Overcoming GitHub API Rate-Limiting from a Public Project?

Question

I have a public repository which is an Ansible role. This Ansible role uses the GitHub API in order to get the most recent release for a given repository. I use this metadata in order to then subsequently download the latest release binary for the given project.

Unfortunately, I'm hitting GitHub's API rate-limit when running my tests in Travis and occasionally on my local machine. Since this is a public-facing project, what are my options for overcoming this rate limit?

I could use some kind of secret management system in Ansible or expose the value via Travis environment variables, but is there a standard practice for dealing with these kinds of scenarios for public code?

Answer 1

Unauthenticated requests only get 60/hour. Authenticated requests get 5000/hour.

To authenticate, generate a personal API access token for use by the project. Put it either in an encrypted Travis environment variable or some other way to store encrypted secrets (for example, Rails has built in encrypted credentials. Use that token to access the API.

Make a separate Github account for the project and use an API token for that. This avoids sharing its rate limit with anyone else.

Use Git commands on a local clone where possible. For example, if you want to look up a commit instead of doing it via the API, clone the repository and use normal Git commands. Cache the clones and git fetch periodically to keep them up to date.

Finally, make use of conditional requests. These use HTTP headers so you can safely use cached queries. These do not count against your rate limit. A good Github authentication library should have an option for caching.