Update Actions to Properly Use PAT for Website Build and Deployment (#1726) #1731
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aj-stein-nist
changed the title
By doing this, we correctly the PAT usage and not ironically use an existing, but improperly permissioned GITHUB_TOKEN provided as a context machine identity for all runs of all workflows, this should fix the builds and stop the cryptic HTTP 429 rate limit error response. It's cryptic because you get a 429 response after one single API operation (with git clone) because the token is wrong.
As part of the troubleshooting work, GH docs do indicate scanning links from the GHA runners can potentially cause rate limiting. We have automated nightly scans and we review code changes as part of PRs. We can forgot commit-by-commit link scanning as a short-to-medium term mitigation and enable it again later.
aj-stein-nist
force-pushed
the
1726-pat-permissions-issues-for-cd-auto-commit-for-docs-pages
branch
from
abaea76
to
610c5da
Compare
nikitawootten-nist
approved these changes
Apr 3, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Committer Notes
Update PAT configuration for builds, monitor rate limiting, and disable per commit link checking for PRs. Closes #1698 and #1726.
All Submissions:
"?
By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.
Changes to Core Features:
Have you written new tests for your core changes, as applicable?Have you included examples of how to use your new feature(s)?Have you updated all OSCAL website and readme documentation affected by the changes you made? Changes to the OSCAL website can be made in the docs/content directory of your branch.