From e9a0ae74e77607af6b2253d922aaf1e19fce12ac Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 25 Mar 2026 20:43:16 +0000
Subject: [PATCH 01/13] Initial plan
From 285e444d0332c4c8f0341f7d0fb5a926de15e401 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 25 Mar 2026 20:48:17 +0000
Subject: [PATCH 02/13] feat: add optional base_url input for Octokit
enterprise support
Agent-Logs-Url: https://github.com/github/accessibility-scanner/sessions/b5a52a27-e1a7-42dd-a5a7-07aff0f4fc7c
Co-authored-by: JoyceZhu <6251669+JoyceZhu@users.noreply.github.com>
---
.github/actions/file/action.yml | 3 +
.github/actions/file/src/index.ts | 3 +
.github/actions/file/tests/index.test.ts | 92 ++++++++++++++++++++++++
.github/actions/fix/action.yml | 3 +
.github/actions/fix/src/index.ts | 3 +
.github/actions/fix/tests/index.test.ts | 84 ++++++++++++++++++++++
README.md | 2 +
action.yml | 5 ++
8 files changed, 195 insertions(+)
create mode 100644 .github/actions/file/tests/index.test.ts
create mode 100644 .github/actions/fix/tests/index.test.ts
diff --git a/.github/actions/file/action.yml b/.github/actions/file/action.yml
index 40c6394..a99abb6 100644
--- a/.github/actions/file/action.yml
+++ b/.github/actions/file/action.yml
@@ -11,6 +11,9 @@ inputs:
token:
description: "Token with fine-grained permission 'issues: write'"
required: true
+ base_url:
+ description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ required: false
cached_filings:
description: "Cached filings from previous runs, as stringified JSON. Without this, duplicate issues may be filed."
required: false
diff --git a/.github/actions/file/src/index.ts b/.github/actions/file/src/index.ts
index 2619d79..d0a7b2b 100644
--- a/.github/actions/file/src/index.ts
+++ b/.github/actions/file/src/index.ts
@@ -19,6 +19,7 @@ export default async function () {
const findings: Finding[] = JSON.parse(core.getInput('findings', {required: true}))
const repoWithOwner = core.getInput('repository', {required: true})
const token = core.getInput('token', {required: true})
+ const baseUrl = core.getInput('base_url', {required: false}) || undefined
const screenshotRepo = core.getInput('screenshot_repository', {required: false}) || repoWithOwner
const cachedFilings: (ResolvedFiling | RepeatedFiling)[] = JSON.parse(
core.getInput('cached_filings', {required: false}) || '[]',
@@ -26,12 +27,14 @@ export default async function () {
const shouldOpenGroupedIssues = core.getBooleanInput('open_grouped_issues')
core.debug(`Input: 'findings: ${JSON.stringify(findings)}'`)
core.debug(`Input: 'repository: ${repoWithOwner}'`)
+ core.debug(`Input: 'base_url: ${baseUrl ?? '(default)'}'`)
core.debug(`Input: 'screenshot_repository: ${screenshotRepo}'`)
core.debug(`Input: 'cached_filings: ${JSON.stringify(cachedFilings)}'`)
core.debug(`Input: 'open_grouped_issues: ${shouldOpenGroupedIssues}'`)
const octokit = new OctokitWithThrottling({
auth: token,
+ baseUrl,
throttle: {
onRateLimit: (retryAfter, options, octokit, retryCount) => {
octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`)
diff --git a/.github/actions/file/tests/index.test.ts b/.github/actions/file/tests/index.test.ts
new file mode 100644
index 0000000..53519f7
--- /dev/null
+++ b/.github/actions/file/tests/index.test.ts
@@ -0,0 +1,92 @@
+import {beforeEach, describe, expect, it, vi} from 'vitest'
+
+const {octokitCtorMock, getInputMock, getBooleanInputMock} = vi.hoisted(() => ({
+ octokitCtorMock: vi.fn(),
+ getInputMock: vi.fn(),
+ getBooleanInputMock: vi.fn(),
+}))
+
+vi.mock('@actions/core', () => ({
+ getInput: getInputMock,
+ getBooleanInput: getBooleanInputMock,
+ info: vi.fn(),
+ debug: vi.fn(),
+ warning: vi.fn(),
+ setOutput: vi.fn(),
+ setFailed: vi.fn(),
+}))
+
+vi.mock('@octokit/core', () => ({
+ Octokit: {
+ plugin: vi.fn(() => octokitCtorMock),
+ },
+}))
+
+vi.mock('@octokit/plugin-throttling', () => ({
+ throttling: vi.fn(),
+}))
+
+describe('file action index', () => {
+ beforeEach(() => {
