pr-comment: preserve https:// URLs in free /review base_file

[reuvenharrison]

Problem

The free review URL builder in pr-comment/entrypoint.sh runs the base and revision inputs through:

base_path=$(echo "$base" | sed 's/.*://')
rev_path=$(echo "$revision" | sed 's/.*://')

The sed is meant to strip the git-ref prefix in inputs like origin/main:openapi.yaml so the /review page receives just openapi.yaml. But for inputs that are URLs (https://raw.githubusercontent.com/o/r/main/foo.yaml), the same sed strips https: and leaves a broken //raw.githubusercontent.com/... in the base_file= query parameter of the emitted ::notice:: URL.

The /review page then tries to GET the broken URL as the base spec, the fetch fails, and the access-denied screen renders — misreporting the cause as authorization ("@owner doesn't have access to o/r") even though the real problem is the malformed URL the page received from the action.

Reproducer

oasdiff-test/test's workflow uses URL-shaped base inputs:

base: https://raw.githubusercontent.com/${{ github.repository }}/${{ github.base_ref }}/simple.yaml

So every action run there emits a broken ::notice:: link. Workflows that use the git-ref form (origin/main:foo.yaml) — the more common shape — are unaffected.

Fix

A case-branch helper that:

• For inputs starting with http:// or https:// — pass through unchanged
• For everything else — run the existing sed to strip the git-ref prefix

strip_ref_prefix() {
    case "$1" in
        http://*|https://*) printf '%s' "$1" ;;
        *)                  printf '%s' "$1" | sed 's/.*://' ;;
    esac
}
base_path=$(strip_ref_prefix "$base")
rev_path=$(strip_ref_prefix "$revision")

Tests

Two new regression tests, both stubbing oasdiff to a no-changes spec so the entrypoint emits the ::notice:: and exits:

• pr_comment_free_review_url_preserves_https_base — base = URL; verifies the emitted notice contains base_file=https%3A%2F%2Fraw.githubusercontent.com... (full URL encoded), and explicitly fails with a clear message if it finds the broken base_file=%2F%2Fraw... form
• pr_comment_free_review_url_strips_git_ref_prefix — base = origin/main:multi-file/openapi.yaml; verifies the prefix is still stripped to just the path

If the case branch is ever reverted, both tests fail with specific pointers at the cause.

Test plan

• bash -n and YAML parse clean
• Local smoke test with both base shapes — produces correct base_file= query params
• CI runs both new test jobs
• On merge, re-run on a URL-base workflow (oasdiff-test/test) and verify the /review link resolves instead of access-denying

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

Generated with Claude Code