Renovate Rate Limiting Errors

This article will discuss the cause of Remediate and Renovate rate limiting issues thrown in self-hosted Mend for Developers integrations (GitHub Enterprise, GitLab and BitBucket Server).

If you are running a self-hosted Mend for Developers integration (GitHub Enterprise, GitLab and BitBucket Server), Remediate locates and embeds open-source Release Notes from projects hosted on GitHub.com into Pull Requests. If the Renovate functionality is enabled, Remediate also needs to fetch lists of tags and releases from GitHub.com in order to check if a particular open-source package has any newer versions available.

GitHub.com has a very strict rate limit on any unauthenticated API request. That is why it is important to configure the environment variable GITHUB_COM_TOKEN in the Remediate Container with the value of a personal access token for GitHub.com. Starting in release 21.3.1, if GITHUB_COM_TOKEN is not set, then Remediate will log a WARN message on startup. Remediate will also disable the Release Notes fetching as well as github-tags, github-releases, and go data sources to ensure you do not reach the rate limit. It will look like this:

{
  "remediateSettings": {
    "enableRenovate": true,
    "fetchReleaseNotes": false,
    "github-tags": {
      "enabled": false
    },
    "github-releases": {
      "enabled": false
    },
    "go": {
      "enabled": false
    }
  }
}

How to configure GitHub.com credentials?

To provide GitHub.com credentials to the Remediate container, you should configure a GitHub.com Personal Access Token into the environment variable GITHUB_COM_TOKEN. This token can belong to any GitHub.com account and requires public read-only permissions. For details on creating such a token, see https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token