From e9a0ae74e77607af6b2253d922aaf1e19fce12ac Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 25 Mar 2026 20:43:16 +0000
Subject: [PATCH 1/9] Initial plan
From 285e444d0332c4c8f0341f7d0fb5a926de15e401 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 25 Mar 2026 20:48:17 +0000
Subject: [PATCH 2/9] feat: add optional base_url input for Octokit enterprise
support
Agent-Logs-Url: https://github.com/github/accessibility-scanner/sessions/b5a52a27-e1a7-42dd-a5a7-07aff0f4fc7c
Co-authored-by: JoyceZhu <6251669+JoyceZhu@users.noreply.github.com>
---
.github/actions/file/action.yml | 3 +
.github/actions/file/src/index.ts | 3 +
.github/actions/file/tests/index.test.ts | 92 ++++++++++++++++++++++++
.github/actions/fix/action.yml | 3 +
.github/actions/fix/src/index.ts | 3 +
.github/actions/fix/tests/index.test.ts | 84 ++++++++++++++++++++++
README.md | 2 +
action.yml | 5 ++
8 files changed, 195 insertions(+)
create mode 100644 .github/actions/file/tests/index.test.ts
create mode 100644 .github/actions/fix/tests/index.test.ts
diff --git a/.github/actions/file/action.yml b/.github/actions/file/action.yml
index 40c63947..a99abb66 100644
--- a/.github/actions/file/action.yml
+++ b/.github/actions/file/action.yml
@@ -11,6 +11,9 @@ inputs:
token:
description: "Token with fine-grained permission 'issues: write'"
required: true
+ base_url:
+ description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ required: false
cached_filings:
description: "Cached filings from previous runs, as stringified JSON. Without this, duplicate issues may be filed."
required: false
diff --git a/.github/actions/file/src/index.ts b/.github/actions/file/src/index.ts
index 2619d79b..d0a7b2b6 100644
--- a/.github/actions/file/src/index.ts
+++ b/.github/actions/file/src/index.ts
@@ -19,6 +19,7 @@ export default async function () {
const findings: Finding[] = JSON.parse(core.getInput('findings', {required: true}))
const repoWithOwner = core.getInput('repository', {required: true})
const token = core.getInput('token', {required: true})
+ const baseUrl = core.getInput('base_url', {required: false}) || undefined
const screenshotRepo = core.getInput('screenshot_repository', {required: false}) || repoWithOwner
const cachedFilings: (ResolvedFiling | RepeatedFiling)[] = JSON.parse(
core.getInput('cached_filings', {required: false}) || '[]',
@@ -26,12 +27,14 @@ export default async function () {
const shouldOpenGroupedIssues = core.getBooleanInput('open_grouped_issues')
core.debug(`Input: 'findings: ${JSON.stringify(findings)}'`)
core.debug(`Input: 'repository: ${repoWithOwner}'`)
+ core.debug(`Input: 'base_url: ${baseUrl ?? '(default)'}'`)
core.debug(`Input: 'screenshot_repository: ${screenshotRepo}'`)
core.debug(`Input: 'cached_filings: ${JSON.stringify(cachedFilings)}'`)
core.debug(`Input: 'open_grouped_issues: ${shouldOpenGroupedIssues}'`)
const octokit = new OctokitWithThrottling({
auth: token,
+ baseUrl,
throttle: {
onRateLimit: (retryAfter, options, octokit, retryCount) => {
octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`)
diff --git a/.github/actions/file/tests/index.test.ts b/.github/actions/file/tests/index.test.ts
new file mode 100644
index 00000000..53519f79
--- /dev/null
+++ b/.github/actions/file/tests/index.test.ts
@@ -0,0 +1,92 @@
+import {beforeEach, describe, expect, it, vi} from 'vitest'
+
+const {octokitCtorMock, getInputMock, getBooleanInputMock} = vi.hoisted(() => ({
+ octokitCtorMock: vi.fn(),
+ getInputMock: vi.fn(),
+ getBooleanInputMock: vi.fn(),
+}))
+
+vi.mock('@actions/core', () => ({
+ getInput: getInputMock,
+ getBooleanInput: getBooleanInputMock,
