GitHub PR fetch cannot be disabled, causes 401 errors when switching submodules

[minhchu]

Is your feature request related to a problem? Please describe.

When working in a monorepo with submodules, lazygit attempts to fetch GitHub PRs via the GraphQL API every time you switch between submodules or lazygit receives focus. If the gh CLI has an expired token (while git SSH still works fine), this produces a repeated error on every switch:

Error fetching pull requests from GitHub: GraphQL query failed with status: 401 Unauthorized. Body: {
  "message": "Bad credentials",
  "documentation_url": "https://docs.github.com/rest",
  "status": "401"
}

The code only skips PR fetching if GetAuthToken() returns an empty string, but an expired gh token returns a non-empty invalid token, so the early-exit check is bypassed.

Describe the solution you'd like

Add a git.showGithubPullRequests config option (default true) and guard refreshGithubPullRequests() with it, so users who don't use the PR feature can opt out entirely.

Describe alternatives you've considered

No.

Additional context

• lazygit version: 0.61.1
• OS: macOS
• Use case: monorepo with submodules, git SSH auth works, gh token expired

[stefanhaller]

I don't understand why it's a desirable solution to turn off the feature just because your token expired. Isn't a better solution to simply re-login using gh auth login?

I also don't see what this has to do with monorepos or submodules.

[minhchu]

Sry, here's more context:

• I'm using the gh CLI with my personal account
• The GitHub repository I'm using in lazygit belongs to my company account, and every time I switch repositories via submodules (using the submodule pane in lazygit), it returns a 401 error.
• lazygit relies on gh to fetch pull requests => this causes an auth error because I'm not authenticated with the company account
• Initially, I didn't understand why it was throwing Error fetching pull requests from GitHub, so I had to dig into the codebase to figure it out. It was a bit surprising to discover that it uses the gh CLI under the hood

For now, I've patched my local lazygit to disable PR fetching. Feel free to close this issue.

[stefanhaller]

I see, thanks for the extra context.

It's too bad that gh doesn't have an easy way to support multiple accounts. Apparently there are some ways (see some of the discussion in cli/cli#326), but I'm too lazy to set up any of those, or even understand them. :-)

(And I don't personally have this problem because I log in using my work account -- I have to because our work repos are private, and so I can also access my personal repos this way, all of which are public. This works for me because I use gh only for reading, never for making changes.)

Alright, so it does look like you would need an option to turn PR support off. Although, just for my understanding: it's only a cosmetic problem in that it spams your Log panel with error messages, is that right?

As for the config, if we do add one then I'm considering making it more flexible than a simple on/off switch. We have this case where someone wants to see open PRs but not merged ones. So we could make it a tristate thing like all/open/none, but we could also make it a list of PR states that you want to see (the default being [open, draft, merged, closed]; if the list is empty it wouldn't fetch PRs at all. I have a tendency towards that last approach, for maximum flexibility.

[Rpinski]

Just one thought on another aspect from @minhchu's post:

Is it necessary to request PRs from GitHub every time Lazygit is focused or files are updated? (as I understand it works that way)
I switch between Lazygit and IDE quite frequently while working on a commit and that seems to send GitHub requests all the time. Wouldn't it be enough to refresh only when fetching anyway or at least when branch list is updated for any reason? People can still activate autoFetch to update periodically.

[minhchu]

Thanks everyone for your thoughts on this.

I recently upgraded lazygit from a 0.4x version to 0.61.1, and it was quite a surprise. With autoRefresh: true, it started spamming my command log with 401 errors.

After reading the discussions above, I tend to agree that different teams use Git in different ways, so what works well for one team may not make sense for another. Personally, I don’t use pull requests, and neither does my team.

It would be helpful to have more fine-grained control over the PR feature. For example, a combination of enable or disable settings along with filtering by PR status such as open, draft, merged, or closed could work well.

[prosoitos]

Ah! Thank you @minhchu for this issue!

I was having the same error messages (while not using any submodule nor using the workflow you are describing), simply because I installed GitHub CLI years ago, never used it, forgot about it, and it was having issues with some old token.

I was very confused because I have SSH setup in all my repos, so I could push and pull no problem.

Setting GitHub CLI to use SSH too solved this problem.

But this issue was useful to figure it out!

[zorane]

Just hit this after updating to the latest commit (e2e98cf). My case is a bit different but same root cause — I have GH_HOST=my-company.github.com set in my environment because I mostly work against a GitHub Enterprise instance. When I open lazygit in a github.com repo the 401 spam starts right away.

Dug into the code and found it in GetAuthToken() in pkg/commands/git_commands/github.go:

func (self *GitHubCommands) GetAuthToken() string {
    defaultHost, _ := auth.DefaultHost()
    token, _ := auth.TokenForHost(defaultHost)
    return token
}

auth.DefaultHost() from go-gh respects GH_HOST, so it hands back my GHE hostname, and the token for that host is my GHE token — which then gets sent to the hardcoded https://api.github.com/graphql endpoint in fetchRecentPRsAux. Wrong token, wrong API, 401.

The rest of the feature already assumes github.com throughout — InGithubRepo() explicitly checks for "github.com" in the remote URL, fetchRecentPRsAux hardcodes the api.github.com endpoint. GetAuthToken is just the odd one out.

Fixing it to be consistent with the rest:

func (self *GitHubCommands) GetAuthToken() string {
    token, _ := auth.TokenForHost("github.com")
    return token
}

I've got this on a fork if a PR would help. Happy to put one up.

[stefanhaller]

@zorane We have a PR open for supporting GH enterprise (#5559). I'm not sure if/when I'll merge it since my new policy is to no longer accept PRs (especially when it's plainly obvious that they are AI-generated), but it does seem very useful; I just didn't get around to having a look at it. In the meantime, hardcoding github.com in GetAuthToken sounds like a step in the wrong direction then.

As for the 401 spam: I think it just shouldn't spam the console the way it does. At most one line of error reporting should be enough, if even that.

[stefanhaller]

@zorane Can you please test #5596? Does it solve the problem for you?

[zorane]

@stefanhaller I just tried it out and it does solve the problem for me as well. And also, thank you for your awesome work!