diff --git a/entry b/entry index e137edf..b9ce7bf 100755 --- a/entry +++ b/entry @@ -162630,15 +162630,18 @@ var Timer = class { }; // utils/workflowRun.ts -async function fetchWorkflowRunInfo(runId) { +async function fetchWorkflowRunInfo(params) { const apiUrl = process.env.API_URL || "https://pullfrog.com"; const timeoutMs = 3e4; const controller = new AbortController(); const timeoutId = setTimeout(() => controller.abort(), timeoutMs); try { - const response = await fetch(`${apiUrl}/api/workflow-run/${runId}`, { + const response = await fetch(`${apiUrl}/api/workflow-run/${params.runId}`, { method: "GET", headers: { + // apiToken not strictly required (route only exposes public IDs) + // but claims in token enable preview API URL forwarding + Authorization: `Bearer ${params.apiToken}`, "Content-Type": "application/json" }, signal: controller.signal @@ -162663,7 +162666,7 @@ async function resolveRun(params) { throw new Error(`GITHUB_REPOSITORY env var must be set to "owner/repo", got: ${githubRepo}`); } const [owner, repo] = githubRepo.split("/"); - const workflowRunInfo = runId ? await fetchWorkflowRunInfo(runId) : { progressCommentId: null }; + const workflowRunInfo = runId ? await fetchWorkflowRunInfo({ runId, apiToken: params.apiToken }) : { progressCommentId: null }; if (workflowRunInfo.progressCommentId) { log.info(`\xBB using pre-created progress comment: ${workflowRunInfo.progressCommentId}`); } @@ -162692,14 +162695,14 @@ async function main() { const timer = new Timer(); const tokenRef = __using(_stack2, await resolveInstallationToken(), true); const octokit = createOctokit(tokenRef.token); - const runInfo = await resolveRun({ octokit }); + const runContext = await resolveRunContextData({ octokit, token: tokenRef.token }); + timer.checkpoint("runContextData"); + const runInfo = await resolveRun({ octokit, apiToken: runContext.apiToken }); const toolState = initToolState({ runInfo }); setupExitHandler(toolState); try { var _stack = []; try { - const runContext = await resolveRunContextData({ octokit, token: tokenRef.token }); - timer.checkpoint("runContextData"); const payload = resolvePayload(runContext.repoSettings); if (payload.cwd && process.cwd() !== payload.cwd) { process.chdir(payload.cwd); diff --git a/main.ts b/main.ts index 7befb41..6394c05 100644 --- a/main.ts +++ b/main.ts @@ -37,14 +37,15 @@ export async function main(): Promise { await using tokenRef = await resolveInstallationToken(); const octokit = createOctokit(tokenRef.token); - const runInfo = await resolveRun({ octokit }); + const runContext = await resolveRunContextData({ octokit, token: tokenRef.token }); + timer.checkpoint("runContextData"); + + const runInfo = await resolveRun({ octokit, apiToken: runContext.apiToken }); const toolState = initToolState({ runInfo }); setupExitHandler(toolState); try { - const runContext = await resolveRunContextData({ octokit, token: tokenRef.token }); - timer.checkpoint("runContextData"); // resolve payload after runContextData so permissions can use DB settings // precedence: action inputs > json payload > repoSettings > fallbacks diff --git a/utils/workflow.ts b/utils/workflow.ts index 16c61c9..86405b9 100644 --- a/utils/workflow.ts +++ b/utils/workflow.ts @@ -4,6 +4,7 @@ import { fetchWorkflowRunInfo, type WorkflowRunInfo } from "./workflowRun.ts"; interface ResolveRunParams { octokit: OctokitWithPlugins; + apiToken: string; } export interface ResolveRunResult { @@ -24,7 +25,9 @@ export async function resolveRun(params: ResolveRunParams): Promise { +export async function fetchWorkflowRunInfo(params: FetchWorkflowRunInfoParams): Promise { const apiUrl = process.env.API_URL || "https://pullfrog.com"; const timeoutMs = 30000; const controller = new AbortController(); const timeoutId = setTimeout(() => controller.abort(), timeoutMs); try { - const response = await fetch(`${apiUrl}/api/workflow-run/${runId}`, { + const response = await fetch(`${apiUrl}/api/workflow-run/${params.runId}`, { method: "GET", headers: { + // apiToken not strictly required (route only exposes public IDs) + // but claims in token enable preview API URL forwarding + Authorization: `Bearer ${params.apiToken}`, "Content-Type": "application/json", }, signal: controller.signal,