+ vi.resetModules()
+ vi.clearAllMocks()
+ })
+
+ it('passes baseUrl to Octokit when base_url input is provided', async () => {
+ getInputMock.mockImplementation((name: string) => {
+ switch (name) {
+ case 'findings':
+ return '[]'
+ case 'repository':
+ return 'org/repo'
+ case 'token':
+ return 'token'
+ case 'base_url':
+ return 'https://ghe.example.com/api/v3'
+ case 'cached_filings':
+ return '[]'
+ default:
+ return ''
+ }
+ })
+ getBooleanInputMock.mockReturnValue(false)
+
+ const {default: run} = await import('../src/index.ts')
+ await run()
+
+ expect(octokitCtorMock).toHaveBeenCalledWith(
+ expect.objectContaining({
+ auth: 'token',
+ baseUrl: 'https://ghe.example.com/api/v3',
+ }),
+ )
+ })
+
+ it('uses Octokit default API URL when base_url input is not provided', async () => {
+ getInputMock.mockImplementation((name: string) => {
+ switch (name) {
+ case 'findings':
+ return '[]'
+ case 'repository':
+ return 'org/repo'
+ case 'token':
+ return 'token'
+ case 'cached_filings':
+ return '[]'
+ default:
+ return ''
+ }
+ })
+ getBooleanInputMock.mockReturnValue(false)
+
+ const {default: run} = await import('../src/index.ts')
+ await run()
+
+ expect(octokitCtorMock).toHaveBeenCalledWith(
+ expect.objectContaining({
+ auth: 'token',
+ baseUrl: undefined,
+ }),
+ )
+ })
+})
diff --git a/.github/actions/fix/action.yml b/.github/actions/fix/action.yml
index 7a3dcf9..ab08056 100644
--- a/.github/actions/fix/action.yml
+++ b/.github/actions/fix/action.yml
@@ -11,6 +11,9 @@ inputs:
token:
description: "Personal access token (PAT) with fine-grained permissions 'issues: write' and 'pull_requests: write'"
required: true
+ base_url:
+ description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ required: false
outputs:
fixings:
diff --git a/.github/actions/fix/src/index.ts b/.github/actions/fix/src/index.ts
index aba4bf3..8ce9bac 100644
--- a/.github/actions/fix/src/index.ts
+++ b/.github/actions/fix/src/index.ts
@@ -14,11 +14,14 @@ export default async function () {
const issues: IssueInput[] = JSON.parse(core.getInput('issues', {required: true}) || '[]')
const repoWithOwner = core.getInput('repository', {required: true})
const token = core.getInput('token', {required: true})
+ const baseUrl = core.getInput('base_url', {required: false}) || undefined
core.debug(`Input: 'issues: ${JSON.stringify(issues)}'`)
core.debug(`Input: 'repository: ${repoWithOwner}'`)
+ core.debug(`Input: 'base_url: ${baseUrl ?? '(default)'}'`)
const octokit = new OctokitWithThrottling({
auth: token,
+ baseUrl,
throttle: {
onRateLimit: (retryAfter, options, octokit, retryCount) => {
octokit.log.warn(`Request quota exhausted for request ${options.method} ${options.url}`)
diff --git a/.github/actions/fix/tests/index.test.ts b/.github/actions/fix/tests/index.test.ts
new file mode 100644
index 0000000..f7a1195
--- /dev/null
+++ b/.github/actions/fix/tests/index.test.ts
@@ -0,0 +1,84 @@
+import {beforeEach, describe, expect, it, vi} from 'vitest'
+
+const {octokitCtorMock, getInputMock} = vi.hoisted(() => ({
+ octokitCtorMock: vi.fn(),
+ getInputMock: vi.fn(),
+}))
+
+vi.mock('@actions/core', () => ({
+ getInput: getInputMock,
+ info: vi.fn(),
+ debug: vi.fn(),
+ warning: vi.fn(),
+ setOutput: vi.fn(),
+ setFailed: vi.fn(),
+}))
+
+vi.mock('@octokit/core', () => ({
+ Octokit: {
+ plugin: vi.fn(() => octokitCtorMock),
+ },
+}))
+
+vi.mock('@octokit/plugin-throttling', () => ({
+ throttling: vi.fn(),
+}))
+
+describe('fix action index', () => {
+ beforeEach(() => {
+ vi.resetModules()
+ vi.clearAllMocks()
+ })
+
+ it('passes baseUrl to Octokit when base_url input is provided', async () => {
+ getInputMock.mockImplementation((name: string) => {
+ switch (name) {
+ case 'issues':
+ return '[]'
+ case 'repository':
+ return 'org/repo'
+ case 'token':
+ return 'token'
+ case 'base_url':
+ return 'https://ghe.example.com/api/v3'
+ default:
+ return ''
+ }
+ })
+
+ const {default: run} = await import('../src/index.ts')
