fix: use GITHUB_TOKEN in get_latest_release to avoid rate limits

[bigcat88]

Summary

• get_latest_release() now reads the GITHUB_TOKEN env var and sends it as a Bearer auth header, matching the existing pattern in fetch_pr_info() and find_pr_by_branch()
• Added 403/429 rate-limit handling via handle_github_rate_limit(), also matching the sibling functions

Fixes #425

Test plan

• Added tests for auth header presence with/without GITHUB_TOKEN
• Added test for GitHubRateLimitError propagation on 403
• All existing tests pass (pytest tests/comfy_cli/command/github/test_pr.py)
• Lint clean (ruff check)

[coderabbitai]

📝 Walkthrough

Walkthrough

Enhanced get_latest_release() to conditionally include GitHub API authentication headers when GITHUB_TOKEN environment variable is present, with explicit handling for HTTP 403 and 429 rate limit responses. Corresponding test coverage added for token-based authentication and rate limit error handling.

Changes

Cohort / File(s)	Summary
GitHub API Authentication & Rate Limiting comfy_cli/command/install.py	Modified get_latest_release() to conditionally send Bearer Authorization header when GITHUB_TOKEN is set, and added explicit handling for HTTP 403/429 status codes via handle_github_rate_limit().
Rate Limit Test Coverage tests/comfy_cli/command/github/test_pr.py	Added TestGetLatestRelease test suite validating Bearer token header inclusion/omission based on environment variable presence and GitHubRateLimitError exception raising for 403 responses with rate limit indicators.

---

No rate limit, no problem—looks like these changes are really helping things elevate their GitHub game! 🎭

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR directly addresses issue #425 by implementing GITHUB_TOKEN authentication in get_latest_release(), adding rate-limit handling, and including comprehensive tests for both scenarios.
Out of Scope Changes check	✅ Passed	All changes are scoped to addressing rate-limit failures in get_latest_release() and include only necessary test coverage; no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/get-latest-release-rate-limit

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch fix/get-latest-release-rate-limit

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@            Coverage Diff             @@
##             main     #428      +/-   ##
==========================================
+ Coverage   76.43%   76.63%   +0.19%     
==========================================
  Files          35       35              
  Lines        4274     4279       +5     
==========================================
+ Hits         3267     3279      +12     
+ Misses       1007     1000       -7     

Files with missing lines	Coverage Δ
comfy_cli/command/install.py	77.60% <100.00%> (+1.58%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@comfy_cli/command/install.py`:
- Around line 486-487: The code currently routes every 403/429 to
handle_github_rate_limit(response) which, because handle_github_rate_limit
defaults missing rate-limit headers to 0, can misclassify ordinary 403s as
GitHubRateLimitError; update the logic so you only call handle_github_rate_limit
when the response actually contains GitHub rate-limit headers (e.g., check for
"X-RateLimit-Remaining" or "X-RateLimit-Reset" in response.headers) or change
handle_github_rate_limit to first detect absence of those headers and
return/raise a different error; locate the call site around the if
response.status_code in (403, 429) and either gate the call with a headers check
or add header-presence validation inside handle_github_rate_limit to avoid false
positives.

In `@tests/comfy_cli/command/github/test_pr.py`:
- Around line 488-498: Add two tests alongside test_rate_limit_raises_error: one
where requests.get returns status_code 429 (with appropriate headers) and assert
get_latest_release(...) raises GitHubRateLimitError; and another where
requests.get returns status_code 403 but without any x-ratelimit-remaining
header and assert that get_latest_release(...) raises a non-rate-limit error
(use pytest.raises(Exception) or the project’s generic HTTP/error exception).
Use the same mocking pattern (mock_get, mock_response) as in the existing test
to set status_code and headers and keep test names clear (e.g.,
test_status_429_raises_rate_limit and
test_403_without_rate_limit_raises_generic_error).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 10eaf885-6d53-4f59-8a55-7e7e88b8f16a

📥 Commits

Reviewing files that changed from the base of the PR and between ab18427 and dbe8bcd.

📒 Files selected for processing (2)

• comfy_cli/command/install.py
• tests/comfy_cli/command/github/test_pr.py