Exceeding a secondary rate limit even with 10.0.7

[victor-keltio]

Hey there, I saw that a recent release was made to use GraphQL instead of Github's API to avoid hitting the rate limits.
I bumped my @semantic-release/github version to use ^10.0.7 but even with this, I'm hitting the limits:

 AggregateError: 
    HttpError: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID XXX. - https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits
        at file:///home/runner/work/XXX/node_modules/@octokit/request/dist-bundle/index.js:106:21
        at async requestWithGraphqlErrorHandling (file:///home/runner/work/XXX/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
        at async Job.doExecute (/home/runner/work/XXX/node_modules/bottleneck/light.js:405:18)
    at file:///home/runner/work/XXX/node_modules/semantic-release/lib/plugins/pipeline.js:55:13
    at async pluginsConfigAccumulator.<computed> [as success] (file:///home/runner/work/XXX/node_modules/semantic-release/lib/plugins/index.js:87:11)
    at async run (file:///home/runner/work/XXX/node_modules/semantic-release/index.js:218:3)
    at async Module.default (file:///home/runner/work/XXX/node_modules/semantic-release/index.js:278:22)
    at async default (file:///home/runner/work/XXX/node_modules/semantic-release/cli.js:55:5) {
  errors: [
    RequestError [HttpError]: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID XXX. - https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits
        at file:///home/runner/work/XXX/node_modules/@octokit/request/dist-bundle/index.js:106:21
        at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
        at async requestWithGraphqlErrorHandling (file:///home/runner/work/XXX/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
        at async Job.doExecute (/home/runner/work/XXX/node_modules/bottleneck/light.js:405:18) {
      status: 403,
      request: [Object],
      response: [Object],
      pluginName: '@semantic-release/github'
    }
  ]
}

Is there anything I can do to fix this? I've tried releasing a new version after having waited 10min, but I faced the same issue.
Many thanks for your work and your help :)

[gr2m]

Hmm it's a bummer that the request and response objects are not logged, I have not seen that before.

"secondary rate limits" can be have many causes, it's what was previously referred to as abuse limit. We won't be able to 100% avoid them, but there are more things we can do to prevent them.

But first thing of business is to make sure we log out the full error object

[victor-keltio]

Hey, actually I removed part of the error as I thought it wasn't meaningful, but I guess I was wrong heh. The request and response objects are present in the logs, no worries about that.

Here is the full error log with the 2 objects:

[8:18:53 AM] [semantic-release] › ✘  An error occurred while running semantic-release: RequestError [HttpError]: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID XXX. - https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits
    at file:///home/runner/work/XXX/node_modules/@octokit/request/dist-bundle/index.js:106:21
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async requestWithGraphqlErrorHandling (file:///home/runner/work/XXX/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
    at async Job.doExecute (/home/runner/work/XXX/node_modules/bottleneck/light.js:405:18) {
  status: 403,
  request: {
    method: 'GET',
    url: 'https://api.github.com/search/issues?q=in%3Atitle+repo%3AXXX%2FXXX+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': '@semantic-release/github v10.0.7 octokit-core.js/6.1.2 Node.js/20.15.0 (linux; x64)',
      authorization: 'token [REDACTED]'
    },
    request: {
      agent: undefined,
      hook: [Function: bound bound register],
      retryCount: 3
    }
  },
  response: {
    url: 'https://api.github.com/search/issues?q=in%3Atitle+repo%3AXXX%2FXXX+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8',
    status: 403,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      'content-encoding': 'gzip',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Wed, 03 Jul 2024 08:18:53 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'github.com',
      'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
      'transfer-encoding': 'chunked',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-api-version-selected': '2022-11-28',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': 'XXX',
      'x-ratelimit-limit': '30',
      'x-ratelimit-remaining': '29',
      'x-ratelimit-reset': '1719994793',
      'x-ratelimit-resource': 'search',
      'x-ratelimit-used': '1',
      'x-xss-protection': '0'
    },
    data: {
      documentation_url: 'https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits',
      message: 'You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID XXX.'
    }
  },
  pluginName: '@semantic-release/github'
}
AggregateError: 
    HttpError: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID XXX. - https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits
        at file:///home/runner/work/XXX/node_modules/@octokit/request/dist-bundle/index.js:106:21
        at async requestWithGraphqlErrorHandling (file:///home/runner/work/XXX/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
        at async Job.doExecute (/home/runner/work/XXX/node_modules/bottleneck/light.js:405:18)
    at file:///home/runner/work/XXX/node_modules/semantic-release/lib/plugins/pipeline.js:55:13
    at async pluginsConfigAccumulator.<computed> [as success] (file:///home/runner/work/XXX/node_modules/semantic-release/lib/plugins/index.js:87:11)
    at async run (file:///home/runner/work/XXX/node_modules/semantic-release/index.js:218:3)
    at async Module.default (file:///home/runner/work/XXX/node_modules/semantic-release/index.js:278:22)
    at async default (file:///home/runner/work/XXX/node_modules/semantic-release/cli.js:55:5) {
  errors: [
    RequestError [HttpError]: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID XXX. - https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits
        at file:///home/runner/work/XXX/node_modules/@octokit/request/dist-bundle/index.js:106:21
        at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
        at async requestWithGraphqlErrorHandling (file:///home/runner/work/XXX/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
        at async Job.doExecute (/home/runner/work/XXX/node_modules/bottleneck/light.js:405:18) {
      status: 403,
      request: [Object],
      response: [Object],
      pluginName: '@semantic-release/github'
    }
  ]
}

