Don't hard-code a token in the tests.

Author: maleadt

.github/workflows/ci.yml

@@ -42,6 +42,8 @@ jobs:
             ${{ runner.os }}-
       - uses: julia-actions/julia-buildpkg@v1
       - uses: julia-actions/julia-runtest@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - uses: julia-actions/julia-processcoverage@v1
       - uses: codecov/codecov-action@v1
         with:

test/read_only_api_tests.jl

@@ -14,17 +14,15 @@ testuser_sshkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVDBxFza4BmQTCTFeTyK"*
 
 hasghobj(obj, items) = any(x -> name(x) == name(obj), items)
 
-# This token has public, read-only access, and is required so that our
-# tests don't get rate-limited. The only way a malicious party could do harm
-# with this token is if they used it to abuse the rate limit associated with
-# the token (not too big of a deal). The token is hard-coded in an obsfucated
-# manner in an attempt to thwart token-stealing crawlers.
-auth = authenticate(string(circshift(["bcc", "3fc", "03a", "33e",
-                                      "c09", "363", "5f1", "bd3",
-                                      "fc6", "77b", '5', "9cf",
-                                      "868", "033"], 3)...))
-
-@test rate_limit(; auth = auth)["rate"]["limit"] == 5000
+if haskey(ENV, "GITHUB_TOKEN")
+    @info "Using GitHub token from ENV"
+    auth = authenticate(ENV["GITHUB_TOKEN"])
+    @test rate_limit(; auth = auth)["rate"]["limit"] == 5000
+else
+    @warn "Using anonymous GitHub access. If you get rate-limited, please set the GITHUB_TOKEN env var to an appropriate value."
+    auth = GitHub.AnonymousAuth()
+    @test rate_limit(; auth = auth)["rate"]["limit"] == 60
+end
 
 @testset "Owners" begin
     # test GitHub.owner