There are two (2) methods to avoid hitting GitHub rate limitations: authentication, or limiting requests.
GitHub has rate limitations for users:
- Sixty (60) requests per hour based on IP address.
- Five-Thousand (5000) requests per hour based on user.
While the sixty (60) request limit won’t affect most small businesses, it can affect medium/large businesses working from the same office space. It will also affect users who select the env0 SaaS option as it comes from a single IP address.
At env0 we’ve seen this affect a few of our customers and wanted to provide two (2) options to mitigate against these issues.
There are two (2) methods of mitigation that are simple and quick to implement.
Method One (1) - Authentication
All authenticated users are allowed five thousand (5000) requests per hour, which should be more than enough. If this is your preferred method of mitigation is authentication, check out the authentication methods on GitHub here:
For example, in env0.yaml you can curl GitHub with authentication like this:
curl --request GET \
--url "https://api.github.com/octocat" \
--header "Authorization: Bearer YOUR-TOKEN"
Method Two (2) - Manually Limit Requests
There are occasions when authentication is not possible or desired. In these cases, you can work on limiting the number of requests.
In our customer example, there was a script using tflint, which checked (and pulled if available) for a newer version. By using Additional Controls you are able to specify the version of code for tflint (TFLINT_VERSION). This will first check the local version and if matching, no update request will occur, saving a request.
There are lots of additional options that can be used for various use cases and products. A certain element of sell investigation is required for each use case.
N.B. In this example, we are matching one version. If a new version is made available, the additional control will have to be adjusted to reflect the desired version.