Merge pull request #192 from crazy-max/support-ghes

enforce baseUrl to api.github.com if action used on GHES

README.md

@@ -28,6 +28,7 @@ ___
 * [Notes](#notes)
   * [`nodes` output](#nodes-output)
   * [BuildKit container logs](#buildkit-container-logs)
+* [Using on GHES](#using-on-ghes)
 * [Contributing](#contributing)
 
 ## Usage
@@ -174,6 +175,35 @@ The following [official docker environment variables](https://docs.docker.com/en
 
 See https://docs.docker.com/build/ci/github-actions/configure-builder/#buildkit-container-logs
 
+## Using on GHES
+
+GitHub Runners come [pre-installed with Docker Buildx](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md)
+following your virtual environment. If you specify a version or `latest` of
+Docker Buildx in your workflow, the version will be downloaded from [GitHub Releases in `docker/buildx`](https://github.com/docker/buildx/releases)
+repository. These calls to `docker/buildx` are made via unauthenticated requests,
+which are limited to [60 requests per hour per IP](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#rate-limiting).
+
+If more requests are made within the time frame, then you will start to see
+rate-limit errors during downloading that looks like:
+
+```
+##[error]API rate limit exceeded for...
+```
+
+To get a higher rate limit, you can [generate a personal access token on github.com](https://github.com/settings/tokens/new)
+and pass it as the `github_token` input for the action:
+
+```yaml
+uses: docker/setup-buildx-action@v3
+with:
+  github_token: ${{ secrets.GH_DOTCOM_TOKEN }}
+  version: v0.10.1
+```
+
+If the runner is not able to access `github.com`, it will take the default one
+available on the GitHub Runner or runner's tool cache. See "[Setting up the tool cache on self-hosted runners without internet access](https://docs.github.com/en/enterprise-server@3.2/admin/github-actions/managing-access-to-actions-from-githubcom/setting-up-the-tool-cache-on-self-hosted-runners-without-internet-access)"
+for more information.
+
 ## Contributing
 
 Want to contribute? Awesome! You can find information about contributing to

action.yml

@@ -45,9 +45,14 @@ inputs:
     description: 'Append additional nodes to the builder'
     required: false
   github_token:
-    description: 'The GitHub token used to create an authenticated client for GitHub API'
-    default: ${{ github.token }}
-    required: false
+    # https://github.com/actions/setup-go/blob/21459d0b7b1d63741429b748885bf5a4974593b4/action.yml#L12-L14
+    description: >
+      Used to verifiy the Git tag exists on docker/buildx repo. Since there's a
+      default, this is typically not supplied by the user. When running this
+      action on github.com, the default value is sufficient. When running on
+      GHES, you can pass a personal access token for github.com if you are
+      experiencing rate limiting.
+    default: ${{ github.server_url == 'https://github.com' && github.token || '' }}
 
 outputs:
   name:

src/github.ts

@@ -10,7 +10,9 @@ const [owner, repo] = 'docker/buildx'.split('/');
 export const getReleaseTag = async (tag: string, githubToken: string): Promise<Release> => {
   return (
     await github
-      .getOctokit(githubToken)
+      .getOctokit(githubToken, {
+        baseUrl: 'https://api.github.com'
+      })
       .rest.repos.getReleaseByTag({
         owner,
         repo,
@@ -25,7 +27,9 @@ export const getReleaseTag = async (tag: string, githubToken: string): Promise<R
 export const getLatestRelease = async (githubToken: string): Promise<Release> => {
   return (
     await github
-      .getOctokit(githubToken)
+      .getOctokit(githubToken, {
+        baseUrl: 'https://api.github.com'
+      })
       .rest.repos.getLatestRelease({
         owner,
         repo