fix: Avoid rate limiting issues with GitHub

Author: bishiboosh

CHANGELOG.md

@@ -11,6 +11,9 @@
 ### Removed
 
 ### Fixed
+- Avoid GitHub API rate limiting by avoiding concurrent requests when quertying GitHub releases. As
+a consequence, GitHub release checks will be slower, so the check for releases notes is now disabled 
+by default, and will have to be enabled explicitly in the configuration or the command-line options.
 
 ### Security
 

cli/src/commonMain/kotlin/com/deezer/caupain/cli/CaupainCLI.kt

@@ -68,13 +68,15 @@ import com.github.ajalt.clikt.parameters.options.convert
 import com.github.ajalt.clikt.parameters.options.default
 import com.github.ajalt.clikt.parameters.options.flag
 import com.github.ajalt.clikt.parameters.options.multiple
+import com.github.ajalt.clikt.parameters.options.nullableFlag
 import com.github.ajalt.clikt.parameters.options.option
 import com.github.ajalt.clikt.parameters.options.required
 import com.github.ajalt.clikt.parameters.options.unique
 import com.github.ajalt.clikt.parameters.options.versionOption
 import com.github.ajalt.clikt.parameters.types.choice
 import com.github.ajalt.mordant.animation.coroutines.CoroutineProgressTaskAnimator
 import com.github.ajalt.mordant.animation.coroutines.animateInCoroutine
+import com.github.ajalt.mordant.platform.MultiplatformSystem
 import com.github.ajalt.mordant.widgets.progress.marquee
 import com.github.ajalt.mordant.widgets.progress.percentage
 import com.github.ajalt.mordant.widgets.progress.progressBar
@@ -457,10 +459,12 @@ class CaupainCLI(
                 ?: parsedConfiguration?.gradleStabilityLevel
                 ?: GradleStabilityLevel.STABLE,
             checkIgnored = parsedConfiguration?.checkIgnored == true,
-            githubToken = releaseNoteOptions?.githubToken ?: parsedConfiguration?.githubToken,
             searchReleaseNote = releaseNoteOptions?.searchReleaseNote
-                ?: parsedConfiguration?.let { it.searchReleaseNote ?: (it.githubToken != null) }
+                ?: parsedConfiguration?.searchReleaseNote
                 ?: false,
+            githubToken = releaseNoteOptions?.githubToken
+                ?: parsedConfiguration?.githubToken
+                ?: currentContext.readEnvvar("CAUPAIN_GITHUB_TOKEN"),
             verifyExistence = verifyExistence || parsedConfiguration?.verifyExistence == true
         )
     }
@@ -661,16 +665,15 @@ class CaupainCLI(
 }
 
 private class ReleaseNoteOptions : OptionGroup() {
-    val githubToken by option(
-        "--github-token",
-        help = "GitHub token for searching release notes",
-        envvar = "CAUPAIN_GITHUB_TOKEN"
-    ).required()
-
     val searchReleaseNote by option(
         "--search-release-notes",
         help = "Search for release notes for updated versions on GitHub",
-    ).flag(default = true, defaultForHelp = "true if GitHub token is provided")
+    ).nullableFlag().required()
+
+    val githubToken by option(
+        "--github-token",
+        help = "GitHub token for searching release notes. Taken from CAUPAIN_GITHUB_TOKEN environment variable if not set",
+    )
 }
 
 private class MultiplePathOptions(fileSystem: FileSystem) : OptionGroup() {

cli/src/jvmTest/kotlin/com/deezer/caupain/cli/CaupainCLIConfigTest.kt

@@ -198,7 +198,7 @@ class CaupainCLIConfigTest {
                 versionCatalog = null,
                 versionCatalogInfo = null,
             )
-            createCli(
+            val result = createCli(
                 expectedGradleVersion = when {
                     hasOptionsOverride -> gradleVersionCli
                     hasConf -> gradleVersionConf
@@ -327,6 +327,7 @@ class CaupainCLIConfigTest {
                         "outputBaseNameCli",
                         "--gradle-wrapper-properties",
                         gradleWrapperPathCli.toString(),
+                        "--search-release-notes",
                         "--github-token",
                         "githubTokenCli",
                         "--cache-dir",
@@ -342,6 +343,7 @@ class CaupainCLIConfigTest {
                     else -> emptyList()
                 }
             )
+            assertEquals(expected = 0, actual = result.statusCode, "CLI exited with non-zero code, error is ${result.stderr}")
             if (hasOptionsOverride) {
                 assertTrue(fileSystem.exists("outputDirCli/outputBaseNameCli.md".toPath()))
             } else if (hasConf) {
@@ -414,4 +416,4 @@ private object TestAppDirs : AppDirs {
     override fun getUserDataDir(roaming: Boolean): String = ""
 
