Release testing for v3.0.1

.github/actions/file/action.yml

@@ -11,6 +11,9 @@ inputs:
   token:
     description: "Token with fine-grained permission 'issues: write'"
     required: true
+  base_url:
+    description: "Optional base URL to pass into Octokit for the GitHub API (for example, `https://YOUR_HOSTNAME/api/v3` for GitHub Enterprise Server)"
+    required: false
   cached_filings_file:
     description: "Path to a JSON file containing cached filings from previous runs. Without this, duplicate issues may be filed."
     required: false

.github/actions/file/src/index.ts

@@ -22,6 +22,7 @@ export default async function () {
   const findings: Finding[] = JSON.parse(fs.readFileSync(findingsFile, 'utf8'))
   const repoWithOwner = core.getInput('repository', {required: true})
   const token = core.getInput('token', {required: true})
+  const baseUrl = core.getInput('base_url', {required: false})
   const screenshotRepo = core.getInput('screenshot_repository', {required: false}) || repoWithOwner
   const cachedFilingsFile = core.getInput('cached_filings_file', {required: false})
   const cachedFilings: (ResolvedFiling | RepeatedFiling)[] = cachedFilingsFile
@@ -30,12 +31,14 @@ export default async function () {
   const shouldOpenGroupedIssues = core.getBooleanInput('open_grouped_issues')
   core.debug(`Input: 'findings_file: ${findingsFile}'`)
   core.debug(`Input: 'repository: ${repoWithOwner}'`)
+  core.debug(`Input: 'base_url: ${baseUrl ?? '(default)'}'`)
   core.debug(`Input: 'screenshot_repository: ${screenshotRepo}'`)
   core.debug(`Input: 'cached_filings_file: ${cachedFilingsFile}'`)
   core.debug(`Input: 'open_grouped_issues: ${shouldOpenGroupedIssues}'`)
 
   const octokit = new OctokitWithThrottling({
     auth: token,
+    baseUrl,
     throttle: {
       onRateLimit: (retryAfter, options, octokit, retryCount) => {
         octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`)

.github/actions/fix/action.yml

@@ -11,6 +11,9 @@ inputs:
   token:
     description: "Personal access token (PAT) with fine-grained permissions 'issues: write' and 'pull_requests: write'"
     required: true
+  base_url:
+    description: "Optional base URL to pass into Octokit for the GitHub API (for example, `https://YOUR_HOSTNAME/api/v3` for GitHub Enterprise Server)"
+    required: false
 
 outputs:
   fixings_file:

.github/actions/fix/src/index.ts

@@ -17,11 +17,14 @@ export default async function () {
   const issues: IssueInput[] = JSON.parse(fs.readFileSync(issuesFile, 'utf8'))
   const repoWithOwner = core.getInput('repository', {required: true})
   const token = core.getInput('token', {required: true})
+  const baseUrl = core.getInput('base_url', {required: false}) || undefined
   core.debug(`Input: 'issues_file: ${issuesFile}'`)
   core.debug(`Input: 'repository: ${repoWithOwner}'`)
+  core.debug(`Input: 'base_url: ${baseUrl ?? '(default)'}'`)
 
   const octokit = new OctokitWithThrottling({
     auth: token,
+    baseUrl,
     throttle: {
       onRateLimit: (retryAfter, options, octokit, retryCount) => {
         octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`)

.github/workflows/test.yml

@@ -34,7 +34,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Setup Ruby
-        uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64
+        uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92
         with:
           ruby-version: "3.4"
           bundler-cache: true

README.md

@@ -47,6 +47,7 @@ jobs:
           repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
           token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
           cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
+          # base_url: https://REPLACE_THIS # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
           # login_url: # Optional: URL of the login page if authentication is required
           # username: # Optional: Username for authentication
           # password: ${{ secrets.PASSWORD }} # Optional: Password for authentication (use secrets!)
@@ -118,6 +119,7 @@ Trigger the workflow manually or automatically based on your configuration. The
 | `repository`              | Yes      | Repository (with owner) for issues and PRs                                                                                                                                                          | `primer/primer-docs`                                        |
 | `token`                   | Yes      | PAT with write permissions (see above)                                                                                                                                                              | `${{ secrets.GH_TOKEN }}`                                   |
 | `cache_key`               | Yes      | Key for caching results across runs<br>Allowed: `A-Za-z0-9._/-`                                                                                                                                     | `cached_results-primer.style-main.json`                     |
+| `base_url`                | No       | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com`                                              | `https://ghe.example.com/api/v3`                            |
 | `login_url`               | No       | If scanned pages require authentication, the URL of the login page                                                                                                                                  | `https://github.com/login`                                  |
 | `username`                | No       | If scanned pages require authentication, the username to use for login                                                                                                                              | `some-user`                                                 |
 | `password`                | No       | If scanned pages require authentication, the password to use for login                                                                                                                              | `${{ secrets.PASSWORD }}`                                   |

action.yml

@@ -12,6 +12,9 @@ inputs:
   token:
     description: "Personal access token (PAT) with fine-grained permissions 'contents: write', 'issues: write', and 'pull_requests: write'"
     required: true
+  base_url:
+    description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+    required: false
   cache_key:
     description: 'Key for caching results across runs'
     required: true
@@ -118,6 +121,7 @@ runs:
         findings_file: ${{ steps.find.outputs.findings_file }}
         repository: ${{ inputs.repository }}
         token: ${{ inputs.token }}
+        base_url: ${{ inputs.base_url }}
         cached_filings_file: ${{ steps.normalize_cache.outputs.cached_filings_file }}
         screenshot_repository: ${{ github.repository }}
         open_grouped_issues: ${{ inputs.open_grouped_issues }}
@@ -137,6 +141,7 @@ runs:
         issues_file: ${{ steps.get_issues_from_filings.outputs.issues_file }}
         repository: ${{ inputs.repository }}
         token: ${{ inputs.token }}
+        base_url: ${{ inputs.base_url }}
     - name: Set results output
       id: results
       shell: bash

sites/site-with-errors/Gemfile.lock

@@ -1,8 +1,8 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.7)
-      public_suffix (>= 2.0.2, < 7.0)
+    addressable (2.9.0)
+      public_suffix (>= 2.0.2, < 8.0)
     base64 (0.3.0)
     bigdecimal (3.2.2)
     colorator (1.1.0)
@@ -98,10 +98,10 @@ GEM
     nio4r (2.7.5)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    public_suffix (6.0.2)
+    public_suffix (7.0.5)
     puma (7.2.0)
       nio4r (~> 2.0)
-    rack (3.2.5)
+    rack (3.2.6)
     rake (13.3.0)
     rb-fsevent (0.11.2)
     rb-inotify (0.11.1)