+ info: vi.fn(),
+ debug: vi.fn(),
+ warning: vi.fn(),
+ setOutput: vi.fn(),
+ setFailed: vi.fn(),
+}))
+
+vi.mock('@octokit/core', () => ({
+ Octokit: {
+ plugin: vi.fn(() => octokitCtorMock),
+ },
+}))
+
+vi.mock('@octokit/plugin-throttling', () => ({
+ throttling: vi.fn(),
+}))
+
+describe('file action index', () => {
+ beforeEach(() => {
+ vi.resetModules()
+ vi.clearAllMocks()
+ })
+
+ it('passes baseUrl to Octokit when base_url input is provided', async () => {
+ getInputMock.mockImplementation((name: string) => {
+ switch (name) {
+ case 'findings':
+ return '[]'
+ case 'repository':
+ return 'org/repo'
+ case 'token':
+ return 'token'
+ case 'base_url':
+ return 'https://ghe.example.com/api/v3'
+ case 'cached_filings':
+ return '[]'
+ default:
+ return ''
+ }
+ })
+ getBooleanInputMock.mockReturnValue(false)
+
+ const {default: run} = await import('../src/index.ts')
+ await run()
+
+ expect(octokitCtorMock).toHaveBeenCalledWith(
+ expect.objectContaining({
+ auth: 'token',
+ baseUrl: 'https://ghe.example.com/api/v3',
+ }),
+ )
+ })
+
+ it('uses Octokit default API URL when base_url input is not provided', async () => {
+ getInputMock.mockImplementation((name: string) => {
+ switch (name) {
+ case 'findings':
+ return '[]'
+ case 'repository':
+ return 'org/repo'
+ case 'token':
+ return 'token'
+ case 'cached_filings':
+ return '[]'
+ default:
+ return ''
+ }
+ })
+ getBooleanInputMock.mockReturnValue(false)
+
+ const {default: run} = await import('../src/index.ts')
+ await run()
+
+ expect(octokitCtorMock).toHaveBeenCalledWith(
+ expect.objectContaining({
+ auth: 'token',
+ baseUrl: undefined,
+ }),
+ )
+ })
+})
diff --git a/.github/actions/fix/action.yml b/.github/actions/fix/action.yml
index 7a3dcf9b..ab080565 100644
--- a/.github/actions/fix/action.yml
+++ b/.github/actions/fix/action.yml
@@ -11,6 +11,9 @@ inputs:
token:
description: "Personal access token (PAT) with fine-grained permissions 'issues: write' and 'pull_requests: write'"
required: true
+ base_url:
+ description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ required: false
outputs:
fixings:
diff --git a/.github/actions/fix/src/index.ts b/.github/actions/fix/src/index.ts
index aba4bf38..8ce9baca 100644
--- a/.github/actions/fix/src/index.ts
+++ b/.github/actions/fix/src/index.ts
@@ -14,11 +14,14 @@ export default async function () {
const issues: IssueInput[] = JSON.parse(core.getInput('issues', {required: true}) || '[]')
const repoWithOwner = core.getInput('repository', {required: true})
const token = core.getInput('token', {required: true})
+ const baseUrl = core.getInput('base_url', {required: false}) || undefined
core.debug(`Input: 'issues: ${JSON.stringify(issues)}'`)
core.debug(`Input: 'repository: ${repoWithOwner}'`)
+ core.debug(`Input: 'base_url: ${baseUrl ?? '(default)'}'`)
const octokit = new OctokitWithThrottling({
auth: token,
+ baseUrl,
throttle: {
onRateLimit: (retryAfter, options, octokit, retryCount) => {
octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`)
diff --git a/.github/actions/fix/tests/index.test.ts b/.github/actions/fix/tests/index.test.ts
new file mode 100644
index 00000000..f7a11951
--- /dev/null
+++ b/.github/actions/fix/tests/index.test.ts
@@ -0,0 +1,84 @@
+import {beforeEach, describe, expect, it, vi} from 'vitest'
+
+const {octokitCtorMock, getInputMock} = vi.hoisted(() => ({
+ octokitCtorMock: vi.fn(),
+ getInputMock: vi.fn(),
+}))
+
+vi.mock('@actions/core', () => ({
+ getInput: getInputMock,
+ info: vi.fn(),
+ debug: vi.fn(),
+ warning: vi.fn(),
+ setOutput: vi.fn(),
+ setFailed: vi.fn(),
+}))
+
+vi.mock('@octokit/core', () => ({
