Skip to content

fix: pass GITHUB_TOKEN to mise-action to fix CI failures#9

Merged
RoyalPineapple merged 3 commits intomainfrom
fix/ci-mise-github-token
Apr 2, 2026
Merged

fix: pass GITHUB_TOKEN to mise-action to fix CI failures#9
RoyalPineapple merged 3 commits intomainfrom
fix/ci-mise-github-token

Conversation

@RoyalPineapple
Copy link
Copy Markdown
Contributor

@RoyalPineapple RoyalPineapple commented Mar 31, 2026
edited
Loading

CI is broken on main — this fixes it

All CI jobs on main are currently failing with 403 errors because mise install makes unauthenticated GitHub API requests that hit rate limits.

This passes GITHUB_TOKEN (automatically provided by GitHub Actions) to all three jdx/mise-action steps so mise uses authenticated requests with a much higher rate limit. No new secrets or configuration needed — secrets.GITHUB_TOKEN is built-in.

Failing jobs on main

Error from logs:

GITHUB_TOKEN is not set. This means mise is making unauthenticated requests
to GitHub which have a lower rate limit.

Test plan

  • Verify all three CI jobs (development-tests, samples, swiftformat) pass after merge

🤖 Generated with Claude Code

RoyalPineapple and others added 3 commits March 31, 2026 17:40
@RoyalPineapple @claude
fix: pass GITHUB_TOKEN to mise-action to avoid API rate limits
e978e28 
Unauthenticated GitHub API requests from mise-action hit rate limits
(403 Forbidden), causing all CI jobs to fail when installing tools
(tuist, SwiftFormat). Passing the built-in GITHUB_TOKEN raises the
rate limit and resolves the issue.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@RoyalPineapple @claude
fix: disable mise SLSA/attestation verification in CI
e90efc7 
GitHub API transient 500/503 errors cause mise's SLSA provenance and
artifact attestation verification to fail during tool installation.
Disable these checks in CI for both the github and aqua backends to
make builds resilient to GitHub API instability.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@RoyalPineapple @claude
revert: remove SLSA/attestation verification disable
fbc6f69 
The 500/503 errors were transient GitHub API issues, not a
misconfiguration. Disabling supply chain security verification
permanently is the wrong fix for a temporary outage.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@RoyalPineapple RoyalPineapple changed the title fix: pass GITHUB_TOKEN to mise-action to avoid API rate limits fix: pass GITHUB_TOKEN to mise-action to fix CI failures Mar 31, 2026
@RoyalPineapple RoyalPineapple mentioned this pull request Mar 31, 2026
Open
4 tasks
@RoyalPineapple RoyalPineapple marked this pull request as ready for review March 31, 2026 21:15
@RoyalPineapple RoyalPineapple requested a review from a team as a code owner March 31, 2026 21:15
@RoyalPineapple RoyalPineapple merged commit a8310d3 into main Apr 2, 2026
7 checks passed
@RoyalPineapple RoyalPineapple deleted the fix/ci-mise-github-token branch April 2, 2026 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robmaceachern robmaceachern robmaceachern approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RoyalPineapple @robmaceachern