fix(installation): respect GITHUB_TOKEN/GH_TOKEN for GitHub API release check#23475
Open
octo-patch wants to merge 1 commit intoanomalyco:devfrom
Open
fix(installation): respect GITHUB_TOKEN/GH_TOKEN for GitHub API release check#23475octo-patch wants to merge 1 commit intoanomalyco:devfrom
octo-patch wants to merge 1 commit intoanomalyco:devfrom
Conversation
When checking for the latest release version, pass the GitHub token from GITHUB_TOKEN or GH_TOKEN environment variables as a Bearer auth header. This raises the API rate limit from 60 to 5000 req/hr, preventing 403 errors for users behind shared proxies or VPNs (fixes anomalyco#23461).
github-actions
Bot
added
the
needs:compliance
6 tasks
github-actions
Bot
removed
the
needs:compliance
Contributor
|
Thanks for updating your PR! It now meets our contributing guidelines. 👍 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #23461
Type of change
What does this PR do?
Problem
opencode upgrade(and the update-check on startup) callsGET https://api.github.com/repos/anomalyco/opencode/releases/latestwithout authentication. Unauthenticated GitHub API calls are capped at 60 requests/hour per IP. Users behind shared proxies or VPNs quickly exhaust this quota, causing 403 errors:Even when
GITHUB_TOKENwas set in the environment or the user was authenticated viagh auth login, opencode did not use those credentials.Solution
Read
GITHUB_TOKENorGH_TOKENfrom the environment and, when present, attach it as aAuthorization: Bearer <token>header on the GitHub releases request. This raises the rate limit to 5,000 requests/hour, which is sufficient for any realistic usage pattern.The change is in
Installation.latestImpl— only the fallback GitHub API path (used bycurland unknown install methods) is affected. All other version sources (npm registry, Homebrew, Chocolatey, Scoop) are unchanged.How did you verify your code works?
GITHUB_TOKENunset: behaviour is identical to before (no header sent).GITHUB_TOKENset to a valid PAT: the Authorization header is included, rate limit 5000/hr applies.GH_TOKENset (GitHub CLI convention): same as above.Screenshots / recordings
N/A — this is a backend/CLI change with no UI surface.
Checklist