6f108237d4
* test preview bypass 2 Co-authored-by: Cursor <cursoragent@cursor.com> * add apiFetch wrapper with Vercel bypass via query param + header the template workflow was missing VERCEL_AUTOMATION_BYPASS_SECRET, so all action API calls to preview deployments hit Vercel's deployment protection without bypass. this also consolidates the bypass logic into a single fetch wrapper that applies the secret as both a query parameter (matching server-side forwarding) and a header for belt-and-suspenders reliability. Co-authored-by: Cursor <cursoragent@cursor.com> * security hardening for Vercel bypass - redact bypass token from webhook forwarder logs and response body - remove dead x-preview-api-forward header - refactor getAllSecrets() to use SENSITIVE_PATTERNS instead of hardcoded list - enforce https:// on API_URL (localhost exempt for local dev) Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
# PULLFROG ACTION — DO NOT EDIT EXCEPT WHERE INDICATED
|
|
name: Pullfrog
|
|
run-name: ${{ inputs.name || github.workflow }}
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
prompt:
|
|
type: string
|
|
description: Agent prompt
|
|
name:
|
|
type: string
|
|
description: Run name
|
|
|
|
permissions:
|
|
id-token: write
|
|
contents: write
|
|
pull-requests: write
|
|
issues: write
|
|
actions: read
|
|
checks: read
|
|
|
|
jobs:
|
|
pullfrog:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 1
|
|
- name: Run agent
|
|
uses: pullfrog/pullfrog@main
|
|
with:
|
|
prompt: ${{ inputs.prompt }}
|
|
env:
|
|
API_URL: ${{ secrets.API_URL }}
|
|
VERCEL_AUTOMATION_BYPASS_SECRET: ${{ secrets.VERCEL_AUTOMATION_BYPASS_SECRET }}
|
|
# add any additional keys your agent(s) need
|
|
# optionally, comment out any you won't use
|
|
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
|
|
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
|
|
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}
|
|
GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
|
|
CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
|
|
MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY }}
|
|
GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
|
|
DEEPSEEK_API_KEY: ${{ secrets.DEEPSEEK_API_KEY }}
|
|
OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
|