fix: ignore GitHub API rate limit errors in update and health commands

[Copilot]

CI jobs for update and health-smoke-copilot were failing with HTTP 403 "API rate limit exceeded" — a transient infrastructure condition that should not mark CI as broken.

Root causes

• update job: UpdateWorkflows propagated a fatal error when all per-workflow failures were rate-limit related ("no workflows were successfully updated"), even though there was nothing actionable to fix.
• health-smoke-copilot job: RunHealth surfaced the fetchWorkflowRuns rate-limit error directly, causing gh aw health --json to exit non-zero and produce no JSON output (breaking downstream jq parsing).

Changes

• pkg/gitutil/gitutil.go — Added IsRateLimitError(errMsg string) bool detecting "API rate limit exceeded", "rate limit exceeded", and "secondary rate limit" patterns (case-insensitive).

• pkg/cli/update_workflows.go — Added allFailuresAreRateLimited helper. UpdateWorkflows now returns nil with a warning instead of a fatal error when every workflow failure is rate-limit related.

• pkg/cli/health_command.go — RunHealth detects rate-limit errors from fetchWorkflowRuns, prints a warning, and in --json mode emits a zero-run WorkflowHealth struct so callers can still parse the output cleanly.

• pkg/gitutil/gitutil_test.go — Table-driven tests for IsRateLimitError and IsAuthError.

[pelikhan]

@copilot if you hit github rate limit in the rate limit test, assume it is canceled.

[Copilot]

@copilot if you hit github rate limit in the rate limit test, assume it is canceled.

Already handled by commit 04eaf16. Both affected jobs now treat rate limit errors as cancelled (non-fatal):

• update job: allFailuresAreRateLimited — if every workflow update failure was caused by rate limiting, UpdateWorkflows returns nil with a warning instead of propagating the error.
• health-smoke-copilot job: RunHealth detects the rate limit from fetchWorkflowRuns, prints a warning, and exits 0. In --json mode it emits a valid zero-run WorkflowHealth JSON so the downstream jq structure validations still pass.

[Copilot]

Pull request overview

Adjusts CLI behavior to treat GitHub API rate limiting as a transient condition so CI jobs don’t fail or produce unusable output when the API is temporarily throttling requests.

Changes:

• Add a shared gitutil.IsRateLimitError helper to detect common GitHub rate-limit error strings.
• Update update workflow updates to be non-fatal when all per-workflow failures are rate-limit related.
• Update health to warn and exit cleanly on rate limit; in detailed --json mode, emit a zero-run JSON payload.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
pkg/gitutil/gitutil.go	Adds IsRateLimitError helper for consistent rate-limit detection.
pkg/gitutil/gitutil_test.go	Adds table-driven unit tests for IsRateLimitError and IsAuthError.
pkg/cli/update_workflows.go	Treats “all failed due to rate limiting” as non-fatal; adds helper to detect that condition.
pkg/cli/health_command.go	Handles rate-limit errors from fetchWorkflowRuns by warning and exiting cleanly; emits detailed JSON when applicable.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In the rate-limit branch, RunHealth only emits JSON when config.WorkflowName != "" (detailed view). If --json is used without a workflow (summary mode), this path returns nil without writing any JSON to stdout, which breaks callers that rely on --json always producing parseable output. Consider emitting an empty HealthSummary via outputHealthJSON(...) when config.JSONOutput is true, regardless of whether a workflow name was provided (while still printing the warning to stderr).

Suggested change

	if config.JSONOutput && config.WorkflowName != "" {
	// Emit an empty-run JSON structure so callers can still parse the output.
	return displayDetailedHealth(nil, config)
	if config.JSONOutput {
	if config.WorkflowName != "" {
	// Emit an empty-run JSON structure for the specific workflow so callers can still parse the output.
	return displayDetailedHealth(nil, config)
	}
	// In summary mode, emit an empty HealthSummary so JSON output is always parseable.
	if err := outputHealthJSON(&HealthSummary{}); err != nil {
	return err
	}

[Copilot]

The new rate-limit handling in RunHealth is important for CI stability, but there isn’t a unit test covering the new behavior (rate-limit error => non-fatal exit, and in --json mode still emitting valid JSON). Consider adding a test that forces fetchWorkflowRuns/listWorkflowRunsWithPagination to return a rate-limit error (e.g., via dependency injection through a package-level function var) and asserts stdout contains valid JSON.

[Copilot]

UpdateWorkflows now returns nil when all workflow update failures are rate-limit related. Since this changes the command’s exit behavior, it would be good to add a focused unit test for allFailuresAreRateLimited (and/or the len(successfulUpdates)==0 branch) to lock in the intended semantics for “all rate-limited” vs “mixed failures”.