[babblebey]

Great, thanks @victor-keltio

url: 'https://api.github.com/search/issues?q=in%3Atitle+repo%3AXXX%2FXXX+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8'

But, this does look like it's still making a request to the Github Issue Search Rest API 🤔

What'd you think @gr2m!?

[gr2m]

url: 'https://api.github.com/search/issues?q=in%3Atitle+repo%3AXXX%2FXXX+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8',

This request is sent to check if an open issue created by semantic-release exists. Either to close it if the releases succeeded or to avoid creating duplicated issues if one already exists. But it's only one request, it's interesting that this one got rate limited.

Can you tell me the x-github-request-id value? It's not sensitive, but I can investigate what the problem was in your case (I'm a GitHub employee).

[victor-keltio]

Hey, indeed: 2420:2495EF:583673:A82951:6685096D

Thanks a lot for your work and your help :)

[joakimen]

Just encountered this same thing. Did you discover anything interesting, or whether this even has anything to do with the library?

• Workflow run: https://github.com/capralifecycle/cdk-lambda-config/actions/runs/10092387581/job/27905939347
• Request url: https://api.github.com/search/issues?q=in%3Atitle+repo%3Acapralifecycle%2Fcdk-lambda-config+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8
• Request id: 3400:16DC6B:B15537:1561F00:66A2285A
• semantic-release: 24.0.0
• semantic-release/github (indirect dep): 10.1.0

[viceice]

Same here https://github.com/containerbase/base/actions/runs/10198110677/job/28213149459

5088:A2DF4:628C6E:BDFEB0:66AB82C4

[brandon-kyle-bailey]

@travi moving the convo here. Looks like the details do line up.
I'm intermittently experiencing the same error:

• semantic-release v24.0.0
• semantic-release/github v10.1.3

My x-github-request-id if it's useful. TIA 😄

3440:13A7DB:4B3D67:8DA0CC:66AD1540

[babblebey]

Hey @brandon-kyle-bailey, the issue you've got... Does it relate to this specific one?? 🤔

[viceice]

again:

