HttpError: You have exceeded a secondary rate limit.

[floydspace]

Current behavior

I got the error when semantic-release interacts with GitHub to write success messages

[6:24:06 AM] [semantic-release] › ✖  Failed step "success" of plugin "@semantic-release/github"
[6:24:06 AM] [semantic-release] › ✖  An error occurred while running semantic-release: RequestError [HttpError]: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
    at /home/runner/work/serverless-esbuild/serverless-esbuild/node_modules/@octokit/request/dist-node/index.js:86:21
    at processTicksAndRejections (internal/process/task_queues.js:97:5) {
  status: 403,
  response: {
    url: 'https://api.github.com/search/issues?q=repo%3Afloydspace%2Fserverless-esbuild+type%3Apr+is%3Amerged+8e105a6ff5174d23adb1eb0e42606c63e1224d24',
    status: 403,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset',
      connection: 'close',
      'content-encoding': 'gzip',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Mon, 25 Oct 2021 06:24:06 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
      'transfer-encoding': 'chunked',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': '0402:301C:BA78B:7F32F3:61764D85',
      'x-ratelimit-limit': '30',
      'x-ratelimit-remaining': '29',
      'x-ratelimit-reset': '1635143106',
      'x-ratelimit-resource': 'search',
      'x-ratelimit-used': '1',
      'x-xss-protection': '0'
    },
    data: {
      documentation_url: 'https://docs.github.com/en/free-pro-team@latest/rest/overview/resources-in-the-rest-api#secondary-rate-limits',
      message: 'You have exceeded a secondary rate limit. Please wait a few minutes before you try again.'
    }
  },
  request: {
    method: 'GET',
    url: 'https://api.github.com/search/issues?q=repo%3Afloydspace%2Fserverless-esbuild+type%3Apr+is%3Amerged+8e105a6ff5174d23adb1eb0e42606c63e1224d24',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'octokit-rest.js/18.12.0 octokit-core.js/3.5.1 Node.js/12.22.7 (linux; x64)',
      authorization: 'token [REDACTED]'
    },
    request: { agent: undefined, hook: [Function: bound bound register] }
  },
  pluginName: '@semantic-release/github'
}
AggregateError: 
    HttpError: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
        at /home/runner/work/serverless-esbuild/serverless-esbuild/node_modules/@octokit/request/dist-node/index.js:86:21
    at /home/runner/work/serverless-esbuild/serverless-esbuild/node_modules/semantic-release/lib/plugins/pipeline.js:54:11
    at async Object.pluginsConf.<computed> [as success] (/home/runner/work/serverless-esbuild/serverless-esbuild/node_modules/semantic-release/lib/plugins/index.js:80:11)
    at async run (/home/runner/work/serverless-esbuild/serverless-esbuild/node_modules/semantic-release/index.js:201:3)
    at async module.exports (/home/runner/work/serverless-esbuild/serverless-esbuild/node_modules/semantic-release/index.js:260:22)
    at async module.exports (/home/runner/work/serverless-esbuild/serverless-esbuild/node_modules/semantic-release/cli.js:55:5)

Expected behavior

The pipeline completes without errors, though I have nothing to suggest how to fix it.

Environment

• semantic-release version: 17.4.7
• CI environment: GitHub Actions
• Plugins used: @semantic-release/github
• semantic-release configuration: https://github.com/floydspace/serverless-esbuild/blob/master/.releaserc.yml
• CI logs: https://github.com/floydspace/serverless-esbuild/runs/3993416106?check_suite_focus=true

[prantlf]

This is a duplicate of #843. I suspect that that issue was not fixed properly. I got this error today too just for a small push.

I am not sure if semantic-release waits 1 s between two calls, or just 720 ms.

You can wait for a couple of minutes and then retry the job. I did it and it helped.

[gr2m]

I think the throttling is currently broken because GitHub's response changed its wording a few months ago.

This will be resolved once we resolve https://github.com/semantic-release/github/issues/299. Pull request welcome!

