Skip to content

Commit 8ea91b0

Browse files
lpcoxlpcox
authored
fix: proxy response envelopes + smoke test for github-script integration (#2420)
## Summary Fixes three bugs in the DIFC proxy that prevented `actions/github-script` (octokit) from receiving properly formatted responses, and adds a smoke test workflow to validate the integration. ## Proxy Fixes ### 1. Content-Type header not forwarded (GraphQL passthrough broken) `copyResponseHeaders` only copied rate-limit headers, not `Content-Type`. Octokit could not parse the response as JSON, causing `undefined` results. ### 2. Search query parameter not passed to guard Search routes (`/search/code`, `/search/issues`, etc.) did not extract the `q` query parameter. The guard could not scope integrity labels to the searched repo, causing all search items to be incorrectly filtered. ### 3. Response envelope stripped after filtering - **REST search**: `ToResult()` returned a bare `[]` array instead of `{"total_count": N, "items": [...]}`. Added `rewrapSearchResponse()`. - **GraphQL**: Filtered responses returned `{"data": null}` instead of reconstructing the response tree. Added `rebuildGraphQLResponse()` with deep-clone + node replacement. ## Smoke Test Workflow New `smoke-proxy-github-script` workflow validates DIFC proxy filtering with `actions/github-script@v8`: | Test | Description | Expected | |------|-------------|----------| | 1 | In-scope REST: list issues | Returns data | | 2 | Out-of-scope REST: list issues | **0 items** (blocked) | | 3 | In-scope GraphQL: query issues | Returns data | | 4 | Out-of-scope GraphQL: query issues | **0 items** (blocked) | | 5 | In-scope REST: search code | Returns data | | 6 | Bot-authored integrity | Visible (trusted bot) | **All 6 tests pass** — [run 23474008570](https://github.com/github/gh-aw-mcpg/actions/runs/23474008570) ### Key discovery: `GITHUB_API_URL` env var does NOT work The `actions/github-script` action ignores step-level `GITHUB_API_URL`. The fix is to use `with: base-url` input, which is the action's explicit mechanism for overriding the API endpoint. ## Files Changed - `internal/proxy/handler.go` — Three bug fixes + helper functions - `internal/proxy/proxy_test.go` — Tests for new helpers - `.github/workflows/smoke-proxy-github-script.md` — New smoke test - `.github/workflows/smoke-proxy-github-script.lock.yml` — Compiled lock file - 21 workflow `.md` files — `repos` → `allowed-repos` (gh-aw v0.63.0) - 24 workflow `.lock.yml` files — Recompiled for gh-aw v0.63.0
2 parents d42a3d5 + 33554e0 commit 8ea91b0

File tree

4 files changed

+255
-78
lines changed

4 files changed

+255
-78
lines changed

0 commit comments

Comments
 (0)