[10:24:26 AM] [semantic-release] › ✘  An error occurred while running semantic-release: RequestError [HttpError]: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID C040:20E25:F0125F9:1BEAD0AD:66B1F9DA. - https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits
    at fetchWrapper (file:///home/runner/work/base/base/node_modules/.pnpm/@[email protected]/node_modules/@octokit/request/dist-bundle/index.js:119:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async requestWithGraphqlErrorHandling (file:///home/runner/work/base/base/node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
    at async Job.doExecute (/home/runner/work/base/base/node_modules/.pnpm/[email protected]/node_modules/bottleneck/light.js:405:18) {
  status: 403,
  request: {
    method: 'GET',
    url: 'https://api.github.com/search/issues?q=in%3Atitle+repo%3Acontainerbase%2Fbase+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': '@semantic-release/github v10.1.3 octokit-core.js/6.1.2 Node.js/20.16.0 (linux; x64)',
      authorization: 'token [REDACTED]'
    },
    request: {
      agent: undefined,
      hook: [Function: bound bound register],
      retryCount: 3
    }
  },
  response: {
    url: 'https://api.github.com/search/issues?q=in%3Atitle+repo%3Acontainerbase%2Fbase+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8',
    status: 403,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      'content-encoding': 'gzip',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Tue, 06 Aug 2024 10:24:26 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'github.com',
      'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
      'transfer-encoding': 'chunked',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-api-version-selected': '2022-11-28',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': 'C040:20E25:F0125F9:1BEAD0AD:66B1F9DA',
      'x-ratelimit-limit': '30',
      'x-ratelimit-remaining': '28',
      'x-ratelimit-reset': '1722939866',
      'x-ratelimit-resource': 'search',
      'x-ratelimit-used': '2',
      'x-xss-protection': '0'
    },
    data: {
      documentation_url: 'https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits',
      message: 'You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID C040:20E25:F0125F9:1BEAD0AD:66B1F9DA.'
    }
  },
  pluginName: '@semantic-release/github'
}
AggregateError: 
    HttpError: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID C040:20E25:F0125F9:1BEAD0AD:66B1F9DA. - https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits
        at fetchWrapper (file:///home/runner/work/base/base/node_modules/.pnpm/@[email protected]/node_modules/@octokit/request/dist-bundle/index.js:119:11)
        at async requestWithGraphqlErrorHandling (file:///home/runner/work/base/base/node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
        at async Job.doExecute (/home/runner/work/base/base/node_modules/.pnpm/[email protected]/node_modules/bottleneck/light.js:405:18)
    at file:///home/runner/work/base/base/node_modules/.pnpm/[email protected][email protected]/node_modules/semantic-release/lib/plugins/pipeline.js:55:13
    at async pluginsConfigAccumulator.<computed> [as success] (file:///home/runner/work/base/base/node_modules/.pnpm/[email protected][email protected]/node_modules/semantic-release/lib/plugins/index.js:87:11)
    at async run (file:///home/runner/work/base/base/node_modules/.pnpm/[email protected][email protected]/node_modules/semantic-release/index.js:218:3)
    at async Module.default (file:///home/runner/work/base/base/node_modules/.pnpm/[email protected][email protected]/node_modules/semantic-release/index.js:278:22)
    at async default (file:///home/runner/work/base/base/node_modules/.pnpm/[email protected][email protected]/node_modules/semantic-release/cli.js:55:5) {
  errors: [
    RequestError [HttpError]: You have exceeded a secondary rate limit. Please wait a few minutes before you try again. If you reach out to GitHub Support for help, please include the request ID C040:20E25:F0125F9:1BEAD0AD:66B1F9DA. - https://docs.github.com/free-pro-team@latest/rest/overview/rate-limits-for-the-rest-api#about-secondary-rate-limits
        at fetchWrapper (file:///home/runner/work/base/base/node_modules/.pnpm/@[email protected]/node_modules/@octokit/request/dist-bundle/index.js:119:11)
        at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
        at async requestWithGraphqlErrorHandling (file:///home/runner/work/base/base/node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@octokit/plugin-retry/dist-bundle/index.js:36:20)
        at async Job.doExecute (/home/runner/work/base/base/node_modules/.pnpm/[email protected]/node_modules/bottleneck/light.js:405:18) {
      status: 403,
      request: [Object],
      response: [Object],
      pluginName: '@semantic-release/github'
    }
  ]
}

https://github.com/containerbase/base/actions/runs/10264312644/job/28399076308#step:9:473

[travi]

just hit this situation again when releasing this plugin: https://github.com/semantic-release/github/actions/runs/10324510144/job/28584116021

[babblebey]

just hit this situation again when releasing this plugin: https://github.com/semantic-release/github/actions/runs/10324510144/job/28584116021

What a bummer right there @travi, just talked about this with @gr2m few hours ago.

We talked about this considering the @tmelliottjr/octokit-plugin-unique-issue approach to creating and retrieving the semantic-releases fails issues via a "unique identifier"... that way we're not searching for issues by title... but even this particular plugin uses the troublesome GitHub SearchAPI itself 🤦

But, what if we can fork and maintain a variant of it that uses GraphQL to atleast fetch opened issues that meet a certain condition confirming its a semantic-release failing relevant issue 🤔...

{
  repository(owner: "OWNER", name: "REPO") {
    issues(first: 100, states: OPEN, filterBy: {labels: "semantic-release-failing-release"}) {
      nodes {
        title
        bodyText
      }
    }
  }
}

...then we can get look for the unique identify in the body if we have to or just deal direct with the response node and close 🤔

[gr2m]

One thing we could / should do is to not treat an error from the GET /search/issues request as fatal, just log a warning. I think that'd go a long way already, because the search API has a super rigid rate limit and other requests will still work even if this one fails

Also if we don't do so yet, we should send the GET /search/issues request at the very end

But, what if we can fork and maintain a variant of it that uses GraphQL to atleast fetch opened issues that meet a certain condition confirming its a semantic-release failing relevant issue 🤔...

{
repository(owner: "OWNER", name: "REPO") {
issues(first: 100, states: OPEN, filterBy: {labels: "semantic-release-failing-release"}) {
nodes {
title
bodyText
}
}
}
}

...then we can get look for the unique identify in the body if we have to or just deal direct with the response node and close 🤔

I like the idea of using an additional label a lot. I would pivot to only use that approach and get rid of the using the search API altogether as it keeps giving us grievance.