[elizabethsjudd]

Curious if this is on the roadmap. This is impacting our releases since we use semantic release.

[AntonyF-Andreani]

Same case here!

[jakeowenp]

We've had this issue twice within our team this morning in different repos

Both times it received the error You have exceeded a secondary rate limit. Please wait a few minutes before you try again when trying to hit the url https://api.github.com/search/issues

[Benjadahl]

We're seeing this issue quite often as well. Is there any known work arounds?

[xinatcg]

i think if the error cannot prevent, we should have an option to help retry. otherwise, the CI will be totally broken by this error and cannot restart, because the version already created, then the trigger action is missed.

and for me, the error happen tyr to search issue:

[https://api.github.com/search/issues?](https://api.github.com/search/issues?

so is it possible to reduce the Github API invoke by disabling some features?

[anderssonjohan]

What I don't get from this error is that the numbers seems wrong. It always says limit 30 and remaining 29, while in any other example we see limit 1000, remaining 0 (and "used" is often 1005 or similar) when getting the error.

A small semantic-release demo repo where I tried to reproduce the error: https://github.com/anderssonjohan/semantic-release-github-actions-example/

Example run showing the very small rate limit for search: https://github.com/anderssonjohan/semantic-release-github-actions-example/runs/7784143308?check_suite_focus=true

...
"search": {
      "limit": 30,
      "used": 2,
      "remaining": 28,
      "reset": 1660210515
    },
...

With the builds of the example repo taking only 1 min, I can only get the "used" counter up to 2. Next run it's back to 30. So it more seems to be 30 requests/min.

However, when you get the error from GitHub, the remaining + used counters still seem wrong:

      'x-ratelimit-limit': '30',
      'x-ratelimit-remaining': '29',
      'x-ratelimit-resource': 'search',
      'x-ratelimit-used': '1',
      'x-xss-protection': '0'

Reading the semantic-release/github code it seems it can produce a lot of search requests if there are many commits pushed at the same time?

[viceice]

😕

An error occurred while running semantic-release: RequestError [HttpError]: You have exceeded a secondary rate limit. Please wait a few minutes before you try again.
    at /home/runner/work/buildpack/buildpack/node_modules/@octokit/request/dist-node/index.js:88:21
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  status: 403,
  response: {
    url: 'https://api.github.com/search/issues?q=in%3Atitle+repo%3Acontainerbase%2Fbuildpack+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8',
    status: 403,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      connection: 'close',
      'content-encoding': 'gzip',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Thu, 18 Aug 2022 06:38:52 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
      'transfer-encoding': 'chunked',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': '0781:4BC1:3B86C5:A50266:62FDDE7C',
      'x-ratelimit-limit': '30',
      'x-ratelimit-remaining': '29',
      'x-ratelimit-reset': '1660804792',
      'x-ratelimit-resource': 'search',
      'x-ratelimit-used': '1',
      'x-xss-protection': '0'
    },
    data: {
      documentation_url: 'https://docs.github.com/en/free-pro-team@latest/rest/overview/resources-in-the-rest-api#secondary-rate-limits',
      message: 'You have exceeded a secondary rate limit. Please wait a few minutes before you try again.'
    }
  },
  request: {
    method: 'GET',
    url: 'https://api.github.com/search/issues?q=in%3Atitle+repo%3Acontainerbase%2Fbuildpack+type%3Aissue+state%3Aopen+The%20automated%20release%20is%20failing%20%F0%9F%9A%A8',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'octokit-rest.js/19.0.3 octokit-core.js/4.0.4 Node.js/16.16.0 (linux; x64)',
      authorization: 'token [REDACTED]'
    },
    request: { agent: undefined, hook: [Function: bound bound register] }
  },
  pluginName: '@semantic-release/github'
}

https://github.com/containerbase/buildpack/runs/7893136166?check_suite_focus=true

[yarkoyarok]

We had the same, publish to npm registry not happened because of this error and on restart of action It was not publishing already, I guess because finding own commits after the commit, which triggered release.

