5

[boomboomtxzzit-coder]

# This workflow uses actions that are not certified by GitHub.

They are provided by a third-party and are governed by

separate terms of service, privacy policy, and support

documentation.

steps:

• uses: actions/checkout@v5

• uses: actions/setup-java@v4
  with:
  java-version: '17'
  distribution: 'temurin'

• name: Setup Gradle
  uses: gradle/actions@017a9ef # v4.4.2

• name: Build with Gradle
  run: ./gradlew build

• name: Upload build artifacts
  uses: actions/upload-artifact@v4
  with:
  name: Package
  path: build/libs

Goal

We want to integrate GitHub Actions with Box so that artifacts are automatically uploaded to Box when a commit/workflow completes. The intent is to reduce manual work and eliminate operational mistakes.

What we’re looking for

1. Is this a reasonable/feasible design with GitHub Actions?

2. Any detailed setup steps or example workflows (YAML) you recommend for:

   • calling an external API (Box) securely from Actions
   • handling credentials via GitHub Secrets (least privilege, rotation, scoping)
   • implementing retries/backoff and robust error handling for HTTP uploads

3. Best practices for minimizing and budgeting API calls when pushing files from Actions to an external storage (Box).

4. Guidance on authentication for Box API from Actions: OAuth 2.0 vs JWT (server-to-server) in general.

API-call budget question

Our Box tenant enforces a rule of ≤ 5,000 API calls per month. If approximately 300 users rely on workflows that upload files to Box, what would be a reasonable monthly API-call estimate? (For example, typical calls per upload: preflight/metadata/upload/commit, etc.)

Environment

• GitHub plan: Free
• Runners: GitHub-hosted (ubuntu-latest)
• Repository type: Private
• Typical artifacts: build outputs / release files

If there are sample repos, marketplace Actions, or reference docs showing a reliable pattern (e.g., staging artifacts and then uploading to Box via curl or a maintained Action), pointers would be greatly appreciated. Thanks in advance for your help!

What are your suggested changes?

Summary

This is a how‑to question framed as a documentation improvement request.

We want to integrate GitHub Actions with Box so that artifacts are automatically uploaded to Box when a commit/workflow completes. The goal is to remove manual uploads and avoid process mistakes.

What documentation change is requested?

Please consider adding a guide/example covering “Uploading build artifacts from GitHub Actions to an external storage (Box) via API”, including:
##**/. my_file.txt

1. Feasibility & recommended design

   • Is calling an external API (Box) from Actions a reasonable pattern?

2. End‑to‑end setup steps / sample YAML

   • Example workflow (YAML) that securely calls an external API
   • Using GitHub Secrets (least privilege, rotation, scoping)
   • Retries/backoff and robust error handling for HTTP uploads

3. Authentication guidance

   • General advice on choosing OAuth 2.0 vs JWT (server‑to‑server) for Box API

4. API‑call budgeting / rate‑limit planning

   • Our Box tenant enforces ≤ 5,000 API calls/month
   • With ~300 users, what is a reasonable monthly API‑call estimate?
   • Typical calls per upload (preflight/metadata/upload/commit) and how to minimize them

Environment (for context)

• GitHub plan: Free
• Runners: GitHub‑hosted (ubuntu‑latest)
• Repository: Private
• Artifacts: build outputs / release files

If there are existing examples (marketplace Actions, sample repos, or docs) that already show a reliable pattern (e.g., staging artifacts then uploading to Box via curl or a maintained Action), pointers would be greatly appreciated. Thanks!

Originally posted by @boomboomtxzzit-coder in #755