Skip to content

Commit 54e58b6

Browse files
parkerbxyzCopilot
parkerbxyz
and
Copilot
authored
fix: require NODE_USE_ENV_PROXY for proxy support (#342)
This PR switches proxy support to Node's native env-proxy handling and makes the required configuration explicit. ## What changed - fail fast in both `main` and `post` when proxy configuration is present without `NODE_USE_ENV_PROXY=1` - document the supported proxy configuration in `README.md` - add regression tests for the proxy guard in both entrypoints - keep the existing successful end-to-end coverage and add a smaller proxy-specific workflow check that enables native proxy support, points `https_proxy` at an unreachable proxy, and asserts the action fails - update the test workflow so the same checks also run on pushes to `beta` ## Proxy configuration When using `HTTP_PROXY` or `HTTPS_PROXY`, set `NODE_USE_ENV_PROXY=1` on the action step. If you need bypass rules, set `NO_PROXY` alongside them. --------- Co-authored-by: Copilot <[email protected]>
1 parent bf559f8 commit 54e58b6

File tree

12 files changed

+291
-107
lines changed

12 files changed

+291
-107
lines changed

.github/workflows/test.yml

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ on:
44
push:
55
branches:
66
- main
7+
- beta
78
pull_request:
89
workflow_dispatch:
910

@@ -33,7 +34,7 @@ jobs:
3334
name: End-to-End
3435
runs-on: ubuntu-latest
3536
# do not run from forks, as forks don’t have access to repository secrets
36-
if: github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
37+
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
3738
steps:
3839
- uses: actions/checkout@v5
3940
- uses: actions/setup-node@v4
@@ -54,3 +55,28 @@ jobs:
5455
with:
5556
route: GET /installation/repositories
5657
- run: echo '${{ steps.get-repository.outputs.data }}'
58+
59+
end-to-end-proxy:
60+
name: End-to-End with unreachable proxy
61+
runs-on: ubuntu-latest
62+
# do not run from forks, as forks don’t have access to repository secrets
63+
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.owner.login == github.event.pull_request.base.repo.owner.login
64+
steps:
65+
- uses: actions/checkout@v5
66+
- uses: actions/setup-node@v4
67+
with:
68+
node-version-file: package.json
69+
cache: 'npm'
70+
- run: npm ci
71+
- run: npm run build
72+
- uses: ./ # Uses the action in the root directory
73+
continue-on-error: true
74+
id: test
75+
env:
76+
NODE_USE_ENV_PROXY: "1"
77+
https_proxy: http://127.0.0.1:9
78+
with:
79+
app-id: ${{ vars.TEST_APP_ID }}
80+
private-key: ${{ secrets.TEST_APP_PRIVATE_KEY }}
81+
- name: Assert action failed through unreachable proxy
82+
run: test "${{ steps.test.outcome }}" = "failure"

README.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,24 @@ jobs:
296296
GITHUB_TOKEN: ${{ steps.create_token.outputs.token }}
297297
```
298298

299+
### Proxy support
300+
301+
This action relies on Node.js native proxy support.
302+
303+
If you set `HTTP_PROXY` or `HTTPS_PROXY`, also set `NODE_USE_ENV_PROXY: "1"` on the action step so Node.js honors those variables. If you need proxy bypass rules, set `NO_PROXY` alongside them.
304+
305+
```yaml
306+
- uses: actions/create-github-app-token@v3
307+
id: app-token
308+
env:
309+
HTTPS_PROXY: http://proxy.example.com:8080
310+
NO_PROXY: github.example.com
311+
NODE_USE_ENV_PROXY: "1"
312+
with:
313+
app-id: ${{ vars.APP_ID }}
314+
private-key: ${{ secrets.PRIVATE_KEY }}
315+
```
316+
299317
## Inputs
300318

301319
### `app-id`

0 commit comments

Comments
 (0)