+ await run()
+
+ expect(octokitCtorMock).toHaveBeenCalledWith(
+ expect.objectContaining({
+ auth: 'token',
+ baseUrl: 'https://ghe.example.com/api/v3',
+ }),
+ )
+ })
+
+ it('uses Octokit default API URL when base_url input is not provided', async () => {
+ getInputMock.mockImplementation((name: string) => {
+ switch (name) {
+ case 'issues':
+ return '[]'
+ case 'repository':
+ return 'org/repo'
+ case 'token':
+ return 'token'
+ default:
+ return ''
+ }
+ })
+
+ const {default: run} = await import('../src/index.ts')
+ await run()
+
+ expect(octokitCtorMock).toHaveBeenCalledWith(
+ expect.objectContaining({
+ auth: 'token',
+ baseUrl: undefined,
+ }),
+ )
+ })
+})
diff --git a/README.md b/README.md
index 00252e9..766863d 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,7 @@ jobs:
REPLACE_THIS
repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
+ # base_url: https://HOSTNAME/api/v3 # Optional: GitHub API base URL (required for GitHub Enterprise Server)
cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
# login_url: # Optional: URL of the login page if authentication is required
# username: # Optional: Username for authentication
@@ -117,6 +118,7 @@ Trigger the workflow manually or automatically based on your configuration. The
| `urls` | Yes | Newline-delimited list of URLs to scan | `https://primer.style`
`https://primer.style/octicons` |
| `repository` | Yes | Repository (with owner) for issues and PRs | `primer/primer-docs` |
| `token` | Yes | PAT with write permissions (see above) | `${{ secrets.GH_TOKEN }}` |
+| `base_url` | No | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com` | `https://ghe.example.com/api/v3` |
| `cache_key` | Yes | Key for caching results across runs
Allowed: `A-Za-z0-9._/-` | `cached_results-primer.style-main.json` |
| `login_url` | No | If scanned pages require authentication, the URL of the login page | `https://github.com/login` |
| `username` | No | If scanned pages require authentication, the username to use for login | `some-user` |
diff --git a/action.yml b/action.yml
index 933a10d..99515a4 100644
--- a/action.yml
+++ b/action.yml
@@ -12,6 +12,9 @@ inputs:
token:
description: "Personal access token (PAT) with fine-grained permissions 'contents: write', 'issues: write', and 'pull_requests: write'"
required: true
+ base_url:
+ description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ required: false
cache_key:
description: 'Key for caching results across runs'
required: true
@@ -113,6 +116,7 @@ runs:
findings: ${{ steps.find.outputs.findings }}
repository: ${{ inputs.repository }}
token: ${{ inputs.token }}
+ base_url: ${{ inputs.base_url }}
cached_filings: ${{ steps.normalize_cache.outputs.value }}
screenshot_repository: ${{ github.repository }}
open_grouped_issues: ${{ inputs.open_grouped_issues }}
@@ -132,6 +136,7 @@ runs:
issues: ${{ steps.get_issues_from_filings.outputs.issues }}
repository: ${{ inputs.repository }}
token: ${{ inputs.token }}
+ base_url: ${{ inputs.base_url }}
- name: Set results output
id: results
uses: actions/github-script@v8
From 9a3d20d9f06d01566b2d6acd791f174caaf64c27 Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:14:51 -0400
Subject: [PATCH 03/13] Apply suggestion from @JoyceZhu
---
.github/actions/file/action.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/file/action.yml b/.github/actions/file/action.yml
index a99abb6..b1a8d50 100644
--- a/.github/actions/file/action.yml
+++ b/.github/actions/file/action.yml
@@ -12,7 +12,7 @@ inputs:
description: "Token with fine-grained permission 'issues: write'"
required: true
base_url:
- description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ description: "Optional base URL to pass into Octokit for the GitHub API (for example, `https://YOUR_HOSTNAME/api/v3` for GitHub Enterprise Server)"
required: false
cached_filings:
description: "Cached filings from previous runs, as stringified JSON. Without this, duplicate issues may be filed."