+ Octokit: {
+ plugin: vi.fn(() => octokitCtorMock),
+ },
+}))
+
+vi.mock('@octokit/plugin-throttling', () => ({
+ throttling: vi.fn(),
+}))
+
+describe('fix action index', () => {
+ beforeEach(() => {
+ vi.resetModules()
+ vi.clearAllMocks()
+ })
+
+ it('passes baseUrl to Octokit when base_url input is provided', async () => {
+ getInputMock.mockImplementation((name: string) => {
+ switch (name) {
+ case 'issues':
+ return '[]'
+ case 'repository':
+ return 'org/repo'
+ case 'token':
+ return 'token'
+ case 'base_url':
+ return 'https://ghe.example.com/api/v3'
+ default:
+ return ''
+ }
+ })
+
+ const {default: run} = await import('../src/index.ts')
+ await run()
+
+ expect(octokitCtorMock).toHaveBeenCalledWith(
+ expect.objectContaining({
+ auth: 'token',
+ baseUrl: 'https://ghe.example.com/api/v3',
+ }),
+ )
+ })
+
+ it('uses Octokit default API URL when base_url input is not provided', async () => {
+ getInputMock.mockImplementation((name: string) => {
+ switch (name) {
+ case 'issues':
+ return '[]'
+ case 'repository':
+ return 'org/repo'
+ case 'token':
+ return 'token'
+ default:
+ return ''
+ }
+ })
+
+ const {default: run} = await import('../src/index.ts')
+ await run()
+
+ expect(octokitCtorMock).toHaveBeenCalledWith(
+ expect.objectContaining({
+ auth: 'token',
+ baseUrl: undefined,
+ }),
+ )
+ })
+})
diff --git a/README.md b/README.md
index 00252e99..766863da 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,7 @@ jobs:
REPLACE_THIS
repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
+ # base_url: https://HOSTNAME/api/v3 # Optional: GitHub API base URL (required for GitHub Enterprise Server)
cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
# login_url: # Optional: URL of the login page if authentication is required
# username: # Optional: Username for authentication
@@ -117,6 +118,7 @@ Trigger the workflow manually or automatically based on your configuration. The
| `urls` | Yes | Newline-delimited list of URLs to scan | `https://primer.style`
`https://primer.style/octicons` |
| `repository` | Yes | Repository (with owner) for issues and PRs | `primer/primer-docs` |
| `token` | Yes | PAT with write permissions (see above) | `${{ secrets.GH_TOKEN }}` |
+| `base_url` | No | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com` | `https://ghe.example.com/api/v3` |
| `cache_key` | Yes | Key for caching results across runs
Allowed: `A-Za-z0-9._/-` | `cached_results-primer.style-main.json` |
| `login_url` | No | If scanned pages require authentication, the URL of the login page | `https://github.com/login` |
| `username` | No | If scanned pages require authentication, the username to use for login | `some-user` |
diff --git a/action.yml b/action.yml
index 933a10d8..99515a42 100644
--- a/action.yml
+++ b/action.yml
@@ -12,6 +12,9 @@ inputs:
token:
description: "Personal access token (PAT) with fine-grained permissions 'contents: write', 'issues: write', and 'pull_requests: write'"
required: true
+ base_url:
+ description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ required: false
cache_key:
description: 'Key for caching results across runs'
required: true
@@ -113,6 +116,7 @@ runs:
findings: ${{ steps.find.outputs.findings }}
repository: ${{ inputs.repository }}
token: ${{ inputs.token }}
+ base_url: ${{ inputs.base_url }}
cached_filings: ${{ steps.normalize_cache.outputs.value }}
screenshot_repository: ${{ github.repository }}
open_grouped_issues: ${{ inputs.open_grouped_issues }}
@@ -132,6 +136,7 @@ runs:
issues: ${{ steps.get_issues_from_filings.outputs.issues }}
repository: ${{ inputs.repository }}
