Cannot install git-cliff when ref action in self-hosted runners

[gdagil]

Hello!
Thank you for your product. I’ve been considering integrating it into my projects using GitHub Actions and encountered an issue.

I have my own act_runner for self-hosted Gitea. Since most of the environment variables here are the same as those on GitHub runners, an error occurs when running your action stating that the request cannot be executed - 401 response from api.github.com server.

I believe it would be better to exclude setting the authorization header when downloading the package in the line provided below.

git-cliff-action/install.sh

Line 27 in 9f34d77

--header "authorization: Bearer ${GITHUB_TOKEN}" \

Attaching the act_runner logs:

1 | + case "${RUNNER_OS}" in
-- | --
2 | + OS=unknown-linux-gnu
3 | + case "${RUNNER_ARCH}" in
4 | + ARCH=x86_64
5 | + RELEASE_URL=https://api.github.com/repos/orhun/git-cliff/releases/latest
6 | + [[ v2.5.0 != \l\a\t\e\s\t ]]
7 | + RELEASE_URL=https://api.github.com/repos/orhun/git-cliff/releases/tags/v2.5.0
8 | ++ curl --silent --show-error --fail --header 'authorization: Bearer ***' --header 'Cache-Control: no-cache, must-revalidate' https://api.github.com/repos/orhun/git-cliff/releases/tags/v2.5.0
9 | curl: (22) The requested URL returned error: 401
10 | + RELEASE_INFO=
11 | ++ echo ''
12 | ++ jq --raw-output .tag_name
13 | /var/run/act/actions/orhun-git-cliff-action@v4/install.sh: line 30: jq: command not found
14 | + TAG_NAME=
15 | + TARGET=git-cliff--x86_64-unknown-linux-gnu.tar.gz
16 | ++ echo ''
17 | ++ jq --raw-output '.assets[].browser_download_url'
18 | /var/run/act/actions/orhun-git-cliff-action@v4/install.sh: line 34: jq: command not found
19 | ++ grep 'git-cliff--x86_64-unknown-linux-gnu.tar.gz$'
20 | + LOCATION=
21 | + mkdir -p ./bin
22 | + [[ ! -e git-cliff--x86_64-unknown-linux-gnu.tar.gz ]]
23 | + curl --silent --show-error --fail --location --output git-cliff--x86_64-unknown-linux-gnu.tar.gz ''
24 | curl: (3) URL using bad/illegal format or missing URL
25 | + tar -xf git-cliff--x86_64-unknown-linux-gnu.tar.gz
26 | tar: git-cliff--x86_64-unknown-linux-gnu.tar.gz: Cannot open: No such file or directory
27 | tar: Error is not recoverable: exiting now
28 | + mv git-cliff-/git-cliff ./bin/git-cliff
29 | mv: cannot stat 'git-cliff-/git-cliff': No such file or directory

[gdagil]

Of course, it's possible to use installation via pip, but I would prefer not to add an additional step for installing Python and instead use a compiled release

[orhun]

Hello, thanks for reporting and sorry for the delayed response!

I believe it would be better to exclude setting the authorization header when downloading the package in the line provided below.

I'm not sure if removing that would be a problem, but I presume it should be fine since we are executing from the GitHub context anyways. Or maybe we can support an option to disable it somehow.

cc @M0NsTeRRR - what do you think?

[M0NsTeRRR]

Hello,

As mentioned in the script, the token is used to increase GitHub API limits:

git-cliff-action/install.sh

Lines 22 to 25 in 9f34d77

	# Although releases endpoint is available without authentication, the current github.token is still passed
	# in order to increase the limit of 60 requests per hour per IP address to a higher value that's also counted
	# per GitHub account.
	# Caching is disabled in order not to receive stale responses from Varnish cache fronting GitHub API.

Source : https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api?apiVersion=2022-11-28#primary-rate-limit-for-unauthenticated-users

For now, you can pass a GitHub token in your Gitea CI as GITHUB_TOKEN.

I'm not sure if removing that would be a problem, but I presume it should be fine since we are executing from the GitHub context anyways

I'm not sure about this one, and I don't know if it would work with a self-hosted GitHub runner.

We could add an option to disable the authorization header in cases where someone is using Gitea or an other CI compatible with Github action and doesn't need to worry about rate limits.

[orhun]

We could add an option to disable the authorization header in cases where someone is using Gitea or an other CI compatible with Github action and doesn't need to worry about rate limits.

Yup, sounds good. It should be disabled as default though.

[gdagil]

Maybe you should just make sure that the environment variable exists?

Since there is no such variable in gitea act_runner and GITEA_TOKEN is used

[M0NsTeRRR]

Maybe you should just make sure that the environment variable exists?

Since there is no such variable in gitea act_runner and GITEA_TOKEN is used

If Gitea CI doesn't use it we could yeah, I'm not familiar with it :)

[orhun]

Actually yeah, that sounds more reasonable.

[M0NsTeRRR]

@gdagil could you test with github action m0nsterrr/[email protected] ?

[lehmanju]

Would it be possible to supply the token via (non-required) input? I am trying to use this action on a on-premises enterprise github installation, so GITHUB_TOKEN exists but is obviously not authorized for github.com. I'd rather not use a token at all.

[M0NsTeRRR]

Thanks for your feedback! I've adjusted my PR to address it.

Could you please test with m0nsterrr/[email protected]? There's a new input variable github_token (which defaults to ${{ github.token }}). You can pass an empty value to disable the auth header or provide your own token.

@orhun, I'll leave it up to you to decide whether to keep the default value, but I believe maintaining this configuration for GitHub Actions (which most users utilize) is the best approach.

[lehmanju]

@M0NsTeRRR can confirm it works! Thx

[gdagil]

@M0NsTeRRR Yea, on gitea works too

[orhun]

Perfect! Thanks a lot everyone, release coming out shortly 🚀 ⛰️

[orhun]

https://github.com/orhun/git-cliff-action/releases/tag/v4.1.0