From 1f1f714015cd6881e8b17a2c5b2d60e99febe54b Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:16:50 -0400
Subject: [PATCH 04/13] Apply suggestion from @JoyceZhu
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 766863d..61fa117 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@ jobs:
REPLACE_THIS
repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
- # base_url: https://HOSTNAME/api/v3 # Optional: GitHub API base URL (required for GitHub Enterprise Server)
+ # base_url: https://HOSTNAME/api/v3 # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
# login_url: # Optional: URL of the login page if authentication is required
# username: # Optional: Username for authentication
From 7cecc75ede926ac8d24f31d06e3500e70ac62459 Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:17:21 -0400
Subject: [PATCH 05/13] Apply suggestion from @JoyceZhu
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 61fa117..0a15e7b 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@ jobs:
REPLACE_THIS
repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
- # base_url: https://HOSTNAME/api/v3 # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
+ # base_url: https://REPLACE_THIS # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
# login_url: # Optional: URL of the login page if authentication is required
# username: # Optional: Username for authentication
From 0142e69b804cb57f0f66c5434fae1036565c734e Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:21:08 -0400
Subject: [PATCH 06/13] Apply suggestion from @JoyceZhu
---
.github/actions/fix/action.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/fix/action.yml b/.github/actions/fix/action.yml
index ab08056..7a17eab 100644
--- a/.github/actions/fix/action.yml
+++ b/.github/actions/fix/action.yml
@@ -12,7 +12,7 @@ inputs:
description: "Personal access token (PAT) with fine-grained permissions 'issues: write' and 'pull_requests: write'"
required: true
base_url:
- description: "Optional base URL for the GitHub API (for example, 'https://HOSTNAME/api/v3' for GitHub Enterprise Server)"
+ description: "Optional base URL to pass into Octokit for the GitHub API (for example, `https://YOUR_HOSTNAME/api/v3` for GitHub Enterprise Server)"
required: false
outputs:
From 1f1a6b06857204e79eab7dd2c4a0effec0510163 Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Wed, 25 Mar 2026 17:22:47 -0400
Subject: [PATCH 07/13] Delete super-verbose tests which aren't useful
---
.github/actions/file/tests/index.test.ts | 92 ------------------------
.github/actions/fix/tests/index.test.ts | 84 ----------------------
2 files changed, 176 deletions(-)
delete mode 100644 .github/actions/file/tests/index.test.ts
delete mode 100644 .github/actions/fix/tests/index.test.ts
diff --git a/.github/actions/file/tests/index.test.ts b/.github/actions/file/tests/index.test.ts
deleted file mode 100644
index 53519f7..0000000
--- a/.github/actions/file/tests/index.test.ts
+++ /dev/null
@@ -1,92 +0,0 @@
-import {beforeEach, describe, expect, it, vi} from 'vitest'
-
-const {octokitCtorMock, getInputMock, getBooleanInputMock} = vi.hoisted(() => ({
- octokitCtorMock: vi.fn(),
- getInputMock: vi.fn(),
- getBooleanInputMock: vi.fn(),
-}))
-
-vi.mock('@actions/core', () => ({
- getInput: getInputMock,
- getBooleanInput: getBooleanInputMock,
- info: vi.fn(),
- debug: vi.fn(),
- warning: vi.fn(),
- setOutput: vi.fn(),
- setFailed: vi.fn(),
-}))
-
-vi.mock('@octokit/core', () => ({
- Octokit: {
- plugin: vi.fn(() => octokitCtorMock),
- },
-}))
-
-vi.mock('@octokit/plugin-throttling', () => ({
- throttling: vi.fn(),
-}))
-
-describe('file action index', () => {
- beforeEach(() => {
- vi.resetModules()
- vi.clearAllMocks()
- })
-
- it('passes baseUrl to Octokit when base_url input is provided', async () => {
