CI: Pass GITHUB_TOKEN to containerd/project-checks

kevpar · kevpar · commit 79d09c69b4e4 · 2023-01-03T15:48:51.000-08:00
Previously the project-checks action was failing sometimes due to
hitting GitHub API rate limits. Since no token was supplied, the rate
limits were only 60 requests/hour keyed off the IP address of the
runner.

Now, passing GITHUB_TOKEN secret through to project-checks, we have a
limit of 1000 requests/hour for the whole repo. This should alleviate
the rate limits that were being seen.

I believe it is safe to pass this secret as project-checks is also owned
by the containerd organization. The secret is also scoped to the actions
run, and is invalidated upon completion.

project-checks version is also updated to the version that supports
repo-access-token input.

Signed-off-by: Kevin Parsons &lt;kevpar@microsoft.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -69,9 +69,10 @@ jobs:
           path: src/github.com/containerd/containerd
           fetch-depth: 100
 
-      - uses: containerd/project-checks@v1
+      - uses: containerd/project-checks@v1.1.0
         with:
           working-directory: src/github.com/containerd/containerd
+          repo-access-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: verify go modules and vendor directory
         run: |
