fix(ci): plumb github-token cross-org so the flake-fetch 429 fix works#240
Conversation
…cross-org #239 added access-tokens = github.com=${{ github.token }} to the nix-cachix-setup preamble, but github.token evaluates to EMPTY inside a composite invoked across the org boundary, so the access-token stayed empty and the rainix flake fetch kept 429ing for cross-org consumers (S01-Issuer st0x). Add a github-token input and use access-tokens = github.com=${{ inputs.github-token || github.token }} -- input wins, bare token is the same-org fallback. The 12 cross-org reusables pass github-token: ${{ github.token }} (populated in the reusable's own context); check-shell/test ride the fallback. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Caution Review failedPull request was closed or merged during review No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (13)
📝 WalkthroughWalkthroughA new optional ChangesGitHub Token Plumbing into nix-cachix-setup
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Reviewed e938958: cross-org follow-up to #239. Adds a |
|
@coderabbitai assess this PR size classification for the totality of the PR with the following criterias and report it in your comment: S/M/L PR Classification Guidelines:This guide helps classify merged pull requests by effort and complexity rather than just line count. The goal is to assess the difficulty and scope of changes after they have been completed. Small (S)Characteristics:
Review Effort: Would have taken 5-10 minutes Examples:
Medium (M)Characteristics:
Review Effort: Would have taken 15-30 minutes Examples:
Large (L)Characteristics:
Review Effort: Would have taken 45+ minutes Examples:
Additional Factors to ConsiderWhen deciding between sizes, also consider:
Notes:
|
…dation fix(ci): restore nix-cachix-setup load (template-validation regression from #240)
Problem
#239 added
access-tokens = github.com=${{ github.token }}to the sharednix-cachix-setuppreamble, but the 429 persisted for cross-org consumers — S01-Issuer's st0x deploy 429'd again ~40 min after #239 merged. Root cause:${{ github.token }}evaluates to empty inside a composite invoked across the org boundary, so the access-token line was effectivelygithub.com=(no token) and the rainix flake fetch stayed unauthenticated.Fix
Add a
github-tokeninput to the composite and useaccess-tokens = github.com=${{ inputs.github-token || github.token }}— the explicit input wins, bare${{ github.token }}is the same-org fallback. The 12 cross-org reusables passgithub-token: ${{ github.token }}(which is populated in the reusable workflow's own context, unlike the composite's);check-shell.yml+test.yml(rainix's own same-org CI) omit it and ride the fallback. Consumers need no change — they already get a run token automatically.Builds on #239.
🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Bug Fixes