- getInputMock.mockImplementation((name: string) => {
- switch (name) {
- case 'findings':
- return '[]'
- case 'repository':
- return 'org/repo'
- case 'token':
- return 'token'
- case 'base_url':
- return 'https://ghe.example.com/api/v3'
- case 'cached_filings':
- return '[]'
- default:
- return ''
- }
- })
- getBooleanInputMock.mockReturnValue(false)
-
- const {default: run} = await import('../src/index.ts')
- await run()
-
- expect(octokitCtorMock).toHaveBeenCalledWith(
- expect.objectContaining({
- auth: 'token',
- baseUrl: 'https://ghe.example.com/api/v3',
- }),
- )
- })
-
- it('uses Octokit default API URL when base_url input is not provided', async () => {
- getInputMock.mockImplementation((name: string) => {
- switch (name) {
- case 'findings':
- return '[]'
- case 'repository':
- return 'org/repo'
- case 'token':
- return 'token'
- case 'cached_filings':
- return '[]'
- default:
- return ''
- }
- })
- getBooleanInputMock.mockReturnValue(false)
-
- const {default: run} = await import('../src/index.ts')
- await run()
-
- expect(octokitCtorMock).toHaveBeenCalledWith(
- expect.objectContaining({
- auth: 'token',
- baseUrl: undefined,
- }),
- )
- })
-})
diff --git a/.github/actions/fix/tests/index.test.ts b/.github/actions/fix/tests/index.test.ts
deleted file mode 100644
index f7a1195..0000000
--- a/.github/actions/fix/tests/index.test.ts
+++ /dev/null
@@ -1,84 +0,0 @@
-import {beforeEach, describe, expect, it, vi} from 'vitest'
-
-const {octokitCtorMock, getInputMock} = vi.hoisted(() => ({
- octokitCtorMock: vi.fn(),
- getInputMock: vi.fn(),
-}))
-
-vi.mock('@actions/core', () => ({
- getInput: getInputMock,
- info: vi.fn(),
- debug: vi.fn(),
- warning: vi.fn(),
- setOutput: vi.fn(),
- setFailed: vi.fn(),
-}))
-
-vi.mock('@octokit/core', () => ({
- Octokit: {
- plugin: vi.fn(() => octokitCtorMock),
- },
-}))
-
-vi.mock('@octokit/plugin-throttling', () => ({
- throttling: vi.fn(),
-}))
-
-describe('fix action index', () => {
- beforeEach(() => {
- vi.resetModules()
- vi.clearAllMocks()
- })
-
- it('passes baseUrl to Octokit when base_url input is provided', async () => {
- getInputMock.mockImplementation((name: string) => {
- switch (name) {
- case 'issues':
- return '[]'
- case 'repository':
- return 'org/repo'
- case 'token':
- return 'token'
- case 'base_url':
- return 'https://ghe.example.com/api/v3'
- default:
- return ''
- }
- })
-
- const {default: run} = await import('../src/index.ts')
- await run()
-
- expect(octokitCtorMock).toHaveBeenCalledWith(
- expect.objectContaining({
- auth: 'token',
- baseUrl: 'https://ghe.example.com/api/v3',
- }),
- )
- })
-
- it('uses Octokit default API URL when base_url input is not provided', async () => {
- getInputMock.mockImplementation((name: string) => {
- switch (name) {
- case 'issues':
- return '[]'
- case 'repository':
- return 'org/repo'
- case 'token':
- return 'token'
- default:
- return ''
- }
- })
-
- const {default: run} = await import('../src/index.ts')
- await run()
-
- expect(octokitCtorMock).toHaveBeenCalledWith(
- expect.objectContaining({
- auth: 'token',
- baseUrl: undefined,
- }),
- )
- })
-})
From 552478ea9d3d39b6221d5b5d62fffad6dd3c59bb Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Thu, 26 Mar 2026 11:33:16 -0400
Subject: [PATCH 08/13] Feedback from Lindsey: rearrange optional inputs
---
README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/README.md b/README.md
index 0a15e7b..226644f 100644
--- a/README.md
+++ b/README.md
@@ -46,8 +46,8 @@ jobs:
REPLACE_THIS
repository: REPLACE_THIS/REPLACE_THIS # Provide a repository name-with-owner (in the format "primer/primer-docs"). This is where issues will be filed and where Copilot will open PRs; more information below.
