token that is scoped appropriately to the needs of git-cliff. It saves dev config time / mistakes.

[orhun]

Probably the best would be to do the same thing as gh auth does - grab an oauth token that is scoped appropriately to the needs of git-cliff.

I'm not too familiar with that, do you mean an additional git cliff auth command that would generate a fine-grained token by either redirecting the user to browser or running gh auth login?

[joshka]

I meant adding a command that generates the token. It's something I've done a few times for various OAuth things. gh auth login gets a token that's good for the gh cli, not generically for all clis.

[orhun]

That's something that I should look into for later and I don't think I can include it in the release that I'm preparing soon.

It's something I've done a few times for various OAuth things.

Can you maybe share some examples of that? Do you know any other CLI tools that does something similar?

[joshka]

The only example I have that I wrote is from a couple of years ago when I first started writing rust, so the code quality isn't really worth considering.

The basic technique is

1. Setup a local webserver to listen for a callback with the auth code
2. Open a browser to an auth URL with the appropriate scopes selected and the redirect set to the local webserver
3. Wait for the webserver callback url, and save the code (probably in the keychain for future use)

There's quite a few crates that are related. I'm not sure which would be the best to use.

• https://crates.io/crates/ghtool has an implementation of this built in
• https://crates.io/crates/github-device-flow could be worth a look
• https://crates.io/crates/clio-auth looks pretty much what you'd want in a lib or maybe https://crates.io/crates/oauth2_login