Fixed: Pass GITHUB_TOKEN to cargo-binstall for higher rate limits

[Sewer56]

Summary

Passes GITHUB_TOKEN to cargo-binstall to avoid GitHub API rate limiting.

Problem

When cargo-binstall installs packages from GitHub releases, it queries the GitHub API. Without authentication, this is limited to 60 requests/hour, causing 403 Forbidden errors in CI environments. This leads to:

• Timeout errors: deadline has elapsed
• Fallback to cargo install (compiles from source, adding ~5-10 min per job)

Solution

Pass GITHUB_TOKEN via environment variable to both:

1. The cargo-bins/cargo-binstall@main action (line 198-199)
2. The cargo binstall cargo-tarpaulin command (line 203-204)

This gives:

• 1000 requests/hour rate limit (vs 60 unauthenticated)
• Reliable binary downloads from GitHub releases
• Faster CI (no source compilation fallback)

References

• cargo-binstall issue #2045 - Same 403 error
• hickory-dns PR #2770 - Same fix applied
• GitHub docs: github.token context

[coderabbitai]

Walkthrough

The action.yml file was updated to set the GITHUB_TOKEN environment variable with the value ${{ github.token }} for two conditional installation steps: the cargo-binstall installation step and the Tarpaulin installation step when using binstall. These environment variables are configured as part of the composite action's existing workflow steps and do not modify input/output declarations or control flow logic. A total of four lines were added with no lines removed.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: passing GITHUB_TOKEN to cargo-binstall to improve rate limits, which directly matches the changeset's purpose.
Description check	✅ Passed	The description is directly related to the changeset, explaining the problem, solution, and references for why GITHUB_TOKEN is being passed to cargo-binstall in the action.yml file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/pass-github-token-to-binstall

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@action.yml`:
- Around line 198-200: The workflow currently uses the mutable ref "uses:
cargo-bins/cargo-binstall@main" and exposes GITHUB_TOKEN, which is a
supply-chain risk; update the "uses" reference to a specific commit SHA (or an
immutable tag) for cargo-bins/cargo-binstall instead of `@main` so the action is
pinned, keeping the "env: GITHUB_TOKEN" usage unchanged but now tied to an
immutable action; locate the line containing "uses:
cargo-bins/cargo-binstall@main" and replace `@main` with the chosen commit SHA.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0c42aae2-540d-482b-8fcf-ff1ed7beaefe

📥 Commits

Reviewing files that changed from the base of the PR and between 02c4e45 and 11c7ac0.

📒 Files selected for processing (1)

• action.yml

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (b0bfb23) to head (11c7ac0).
⚠️ Report is 4 commits behind head on v1-master.

Additional details and impacted files

@@       Coverage Diff       @@
##   v1-master   #13   +/-   ##
===============================
===============================

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.