token: ${{ secrets.GH_TOKEN }} # This token must have write access to the repo above (contents, issues, and PRs); more information below. Note: GitHub Actions' GITHUB_TOKEN cannot be used here.
- # base_url: https://REPLACE_THIS # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
cache_key: REPLACE_THIS # Provide a filename that will be used when caching results. We recommend including the name or domain of the site being scanned.
+ # base_url: https://REPLACE_THIS # Optional: GitHub API base URL to pass into Octokit (required for GitHub Enterprise Server)
# login_url: # Optional: URL of the login page if authentication is required
# username: # Optional: Username for authentication
# password: ${{ secrets.PASSWORD }} # Optional: Password for authentication (use secrets!)
@@ -118,8 +118,8 @@ Trigger the workflow manually or automatically based on your configuration. The
| `urls` | Yes | Newline-delimited list of URLs to scan | `https://primer.style`
`https://primer.style/octicons` |
| `repository` | Yes | Repository (with owner) for issues and PRs | `primer/primer-docs` |
| `token` | Yes | PAT with write permissions (see above) | `${{ secrets.GH_TOKEN }}` |
-| `base_url` | No | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com` | `https://ghe.example.com/api/v3` |
| `cache_key` | Yes | Key for caching results across runs
Allowed: `A-Za-z0-9._/-` | `cached_results-primer.style-main.json` |
+| `base_url` | No | GitHub API base URL used by Octokit. Set this for GitHub Enterprise Server (format: `https://HOSTNAME/api/v3`). Defaults to `https://api.github.com` | `https://ghe.example.com/api/v3` |
| `login_url` | No | If scanned pages require authentication, the URL of the login page | `https://github.com/login` |
| `username` | No | If scanned pages require authentication, the username to use for login | `some-user` |
| `password` | No | If scanned pages require authentication, the password to use for login | `${{ secrets.PASSWORD }}` |
From ffdf8ea87ff929fe287ae3ecc64e5b59a27f55b0 Mon Sep 17 00:00:00 2001
From: Joyce Zhu
Date: Thu, 26 Mar 2026 12:08:46 -0400
Subject: [PATCH 09/13] Remove redundant type default
---
.github/actions/file/src/index.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/file/src/index.ts b/.github/actions/file/src/index.ts
index d0a7b2b..64b075f 100644
--- a/.github/actions/file/src/index.ts
+++ b/.github/actions/file/src/index.ts
@@ -19,7 +19,7 @@ export default async function () {
const findings: Finding[] = JSON.parse(core.getInput('findings', {required: true}))
const repoWithOwner = core.getInput('repository', {required: true})
const token = core.getInput('token', {required: true})
- const baseUrl = core.getInput('base_url', {required: false}) || undefined
+ const baseUrl = core.getInput('base_url', {required: false})
const screenshotRepo = core.getInput('screenshot_repository', {required: false}) || repoWithOwner
const cachedFilings: (ResolvedFiling | RepeatedFiling)[] = JSON.parse(
core.getInput('cached_filings', {required: false}) || '[]',
From e7ce1ce8117f0bc9860102c5b5632367392c4cb9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Apr 2026 18:56:44 +0000
Subject: [PATCH 10/13] chore(deps): Bump rack from 3.2.5 to 3.2.6 in
/sites/site-with-errors
Bumps [rack](https://github.com/rack/rack) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/rack/rack/releases)
- [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rack/rack/compare/v3.2.5...v3.2.6)
---
updated-dependencies:
- dependency-name: rack
dependency-version: 3.2.6
dependency-type: direct:production
...
