Fall back to unauthenticated GitHub access when stored token has bad credentials

[Copilot]

The GitHub token in Secret Manager has expired/been revoked, causing get_latest_github_commits() to fail with 401 Bad credentials and return None.

Since the repo is public, unauthenticated access is sufficient. The fix catches BadCredentialsException and retries without auth rather than failing entirely.

Changes

• app.py: Import BadCredentialsException from github
• app.py: Wrap g.get_repo() to catch BadCredentialsException and fall back to an unauthenticated gh() client

try:
    repo = g.get_repo("EastsidePreparatorySchool/epschedule")
except BadCredentialsException:
    logging.warning("GitHub token has bad credentials, falling back to unauthenticated access")
    repo = gh().get_repo("EastsidePreparatorySchool/epschedule")

Action required: Rotate the gh_token secret in Secret Manager to restore authenticated access and the associated higher rate limits.

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[codingses]

lgtm

[Copilot]

Pull request overview

Improves resilience of get_latest_github_commits() by handling revoked/expired GitHub tokens from Secret Manager and falling back to unauthenticated GitHub API access (sufficient for this public repository), instead of failing and returning None.

Changes:

• Import BadCredentialsException from github.
• Catch BadCredentialsException from the authenticated get_repo() call and retry with an unauthenticated GitHub client.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.