token: ${{ inputs.token }}
+ base_url: ${{ inputs.base_url }}
- name: Set results output
id: results
uses: actions/github-script@v8
From 9a3d20d9f06d01566b2d6acd791f174caaf64c27 Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:14:51 -0400
Subject: [PATCH 3/9] Apply suggestion from @JoyceZhu
---
.github/actions/file/action.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/file/action.yml b/.github/actions/file/action.yml
index a99abb66..b1a8d505 100644
--- a/.github/actions/file/action.yml
+++ b/.github/actions/file/action.yml
@@ -12,7 +12,7 @@ inputs:
description: "Token with fine-grained permission 'issues: write'"
required: true
base_url:
- description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ description: "Optional base URL to pass into Octokit for the GitHub API (for example, `https://YOUR_HOSTNAME/api/v3` for GitHub Enterprise Server)"
required: false
cached_filings:
description: "Cached filings from previous runs, as stringified JSON. Without this, duplicate issues may be filed."
From 1f1f714015cd6881e8b17a2c5b2d60e99febe54b Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:16:50 -0400
Subject: [PATCH 4/9] Apply suggestion from @JoyceZhu
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 766863da..61fa1170 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@ jobs:
REPLACE_THIS
repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
- # base_url: https://HOSTNAME/api/v3 # Optional: GitHub API base URL (required for GitHub Enterprise Server)
+ # base_url: https://HOSTNAME/api/v3 # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
# login_url: # Optional: URL of the login page if authentication is required
# username: # Optional: Username for authentication
From 7cecc75ede926ac8d24f31d06e3500e70ac62459 Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:17:21 -0400
Subject: [PATCH 5/9] Apply suggestion from @JoyceZhu
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 61fa1170..0a15e7bd 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@ jobs:
REPLACE_THIS
repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
- # base_url: https://HOSTNAME/api/v3 # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
+ # base_url: https://REPLACE_THIS # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
# login_url: # Optional: URL of the login page if authentication is required
# username: # Optional: Username for authentication
From 0142e69b804cb57f0f66c5434fae1036565c734e Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:21:08 -0400
Subject: [PATCH 6/9] Apply suggestion from @JoyceZhu
---
.github/actions/fix/action.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/fix/action.yml b/.github/actions/fix/action.yml
index ab080565..7a17eab7 100644
--- a/.github/actions/fix/action.yml
+++ b/.github/actions/fix/action.yml
@@ -12,7 +12,7 @@ inputs:
description: "Personal access token (PAT) with fine-grained permissions 'issues: write' and 'pull_requests: write'"
required: true
base_url:
- description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ description: "Optional base URL to pass into Octokit for the GitHub API (for example, `https://YOUR_HOSTNAME/api/v3` for GitHub Enterprise Server)"
required: false
outputs:
From 1f1a6b06857204e79eab7dd2c4a0effec0510163 Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:22:47 -0400
Subject: [PATCH 7/9] Delete super-verbose tests which aren't useful
---
.github/actions/file/tests/index.test.ts | 92 ------------------------
.github/actions/fix/tests/index.test.ts | 84 ----------------------
2 files changed, 176 deletions(-)
delete mode 100644 .github/actions/file/tests/index.test.ts