Signed-off-by: dependabot[bot]
---
sites/site-with-errors/Gemfile.lock | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sites/site-with-errors/Gemfile.lock b/sites/site-with-errors/Gemfile.lock
index a391568..6d43205 100644
--- a/sites/site-with-errors/Gemfile.lock
+++ b/sites/site-with-errors/Gemfile.lock
@@ -101,7 +101,7 @@ GEM
public_suffix (6.0.2)
puma (7.2.0)
nio4r (~> 2.0)
- rack (3.2.5)
+ rack (3.2.6)
rake (13.3.0)
rb-fsevent (0.11.2)
rb-inotify (0.11.1)
From a4df0ecd2038d03e44e1cd00de452f2507bed6c4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Apr 2026 20:09:56 +0000
Subject: [PATCH 11/13] chore(deps): Bump ruby/setup-ruby
Bumps the github-actions group with 1 update in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).
Updates `ruby/setup-ruby` from 1.299.0 to 1.300.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](https://github.com/ruby/setup-ruby/compare/3ff19f5e2baf30647122352b96108b1fbe250c64...e65c17d16e57e481586a6a5a0282698790062f92)
---
updated-dependencies:
- dependency-name: ruby/setup-ruby
dependency-version: 1.300.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: github-actions
...
Signed-off-by: dependabot[bot]
---
.github/workflows/test.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f666503..01133ef 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -34,7 +34,7 @@ jobs:
uses: actions/checkout@v6
- name: Setup Ruby
- uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64
+ uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92
with:
ruby-version: "3.4"
bundler-cache: true
From 3db8f215ac45af11812e28ac705e74448ed86ff4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Apr 2026 20:25:09 +0000
Subject: [PATCH 12/13] chore(deps-dev): Bump vite from 7.3.1 to 7.3.2
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.1 to 7.3.2.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 7.3.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot]
---
package-lock.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 010f8d8..188e7b8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2676,9 +2676,9 @@
}
},
"node_modules/vite": {
- "version": "7.3.1",
- "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.1.tgz",
- "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==",
+ "version": "7.3.2",
+ "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.2.tgz",
+ "integrity": "sha512-Bby3NOsna2jsjfLVOHKes8sGwgl4TT0E6vvpYgnAYDIF/tie7MRaFthmKuHx1NSXjiTueXH3do80FMQgvEktRg==",
"dev": true,
"license": "MIT",
"dependencies": {
From d4c2993c4ee82f99143744f307d79d82ed982fb5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Apr 2026 09:59:29 +0000
Subject: [PATCH 13/13] chore(deps): Bump addressable in
/sites/site-with-errors
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.8.7 to 2.9.0.
- [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.8.7...addressable-2.9.0)
---
updated-dependencies:
- dependency-name: addressable
dependency-version: 2.9.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot]
---
sites/site-with-errors/Gemfile.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sites/site-with-errors/Gemfile.lock b/sites/site-with-errors/Gemfile.lock
index 6d43205..2a9e63a 100644
--- a/sites/site-with-errors/Gemfile.lock
+++ b/sites/site-with-errors/Gemfile.lock
@@ -1,8 +1,8 @@
GEM
remote: https://rubygems.org/
specs:
- addressable (2.8.7)
- public_suffix (>= 2.0.2, < 7.0)
+ addressable (2.9.0)
+ public_suffix (>= 2.0.2, < 8.0)
base64 (0.3.0)
bigdecimal (3.2.2)
colorator (1.1.0)
@@ -98,7 +98,7 @@ GEM
nio4r (2.7.5)
pathutil (0.16.2)
forwardable-extended (~> 2.6)
- public_suffix (6.0.2)
+ public_suffix (7.0.5)
puma (7.2.0)
nio4r (~> 2.0)
rack (3.2.6)