breaking,changelog: preserve https:// URLs in free /review base_file#121
Merged
Merged
Conversation
The free breaking and changelog actions built the /review base_file parameter with `sed 's/.*://'`, which strips the git-ref prefix from inputs like "origin/main:openapi.yaml". For URL-shaped base/revision inputs (https://...), the same sed also strips "https:" and leaves a broken "//host/..." that the /review page cannot fetch, so the page renders the access-denied screen and misreports the cause as a permissions problem. pr-comment already got this fix in #120. This applies the same strip_ref_prefix helper (passes http(s):// through unchanged, strips the ref prefix otherwise) to breaking and changelog, so all three actions emit a well-formed base_file for every supported input shape (git ref, local path, http/s URL). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
test.yaml had grown to 863 lines and 22 jobs covering all four actions. Split it into one workflow per action (test-diff, test-breaking, test-changelog, test-pr-comment) so each file maps to the action it exercises and stays readable. Pure move: the jobs are byte-identical to the original set; only the file boundaries and the per-file name/on: headers are new. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add the breaking/changelog equivalents of the existing pr-comment free-review-URL jobs: assert a URL-shaped base survives intact in base_file= (the regression this PR fixes) and a git-ref base is stripped to a bare path. Locks the duplicated strip_ref_prefix helper against drift in each action. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The runner's /bin/sh is dash, which rejects `set -o pipefail` (exit 2) that changelog/entrypoint.sh sets. Running the entrypoint directly via its shebang therefore failed before producing any output. Invoke it with bash, which supports pipefail (as does the busybox ash the action uses in production). breaking/entrypoint.sh has no pipefail, so its jobs are unaffected. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three commits:
Fix — the free
breakingandchangelogactions built the/reviewbase_fileparameter withsed 's/.*://'. That strips the git-ref prefix fromorigin/main:openapi.yaml, but for URL-shapedbase/revisioninputs (https://...) it also stripshttps:and emits a broken//host/.... The/reviewpage then can't fetch the spec and renders the access-denied screen, misreporting the cause as a permissions problem.pr-commentalready got this fix in pr-comment: preserve https:// URLs in free /review base_file #120; this applies the samestrip_ref_prefixhelper tobreakingandchangelog.Split —
test.yamlhad grown to 863 lines / 22 jobs across all four actions. Split into one workflow per action (test-diff,test-breaking,test-changelog,test-pr-comment). Pure move, jobs byte-identical.Tests — added the
breaking/changelogequivalents of the existingpr_comment_free_review_url_*jobs, locking the duplicated helper against drift.Behavior
baseinputbase_filebeforebase_fileafterorigin/main:openapi.yamlopenapi.yamlopenapi.yamlopenapi.yamlopenapi.yamlopenapi.yamlhttps://example.com/openapi.yaml//example.com/openapi.yaml(broken)https://example.com/openapi.yamlTest plan
sh -npasses on both entrypointsbreakingentrypoint emitsbase_file=https%3A%2F%2Fraw...for a URL base andbase_file=multi-file%2Fopenapi.yamlfor a git-ref basebreakingandchangelog(preserve-https + strip-git-ref), mirroring thepr-commentpairNote
This makes the emitted URL well-formed. It does not change the separate, still-open decision about restricting the page-side spec fetch to GitHub hosts (the token-leak / SSRF item), which is tracked separately.