Skip to content

Commit

Permalink
Don't hard-code a token in the tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
maleadt committed Nov 24, 2022
1 parent ba51450 commit a6a1b79
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 11 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ jobs:
${{ runner.os }}-
- uses: julia-actions/julia-buildpkg@v1
- uses: julia-actions/julia-runtest@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: julia-actions/julia-processcoverage@v1
- uses: codecov/codecov-action@v1
with:
Expand Down
20 changes: 9 additions & 11 deletions test/read_only_api_tests.jl
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,15 @@ testuser_sshkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVDBxFza4BmQTCTFeTyK"*

hasghobj(obj, items) = any(x -> name(x) == name(obj), items)

# This token has public, read-only access, and is required so that our
# tests don't get rate-limited. The only way a malicious party could do harm
# with this token is if they used it to abuse the rate limit associated with
# the token (not too big of a deal). The token is hard-coded in an obsfucated
# manner in an attempt to thwart token-stealing crawlers.
auth = authenticate(string(circshift(["bcc", "3fc", "03a", "33e",
"c09", "363", "5f1", "bd3",
"fc6", "77b", '5', "9cf",
"868", "033"], 3)...))

@test rate_limit(; auth = auth)["rate"]["limit"] == 5000
auth = if haskey(ENV, "GITHUB_TOKEN")
@info "Using GitHub token from ENV"
authenticate(ENV["GITHUB_TOKEN"])
else
@warn "Using anonymous GitHub access. If you get rate-limited, please set the GITHUB_TOKEN env var to an appropriate value."
GitHub.AnonymousAuth()
end

@test rate_limit(; auth = auth)["rate"]["limit"] > 0

@testset "Owners" begin
# test GitHub.owner
Expand Down

0 comments on commit a6a1b79

Please sign in to comment.