You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ok, so this might be an unusual issue. As I understand it, the issue is not with the code of bootsnap, but settings that Shopify uses for its github organization that limit where api calls can come from.
When requesting bootsnap tags using Github api from a Github action we get an error based on IP allowlisting.
Expected Behavior
We have a Github action-triggered script that looks at bundle updates and performs a "diff" between the version the application is currently running and the new version. In the course of this, we request tags from Github in an attempt to link gem changes with repo changes.
In the case of bootsnap it looks like: GET https://api.github.com/repos/Shopify/bootsnap/tags.
For most Github repos this works fine and we are able to detect/infer git tags that match gem versions.
Actual behavior
For bootsnap, when requesting tag data, we get:
403 - Although you appear to have the correct authorization credentials,
the Shopify organization has an IP allow list enabled, and your IP address
is not permitted to access this resource.
Since bootsnap is a public project, I was wondering if this restriction could be amended or lifted.
Thanks for reading! Let me know if you have any questions or such.
The text was updated successfully, but these errors were encountered:
Yes, that is a known issue with GitHub IP allow lists and is a PITA not just for outside contributors but alos Shopify employees.
Unfortunately, even though I would love disabling it, that's not something I can do... So I'll add your complaint to the very long list...
That said, this allow list should only impact users that are members of the Shopify organization or have specific permissions on one of the Shopify org repos. So not sure why it's impacting your GitHub Actions, might be worth contacting GitHub support.
I'll think about that last paragraph, I'm fairly sure the github user we use for fetching that data doesn't have any special Shopify permissions, but that's something I can experiment with.
Summary
Ok, so this might be an unusual issue. As I understand it, the issue is not with the code of bootsnap, but settings that Shopify uses for its github organization that limit where api calls can come from.
When requesting bootsnap tags using Github api from a Github action we get an error based on IP allowlisting.
Expected Behavior
We have a Github action-triggered script that looks at bundle updates and performs a "diff" between the version the application is currently running and the new version. In the course of this, we request tags from Github in an attempt to link gem changes with repo changes.
In the case of bootsnap it looks like:
GET https://api.github.com/repos/Shopify/bootsnap/tags
.For most Github repos this works fine and we are able to detect/infer git tags that match gem versions.
Actual behavior
For bootsnap, when requesting tag data, we get:
Since bootsnap is a public project, I was wondering if this restriction could be amended or lifted.
Thanks for reading! Let me know if you have any questions or such.
The text was updated successfully, but these errors were encountered: