chore: add GitHub PAT support for API requests in CI setup

toolCHAINZ · toolCHAINZ · commit 0a41a723b504 · 2025-12-22T17:50:07.000Z
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
@@ -36,11 +36,14 @@ jobs:
           submodules: true
       - name: Build wheels
         uses: PyO3/maturin-action@v1
+        env:
+          READ_ONLY_GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_TOKEN }}
         with:
           target: ${{ matrix.platform.target }}
           args: --release --out dist --interpreter python3.11 python3.12 python3.13 python3.14 python3.13t python3.14t --auditwheel skip
           working-directory: crackers_python
           manylinux: manylinux2_28
+          docker-options: "--env READ_ONLY_GITHUB_TOKEN"
           before-script-linux: |
             curl -LsSf https://astral.sh/uv/install.sh | sh
             uv venv
diff --git a/crackers_python/gh_actions_setup.py b/crackers_python/gh_actions_setup.py
@@ -63,7 +63,15 @@ def install_z3_glibc(target_platform):
 
     # GitHub API to fetch the latest release
     api_url = "https://api.github.com/repos/Z3Prover/z3/releases/latest"
-    with urllib.request.urlopen(api_url) as response:
+
+    # Check for GitHub PAT to avoid rate limiting
+    request = urllib.request.Request(api_url)
+    github_token = os.environ.get("READ_ONLY_GITHUB_TOKEN")
+    if github_token:
+        request.add_header("Authorization", f"Bearer {github_token}")
+        print("Using GitHub PAT from READ_ONLY_GITHUB_TOKEN for API authentication.", file=sys.stderr)
+
+    with urllib.request.urlopen(request) as response:
         data = json.loads(response.read().decode())
 
     assets = data.get("assets", [])