delete mode 100644 .github/actions/fix/tests/index.test.ts
diff --git a/.github/actions/file/tests/index.test.ts b/.github/actions/file/tests/index.test.ts
deleted file mode 100644
index 53519f79..00000000
--- a/.github/actions/file/tests/index.test.ts
+++ /dev/null
@@ -1,92 +0,0 @@
-import {beforeEach, describe, expect, it, vi} from 'vitest'
-
-const {octokitCtorMock, getInputMock, getBooleanInputMock} = vi.hoisted(() => ({
- octokitCtorMock: vi.fn(),
- getInputMock: vi.fn(),
- getBooleanInputMock: vi.fn(),
-}))
-
-vi.mock('@actions/core', () => ({
- getInput: getInputMock,
- getBooleanInput: getBooleanInputMock,
- info: vi.fn(),
- debug: vi.fn(),
- warning: vi.fn(),
- setOutput: vi.fn(),
- setFailed: vi.fn(),
-}))
-
-vi.mock('@octokit/core', () => ({
- Octokit: {
- plugin: vi.fn(() => octokitCtorMock),
- },
-}))
-
-vi.mock('@octokit/plugin-throttling', () => ({
- throttling: vi.fn(),
-}))
-
-describe('file action index', () => {
- beforeEach(() => {
- vi.resetModules()
- vi.clearAllMocks()
- })
-
- it('passes baseUrl to Octokit when base_url input is provided', async () => {
- getInputMock.mockImplementation((name: string) => {
- switch (name) {
- case 'findings':
- return '[]'
- case 'repository':
- return 'org/repo'
- case 'token':
- return 'token'
- case 'base_url':
- return 'https://ghe.example.com/api/v3'
- case 'cached_filings':
- return '[]'
- default:
- return ''
- }
- })
- getBooleanInputMock.mockReturnValue(false)
-
- const {default: run} = await import('../src/index.ts')
- await run()
-
- expect(octokitCtorMock).toHaveBeenCalledWith(
- expect.objectContaining({
- auth: 'token',
- baseUrl: 'https://ghe.example.com/api/v3',
- }),
- )
- })
-
- it('uses Octokit default API URL when base_url input is not provided', async () => {
- getInputMock.mockImplementation((name: string) => {
- switch (name) {
- case 'findings':
- return '[]'
- case 'repository':
- return 'org/repo'
- case 'token':
- return 'token'
- case 'cached_filings':
- return '[]'
- default:
- return ''
- }
- })
- getBooleanInputMock.mockReturnValue(false)
-
- const {default: run} = await import('../src/index.ts')
- await run()
-
- expect(octokitCtorMock).toHaveBeenCalledWith(
- expect.objectContaining({
- auth: 'token',
- baseUrl: undefined,
- }),
- )
- })
-})
diff --git a/.github/actions/fix/tests/index.test.ts b/.github/actions/fix/tests/index.test.ts
deleted file mode 100644
index f7a11951..00000000
--- a/.github/actions/fix/tests/index.test.ts
+++ /dev/null
@@ -1,84 +0,0 @@
-import {beforeEach, describe, expect, it, vi} from 'vitest'
-
-const {octokitCtorMock, getInputMock} = vi.hoisted(() => ({
- octokitCtorMock: vi.fn(),
- getInputMock: vi.fn(),
-}))
-
-vi.mock('@actions/core', () => ({
- getInput: getInputMock,
- info: vi.fn(),
- debug: vi.fn(),
- warning: vi.fn(),
- setOutput: vi.fn(),
- setFailed: vi.fn(),
-}))
-
-vi.mock('@octokit/core', () => ({
- Octokit: {
- plugin: vi.fn(() => octokitCtorMock),
- },
-}))
-
-vi.mock('@octokit/plugin-throttling', () => ({
- throttling: vi.fn(),
-}))
-
-describe('fix action index', () => {
- beforeEach(() => {
- vi.resetModules()
- vi.clearAllMocks()
- })
-
- it('passes baseUrl to Octokit when base_url input is provided', async () => {
- getInputMock.mockImplementation((name: string) => {
- switch (name) {
- case 'issues':
- return '[]'
- case 'repository':
- return 'org/repo'
- case 'token':
- return 'token'
- case 'base_url':
- return 'https://ghe.example.com/api/v3'
- default:
- return ''
- }
- })
-
- const {default: run} = await import('../src/index.ts')
- await run()
-
- expect(octokitCtorMock).toHaveBeenCalledWith(