     override fun getUserLogDir(): String = ""
-}
+}

core/src/commonMain/kotlin/com/deezer/caupain/DependencyUpdateChecker.kt

@@ -473,54 +473,84 @@ internal class DefaultDependencyUpdateChecker(
 
     private suspend fun checkUpdateInfo(updatedVersions: List<DependencyUpdateResult>): Map<UpdateInfo.Type, List<UpdateInfo>> {
         val nbUpdatedVersions = updatedVersions.size
-        val updateInfosMutex = Mutex()
+        val nbSteps = if (configuration.searchReleaseNote) {
+            nbUpdatedVersions * 2
+        } else {
+            nbUpdatedVersions
+        }
+        // Search Maven infos
+        val mavenInfos = getMavenInfos(updatedVersions) {
+            val percentage = ++completed * 50 / nbSteps + 50
+            progressFlow.value = DependencyUpdateChecker.Progress.Determinate(
+                taskName = GATHERING_INFO_TASK,
+                percentage = percentage
+            )
+        }
+        // Search release notes and build final infos
         val updatesInfos = mutableMapOf<UpdateInfo.Type, MutableList<UpdateInfo>>()
+        for (result in updatedVersions) {
+            logger.info("Finding release note info for ${result.dependency.moduleId}")
+            val type = when (result.dependency) {
+                is Dependency.Library -> UpdateInfo.Type.LIBRARY
+                is Dependency.Plugin -> UpdateInfo.Type.PLUGIN
+            }
+            val mavenInfo = mavenInfos[result.dependencyKey]
+            val releaseNoteUrl = if (configuration.searchReleaseNote) {
+                releaseNoteResolver.getReleaseNoteUrl(
+                    mavenInfo = mavenInfo,
+                    updatedVersion = result.updatedVersion
+                )
+            } else {
+                null
+            }
+            val updateInfo = toUpdateInfo(
+                key = result.dependencyKey,
+                dependency = result.dependency,
+                currentVersion = result.currentVersion,
+                updatedVersion = result.updatedVersion,
+                mavenInfo = mavenInfo,
+                releaseNoteUrl = releaseNoteUrl
+            )
+            val infosForType = updatesInfos[type]
+                ?: mutableListOf<UpdateInfo>().also { updatesInfos[type] = it }
+            infosForType.add(updateInfo)
+            val percentage = ++completed * 50 / nbSteps + 50
+            progressFlow.value = DependencyUpdateChecker.Progress.Determinate(
+                taskName = GATHERING_INFO_TASK,
+                percentage = percentage
+            )
+        }
+        progressFlow.value = DependencyUpdateChecker.Progress.Determinate(DONE, 100)
+        return updatesInfos
+    }
+
+    private suspend inline fun getMavenInfos(
+        updatedVersions: List<DependencyUpdateResult>,
+        crossinline onStepFinished: () -> Unit,
+    ): Map<String, MavenInfo> {
+        val mavenInfoMutex = Mutex()
+        val mavenInfos = mutableMapOf<String, MavenInfo>()
         coroutineScope {
             updatedVersions
                 .map { result ->
                     async {
                         logger.info("Finding Maven info for ${result.dependency.moduleId}")
-                        val type = when (result.dependency) {
-                            is Dependency.Library -> UpdateInfo.Type.LIBRARY
-                            is Dependency.Plugin -> UpdateInfo.Type.PLUGIN
-                        }
                         val mavenInfo = infoResolver.getMavenInfo(
                             dependency = result.dependency,
                             repository = result.repository,
                             updatedVersion = result.updatedVersion
                         )
-                        val releaseNoteUrl = if (configuration.searchReleaseNote) {
-                            releaseNoteResolver.getReleaseNoteUrl(
-                                mavenInfo = mavenInfo,
-                                updatedVersion = result.updatedVersion
-                            )
-                        } else {
-                            null
-                        }
-                        val updateInfo = toUpdateInfo(
-                            key = result.dependencyKey,
-                            dependency = result.dependency,
-                            currentVersion = result.currentVersion,
-                            updatedVersion = result.updatedVersion,
-                            mavenInfo = mavenInfo,
-                            releaseNoteUrl = releaseNoteUrl
-                        )
-                        updateInfosMutex.withLock {
-                            val infosForType = updatesInfos[type]
-                                ?: mutableListOf<UpdateInfo>().also { updatesInfos[type] = it }
-                            infosForType.add(updateInfo)
+                        if (mavenInfo != null) {
+                            mavenInfoMutex.withLock {
+                                mavenInfos[result.dependencyKey] = mavenInfo
+                            }
                         }
-                        val percentage = ++completed * 50 / nbUpdatedVersions + 50
-                        progressFlow.value = DependencyUpdateChecker.Progress.Determinate(
-                            taskName = GATHERING_INFO_TASK,
-                            percentage = percentage
-                        )
+                        onStepFinished()
                     }
                 }
                 .awaitAll()
-            progressFlow.value = DependencyUpdateChecker.Progress.Determinate(DONE, 100)
         }
-        return updatesInfos
+        return mavenInfos
     }
 