It was telling on restart that:

The local branch main is behind the remote one, therefore a new version won't be published.

[yarkoyarok]

In our case we had such headers too

      'x-ratelimit-limit': '30',
      'x-ratelimit-remaining': '29',
      'x-ratelimit-reset': '1660805994',
      'x-ratelimit-resource': 'search',
      'x-ratelimit-used': '1',

[anderssonjohan]

We had the same, publish to npm registry not happened because of this error and on restart of action It was not publishing already, I guess because finding own commits after the commit, which triggered release.

It was telling on restart that:

The local branch main is behind the remote one, therefore a new version won't be published.

Re-running jobs at GitHub Actions for example will check out the same commit again so it will always end up in that error since there will be a commit made by semantic-release (version number bump and possibly update to a changelog file). My only tip for re-triggering the release in that case is unfortunately to do a git commit --allow-empty -m "fix: trigger release" and push.

[yuliankarapetkov]

Any update on this? 👀

The issue was reported in version 17.4.7. I'm using 19.0.3 and the issue is still there.

[yuliankarapetkov]

Our CI workflows are now failing every time due to this issue.

[foxted]

Same problem here. However, looks like the release is created, only the "success" step is failing, which makes Github Action report a failure.

[AdamBebko]

Same issue here. Release gets created in GitHub, but doesn't trigger the followup custom actions on success.

[rikkit]

I have started to get this too, after having used semantic release for a few weeks now. Looks like the PR to follow is https://github.com/semantic-release/github/pull/487

[mathcodes]

Just started to get it here too...

[rmclaughlin-nelnet]

I am seeing this on 19.0.3.

[AdamBebko]

I'm not sure if it's coincidence, but I added the following to my GitHub action workflow file between each step:

    - name: Sleep for 60 seconds
       run: sleep 60s
       shell: bash

And the error hasn't come up since. Beware it uses up extra time of your minutes though!

edit: sorry I can't seem to get indentation to play nice

[marckraw]

I still have the issue in semantic-release version 19.0.5

[zigang93]

have this issue since version ^18.0.0

[moritzluedtke]

I still have this issue with [email protected] & @semantic-release/[email protected].

[chriswmackey]

I also get this issue at least once a day now, though I have yet to find a clear pattern to what triggers it. I have noticed that waiting 10 minutes between sending a PR and merging it seems to help but it's not s cure-all. Also, this issue seemed to be non-existent a year ago and has steadily be getting worse over the past few months. It has even been getting worse in the repos where I have stuck to using the same version of semantic release for the whole year. So I assume that this is not just an issue with semantic release but possibly the result of some GitHub policy changes. Needless to say, a fix for this would undoubtedly give me some hours of my life back.

[mathcodes]

Hmm... me as well. Github? 🦗🦗🦗 Semantic? 🦗🦗🦗

[gr2m]

I plan on working on https://github.com/semantic-release/github/pull/487 after Feb 1st, that should address semantic-release's site. I hope that will address most of the secondary rate limit errors. But I do have the feeling that GitHub also changed the way the secondary limit is triggered. We'll see how it goes. If the problem remains I'll try to find out

[hassanpdn]

Same issue here using "semantic-release": "^20.1.0"

[alexsanderp]

News?

[giomilan]

also hitting this error with semantic-release version 20.1.1 on github actions. even adding an hardcoded sleep time of 60s in my workflow.

[yusuftaufiq]

Encountering the same problem, I temporarily used a GitHub Action utility called "Retry Step" to automatically retry failed release steps after a few seconds.

...

jobs:
  release:
  ...

    steps:
      ...

      - name: Build package
        run: npm run build

      - name: Release
        uses: nick-fields/retry@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
        with:
          max_attempts: 3
          timeout_seconds: 600
          retry_on: error
          retry_wait_seconds: 300
          command: npx semantic-release