Skip to content

Add a suggestive log for GitHub API rate-limiting issue during install #99691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add a suggestive log for GitHub API rate-limiting issue during install #99691

wants to merge 1 commit into from
+3 −0

Conversation

@3V3RYONE
Copy link

@3V3RYONE 3V3RYONE commented Nov 19, 2025

west sdk install may fail with a GitHub API rate-limit (HTTP 403) error. This typically occurs when the command is run multiple times after previous failures, which is common for new users setting up the project. Currently, the thrown exception only links to a generic GitHub rate-limit documentation page, which may be confusing to users.

Users can bypass the rate limit by authenticating with GitHub using a Personal Access Token. The install script supports this via the --personal-access-token argument. Therefore, detect rate-limit related failures and print a helpful message suggesting the use of this argument.

Fixes #93693

@github-actions
Copy link

github-actions bot commented Nov 19, 2025

Hello @3V3RYONE, and thank you very much for your first pull request to the Zephyr project!
Our Continuous Integration pipeline will execute a series of checks on your Pull Request commit messages and code, and you are expected to address any failures by updating the PR. Please take a look at our commit message guidelines to find out how to format your commit messages, and at our contribution workflow to understand how to update your Pull Request. If you haven't already, please make sure to review the project's Contributor Expectations and update (by amending and force-pushing the commits) your pull request if necessary.
If you are stuck or need help please join us on Discord and ask your question there. Additionally, you can escalate the review when applicable. 😊

@zephyrbot zephyrbot added the area: West West utility label Nov 19, 2025
@pdgendt
Copy link
Contributor

pdgendt commented Nov 19, 2025

Please fix the compliance issue (git commit subject too long)

marc-hb
marc-hb reviewed Nov 19, 2025
View reviewed changes
Copy link
Contributor

@marc-hb marc-hb left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--personal-access-token is long and inconvenient, could you test .netrc and add it as a recommendation in the --help if it works?
https://docs.python-requests.org/en/latest/user/authentication/#netrc-authentication

If someone has a valid access token, why would they store it in the wrong place and use it only with west sdk --personal-access-token ...? Weird. There are many other ways to hit rate limits.

@pdgendt
Copy link
Contributor

pdgendt commented Nov 19, 2025

--personal-access-token is long and inconvenient, could you test .netrc and add it as a recommendation in the --help if it works? docs.python-requests.org/en/latest/user/authentication#netrc-authentication

It's an argument for the west sdk extension.

@marc-hb
Copy link
Contributor

marc-hb commented Nov 19, 2025

It's an argument for the west sdk extension.

And? I miss your point sorry.

@pdgendt
Copy link
Contributor

pdgendt commented Nov 20, 2025

And? I miss your point sorry.

Why shouldn't we refer to an option that is available for the same command that the user just tried to execute?

@marc-hb
Copy link
Contributor

marc-hb commented Nov 20, 2025

I didn't say --personal-access-token should not be referred to. I only said that (if it works) the most common .netrc option that is much better for most people and/or use cases should not be missing.

@3V3RYONE
Copy link
Author

3V3RYONE commented Nov 20, 2025

@marc-hb @pdgendt
I tried with _netrc authentication, looks like the script fails with rate limit error in under 20 requests.
Whereas with --personal-access-token, script goes on successfully till 40 requests and the installation proceeds to completion.

@3V3RYONE
scripts: west_commands: Log a hint for rate-limit failure during install
a68cf35 
`west sdk install` may fail with a GitHub API rate-limit (HTTP 403)
error. This typically occurs when the command is run multiple times
after previous failures, which is common for new users setting up
the project. Currently, the thrown exception only links to a generic
GitHub rate-limit documentation page, which may be confusing to users.

Users can bypass the rate limit by authenticating with GitHub using a
Personal Access Token. The install script supports this via the
`--personal-access-token` argument. Therefore, detect rate-limit related
failures and print a helpful message suggesting the use of this
argument.

Signed-off-by: Beleswar Prasad Padhi <[email protected]>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 20, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@marc-hb
Copy link
Contributor

marc-hb commented Nov 21, 2025
edited
Loading

I tried with _netrc authentication, looks like the script fails with rate limit error in under 20 requests.

I did some testing and I have a strong suspicion your .netrc file is invalid or misplaced.

It took me a while but I found a couple ways to test much faster and more reliable than downloading the SDK repeatedly.

I spent time testing this because the .netrc really matters: it's superior to --personal-access-token in pretty much every way for pretty much everyone. So, I would really like you to add the following text "... or use a .netrc file". Just mentioning that file and that's all, nothing else.

Please try this:

python3 -c 'import requests; print(requests.get("https://api.github.com/user/issues").content)'

    # Bad .netrc OR bad token shows this:
    b'{\r\n  "message": "Requires authentication",\r\n  "documentation_url": "https://docs.github.com/rest",\r\n  "status": "401"\r\n}'

   # Good .netrc AND good token returns a list (empty or not)
    b'[ ...  ]'

You can also compare these two commands:

curl -v --netrc https://api.github.com/user/issues
curl -v         https://api.github.com/user/issues

When using -n or --netrc you see additional "authorization" fields like this:

* [HTTP/2] [1] [authorization: Basic ....
* [HTTP/2] [1] ...
* [HTTP/2] [1] ...
> GET / HTTP/2
> Host: github.com
> Authorization: Basic ....

As long as the .netrc file is valid, you will see the "authorization" fields even when the token is wrong.

The .netrc file should look like this:

machine github.com
  login not-used
  password add token here
  
machine api.github.com
  login not-used-either
  password same token as above

Don't forget the indentation.

Obviously, make sure the .netrc file is readable only by you.

BTW I think _netrc is the older name but https://docs.python-requests.org/en/latest/user/authentication/#netrc-authentication claims to support both so it should hopefully not matter.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marc-hb marc-hb marc-hb left review comments

@carlescufi carlescufi Awaiting requested review from carlescufi

@mbolivar mbolivar Awaiting requested review from mbolivar

@pdgendt pdgendt Awaiting requested review from pdgendt

@swinslow swinslow Awaiting requested review from swinslow

At least 2 approving reviews are required to merge this pull request.

Assignees

@pdgendt pdgendt

Labels

area: West West utility

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

west sdk install fails with GitHub API rate limit error (403)

4 participants

@3V3RYONE @pdgendt @marc-hb @zephyrbot