     private fun toUpdateInfo(

core/src/commonMain/kotlin/com/deezer/caupain/model/github/Repository.kt

@@ -0,0 +1,10 @@
+package com.deezer.caupain.model.github
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+internal data class Repository(
+    val id: String,
+    @SerialName("default_branch") val defaultBranch: String? = null,
+)

core/src/commonMain/kotlin/com/deezer/caupain/model/github/SearchResult.kt

@@ -0,0 +1,16 @@
+package com.deezer.caupain.model.github
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+internal data class Tree(
+    val sha: String,
+    @SerialName("tree") val content: List<TreeContent>
+)
+
+@Serializable
+internal data class TreeContent(
+    val path: String,
+    val type: String,
+)

core/src/commonMain/kotlin/com/deezer/caupain/model/github/Tree.kt

@@ -28,7 +28,8 @@ import com.deezer.caupain.internal.processRequest
 import com.deezer.caupain.model.GradleDependencyVersion
 import com.deezer.caupain.model.Logger
 import com.deezer.caupain.model.github.Release
-import com.deezer.caupain.model.github.SearchResults
+import com.deezer.caupain.model.github.Repository
+import com.deezer.caupain.model.github.Tree
 import com.deezer.caupain.model.maven.MavenInfo
 import io.ktor.client.HttpClient
 import io.ktor.client.request.get
@@ -59,6 +60,7 @@ internal class GithubReleaseNoteResolver(
             ?.url
             ?.takeUnless { it.isBlank() }
             ?.replace("git@", "https://")
+            ?.removeSuffix(".git")
             ?.let { url ->
                 try {
                     Url(url)
@@ -95,28 +97,58 @@ internal class GithubReleaseNoteResolver(
                     logger.error("Failed to fetch releases for $owner/$repository", error)
                 }
             ) {
-                getGithubResource("repos", owner, repository, "releases")
+                getGithubResource(REPOS_PATH, owner, repository, "releases")
             }
         }
         val releaseNote = releaseNotes.firstOrNull { it.matches(version) }
         if (releaseNote != null) return releaseNote.url
         // If not present, try to find the changelog file in the repository
-        val searchResults = withContext(ioDispatcher) {
-            httpClient.processRequest<SearchResults?>(
+        return getChangelogUrl(owner, repository)
+    }
+
+    private suspend fun getChangelogUrl(
+        owner: String,
+        repository: String,
+    ): String? {
+        // First get the repository info to find the default branch
+        val defaultBranch = withContext(ioDispatcher) {
+            httpClient.processRequest<Repository, String?>(
                 default = null,
+                transform = { it.defaultBranch },
                 onRecoverableError = { error ->
-                    logger.error("Failed to search for changelog in $owner/$repository", error)
+                    logger.error("Failed to find default branch for $owner/$repository", error)
                 }
             ) {
-                getGithubResource("search", "code") {
-                    parameters["q"] = "$version repo:$owner/$repository filename:CHANGELOG.md"
+                getGithubResource(REPOS_PATH, owner, repository)
+            }
+        } ?: return null
+        // Then check if a CHANGELOG.md file exists in the default branch
+        val changelogPath = withContext(ioDispatcher) {
+            httpClient.processRequest<Tree, String?>(
+                default = null,
+                transform = { tree ->
+                    tree
+                        .content
+                        .firstNotNullOfOrNull { file ->
+                            if (file.path == "CHANGELOG.md" && file.type == "blob") {
+                                file.path
+                            } else {
+                                null
+                            }
+                        }
+                },
+                onRecoverableError = { error ->
+                    logger.error("Failed to find contents for $owner/$repository", error)
                 }
+            ) {
+                getGithubResource(REPOS_PATH, owner, repository, "git", "trees", defaultBranch)
             }
         }
-        if (searchResults != null && searchResults.totalCount > 0) {
-            return searchResults.items.firstOrNull()?.url
+        return if (changelogPath == null) {
+            null
+        } else {
+            "https://github.com/$owner/$repository/blob/$defaultBranch/$changelogPath"
         }
-        return null
     }
 
     private fun checkToken(): Boolean {
@@ -130,7 +162,7 @@ internal class GithubReleaseNoteResolver(
     @Suppress("SuspendFunWithCoroutineScopeReceiver") // We need to use HttpClient as receiver
     private suspend fun HttpClient.getGithubResource(
         vararg pathSegments: String,
-        urlBuilder: URLBuilder.() -> Unit = {}
+        urlBuilder: URLBuilder.() -> Unit = {},
     ): HttpResponse {
         return get {
             url {
@@ -147,5 +179,6 @@ internal class GithubReleaseNoteResolver(
     companion object {
         private val BASE_API_URL = Url("https://api.github.com")
         private const val GITHUB_HOST = "github.com"
+        private const val REPOS_PATH = "repos"
     }
-}
+}