- expect.objectContaining({
- auth: 'token',
- baseUrl: 'https://ghe.example.com/api/v3',
- }),
- )
- })
-
- it('uses Octokit default API URL when base_url input is not provided', async () => {
- getInputMock.mockImplementation((name: string) => {
- switch (name) {
- case 'issues':
- return '[]'
- case 'repository':
- return 'org/repo'
- case 'token':
- return 'token'
- default:
- return ''
- }
- })
-
- const {default: run} = await import('../src/index.ts')
- await run()
-
- expect(octokitCtorMock).toHaveBeenCalledWith(
- expect.objectContaining({
- auth: 'token',
- baseUrl: undefined,
- }),
- )
- })
-})
From 552478ea9d3d39b6221d5b5d62fffad6dd3c59bb Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Thu, 26 Mar 2026 11:33:16 -0400
Subject: [PATCH 8/9] Feedback from Lindsey: rearrange optional inputs
---
README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 0a15e7bd..226644f3 100644
--- a/README.md
+++ b/README.md
@@ -46,8 +46,8 @@ jobs:
REPLACE_THIS
repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
- # base_url: https://REPLACE_THIS # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
+ # base_url: https://REPLACE_THIS # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
# login_url: # Optional: URL of the login page if authentication is required
# username: # Optional: Username for authentication
# password: ${{ secrets.PASSWORD }} # Optional: Password for authentication (use secrets!)
@@ -118,8 +118,8 @@ Trigger the workflow manually or automatically based on your configuration. The
| `urls` | Yes | Newline-delimited list of URLs to scan | `https://primer.style`
`https://primer.style/octicons` |
| `repository` | Yes | Repository (with owner) for issues and PRs | `primer/primer-docs` |
| `token` | Yes | PAT with write permissions (see above) | `${{ secrets.GH_TOKEN }}` |
-| `base_url` | No | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com` | `https://ghe.example.com/api/v3` |
| `cache_key` | Yes | Key for caching results across runs
Allowed: `A-Za-z0-9._/-` | `cached_results-primer.style-main.json` |
+| `base_url` | No | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com` | `https://ghe.example.com/api/v3` |
| `login_url` | No | If scanned pages require authentication, the URL of the login page | `https://github.com/login` |
| `username` | No | If scanned pages require authentication, the username to use for login | `some-user` |
| `password` | No | If scanned pages require authentication, the password to use for login | `${{ secrets.PASSWORD }}` |
From ffdf8ea87ff929fe287ae3ecc64e5b59a27f55b0 Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Thu, 26 Mar 2026 12:08:46 -0400
Subject: [PATCH 9/9] Remove redundant type default
---
.github/actions/file/src/index.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/file/src/index.ts b/.github/actions/file/src/index.ts
index d0a7b2b6..64b075f2 100644
--- a/.github/actions/file/src/index.ts
+++ b/.github/actions/file/src/index.ts
@@ -19,7 +19,7 @@ export default async function () {
const findings: Finding[] = JSON.parse(core.getInput('findings', {required: true}))
const repoWithOwner = core.getInput('repository', {required: true})
const token = core.getInput('token', {required: true})
- const baseUrl = core.getInput('base_url', {required: false}) || undefined
+ const baseUrl = core.getInput('base_url', {required: false})
const screenshotRepo = core.getInput('screenshot_repository', {required: false}) || repoWithOwner
const cachedFilings: (ResolvedFiling | RepeatedFiling)[] = JSON.parse(
core.getInput('cached_filings', {required: false}) || '[]',