GitHub GraphQL API 502 with Actions GITHUB_TOKEN

I have been using the GraphQL API successfully with a personal access token generated (based on these instructions) with specific permissions. When I try to run the same query with the secrets.GITHUB_TOKEN value included by default in GitHub Actions workflows, it fails with a 502 error from the server. Included below are the relevant query and response.

I have tried:

  • Reducing the number of edges/nodes to be returned from the request
  • Trying other minimal queries that don’t require any special permissions
  • Having the code wait for various timeout lengths and then retry the same query

It seems like requests using this token are limited to very few edges/nodes in the response, but the limit is not stated anywhere. I am wondering:

  • Why is this happening?
  • How can I prevent this from happening in the future?
  • Why does the access token I have created succeed, but the default GITHUB_TOKEN fail?

Reference information:

Error response (click to expand)
{
   "data": null,
   "errors":[
      {
         "message":"Something went wrong while executing your query. This may be the result of a timeout, or it could be a GitHub bug. Please include `0701:1EF1:53DBBA:696A03:5FD5599B` when reporting this issue."
      }
   ]
}
Original Problematic Query (click to expand)
{
  viewer {
    login,
    name,
    repositories(
        first: 100,
        orderBy: {
            field: UPDATED_AT,
            direction: DESC
        },
        isFork: false,
        after: null
    ) {
      pageInfo {
        hasNextPage
        endCursor
      }
      nodes {
        nameWithOwner
        stargazers {
          totalCount
        }
        forkCount
        languages(first: 10, orderBy: {field: SIZE, direction: DESC}) {
          edges {
            size
            node {
              name
              color
            }
          }
        }
      }
    }
    repositoriesContributedTo(
        first: 100,
        includeUserRepositories: false,
        orderBy: {
            field: UPDATED_AT,
            direction: DESC
        },
        contributionTypes: [
            COMMIT,
            PULL_REQUEST,
            REPOSITORY,
            PULL_REQUEST_REVIEW
        ]
        after: null
    ) {
      pageInfo {
        hasNextPage
        endCursor
      }
      nodes {
        nameWithOwner
        stargazers {
          totalCount
        }
        forkCount
        languages(first: 10, orderBy: {field: SIZE, direction: DESC}) {
          edges {
            size
            node {
              name
              color
            }
          }
        }
      }
    }
  }
}

@jstrieb this may help
https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token

Thanks for the link! I am not 100% confident that permissions are the root cause of the error, even though that page does indicate that the query will likely fail for getting information about other repositories, even those owned by the original authenticated user.

If the GraphQL API can be expected to have similar response codes as the REST API (which I recognize is not necessarily the case), then I would expect a permissions error status code to be somewhere in the 400-499 range. In particular, a 401 or 403, possibly a 422. I am suspicious that the response is a 522 server error instead.

Likewise, the octokit/request-action examples seem to be making API requests using the GITHUB_TOKEN, suggesting that it is possible to use for very basic API queries that are tantamount to scraping the public-facing GitHub website.

These (and other) factors taken together don’t prove that it is not a permissions issue, but they are enough to make me consider this issue unresolved.

@jstrieb don’t expect similar response codes, there are a number of community queries about unexpected response codes.
I do not see any non repo scoped actions in the ocktokit request-action you quoted?
If you limit your you API calls to those covered by the documented scope permissions of Github_Token and it fails then the would definitely seem like a product functionality error
Finally public data should not need a scoped permission, so does not need permission. You can see this in rest apis that don’t need authentication