GitHub API 403 when GITHUB_TOKEN set + target org has IP allow list (e.g. aquasecurity/trivy, databricks/cli) #9119
Replies: 1 comment 15 replies
-
|
Seems true... I don't understand why GitHub does this |
Beta Was this translation helpful? Give feedback.
-
|
@risu729 Ah, I see. I only have: I'm going to try increasing scope. |
Beta Was this translation helpful? Give feedback.
-
|
@risu729 I've narrowed down the exact cause. The 403 only triggers with GitHub App installation tokens ( Here's the proof — same IP, same moment, same target repos: GHS_TOKEN="ghs_..." # GitHub App installation token
# GitHub App token → 403 on orgs with IP allow lists
curl -s -w "%{http_code}" -H "Authorization: token $GHS_TOKEN" \
"https://api.github.com/repos/aquasecurity/trivy/releases/latest"
# → 403: "the `aquasecurity` organization has an IP allow list enabled,
# and your IP address is not permitted to access this resource."
curl -s -w "%{http_code}" -H "Authorization: token $GHS_TOKEN" \
"https://api.github.com/repos/databricks/cli/releases/latest"
# → 403 (same — databricks has IP allow list too)
# Same token, orgs WITHOUT IP allow lists → 200
curl -s -w "%{http_code}" -H "Authorization: token $GHS_TOKEN" \
"https://api.github.com/repos/BurntSushi/ripgrep/releases/latest" # → 200
curl -s -w "%{http_code}" -H "Authorization: token $GHS_TOKEN" \
"https://api.github.com/repos/kubernetes/kubernetes/releases/latest" # → 200
curl -s -w "%{http_code}" -H "Authorization: token $GHS_TOKEN" \
"https://api.github.com/repos/helm/helm/releases/latest" # → 200The full list of API endpoints that fail (all return 403 for these orgs):
Meanwhile, these still work fine with the same
This is a real-world use case — GitHub App installation tokens are the standard way to authenticate CI in orgs (GitHub Actions uses them, and tools like Coder generate them for dev environments). I think mise should either retry without auth on this specific 403, or allow scoping which token is used per-backend. |
Beta Was this translation helpful? Give feedback.
-
|
p.s. the scope of these shouldn't matter. GitHub is pretty clear that for public repos, scope is irrelevant. Now, there may be undocumented behavior here, but generally speaking that's true. In other words, we are using GitHub Apps to mitigate GitHub's anonymous API rate limits. We are using a GitHub App as a sort of service account so that it's not tied to any one user. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks! I think we can fix mise to use anonymous requests if the token starts with |
Beta Was this translation helpful? Give feedback.
-
|
#9506 should fix it |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Problem
When
GITHUB_TOKEN(orMISE_GITHUB_TOKEN) is set, mise sendsAuthorization: Bearer {token}on all requests toapi.github.com. If the target GitHub organization has an IP allow list enabled, GitHub blocks the authenticated request with 403 — even for fully public repos.The counterintuitive part: the same request without the Authorization header succeeds (GitHub explicitly exempts anonymous public repo access from IP allow lists). So setting
GITHUB_TOKENto get a higher rate limit actually breaks tool installation for orgs with IP allow lists.Affected tools
Any tool whose GitHub org has an IP allow list enabled. Examples we hit in CI:
aqua:aquasecurity/trivygithub:databricks/cliExact 403 response body
{ "message": "Although you appear to have the correct authorization credentials, the `aquasecurity` organization has an IP allow list enabled, and your IP address is not permitted to access this resource.", "documentation_url": "https://docs.github.com/rest/releases/releases#list-releases", "status": "403" }Key:
x-ratelimit-remainingis ~15,000 in these responses. This is not a rate limit issue.Verification (same IP, same token, same moment)
Why this happens
Per GitHub docs, IP allow lists block access to public resources when a user is authenticated (PATs, OAuth tokens, GitHub App installation tokens). Anonymous access to public resources is explicitly exempted.
So by authenticating, mise opts itself into IP allow list enforcement that anonymous requests bypass.
Proposed fix
In the HTTP layer (
src/http.rs/src/github.rs), when a request toapi.github.comreturns 403 and the response body contains"IP allow list", retry the same request without theAuthorizationheader.This is safe because:
Workaround
Pre-install affected binaries via CDN before
mise installruns. Since CDN downloads work fine with auth, download the tarball directly and place the binary at the path mise expects (~/.local/share/mise/installs/{tool}/{version}/). mise detects it as already installed and skips the API calls entirely.mise version
2026.4.11 linux-x64 (also reproduced on earlier versions)
Beta Was this translation helpful? Give feedback.
All reactions