fix: use non-API GitHub redirect for update checks, add --force to update apply#91
Merged
Conversation
…date apply api.github.com's unauthenticated 60-req/hour rate limit was causing `gddy update check`/`apply` to fail with 403 behind shared/corporate NAT IPs. Resolve the latest release tag via github.com's plain redirect instead (same technique install.sh already uses), which isn't API-rate-limited. Also add `--force` to `update apply` so the self-update mechanism can be exercised even when already on the latest version, and fix a clippy::await_holding_lock warning in domains-client's transport-logger test lock by switching it to an async-aware tokio::sync::Mutex.
There was a problem hiding this comment.
Pull request overview
Updates the CLI self-update mechanism to avoid unauthenticated GitHub REST API rate limits, adds a --force option for exercising update application, and cleans up an async test locking pattern in the domains client.
Changes:
- Switch update checks to resolve the latest release tag via
github.com/{repo}/releases/latestredirect instead ofapi.github.com. - Add
gddy update apply --forceto allow reinstalling even when already on the latest version. - Replace a
std::sync::Mutextest lock withtokio::sync::Mutexto avoid holding a blocking guard across.await.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| rust/src/update/mod.rs | Redirect-based latest-tag resolution for update checks; --force flag wiring for update apply. |
| rust/domains-client/src/lib.rs | Swap test serialization lock to tokio::sync::Mutex to address await_holding_lock. |
| rust/domains-client/Cargo.toml | Enable Tokio sync feature for the new async mutex usage in tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- --force no longer bypasses a downgrade: only the exact "already up to date" case (latest == current) is skipped, so a stale/dev build never gets replaced with an older published release. - Errors from fetch_latest_tag now include the resolved (post-redirect) URL instead of the constant /releases/latest request URL, making failures actionable. - Add httpmock-based coverage for fetch_latest_tag_from's redirect handling (happy path + missing tag segment).
rts1-godaddy
approved these changes
Jul 10, 2026
axburgess-godaddy
approved these changes
Jul 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
gddy update check/applywere hitting GitHub's unauthenticated REST API (api.github.com), which enforces a 60-requests/hour rate limit per IP — trivially exhausted behind a shared/corporate NAT, surfacing asError: GitHub API returned 403 Forbidden while checking for updates. Switched to resolving the latest release tag viagithub.com/{repo}/releases/latest's plain redirect (the same techniqueinstall.shalready relies on), which isn't subject to that limit.--forceflag togddy update applyso the self-update mechanism (download, checksum verify, extract, self-replace) can be exercised end-to-end even when the running binary is already on the latest version.--forceonly bypasses the exact "already up to date" case — a genuine downgrade (running binary newer than the latest release) is still blocked unconditionally (refined during review).clippy::await_holding_lockwarning indomains-client's test suite: astd::sync::MutexGuardserializing a transport-logger test was held across.awaitpoints. Swapped it for an async-awaretokio::sync::Mutex(added thesyncfeature to tokio's dev-dependency)./releases/latestrequest URL, and the redirect-following/parsing logic is now covered byhttpmock-based tests (refined during review).Test plan
cargo build,cargo fmt --check,cargo clippy -p domains-client --all-targets -- -D warnings,cargo clippy -p godaddy-cli --all-targets -- -D warnings,cargo test --workspaceall passgddy update checkcorrectly reports0.1.0 -> 0.1.1after the redirect-based fixgddy update apply --forceto validate the full self-update flow end-to-end